https://sourceware.org/bugzilla/show_bug.cgi?id=31843
Bug ID: 31843
Summary: Segfault in objdump (bfd_get_section_contents)
Product: binutils
Version: 2.42
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: g.priamo at diag dot uniroma1.it
Target Milestone: ---
Created attachment 15563
--> https://sourceware.org/bugzilla/attachment.cgi?id=15563&action=edit
Testcase
### Describe the bug
AddressSanitizer: SEGV on unknown address in objdump
(`bfd_get_section_contents`).
### To Reproduce
Cloned binutils from git://sourceware.org/git/binutils-gdb.git and built
version 2.42.50.20240604 (the crash reproduces also on release 2.42) taking
inspiration from the build script in
[oss-fuzz](https://github.com/google/oss-fuzz/blob/master/projects/binutils/build.sh):
```
export CFLAGS="-O0 -g -fno-omit-frame-pointer -fno-function-sections
-fno-unique-section-names -fsanitize=address"
cd binutils
sed -i 's/vfprintf (stderr/\/\//' elfcomm.c
sed -i 's/fprintf (stderr/\/\//' elfcomm.c
cd ../
./configure --disable-gdb --disable-gdbserver --disable-gdbsupport \
--disable-libdecnumber --disable-readline --disable-sim \
--disable-libbacktrace --disable-gas --disable-ld --disable-werror
\
--enable-targets=all
make clean
make MAKEINFO=true && true
```
The crash also reproduces with this simpler build configuration:
```
./configure --enable-targets=all
make
```
### ASAN Output
```
./objdump -S testcase
testcase: file format elf64-nfp
./objdump: testcase: invalid string offset 1751545201 >= 20 for section `''
./objdump: testcase: invalid string offset 906572078 >= 20 for section `''
./objdump: testcase: invalid string offset 738812268 >= 20 for section `''
./objdump: testcase: invalid string offset 154553390 >= 20 for section `''
./objdump: testcase: invalid string offset 1902390537 >= 20 for section `''
./objdump: testcase: invalid string offset 1764426094 >= 20 for section `''
./objdump: testcase: invalid string offset 1802926173 >= 20 for section `''
./objdump: testcase: invalid string offset 23489141 >= 20 for section `''
Disassembly of section .text:
0001000000000000 <.text>:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==560100==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000024 (pc
0x000000b7eda4 bp 0x7fffb04a3210 sp 0x7fffb04a3170 T0)
==560100==The signal is caused by a READ memory access.
==560100==Hint: address points to the zero page.
#0 0xb7eda4 in bfd_get_section_contents bfd/section.c:1568:16
#1 0x93b084 in init_nfp3200_priv opcodes/nfp-dis.c:2578:12
#2 0x937339 in init_nfp_priv opcodes/nfp-dis.c:2783:13
#3 0x935fb4 in _print_instrs opcodes/nfp-dis.c:2803:25
#4 0x935a8a in print_insn_nfp opcodes/nfp-dis.c:2973:9
#5 0x4e9d72 in disassemble_bytes binutils/./objdump.c:3509:20
#6 0x4e210b in disassemble_section binutils/./objdump.c:4116:4
#7 0xb7e6aa in bfd_map_over_sections bfd/section.c:1387:5
#8 0x4d87e3 in disassemble_data binutils/./objdump.c:4264:3
#9 0x4d3c23 in dump_bfd binutils/./objdump.c:5791:2
#10 0x4d2cdf in display_object_bfd binutils/./objdump.c:5852:7
#11 0x4d2be0 in display_any_bfd binutils/./objdump.c:5939:5
#12 0x4d19dc in display_file binutils/./objdump.c:5960:3
#13 0x4d0006 in main binutils/./objdump.c:6377:6
#14 0x7f624bf48082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#15 0x41d6ad in _start (objdump+0x41d6ad)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV bfd/section.c:1568:16 in
bfd_get_section_contents
==560100==ABORTING
```
### Environment info
`uname -a` output: Linux ThinkPad 5.15.0-107-generic #117~20.04.1-Ubuntu SMP
Tue Apr 30 10:35:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
### Testcase
See attached testcase file
--
You are receiving this mail because:
You are on the CC list for the bug.
