Ubuntu
binutils package

Bug #1967082
Activity log

Activity log for bug #1967082

Date	Who	What changed	Old value	New value	Message
2022-03-30 08:59:16	Nils	bug			added bug
2022-03-30 08:59:23	Nils	information type	Private Security	Public Security
2022-03-30 08:59:48	Nils	affects	poppler (Ubuntu)	binutils (Ubuntu)
2022-03-30 09:00:22	Nils	description	SIGSEGV and out-of-bounds write during processing file via objdump # Description During processing of the attached elf file via ``` objdump -a testcase ``` an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV) This allows an attacker to perform a denial of service and possibly opens up other attack vectors if files from untrusted sources are processed. For reproduction of the crash, I attached the following script(s): - reproduce-ubuntu.sh : Reproduction on Ubuntu 20.04 Since I was unable to reproduce the bug upstream, I report it here. If you need further assistance, please do not hesitate to ask. # Ubuntu version # apt show binutils Package: binutils Version: 2.34-6ubuntu1.3 Priority: optional Build-Essential: yes Section: devel Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Matthias Klose <doko@debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 110 kB Provides: binutils-gold, elf-binutils Depends: binutils-common (= 2.34-6ubuntu1.3), libbinutils (= 2.34-6ubuntu1.3), binutils-x86-64-linux-gnu (= 2.34-6ubuntu1.3) Suggests: binutils-doc (>= 2.34-6ubuntu1.3) Conflicts: binutils-mingw-w64-i686 (<< 2.23.52.20130612-1+3), binutils-mingw-w64-x86-64 (<< 2.23.52.20130612-1+3), binutils-multiarch (<< 2.27-8), modutils (<< 2.4.19-1) Homepage: https://www.gnu.org/software/binutils/ Task: ubuntustudio-video, ubuntu-mate-core, ubuntu-mate-desktop Download-Size: 3380 B APT-Manual-Installed: yes APT-Sources: http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages Description: GNU assembler, linker and binary utilities # Ubuntu valgrind ==1== Memcheck, a memory error detector ==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==1== Command: objdump -S /testcase ==1== objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size objdump: /testcase: warning: loop in section dependencies detected objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469f4 is 1,940 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: warning: loop in section dependencies detected ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: file format not recognized ==1== ==1== HEAP SUMMARY: ==1== in use at exit: 0 bytes in 0 blocks ==1== total heap usage: 29 allocs, 29 frees, 178,276 bytes allocated ==1== ==1== All heap blocks were freed -- no leaks are possible ==1== ==1== For lists of detected and suppressed errors, rerun with: -s ==1== ERROR SUMMARY: 29 errors from 8 contexts (suppressed: 0 from 0)	SIGSEGV and out-of-bounds write during processing file via objdump # Description During processing of the attached elf file via ``` objdump -S testcase ``` an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV) This allows an attacker to perform a denial of service and possibly opens up other attack vectors if files from untrusted sources are processed. For reproduction of the crash, I attached the following script(s): - reproduce-ubuntu.sh : Reproduction on Ubuntu 20.04 Since I was unable to reproduce the bug upstream, I report it here. If you need further assistance, please do not hesitate to ask. # Ubuntu version # apt show binutils Package: binutils Version: 2.34-6ubuntu1.3 Priority: optional Build-Essential: yes Section: devel Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Matthias Klose <doko@debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 110 kB Provides: binutils-gold, elf-binutils Depends: binutils-common (= 2.34-6ubuntu1.3), libbinutils (= 2.34-6ubuntu1.3), binutils-x86-64-linux-gnu (= 2.34-6ubuntu1.3) Suggests: binutils-doc (>= 2.34-6ubuntu1.3) Conflicts: binutils-mingw-w64-i686 (<< 2.23.52.20130612-1+3), binutils-mingw-w64-x86-64 (<< 2.23.52.20130612-1+3), binutils-multiarch (<< 2.27-8), modutils (<< 2.4.19-1) Homepage: https://www.gnu.org/software/binutils/ Task: ubuntustudio-video, ubuntu-mate-core, ubuntu-mate-desktop Download-Size: 3380 B APT-Manual-Installed: yes APT-Sources: http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages Description: GNU assembler, linker and binary utilities # Ubuntu valgrind ==1== Memcheck, a memory error detector ==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==1== Command: objdump -S /testcase ==1== objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size objdump: /testcase: warning: loop in section dependencies detected objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469f4 is 1,940 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: warning: loop in section dependencies detected ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: file format not recognized ==1== ==1== HEAP SUMMARY: ==1== in use at exit: 0 bytes in 0 blocks ==1== total heap usage: 29 allocs, 29 frees, 178,276 bytes allocated ==1== ==1== All heap blocks were freed -- no leaks are possible ==1== ==1== For lists of detected and suppressed errors, rerun with: -s ==1== ERROR SUMMARY: 29 errors from 8 contexts (suppressed: 0 from 0)
