[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23361] New: OOM-Bug in bfd_malloc in libbfd.c
From: |
92wyunchao at gmail dot com |
Subject: |
[Bug binutils/23361] New: OOM-Bug in bfd_malloc in libbfd.c |
Date: |
Sun, 01 Jul 2018 13:13:43 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23361
Bug ID: 23361
Summary: OOM-Bug in bfd_malloc in libbfd.c
Product: binutils
Version: 2.30
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 92wyunchao at gmail dot com
Target Milestone: ---
Created attachment 11114
--> https://sourceware.org/bugzilla/attachment.cgi?id=11114&action=edit
poc to reproduce the crash
in bfd_malloc in binutils-2.30/bfd/libbfd.c, as distributed in GNU Binutils
2.30, allows attackers to trigger excessive memory consumption (aka OOM). This
can occur during execution of nm.
To reproduce:
#CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb"
LDFLAGS="-fsanitize=address" ./configure
#ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./nm-new $poc
ASan:
==90210==AddressSanitizer CHECK failed:
/build/llvm-toolchain-3.8-_PD09B/llvm-toolchain-3.8-3.8/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:183
"((0 && "unable to mmap")) != (0)" (0x0, 0x0)
#0 0x4c2a9d in __asan::AsanCheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long) asan_rtl.cc.o
#1 0x4c96c3 in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x4c96c3)
#2 0x4c98b1 in __sanitizer::ReportMmapFailureAndDie(unsigned long, char
const*, char const*, int, bool)
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x4c98b1)
#3 0x4d2822 in __sanitizer::MmapOrDie(unsigned long, char const*, bool)
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x4d2822)
#4 0x41f4af in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*)
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x41f4af)
#5 0x4b9471 in malloc
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x4b9471)
#6 0x52405c in bfd_malloc /home/s2e/asan/binutils-2.30/bfd/libbfd.c:193
#7 0x6a5118 in _bfd_elf_parse_attributes
/home/s2e/asan/binutils-2.30/bfd/elf-attrs.c:441
#8 0x5ce586 in bfd_section_from_shdr
/home/s2e/asan/binutils-2.30/bfd/elf.c:2465
#9 0x71a003 in bfd_elf32_object_p
/home/s2e/asan/binutils-2.30/bfd/./elfcode.h:805
#10 0x51dd2c in bfd_check_format_matches
/home/s2e/asan/binutils-2.30/bfd/format.c:311
#11 0x4ec122 in display_file
/home/s2e/asan/binutils-2.30/binutils/nm.c:1321
#12 0x4eb893 in main /home/s2e/asan/binutils-2.30/binutils/nm.c:1799
#13 0x7f154296e82f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#14 0x419368 in _start
(/home/s2e/asan/binutils-2.30/binutils/nm-new+0x419368)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/23361] New: OOM-Bug in bfd_malloc in libbfd.c,
92wyunchao at gmail dot com <=