[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25827] New: Null pointer dereferencing in scan_unit_for_sy
From: |
nguyenmanhdung1710 at gmail dot com |
Subject: |
[Bug binutils/25827] New: Null pointer dereferencing in scan_unit_for_symbols() in addr2line |
Date: |
Wed, 15 Apr 2020 13:58:34 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25827
Bug ID: 25827
Summary: Null pointer dereferencing in scan_unit_for_symbols()
in addr2line
Product: binutils
Version: 2.35 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: nguyenmanhdung1710 at gmail dot com
Target Milestone: ---
Created attachment 12459
--> https://sourceware.org/bugzilla/attachment.cgi?id=12459&action=edit
PoC for null pointer dereferencing in addr2line
Hi,
A null pointer dereferencing was discovered in addr2line (the latest commit
95a5156) in scan_unit_for_symbols(), that can cause a denial of service via a
crafted file.
To reproduce: addr2line s -e PoC
ASAN says:
==16618==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7fd509971746 bp 0x7ffd51517970 sp 0x7ffd515170f8 T0)
#0 0x7fd509971745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745)
#1 0x7fd509f161f8 in strdup
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x621f8)
#2 0x546284 in scan_unit_for_symbols ../../bfd/dwarf2.c:3394
#3 0x547ef6 in comp_unit_maybe_decode_line_info ../../bfd/dwarf2.c:3810
#4 0x547b63 in comp_unit_find_nearest_line ../../bfd/dwarf2.c:3769
#5 0x54d5e2 in _bfd_dwarf2_find_nearest_line ../../bfd/dwarf2.c:5040
#6 0x4b973c in _bfd_elf_find_nearest_line ../../bfd/elf.c:9133
#7 0x4035ea in find_address_in_section ../../binutils/addr2line.c:196
#8 0x421a3e in bfd_map_over_sections ../../bfd/section.c:1377
#9 0x403ae0 in translate_addresses ../../binutils/addr2line.c:274
#10 0x40412e in process_file ../../binutils/addr2line.c:411
#11 0x40460a in main ../../binutils/addr2line.c:525
#12 0x7fd50990682f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x402d98 in _start
(/home/dungnguyen/PoCs/binutils_f717994/addr2line+0x402d98)
Thanks,
Manh Dung
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/25827] New: Null pointer dereferencing in scan_unit_for_symbols() in addr2line,
nguyenmanhdung1710 at gmail dot com <=