bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/24273] New: An out-of-bounds read in bfd_hash_hash()


From: mgcho.minic at gmail dot com
Subject: [Bug binutils/24273] New: An out-of-bounds read in bfd_hash_hash()
Date: Wed, 27 Feb 2019 05:35:56 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=24273

            Bug ID: 24273
           Summary: An out-of-bounds read in bfd_hash_hash()
           Product: binutils
           Version: 2.33 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mgcho.minic at gmail dot com
  Target Milestone: ---

Created attachment 11652
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11652&action=edit
Poc to trigger bug

Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04 (x86)

An out-of-bounds read occurred when processing malformed ELF file.


ASAN output:

==256772==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3f038e0
at pc 0x082e228e bp 0xffcafc58 sp 0xffcafc4c
READ of size 1 at 0xf3f038e0 thread T0
    #0 0x82e228d in bfd_hash_hash /home/seclab/binutils-gdb/bfd/hash.c:442:15
    #1 0x82e1aa8 in bfd_hash_lookup /home/seclab/binutils-gdb/bfd/hash.c:468:10
    #2 0x82f6763 in bfd_make_section_anyway_with_flags
/home/seclab/binutils-gdb/bfd/section.c:1166:8
    #3 0x82f69e2 in bfd_make_section_anyway
/home/seclab/binutils-gdb/bfd/section.c:1213:10
    #4 0x83d7ecf in _bfd_elf_make_section_from_shdr
/home/seclab/binutils-gdb/bfd/elf.c:1008:13
    #5 0x83fbaca in bfd_section_from_shdr
/home/seclab/binutils-gdb/bfd/elf.c:2494:11
    #6 0x83baada in bfd_elf64_object_p
/home/seclab/binutils-gdb/bfd/./elfcode.h:818:7
    #7 0x82ddd12 in bfd_check_format_matches
/home/seclab/binutils-gdb/bfd/format.c:315:14
    #8 0x817038c in display_object_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:3957:7
    #9 0x81702ad in display_any_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4049:5
    #10 0x816f8a0 in display_file
/home/seclab/binutils-gdb/binutils/./objdump.c:4070:3
    #11 0x816efb2 in main /home/seclab/binutils-gdb/binutils/./objdump.c:4380:6
    #12 0xf7570636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
    #13 0x806c967 in _start (/tmp/binutils-master/bin/objdump+0x806c967)


Credits:

Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]