Multiple memory corruptions in objdump (binuitils-2.30-15ubuntu1)

Bug #1763102 reported by Sergej Schumilo on 2018-04-11
This bug affects 2 people
Affects Status Importance Assigned to Milestone
binutils (Ubuntu)

Bug Description

Dear all,
The following binutils objdump memory corruptions were found by a modified version of the kAFL fuzzer ( I have attached the crashing inputs and each ASAN report.

Steps to reproduce:

Build current verison of binutils:
pull-lp-source binutils
cd binutils-2.30
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address
-fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make

Run inputs under ASAN:

ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./objdump --dwarf-check -C -g -f -dwarf -x $file

We can verify those issues for objdump binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils").

Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität Bochum)

Best regards,
Sergej Schumilo

Sergej Schumilo (schumilo) wrote :
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better.

Please report this issue to the upstream binutils developers by filing a bug at

Once the binutils team has evaluated the issue, and a proper fix is available, we will release a security update for Ubuntu.

Sergej Schumilo (schumilo) wrote :
Seth Arnold (seth-arnold) wrote :

Reported to libiberty developers:

information type: Private Security → Public Security
Changed in binutils (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.