[prev in list] [next in list] [prev in thread] [next in thread]
List: binutils-bugs
Subject: [Bug binutils/29924] New: Huge memoy allocation in objdump
From: "pdeng21 at m dot fudan.edu.cn" <sourceware-bugzilla () sourceware ! org>
Date: 2022-12-21 7:58:56
Message-ID: bug-29924-70 () http ! sourceware ! org/bugzilla/
[Download RAW message or body]
https://sourceware.org/bugzilla/show_bug.cgi?id=29924
Bug ID: 29924
Summary: Huge memoy allocation in objdump
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: pdeng21 at m dot fudan.edu.cn
Target Milestone: ---
Created attachment 14533
--> https://sourceware.org/bugzilla/attachment.cgi?id=14533&action=edit
PoC to replay the vulnerability
#Summary
There is a huge memory allocation vulnerability in objdump, which can be
triggered by a craft elf file.
#Verification
git clone git://sourceware.org/git/binutils-gdb.git
CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" ./configure
--disable-shared && make -j$(nproc)
./binutils/objdump -S poc
#ASAN
=================================================================
==23722==ERROR: AddressSanitizer: allocator is out of memory trying to allocate
0x3000000001 bytes
#0 0x4942ed in malloc (/binutils-gdb/binutils/objdump+0x4942ed)
#1 0x8410c8 in xmalloc /binutils-gdb/libiberty/./xmalloc.c:149:12
#2 0x4dbb9d in load_separate_debug_files
/binutils-gdb/binutils/./dwarf.c:11965:7
#3 0x4c6e60 in display_object_bfd /binutils-gdb/binutils/./objdump.c
#4 0x4c6e60 in display_any_bfd /binutils-gdb/binutils/./objdump.c:5823:5
#5 0x4c5604 in display_file /binutils-gdb/binutils/./objdump.c:5844:3
#6 0x4c5604 in main /binutils-gdb/binutils/./objdump.c:6252:6
#7 0x7f08291dec86 in __libc_start_main
/build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
==23722==HINT: if you don't care about these errors you may set
allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory
(/binutils-gdb/binutils/objdump+0x4942ed) in malloc
==23722==ABORTING
#Envieonment
Ubuntu 18.04
clang 10.0.0
--
You are receiving this mail because:
You are on the CC list for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic