Hi,
I am Dongdong She, a PhD student in computer security area from Columbia University. We are doing some fuzzing tests on binutils-2.30 and found a integer-overflow bugs in strip-new.
Integer-overflow bug in strip-new.
Description: There is a interger-overflow bug in binutils/bfd/elf.c:7036 IS_CONTAINED_BY_LMA(). There should be a boundary checking for this function.
Configure names: host='x86_64-pc-linux-gnu' target='x86_64-pc-linux-gnu', we also upload the config.status file in the attachment.
Options: strip-new ./integer_overflow_input -o sss
Input: file interger_overflow_input
Thank you
Dongdong
config.status