[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24273] New: An out-of-bounds read in bfd_hash_hash()
From: |
mgcho.minic at gmail dot com |
Subject: |
[Bug binutils/24273] New: An out-of-bounds read in bfd_hash_hash() |
Date: |
Wed, 27 Feb 2019 05:35:56 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24273
Bug ID: 24273
Summary: An out-of-bounds read in bfd_hash_hash()
Product: binutils
Version: 2.33 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mgcho.minic at gmail dot com
Target Milestone: ---
Created attachment 11652
--> https://sourceware.org/bugzilla/attachment.cgi?id=11652&action=edit
Poc to trigger bug
Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04 (x86)
An out-of-bounds read occurred when processing malformed ELF file.
ASAN output:
==256772==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf3f038e0
at pc 0x082e228e bp 0xffcafc58 sp 0xffcafc4c
READ of size 1 at 0xf3f038e0 thread T0
#0 0x82e228d in bfd_hash_hash /home/seclab/binutils-gdb/bfd/hash.c:442:15
#1 0x82e1aa8 in bfd_hash_lookup /home/seclab/binutils-gdb/bfd/hash.c:468:10
#2 0x82f6763 in bfd_make_section_anyway_with_flags
/home/seclab/binutils-gdb/bfd/section.c:1166:8
#3 0x82f69e2 in bfd_make_section_anyway
/home/seclab/binutils-gdb/bfd/section.c:1213:10
#4 0x83d7ecf in _bfd_elf_make_section_from_shdr
/home/seclab/binutils-gdb/bfd/elf.c:1008:13
#5 0x83fbaca in bfd_section_from_shdr
/home/seclab/binutils-gdb/bfd/elf.c:2494:11
#6 0x83baada in bfd_elf64_object_p
/home/seclab/binutils-gdb/bfd/./elfcode.h:818:7
#7 0x82ddd12 in bfd_check_format_matches
/home/seclab/binutils-gdb/bfd/format.c:315:14
#8 0x817038c in display_object_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:3957:7
#9 0x81702ad in display_any_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4049:5
#10 0x816f8a0 in display_file
/home/seclab/binutils-gdb/binutils/./objdump.c:4070:3
#11 0x816efb2 in main /home/seclab/binutils-gdb/binutils/./objdump.c:4380:6
#12 0xf7570636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#13 0x806c967 in _start (/tmp/binutils-master/bin/objdump+0x806c967)
Credits:
Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24273] New: An out-of-bounds read in bfd_hash_hash(),
mgcho.minic at gmail dot com <=