Bug 28420 - segv in objdump at disassemble_bytes objdump.c:3059
Summary: segv in objdump at disassemble_bytes objdump.c:3059
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: 2.38
Assignee: Alan Modra
URL:
Keywords:
: 28414 28421 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-10-05 17:38 UTC by Irfan Ariq
Modified: 2021-10-31 02:24 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2021-10-06 00:00:00

Attachments
poc and full stack trace (2.60 KB, application/x-zip-compressed)
2021-10-05 17:38 UTC, Irfan Ariq 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Irfan Ariq 2021-10-05 17:38:52 UTC 
Created attachment 13703 [details]
poc and full stack trace

Hello,

We are currently working on fuzz testing feature, and we found a **SEGV** on `objdump`.

The stack traces are as follow:
```st
==2673==ERROR: AddressSanitizer: SEGV on unknown address 0x0000071a5d68 (pc 0x55ca946b0f38 bp 0x7ffd51b38d50 sp 0x7ffd51b38b00 T0)
==2673==The signal is caused by a READ memory access.
    #0 0x55ca946b0f37 in disassemble_bytes objdump.c:3059
    #1 0x55ca946b3342 in disassemble_section objdump.c:3455
    #2 0x55ca94b7e3c0 in bfd_map_over_sections .../binutils-git/bfd/section.c:1383
    #3 0x55ca946b4293 in disassemble_data objdump.c:3599
    #4 0x55ca946bb6cc in dump_bfd objdump.c:5006
    #5 0x55ca946bb994 in display_object_bfd objdump.c:5068
    #6 0x55ca946bbd2f in display_any_bfd objdump.c:5158
    #7 0x55ca946bbda6 in display_file objdump.c:5179
    #8 0x55ca946bd15a in main objdump.c:5529
```
The full stack trace is attached.

**Step to reproduce**

We configured `objdump` using `CFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --disable-shared --enable-targets=all` and build it using `make -j 10`, and run it with:

```
./objdump --reloc -a -r 32 ld -Ttext <attached file> -d
```
The input file is attached.

**Environment**
- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- binutils version: commit (98ca73a) of master branch on sourceware git ([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c))

Thank you.
Comment 1 Sourceware Commits 2021-10-06 07:32:24 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1992e26ec4498bdd08fa960b449f6fa29e5759fa

commit 1992e26ec4498bdd08fa960b449f6fa29e5759fa
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Oct 6 17:31:31 2021 +1030

    PR28420, ecoff fuzzing failures
    
            PR 28420
            * coff-mips.c (mips_adjust_reloc_in): Replace abort with error
            message and return.
            * ecoff.c (ecoff_slurp_reloc_table): Remove assertion and aborts,
            instead handle errors gracefully.
Comment 2 Alan Modra 2021-10-06 07:33:24 UTC 
Fixed
Comment 3 Alan Modra 2021-10-06 07:34:12 UTC 
*** Bug 28421 has been marked as a duplicate of this bug. ***
Comment 4 Alan Modra 2021-10-07 05:39:07 UTC 
*** Bug 28414 has been marked as a duplicate of this bug. ***
Comment 5 Sourceware Commits 2021-10-31 02:24:37 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1c5e9d8d8cfdc4528ec4713dc6001e8b66c28134

commit 1c5e9d8d8cfdc4528ec4713dc6001e8b66c28134
Author: Alan Modra <amodra@gmail.com>
Date:   Sat Oct 30 19:19:13 2021 +1030

    Re: PR28420, ecoff fuzzing failures
    
    sym_ptr_ptr NULL results in segfaults.
    
            PR 28420
            * ecoff.c (ecoff_slurp_reloc_table): Don't leave sym_ptr_ptr NULL.