[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24793] New: A memory leak of objdump in Binutils 2.32
From: |
15664243668 at 163 dot com |
Subject: |
[Bug binutils/24793] New: A memory leak of objdump in Binutils 2.32 |
Date: |
Tue, 09 Jul 2019 15:23:41 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24793
Bug ID: 24793
Summary: A memory leak of objdump in Binutils 2.32
Product: binutils
Version: 2.32
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 15664243668 at 163 dot com
Target Milestone: ---
Created attachment 11899
--> https://sourceware.org/bugzilla/attachment.cgi?id=11899&action=edit
POC
Hi,
A memory leak was discovered in slurp_symtab in objdump.c, as distributed in
binutils v2.32. A crafted ELF input can cause crash with being executed by
objdump in binutils v2.32 and I have confirmed them with address sanitizer too.
Here are the POC files. Please use "objdump -d $POC" to reproduce the error. In
addition, I compiler binutils 2.32 to the 64-bit LSB version with ASAN. The
binutils runs in the x86-64 Ubuntu 16.04 services.
ASAN dumps the backtrace as follow:
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (f0000000) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (21000040) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8:
warning: multiple symbol tables detected - ignoring the table in section 15
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (f0000000) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (21000040) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8:
warning: multiple symbol tables detected - ignoring the table in section 15
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (f0000000) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
warning:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8
has a corrupt section with a size (21000040) larger than the file size
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8:
warning: multiple symbol tables detected - ignoring the table in section 15
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8:
file format elf32-iamcu
/home/yuetai/experiment/binutils-2.32_with_asan/binutils-2.32/binutils/objdump:
/home/zeroyu/CVE/output/objdump_learnAFL_1/crashes/id:000054,sig:06,src:002627,op:havoc,rep:8:
file truncated
=================================================================
==5097==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2013265920 byte(s) in 1 object(s) allocated from:
#0 0x7ffff6f02602 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x712833 in xmalloc xmalloc.c:147
#2 0x404ed6 in slurp_symtab objdump.c:697
#3 0x41506a in dump_bfd objdump.c:3793
#4 0x4155ae in display_object_bfd objdump.c:3883
#5 0x4159bb in display_any_bfd objdump.c:3973
#6 0x415a30 in display_file objdump.c:3994
#7 0x416ac1 in main objdump.c:4304
#8 0x7ffff68bc82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: 2013265920 byte(s) leaked in 1 allocation(s).
[Inferior 1 (process 5097) exited with code 027]
[Thread debugging using libthread_db enabled]
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24793] New: A memory leak of objdump in Binutils 2.32,
15664243668 at 163 dot com <=