[Bug binutils/22769] New: crash when running 32-bit objdump on corrupted file

Wed, 31 Jan 2018 17:39:57 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=22769

            Bug ID: 22769
           Summary: crash when running 32-bit objdump on corrupted file
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: lrk700 at gmail dot com
  Target Milestone: ---

Created attachment 10765
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10765&action=edit
POC file

Hi,

Here's another file that crashes `objdump -g`. The build environment is the
same as https://sourceware.org/bugzilla/show_bug.cgi?id=22746(I built 32-bit
objdump on a 64-bit machine by setting CFLAGS and LDFLAGS to `-m32`).

The code we're using is update to the HEAD:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=35f48e217ab6f909510bf9ca07325ec16122ae88

Here's the output on the POC file:

----

root@debian:~# ~/src/binutils-32/binutils/objdump -g c3

c3:     file format elf32-i386

*** Error in `/root/src/binutils-32/binutils/objdump': free(): invalid next
size (fast): 0x56fd21e0 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x6737a)[0xf764337a]
/lib/i386-linux-gnu/libc.so.6(+0x6dfb7)[0xf7649fb7]
/lib/i386-linux-gnu/libc.so.6(+0x6e7f6)[0xf764a7f6]
/root/src/binutils-32/binutils/objdump(+0x26617)[0x565ed617]
/root/src/binutils-32/binutils/objdump(+0x262cd)[0x565ed2cd]
/root/src/binutils-32/binutils/objdump(+0x267fd)[0x565ed7fd]
/root/src/binutils-32/binutils/objdump(+0x90242)[0x56657242]
/root/src/binutils-32/binutils/objdump(+0x269b3)[0x565ed9b3]
/root/src/binutils-32/binutils/objdump(+0x28e15)[0x565efe15]
/root/src/binutils-32/binutils/objdump(+0x28ee6)[0x565efee6]
/root/src/binutils-32/binutils/objdump(+0x2913a)[0x565f013a]
/root/src/binutils-32/binutils/objdump(+0x291b5)[0x565f01b5]
/root/src/binutils-32/binutils/objdump(main+0x9f6)[0x565f0bd7]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xf75f4276]
/root/src/binutils-32/binutils/objdump(+0x20cf1)[0x565e7cf1]
======= Memory map: ========
565c7000-567aa000 r-xp 00000000 08:01 673613                            
/root/src/binutils-32/binutils/objdump
567ab000-56814000 r--p 001e3000 08:01 673613                            
/root/src/binutils-32/binutils/objdump
56814000-56819000 rw-p 0024c000 08:01 673613                            
/root/src/binutils-32/binutils/objdump
56819000-56820000 rw-p 00000000 00:00 0
56fcd000-56fee000 rw-p 00000000 00:00 0                                  [heap]
f7300000-f7321000 rw-p 00000000 00:00 0
f7321000-f7400000 ---p 00000000 00:00 0
f740c000-f7428000 r-xp 00000000 08:01 1047386                           
/lib/i386-linux-gnu/libgcc_s.so.1
f7428000-f7429000 r--p 0001b000 08:01 1047386                           
/lib/i386-linux-gnu/libgcc_s.so.1
f7429000-f742a000 rw-p 0001c000 08:01 1047386                           
/lib/i386-linux-gnu/libgcc_s.so.1
f743f000-f75da000 r--p 00000000 08:01 921179                            
/usr/lib/locale/locale-archive
f75da000-f75dc000 rw-p 00000000 00:00 0
f75dc000-f778d000 r-xp 00000000 08:01 1047406                           
/lib/i386-linux-gnu/libc-2.24.so
f778d000-f778e000 ---p 001b1000 08:01 1047406                           
/lib/i386-linux-gnu/libc-2.24.so
f778e000-f7790000 r--p 001b1000 08:01 1047406                           
/lib/i386-linux-gnu/libc-2.24.so
f7790000-f7791000 rw-p 001b3000 08:01 1047406                           
/lib/i386-linux-gnu/libc-2.24.so
f7791000-f7794000 rw-p 00000000 00:00 0
f7794000-f7797000 r-xp 00000000 08:01 1047460                           
/lib/i386-linux-gnu/libdl-2.24.so
f7797000-f7798000 r--p 00002000 08:01 1047460                           
/lib/i386-linux-gnu/libdl-2.24.so
f7798000-f7799000 rw-p 00003000 08:01 1047460                           
/lib/i386-linux-gnu/libdl-2.24.so
f77a4000-f77a5000 rw-p 00000000 00:00 0
f77a5000-f77ac000 r--s 00000000 08:01 131640                            
/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
f77ac000-f77ae000 r--p 00199000 08:01 921179                            
/usr/lib/locale/locale-archive
f77ae000-f77b1000 rw-p 00000000 00:00 0
f77b1000-f77b3000 r--p 00000000 00:00 0                                  [vvar]
f77b3000-f77b5000 r-xp 00000000 00:00 0                                  [vdso]
f77b5000-f77d8000 r-xp 00000000 08:01 1045240                           
/lib/i386-linux-gnu/ld-2.24.so
f77d8000-f77d9000 r--p 00022000 08:01 1045240                           
/lib/i386-linux-gnu/ld-2.24.so
f77d9000-f77da000 rw-p 00023000 08:01 1045240                           
/lib/i386-linux-gnu/ld-2.24.so
ffbe3000-ffc04000 rw-p 00000000 00:00 0                                 
[stack]
Aborted

----

Thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to