https://sourceware.org/bugzilla/show_bug.cgi?id=34327
Bug ID: 34327
Summary: Out of bounds write in relocation processing for 8
architectures
Product: binutils
Version: 2.47 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: junrong at calif dot io
Target Milestone: ---
Created attachment 16801
--> https://sourceware.org/bugzilla/attachment.cgi?id=16801&action=edit
Includes PoC and ASAN crash logs
ASAN crashes were observed when running `objdump -g` on specially crafted
sparc, s390, xstormy16, d30v, spu, mmix, visium and s12z ELF binaries.
All except s12z are similar to the m32r bug, which was caused by insufficient
checks when writing a multibyte value.
For s12z, the bounds check is missing entirely.
Notably, SPARC and s390 are distributed in Debian's binutils-multiarch package,
so users do not need to explicitly enable the vulnerable architecture and
recompile to be affected.
Please refer to the attachment for more information.
--
You are receiving this mail because:
You are on the CC list for the bug.