[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd
From: |
mgcho.minic at gmail dot com |
Subject: |
[Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd_codes |
Date: |
Tue, 20 Aug 2019 21:03:55 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24922
Bug ID: 24922
Summary: An out-of-bounds read in pex64_xdata_print_uwd_codes
Product: binutils
Version: 2.33 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mgcho.minic at gmail dot com
Target Milestone: ---
Created attachment 11956
--> https://sourceware.org/bugzilla/attachment.cgi?id=11956&action=edit
Poc to trigger bug
Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04
An out-of-bounds read occurred when processing malformed input.
configuration:
CC=clang-5.0 CFLAGS="-m32 -Wextra -Wno-missing-field-initializers
-fsanitize=address -fno-omit-frame-pointer -g" CXX=clang++-5.0 CXXFLAGS="-m32"
./configure --disable-gdb --disable-gold --disable-gas --disable-gprof
ASAN output:
==108913==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf2a028af
at pc 0x0832aa07 bp 0xffd22f58 sp 0xffd22f4c
READ of size 1 at 0xf2a028af thread T0
#0 0x832aa06 in bfd_getl32 /home/seclab/binutils-gdb/bfd/libbfd.c:698:24
#1 0x873c1a5 in pex64_xdata_print_uwd_codes
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:244:14
#2 0x8738e6e in pex64_dump_xdata
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:441:5
#3 0x872ad92 in pex64_bfd_print_pdata_section
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:757:8
#4 0x8726c5e in pex64_bfd_print_pdata
/home/seclab/binutils-gdb/bfd/pei-x86_64.c:793:12
#5 0x877ba9d in _bfd_pex64_print_private_bfd_data_common
/home/seclab/binutils-gdb/bfd/pex64igen.c:2917:5
#6 0x873595a in pe_print_private_bfd_data
/home/seclab/binutils-gdb/bfd/./peicode.h:336:8
#7 0x8174bd4 in dump_bfd_private_header
/home/seclab/binutils-gdb/binutils/./objdump.c:3352:8
#8 0x817312f in dump_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:3992:5
#9 0x8171f56 in display_object_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4132:7
#10 0x8171e54 in display_any_bfd
/home/seclab/binutils-gdb/binutils/./objdump.c:4222:5
#11 0x81714a0 in display_file
/home/seclab/binutils-gdb/binutils/./objdump.c:4243:3
#12 0x8170bed in main /home/seclab/binutils-gdb/binutils/./objdump.c:4561:6
#13 0xf74bf636 in __libc_start_main
/build/glibc-GoSbp4/glibc-2.23/csu/../csu/libc-start.c:291
#14 0x806e677 in _start
(/home/seclab/fuzzing-experiment/fuzzing/program/x86/binutils-triage-clang/master/bin/objdump+0x806e677)
Credits:
Mingi Cho, Seoyoung Kim, and Taekyoung Kwon of the Information Security Lab,
Yonsei University.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24922] New: An out-of-bounds read in pex64_xdata_print_uwd_codes,
mgcho.minic at gmail dot com <=