Bug 28420 - segv in objdump at disassemble_bytes objdump.c:3059
Summary: segv in objdump at disassemble_bytes objdump.c:3059
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.38
Assignee: Alan Modra
: 28414 28421 (view as bug list)
Depends on:
Reported: 2021-10-05 17:38 UTC by Irfan Ariq
Modified: 2021-10-31 02:24 UTC (History)
0 users

See Also:
Last reconfirmed: 2021-10-06 00:00:00

poc and full stack trace (2.60 KB, application/x-zip-compressed)
2021-10-05 17:38 UTC, Irfan Ariq

Note You need to log in before you can comment on or make changes to this bug.
Description Irfan Ariq 2021-10-05 17:38:52 UTC
Created attachment 13703 [details]
poc and full stack trace


We are currently working on fuzz testing feature, and we found a **SEGV** on `objdump`.

The stack traces are as follow:
==2673==ERROR: AddressSanitizer: SEGV on unknown address 0x0000071a5d68 (pc 0x55ca946b0f38 bp 0x7ffd51b38d50 sp 0x7ffd51b38b00 T0)
==2673==The signal is caused by a READ memory access.
    #0 0x55ca946b0f37 in disassemble_bytes objdump.c:3059
    #1 0x55ca946b3342 in disassemble_section objdump.c:3455
    #2 0x55ca94b7e3c0 in bfd_map_over_sections .../binutils-git/bfd/section.c:1383
    #3 0x55ca946b4293 in disassemble_data objdump.c:3599
    #4 0x55ca946bb6cc in dump_bfd objdump.c:5006
    #5 0x55ca946bb994 in display_object_bfd objdump.c:5068
    #6 0x55ca946bbd2f in display_any_bfd objdump.c:5158
    #7 0x55ca946bbda6 in display_file objdump.c:5179
    #8 0x55ca946bd15a in main objdump.c:5529
The full stack trace is attached.

**Step to reproduce**

We configured `objdump` using `CFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --disable-shared --enable-targets=all` and build it using `make -j 10`, and run it with:

./objdump --reloc -a -r 32 ld -Ttext <attached file> -d
The input file is attached.

- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (98ca73a) of master branch on sourceware git ([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c))

Thank you.
Comment 1 Sourceware Commits 2021-10-06 07:32:24 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:


commit 1992e26ec4498bdd08fa960b449f6fa29e5759fa
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Oct 6 17:31:31 2021 +1030

    PR28420, ecoff fuzzing failures
            PR 28420
            * coff-mips.c (mips_adjust_reloc_in): Replace abort with error
            message and return.
            * ecoff.c (ecoff_slurp_reloc_table): Remove assertion and aborts,
            instead handle errors gracefully.
Comment 2 Alan Modra 2021-10-06 07:33:24 UTC
Comment 3 Alan Modra 2021-10-06 07:34:12 UTC
*** Bug 28421 has been marked as a duplicate of this bug. ***
Comment 4 Alan Modra 2021-10-07 05:39:07 UTC
*** Bug 28414 has been marked as a duplicate of this bug. ***
Comment 5 Sourceware Commits 2021-10-31 02:24:37 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:


commit 1c5e9d8d8cfdc4528ec4713dc6001e8b66c28134
Author: Alan Modra <amodra@gmail.com>
Date:   Sat Oct 30 19:19:13 2021 +1030

    Re: PR28420, ecoff fuzzing failures
    sym_ptr_ptr NULL results in segfaults.
            PR 28420
            * ecoff.c (ecoff_slurp_reloc_table): Don't leave sym_ptr_ptr NULL.