[Bug binutils/30906] New: Segmentation fault caused by npd in objdump, elf.c:9543

Tue, 26 Sep 2023 01:05:38 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=30906

            Bug ID: 30906
           Summary: Segmentation fault caused by npd in objdump,
                    elf.c:9543
           Product: binutils
           Version: 2.42 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 15139
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15139&action=edit
poc

Hi, there.

There is a stack overflow in the newest version(093da43d2) of objdump,
_bfd_elf_slurp_version_tables, elf.c:9543, which directly causes a segmentation
fault.

To reproduce, run
objdump -D POC

Here is the trace reported by ASAN:
==2009088==ERROR: MemorySanitizer: SEGV on unknown address 0x00000000002c (pc
0x00000077865f bp 0x719000000010 sp 0x7ffe54854c10 T2009088)
==2009088==The signal is caused by a READ memory access.
==2009088==Hint: address points to the zero page.
    #0 0x77865f in _bfd_elf_slurp_version_tables 
/benchmark/binutils-gdb/build-a/bfd/../../bfd/elf.c:9543:14
    #1 0x75d7a8 in bfd_elf64_slurp_symbol_table 
/benchmark/binutils-gdb/build-a/bfd/../../bfd/elfcode.h:1278:9
    #2 0x7b5381 in _bfd_elf_canonicalize_dynamic_symtab 
/benchmark/binutils-gdb/build-a/bfd/../../bfd/elf.c:9285:19
    #3 0x4b6a7f in slurp_dynamic_symtab 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c:1051:17
    #4 0x4b6a7f in dump_bfd 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c:5656:12
    #5 0x4b4174 in display_object_bfd 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c
    #6 0x4b4174 in display_any_bfd 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c:5837:5
    #7 0x4b0742 in display_file 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c:5858:3
    #8 0x4b0742 in main 
/benchmark/binutils-gdb/build-a/binutils/../../binutils/objdump.c:6269:6
    #9 0x7f8e1943e082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #10 0x41e58d in _start (
/benchmark/binutils-gdb/build-a/binutils/objdump+0x41e58d)

MemorySanitizer can not provide additional info.
SUMMARY: MemorySanitizer: SEGV 
/benchmark/binutils-gdb/build-a/bfd/../../bfd/elf.c:9543:14 in
_bfd_elf_slurp_version_tables
==2009088==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to