Bugs report for binutils-2.30 strip and readelf

2018-07-24 Thread Dongdong She 
Hi,

I am Dongdong She, a PhD student in computer security area from Columbia
University. We are doing some fuzzing tests on binutils-2.30 and found a
integer-overflow bugs in strip-new.

Integer-overflow bug in strip-new.
Description: There is a interger-overflow bug in binutils/bfd/elf.c:7036
IS_CONTAINED_BY_LMA(). There should be a boundary checking for this
function.
Configure names: host='x86_64-pc-linux-gnu'  target='x86_64-pc-linux-gnu',
we also upload the config.status file in the attachment.
Options: strip-new ./integer_overflow_input -o sss
Input: file interger_overflow_input

Thank you
Dongdong


config.status
Description: Binary data


interger_overflow_input
Description: Binary data
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Re: bug report for binutils-2.30

2018-11-30 Thread Dongdong She 
Hi nick,

Thanks for the information. I just filed the heap overflow bug report.
Please find it at  https://sourceware.org/bugzilla/show_bug.cgi?id=23942.

Thank you
Dongdong

On Fri, Nov 30, 2018 at 5:58 AM Nick Clifton  wrote:

> HI Dongdong,
>
> > We are doing some fuzzing tests on Binutils-2.30
>
> Just as an aside the latest binutils release is 2.31.1 ...
>
> > and find a heap overflow bug in nm-new 32 bit version.
>
> Was there a binutils bug report filed for this problem ?  I may have
> missed it.
>
> > We also filed a interger-overflow bug in binutils-2.30 recently at
> https://sourceware.org/bugzilla/show_bug.cgi?id=23932.
>
> Thank you for filing this bug report.  I am currently testing a fix for it.
>
> > Can we get the corresponding CVE number for the two bugs reported?
>
> Sorry - we do not allocate these numbers.  Normally they are automatically
> allocated by the Mitre corporation, which regularly scans the binutils
> bugzilla
> system for new bug reports.  You can find out more information here:
>
>   http://cve.mitre.org/cve/request_id.html
>
> I should also note that it usually takes a couple of weeks between filing
> a bug
> report in the binutils bugzilla system and a CVE number being allocated.
>
> Cheers
>   Nick
>
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils