[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/32560] New: stack-buffer-overflow at objdump disassemble
From: |
swj22 at mails dot tsinghua.edu.cn |
Subject: |
[Bug binutils/32560] New: stack-buffer-overflow at objdump disassemble_bytes (objdump.c:3543:34) |
Date: |
Wed, 15 Jan 2025 03:43:45 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=32560
Bug ID: 32560
Summary: stack-buffer-overflow at objdump disassemble_bytes
(objdump.c:3543:34)
Product: binutils
Version: 2.43
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: swj22 at mails dot tsinghua.edu.cn
Target Milestone: ---
Created attachment 15882
--> https://sourceware.org/bugzilla/attachment.cgi?id=15882&action=edit
poc
Hello,
We are currently working on fuzz testing feature, and we found a
**stack-buffer-overflow** on `objudmp`.
The stack traces are as follow:
```
==491939==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff1cad0452 at pc 0x562af39c9768 bp 0x7fff1cad0370 sp 0x7fff1cad0368
WRITE of size 1 at 0x7fff1cad0452 thread T0
#0 0x562af39c9767 in disassemble_bytes
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3543:34
#1 0x562af39c1843 in disassemble_section
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:4116:4
#2 0x562af3b8125a in bfd_map_over_sections
/data/swj/optfuzz/benchmark/binutils-2.43/bfd/section.c:1387:5
#3 0x562af39b827a in disassemble_data
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:4264:3
#4 0x562af39b3858 in dump_bfd
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5795:2
#5 0x562af39b2989 in display_object_bfd
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5856:7
#6 0x562af39b2894 in display_any_bfd
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5943:5
#7 0x562af39b16bb in display_file
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5964:3
#8 0x562af39afe10 in main
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:6381:6
#9 0x7f33a2e65082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
#10 0x562af38ef61d in _start
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/objdump+0x1dd61d) (BuildId:
d2dc746ba5756ca34e6ed66603247470b04d42fe)
Address 0x7fff1cad0452 is located in stack of thread T0 at offset 210 in frame
#0 0x562af39c785f in disassemble_bytes
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3274
This frame has 3 object(s):
[32, 56) 'sfile' (line 3284)
[96, 126) 'buf' (line 3307)
[160, 210) 'buf127' (line 3394) <== Memory access at offset 210 overflows
this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3543:34 in
disassemble_bytes
```
**Step to reproduce**
We configured `objudmp` using
`CFLAGS="-g -fsanitize=address" ./configure --prefix=$(pwd)/ `
and build it using `make -j `, and run it with:
```
./objdump --insn-width 64 -d
```
The input file is attached.
**Environment**
- OS: Ubuntu 20.04.6 LTS
- Clang version: Ubuntu clang version 14.0.6
- binutils version: 2.43 https://ftp.gnu.org/gnu/binutils/binutils-2.43.tar.xz
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/32560] New: stack-buffer-overflow at objdump disassemble_bytes (objdump.c:3543:34),
swj22 at mails dot tsinghua.edu.cn <=