[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/32136] New: Use-of-uninitialized-memory bug in function ev
From: |
sabatini.1794627 at studenti dot uniroma1.it |
Subject: |
[Bug binutils/32136] New: Use-of-uninitialized-memory bug in function evax_bfd_print_image() |
Date: |
Tue, 03 Sep 2024 09:03:41 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=32136
Bug ID: 32136
Summary: Use-of-uninitialized-memory bug in function
evax_bfd_print_image()
Product: binutils
Version: 2.44 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: sabatini.1794627 at studenti dot uniroma1.it
Target Milestone: ---
We found a “conditional jump or move depends on uninitialized value” bug in
function `evax_bfd_print_image()`, which in turns invokes function “fprintf()”,
after testing one of the harnesses provided on the OSS-Fuzz repository
(fuzz_objdump_safe).
In the attached archive you will find:
- the executable on which we performed our tests
- the input file that caused the bug
- the output of Valgrind confirming our finding
To reproduce the errors, a memory safety tool is required to expose the bug.
Run the given binary with the testcase files inside Valgrind with a command
like `valgrind ./fuzz_objdump_safe /path_to_testcases/input.
Valgrind output
==235== Conditional jump or move depends on uninitialized value(s)
==235== at 0x483EEFD: strnlen (in
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==235== by 0x4A5A089: __vfprintf_internal (vfprintf-internal.c:1688)
==235== by 0x4A44C69: fprintf (fprintf.c:32)
==235== by 0xE0C0F4: evax_bfd_print_image (in /out/fuzz_objdump_safe)
==235== by 0xDFF4C5: vms_bfd_print_private_bfd_data (in /out/fuzz_objdump_safe)
==235== by 0x7FB7A0: dump_bfd (in /out/fuzz_objdump_safe)
==235== by 0x7FABB4: display_any_bfd (in /out/fuzz_objdump_safe)
==235== by 0x7FA9FC: LLVMFuzzerTestOneInput (in /out/fuzz_objdump_safe)
==235== by 0x7F71D9: ExecuteFilesOnyByOne (in /out/fuzz_objdump_safe)
==235== by 0x7F6FD5: LLVMFuzzerRunDriver (in /out/fuzz_objdump_safe)
==235== by 0x7F6B8D: main (in /out/fuzz_objdump_safe)
Environment info
The program has been tested on the standard Docker image provided on OSS-Fuzz
using Ubuntu 20.04 (x86_64), providing AFL++ as fuzzing engine and build flag
`--sanitizer=none`.
Also, we manually added the flag `-ldl` to the environment variables $CFLAGS
and $CXXFLAGS.
The hash commit used to perform the tests is `a6ecb18`.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/32136] New: Use-of-uninitialized-memory bug in function evax_bfd_print_image(),
sabatini.1794627 at studenti dot uniroma1.it <=
- [Bug binutils/32136] Use-of-uninitialized-memory bug in function evax_bfd_print_image(), sabatini.1794627 at studenti dot uniroma1.it, 2024/09/03
- [Bug binutils/32136] Use-of-uninitialized-memory bug in function evax_bfd_print_image(), sabatini.1794627 at studenti dot uniroma1.it, 2024/09/04
- [Bug binutils/32136] Use-of-uninitialized-memory bug in function evax_bfd_print_image(), amodra at gmail dot com, 2024/09/05
- [Bug binutils/32136] Use-of-uninitialized-memory bug in function evax_bfd_print_image(), cvs-commit at gcc dot gnu.org, 2024/09/05
- [Bug binutils/32136] Use-of-uninitialized-memory bug in function evax_bfd_print_image(), amodra at gmail dot com, 2024/09/05