Submit #485255: GNU binutils/objdump 2.43 Buffer Overflowinfo

Title	GNU binutils/objdump 2.43 Buffer Overflow
Description	Hello, We found a stack-buffer-overflow on `objudmp`. The stack traces are as follow: ``` ==491939==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff1cad0452 at pc 0x562af39c9768 bp 0x7fff1cad0370 sp 0x7fff1cad0368 WRITE of size 1 at 0x7fff1cad0452 thread T0 #0 0x562af39c9767 in disassemble_bytes /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3543:34 #1 0x562af39c1843 in disassemble_section /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:4116:4 #2 0x562af3b8125a in bfd_map_over_sections /data/swj/optfuzz/benchmark/binutils-2.43/bfd/section.c:1387:5 #3 0x562af39b827a in disassemble_data /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:4264:3 #4 0x562af39b3858 in dump_bfd /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5795:2 #5 0x562af39b2989 in display_object_bfd /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5856:7 #6 0x562af39b2894 in display_any_bfd /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5943:5 #7 0x562af39b16bb in display_file /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:5964:3 #8 0x562af39afe10 in main /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:6381:6 #9 0x7f33a2e65082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #10 0x562af38ef61d in _start (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/objdump+0x1dd61d) (BuildId: d2dc746ba5756ca34e6ed66603247470b04d42fe) Address 0x7fff1cad0452 is located in stack of thread T0 at offset 210 in frame #0 0x562af39c785f in disassemble_bytes /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3274 This frame has 3 object(s): [32, 56) 'sfile' (line 3284) [96, 126) 'buf' (line 3307) [160, 210) 'buf127' (line 3394) <== Memory access at offset 210 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions are supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /data/swj/optfuzz/benchmark/binutils-2.43/binutils/./objdump.c:3543:34 in disassemble_bytes ``` Step to reproduce We configured `objudmp` using `CFLAGS="-g -fsanitize=address" ./configure --prefix=$(pwd)/ ` and build it using `make -j `, and run it with: ``` ./objdump --insn-width 64 -d ``` The input file is attached. Environment - OS: Ubuntu 20.04.6 LTS - Clang version: Ubuntu clang version 14.0.6 - binutils version: 2.43 https://ftp.gnu.org/gnu/binutils/binutils-2.43.tar.xz Thank you.
Source	⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=32560
User	wenjusun (UID 80422)
Submission	01/19/2025 12:52 PM (2 months ago)
Moderation	01/29/2025 04:22 PM (10 days later)
Status	Accepted
VulDB Entry	293997 [GNU Binutils up to 2.43 binutils/objdump.c disassemble_bytes buf stack-based overflow]
Points	20

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!