[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/22219] New: infinite loop in process_debug_info in dwarf.c
From: |
luanjunchao at 163 dot com |
Subject: |
[Bug binutils/22219] New: infinite loop in process_debug_info in dwarf.c in binutils 2.30(HEAD) |
Date: |
Wed, 27 Sep 2017 07:00:52 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=22219
Bug ID: 22219
Summary: infinite loop in process_debug_info in dwarf.c in
binutils 2.30(HEAD)
Product: binutils
Version: 2.30 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: luanjunchao at 163 dot com
Target Milestone: ---
Created attachment 10490
--> https://sourceware.org/bugzilla/attachment.cgi?id=10490&action=edit
poc of infinite loop
When I run "objdump -x -D -S -s -g -e -G --dwarf -t -T -r -R --special-syms
--inlines --dwarf-check loop.elf", it traps into function process_debug_info.
Some of the function snippet is here:
for (section_begin = start, unit = 0; start < end; unit++)
{
......
start += compunit.cu_length + initial_length_size;
......
}
When I debug it with gdb, I can see that compuint.cu_length = 0xfffffff4 and
initial_length_size =12 which leads to start +=0 each loop. Maybe there is an
integer overflow here.
The poc is attached here.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/22219] New: infinite loop in process_debug_info in dwarf.c in binutils 2.30(HEAD),
luanjunchao at 163 dot com <=