[Bug binutils/23147] New: Heap buffer overflow in pe_print

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23147] New: Heap buffer overflow in pe_print_idata

From:	mgcho.minic at gmail dot com
Subject:	[Bug binutils/23147] New: Heap buffer overflow in pe_print_idata
Date:	Mon, 07 May 2018 14:34:56 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23147

            Bug ID: 23147
           Summary: Heap buffer overflow in pe_print_idata
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 10998
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10998&action=edit
POC to trigger bug

Triggered by "./objdump -x -W $POC"
Tested on Ubuntu 16.04 (x86)


Heap buffer overread occurred when processing malformed PE file.

The GDB debugging information is as follows:

ASAN output:

==26446==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e0207f at
pc 0x08293f7a bp 0xbfc8e458 sp 0xbfc8e44c
READ of size 1 at 0xb5e0207f thread T0
    #0 0x8293f79 in bfd_getl32
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/libbfd.c:635:23
    #1 0x852550a in pe_print_idata
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:1544:31
    #2 0x8523579 in _bfd_pe_print_private_bfd_data_common
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/peigen.c:2905:3
    #3 0x84ed8f4 in pe_print_private_bfd_data
/home/min/fuzzing/src/binutils/binutils-gdb/bfd/./peicode.h:336:8
    #4 0x814737f in dump_bfd_private_header
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:2996:3
    #5 0x8145d10 in dump_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3589:5
    #6 0x8145539 in display_object_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3688:7
    #7 0x8145425 in display_any_bfd
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3777:5
    #8 0x8144e8b in display_file
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:3798:3
    #9 0x814457b in main
/home/min/fuzzing/src/binutils/binutils-gdb/binutils/./objdump.c:4100:6
    #10 0xb74f4636 in __libc_start_main
/build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291
    #11 0x806ca37 in _start
(/home/min/fuzzing/program/binutils-2.30-21432/bin/objdump+0x806ca37)


Credits:

Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei
University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/23147] New: Heap buffer overflow in pe_print_idata, mgcho.minic at gmail dot com <=
- [Bug binutils/23147] Heap buffer overflow in pe_print_idata, cvs-commit at gcc dot gnu.org, 2018/05/09
- [Bug binutils/23147] Heap buffer overflow in pe_print_idata, amodra at gmail dot com, 2018/05/09

Prev by Date: [Bug binutils/23142] objcopy: SIGSEGV in is_strip_section
Next by Date: [Bug binutils/23148] New: Heap buffer overflow in pe_print_edata
Previous by thread: [Bug binutils/23146] New: Many targets won't build with GCC 8
Next by thread: [Bug binutils/23147] Heap buffer overflow in pe_print_idata
Index(es):
- Date
- Thread