Submit #485254: GNU binutils/nm 2.43 Buffer Overflowinfo

Title	GNU binutils/nm 2.43 Buffer Overflow
Description	When exec nm with `nm --ifunc-chars "c-Gii-a---?" $inputfile` amy case `Hint: address points to the zero page.` The ASAN stack is attached below /data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm --ifunc-chars "c-Gii-a---?" id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1 /data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm: id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1: invalid string offset 4278190081 >= 22 for section `.strtab' 0000000000000000 B is_strip AddressSanitizer:DEADLYSIGNAL ================================================================= ==2882363==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000021 (pc 0x56116e3f3c80 bp 0x7ffe2df77b10 sp 0x7ffe2df77288 T0) ==2882363==The signal is caused by a READ memory access. ==2882363==Hint: address points to the zero page. #0 0x56116e3f3c80 in __sanitizer::internal_strlen(char const) (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId: 9d598c4b9c0b057147ee0991995238de5ef0bab6) #1 0x56116e37c0ab in printf_common(void, char const, __va_list_tag) asan_interceptors.cpp.o #2 0x56116e37d5e9 in printf (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x1255e9) (BuildId: 9d598c4b9c0b057147ee0991995238de5ef0bab6) #3 0x56116e419f7b in print_symbol_info_bsd /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1880:7 #4 0x56116e42241f in print_symbol /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1228:3 #5 0x56116e41ffdb in print_symbols /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1388:7 #6 0x56116e41e51f in display_rel_file /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1503:5 #7 0x56116e41964f in display_file /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1655:7 #8 0x56116e418a0a in main /data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:2170:12 #9 0x7f0ee8e3c082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #10 0x56116e35a58d in _start (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x10258d) (BuildId: 9d598c4b9c0b057147ee0991995238de5ef0bab6) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId: 9d598c4b9c0b057147ee0991995238de5ef0bab6) in __sanitizer::internal_strlen(char const*) ==2882363==ABORTING
Source	⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=32556
User	wenjusun (UID 80422)
Submission	01/19/2025 12:49 PM (5 months ago)
Moderation	02/10/2025 08:31 AM (22 days later)
Status	Accepted
VulDB Entry	295051 [GNU Binutils 2.43 nm binutils/nm.c internal_strlen const buffer overflow]
Points	20

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!