Mailinglist Archive: opensuse-bugs (4295 mails)

< Previous Next >
[Bug 1038881] New: VUL-1: binutils: NULLptr-print_symbol_for_build_attribute
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 12 May 2017 13:37:57 +0000
  • Message-id: <bug-1038881-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1038881


Bug ID: 1038881
Summary: VUL-1: binutils:
NULLptr-print_symbol_for_build_attribute
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 724895
--> http://bugzilla.opensuse.org/attachment.cgi?id=724895&action=edit
NULLptr-print_symbol_for_build_attribute_reproducer

Ref: https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
=======================================================================
# readelf -a $FILE
==7569==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc
0x0000005ca9f5 bp 0x7ffcef629b70 sp 0x7ffcef629b20 T0)
==7569==The signal is caused by a READ memory access.
==7569==Hint: address points to the zero page.
#0 0x5ca9f4 in print_symbol_for_build_attribute
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:16671:16
#1 0x5c2d08 in process_note
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c
#2 0x5bc388 in process_notes_at
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:17232:13
#3 0x5bbc82 in process_corefile_note_segments
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:17262:8
#4 0x548d86 in process_object
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c
#5 0x5167f8 in process_file
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:18055:13
#6 0x5167f8 in main
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:18127
#7 0x7f8ede38078f in __libc_start_main
/tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
#8 0x41a088 in getenv
(/usr/x86_64-pc-linux-gnu/binutils-bin/git/readelf+0x41a088)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/readelf.c:16671:16
in print_symbol_for_build_attribute
==7569==ABORTING

Affected version:
master at 2017-04-12 (dunno about other versions)

Fixed version:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00273-binutils-NULLptr-print_symbol_for_build_attribute

Commit fix:
N/A, seems to be fixed by one of the previous commits.
=======================================================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups