bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/22219] New: infinite loop in process_debug_info in dwarf.c


From: luanjunchao at 163 dot com
Subject: [Bug binutils/22219] New: infinite loop in process_debug_info in dwarf.c in binutils 2.30(HEAD)
Date: Wed, 27 Sep 2017 07:00:52 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=22219

            Bug ID: 22219
           Summary: infinite loop in process_debug_info in dwarf.c in
                    binutils 2.30(HEAD)
           Product: binutils
           Version: 2.30 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: luanjunchao at 163 dot com
  Target Milestone: ---

Created attachment 10490
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10490&action=edit
poc of infinite loop

When I run "objdump -x -D -S -s -g -e -G --dwarf -t -T -r -R --special-syms
--inlines --dwarf-check loop.elf", it traps into function process_debug_info.

Some of the function snippet is here:

for (section_begin = start, unit = 0; start < end; unit++)
    {
......
  start += compunit.cu_length + initial_length_size;
......
}

When I debug it with gdb, I can see that compuint.cu_length = 0xfffffff4 and
initial_length_size =12 which leads to start +=0 each loop. Maybe there is an
integer overflow here.
The poc is attached here.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]