elf64-x86-64.c:1821)

swj22 at mails dot tsinghua.edu.cn Sat, 08 Feb 2025 00:41:06 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=32665


            Bug ID: 32665
           Summary: ld buffer-overflow in elf_x86_64_convert_load_reloc
                    (bfd/elf64-x86-64.c:1821)
           Product: binutils
           Version: 2.45 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

**Description**
A segv can occur in ld  when using the  --version-exports-section  option with
a specially crafted input file. This issue leads to buffer-overflow.

**Affected Version**
GNU ld (GNU Binutils) 2.45 (HEAD) Commit
66e701c09229d389f4046fddae586278fe3e014f

**Steps to Reproduce**

Build binutils 2.45 (HEAD) Commit 66e701c09229d389f4046fddae586278fe3e014f 
with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make
-j).
Run the following command:

/tmp/binutils-gdb/bins/bin/ld   --version-exports-section 123 /tmp/poc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1298944==ERROR: AddressSanitizer: SEGV on unknown address 0x2a947fff6107 (pc
0x56407bc31b8a bp 0x7ffed6ae5620 sp 0x7ffed6ae4b80 T0)
==1298944==The signal is caused by a READ memory access.
    #0 0x56407bc31b8a in elf_x86_64_convert_load_reloc
/tmp/binutils-gdb/bfd/elf64-x86-64.c:1821:16
    #1 0x56407bc2ca49 in elf_x86_64_scan_relocs
/tmp/binutils-gdb/bfd/elf64-x86-64.c:2545:9
    #2 0x56407bd16c45 in _bfd_elf_link_iterate_on_relocs
/tmp/binutils-gdb/bfd/elflink.c:4285:9
    #3 0x56407bc0b981 in elf_x86_64_early_size_sections
/tmp/binutils-gdb/bfd/elf64-x86-64.c:2994:6
    #4 0x56407bd292bc in bfd_elf_size_dynamic_sections
/tmp/binutils-gdb/bfd/elflink.c:6893:11
    #5 0x56407bb7c3a2 in ldelf_before_allocation
/tmp/binutils-gdb/ld/ldelf.c:1840:10
    #6 0x56407bb5d7ea in gldelf_x86_64_before_allocation
/tmp/binutils-gdb/ld/eelf_x86_64.c:172:3
    #7 0x56407bb5446b in elf_x86_64_before_allocation
/tmp/binutils-gdb/ld/eelf_x86_64.c:115:3
    #8 0x56407bb38a46 in ldemul_before_allocation
/tmp/binutils-gdb/ld/ldemul.c:96:3
    #9 0x56407baf5bcf in lang_process /tmp/binutils-gdb/ld/ldlang.c:8591:3
    #10 0x56407bb238d2 in main /tmp/binutils-gdb/ld/./ldmain.c:533:3
    #11 0x7f93a34f2082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #12 0x56407b9f5e6d in _start (/tmp/binutils-gdb/bins/bin/ld+0x385e6d)
(BuildId: 10d4dd0ec0a37f5a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/binutils-gdb/bfd/elf64-x86-64.c:1821:16 in
elf_x86_64_convert_load_reloc
==1298944==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/32665] New: ld buffer-overflow in elf_x86_64_convert_load_reloc (bfd/elf64-x86-64.c:1821)

Reply via email to