public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug gdb/17947] New: S-Record handling read out of bounds
@ 2015-02-09 18:59 symeon.paraschoudis at htbridge dot com
0 siblings, 0 replies; only message in thread
From: symeon.paraschoudis at htbridge dot com @ 2015-02-09 18:59 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=17947
Bug ID: 17947
Summary: S-Record handling read out of bounds
Product: gdb
Version: 7.8
Status: NEW
Severity: critical
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: symeon.paraschoudis at htbridge dot com
Created attachment 8110
--> https://sourceware.org/bugzilla/attachment.cgi?id=8110&action=edit
testcase to reproduce it
Hello team!
When trying to open the attached test case, AddressSanitizer reports the
following:
=================================================================
==7193== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb536a0d2 at
pc 0x87eada2 bp 0xbfb63c38 sp 0xbfb63c2c
READ of size 1 at 0xb536a0d2 thread T0
#0 0x87eada1 in srec_scan srec.c:522
#1 0x87ec221 in srec_object_p srec.c:651 (discriminator 1)
#2 0x87c8740 in bfd_check_format_matches format.c:305
#3 0x84a5c7b in exec_file_attach exec.c:232
#4 0x8412a04 in catch_command_errors main.c:355
#5 0x84145f2 in captured_main main.c:1055
#6 0x84080d3 in catch_errors exceptions.c:506
#7 0x8414bee in gdb_main main.c:1172
#8 0x809462a in main gdb.c:33
#9 0xb5b37a82 in __libc_start_main libc-start.c:287
#10 0x80943d0 in _start ??:?
0xb536a0d2 is located 0 bytes to the right of 2-byte region
[0xb536a0d0,0xb536a0d2)
allocated by thread T0 here:
#0 0xb612b854 in malloc ??:?
#1 0x87c9882 in bfd_malloc libbfd.c:181
#2 0x87ea6e6 in srec_scan srec.c:483
#3 0x87ec221 in srec_object_p srec.c:651 (discriminator 1)
#4 0x87c8740 in bfd_check_format_matches format.c:305
#5 0x84a5c7b in exec_file_attach exec.c:232
#6 0x8412a04 in catch_command_errors main.c:355
#7 0x84145f2 in captured_main main.c:1055
#8 0x84080d3 in catch_errors exceptions.c:506
#9 0x8414bee in gdb_main main.c:1172
#10 0x809462a in main gdb.c:33
#11 0xb5b37a82 in __libc_start_main libc-start.c:287
Debugging it with gdb:
gdb$ r ~/Desktop/gdb_heap_overflow
Starting program: /home/user/Desktop/gdb-7.8.2/gdb/gdb
~/Desktop/gdb_heap_overflow
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
GNU gdb (GDB) 7.8.2
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Program received signal SIGSEGV, Segmentation fault.
--------------------------------------------------------------------------[regs]
EAX: 0x08767000 EBX: 0x0866DC38 ECX: 0x08745258 EDX: 0x00000630 o d I t S
z a P c
ESI: 0x00000000 EDI: 0x00000000 EBP: 0xBFFFEE58 ESP: 0xBFFFEDC0 EIP:
0x0837BB66
CS: 0073 DS: 007B ES: 007B FS: 0000 GS: 0033 SS: 007B
--------------------------------------------------------------------------[code]
=> 0x837bb66 <srec_scan+2191>: movzx eax,BYTE PTR [eax]
0x837bb69 <srec_scan+2194>: movzx eax,al
0x837bb6c <srec_scan+2197>: movzx eax,BYTE PTR [eax+0x8546ce0]
0x837bb73 <srec_scan+2204>: shl eax,0x4
0x837bb76 <srec_scan+2207>: mov edx,eax
0x837bb78 <srec_scan+2209>: mov eax,DWORD PTR [ebp-0x40]
0x837bb7b <srec_scan+2212>: add eax,0x1
0x837bb7e <srec_scan+2215>: movzx eax,BYTE PTR [eax]
--------------------------------------------------------------------------------
0x0837bb66 in srec_scan (abfd=0x8704858) at srec.c:557
557 check_sum += HEX (data);
gdb$ x/20x $eax
0x8767000: Cannot access memory at address 0x8767000
gdb$
My system is a Ubuntu 14.04 x86.
Thank you!
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-09 12:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-09 18:59 [Bug gdb/17947] New: S-Record handling read out of bounds symeon.paraschoudis at htbridge dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).