[Bug binutils/22788] New: AddressSanitizer: SEGV /home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/libbfd.c:558 bfd_getl32

[hizhangsword at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=22788

            Bug ID: 22788
           Summary: AddressSanitizer: SEGV
                    /home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/li
                    bbfd.c:558 bfd_getl32
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: hizhangsword at gmail dot com
  Target Milestone: ---

Created attachment 10784
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10784&action=edit
the crafted file generated by afl

A crafted elf file can lead SEGV in
function:/binutils/binutils_git/binutils-gdb/bfd/libbfd.c:558 bfd_getl32;
The crafted elf file was found by fuzzing tool:afl;
Tests in version 2.30 and commit 0eb876f52f348ff08be24bca6cbca00e302839b2 both
worked；

address@hidden:/home/ubuntu/binutils/binutils_git/binutils-gdb# binutils/objdump
-x crashes/id:000025,sig:06,src:000072,op:int32,pos:6216,val:be:+16
ASAN:SIGSEGV
=================================================================
==869==ERROR: AddressSanitizer: SEGV on unknown address 0x14500b88 (pc
0x08275e3b bp 0x14500b8b sp 0xffe1f7a0 T0)
    #0 0x8275e3a in bfd_getl32
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/libbfd.c:558
    #1 0x83499b5 in elf_parse_notes
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/elf.c:11024
    #2 0x836d9a1 in _bfd_elf_make_section_from_shdr
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/elf.c:1098
    #3 0x8361481 in _bfd_elf_make_section_from_shdr
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/elf.c:988
    #4 0x8361481 in bfd_section_from_shdr
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/elf.c:2443
    #5 0x85575dd in bfd_elf32_object_p
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/elfcode.h:805
    #6 0x826abfb in bfd_check_format_matches
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/format.c:311
    #7 0x806af3e in display_object_bfd objdump.c:3663
    #8 0x806af3e in display_any_bfd objdump.c:3754
    #9 0x8056dab in display_file objdump.c:3775
    #10 0x8056dab in main objdump.c:4077
    #11 0xf70a7636 in __libc_start_main (/lib32/libc.so.6+0x18636)
    #12 0x8059cfb 
(/home/ubuntu/binutils/binutils_git/binutils-gdb/binutils/objdump+0x8059cfb)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/ubuntu/binutils/binutils_git/binutils-gdb/bfd/libbfd.c:558 bfd_getl32
==869==ABORTING
address@hidden:/home/ubuntu/binutils/binutils_git/binutils-gdb# git show
commit 0eb876f52f348ff08be24bca6cbca00e302839b2

The crafted file please check the attachement；
Please forgive me for my bad english，^_^

-- 
You are receiving this mail because:
You are on the CC list for the bug.