2022-03-30 09:07:46	Nils	description	SIGSEGV and out-of-bounds write during processing file via objdump # Description During processing of the attached elf file via ``` objdump -S testcase ``` an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV) This allows an attacker to perform a denial of service and possibly opens up other attack vectors if files from untrusted sources are processed. For reproduction of the crash, I attached the following script(s): - reproduce-ubuntu.sh : Reproduction on Ubuntu 20.04 Since I was unable to reproduce the bug upstream, I report it here. If you need further assistance, please do not hesitate to ask. # Ubuntu version # apt show binutils Package: binutils Version: 2.34-6ubuntu1.3 Priority: optional Build-Essential: yes Section: devel Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Matthias Klose <doko@debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 110 kB Provides: binutils-gold, elf-binutils Depends: binutils-common (= 2.34-6ubuntu1.3), libbinutils (= 2.34-6ubuntu1.3), binutils-x86-64-linux-gnu (= 2.34-6ubuntu1.3) Suggests: binutils-doc (>= 2.34-6ubuntu1.3) Conflicts: binutils-mingw-w64-i686 (<< 2.23.52.20130612-1+3), binutils-mingw-w64-x86-64 (<< 2.23.52.20130612-1+3), binutils-multiarch (<< 2.27-8), modutils (<< 2.4.19-1) Homepage: https://www.gnu.org/software/binutils/ Task: ubuntustudio-video, ubuntu-mate-core, ubuntu-mate-desktop Download-Size: 3380 B APT-Manual-Installed: yes APT-Sources: http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages Description: GNU assembler, linker and binary utilities # Ubuntu valgrind ==1== Memcheck, a memory error detector ==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==1== Command: objdump -S /testcase ==1== objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size objdump: /testcase: warning: loop in section dependencies detected objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469f4 is 1,940 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: warning: loop in section dependencies detected ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: file format not recognized ==1== ==1== HEAP SUMMARY: ==1== in use at exit: 0 bytes in 0 blocks ==1== total heap usage: 29 allocs, 29 frees, 178,276 bytes allocated ==1== ==1== All heap blocks were freed -- no leaks are possible ==1== ==1== For lists of detected and suppressed errors, rerun with: -s ==1== ERROR SUMMARY: 29 errors from 8 contexts (suppressed: 0 from 0)	SIGSEGV and out-of-bounds write during processing file via objdump # Description During processing of the attached elf file via ``` objdump -S testcase ``` an out-of-bounds write is triggered and causes a segmentation fault (SIGSEGV) This allows an attacker to perform a denial of service and possibly opens up other attack vectors if files from untrusted sources are processed. For reproduction of the crash, I attached the following script(s): - reproduce-ubuntu.sh : Reproduction on Ubuntu 20.04 Since I was unable to reproduce the bug upstream, I report it here. If you need further assistance, please do not hesitate to ask. # Ubuntu version # apt show binutils Package: binutils Version: 2.34-6ubuntu1.3 Priority: optional Build-Essential: yes Section: devel Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Matthias Klose <doko@debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 110 kB Provides: binutils-gold, elf-binutils Depends: binutils-common (= 2.34-6ubuntu1.3), libbinutils (= 2.34-6ubuntu1.3), binutils-x86-64-linux-gnu (= 2.34-6ubuntu1.3) Suggests: binutils-doc (>= 2.34-6ubuntu1.3) Conflicts: binutils-mingw-w64-i686 (<< 2.23.52.20130612-1+3), binutils-mingw-w64-x86-64 (<< 2.23.52.20130612-1+3), binutils-multiarch (<< 2.27-8), modutils (<< 2.4.19-1) Homepage: https://www.gnu.org/software/binutils/ Task: ubuntustudio-video, ubuntu-mate-core, ubuntu-mate-desktop Download-Size: 3380 B APT-Manual-Installed: yes APT-Sources: http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages Description: GNU assembler, linker and binary utilities # Ubuntu valgrind ==1== Memcheck, a memory error detector ==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==1== Command: objdump -S /testcase ==1== objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size objdump: /testcase: warning: loop in section dependencies detected objdump: warning: /testcase has a corrupt section with a size (3c3b031b01) larger than the file size ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469f4 is 1,940 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid read of size 4 ==1== at 0x4A3FFA4: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A3FFAE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d469fc is 1,948 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: warning: loop in section dependencies detected ==1== Invalid write of size 4 ==1== at 0x4A40248: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A4036B: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Address 0x4d46a04 is 1,956 bytes inside a block of size 4,064 free'd ==1== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC85B: objalloc_free_block (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AABF: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x4B360B2: (below main) (libc-start.c:308) ==1== Block was alloc'd at ==1== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4ABC65B: _objalloc_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A227D4: bfd_alloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A22CED: bfd_zalloc (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A41DE9: _bfd_elf_new_section_hook (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A2485E: ??? (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A40CEB: _bfd_elf_make_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A401DE: bfd_section_from_shdr (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A3BD4F: bfd_elf64_object_p (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x4A1AB01: bfd_check_format_matches (in /usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so) ==1== by 0x116402: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump) ==1== objdump: /testcase: file format not recognized ==1== ==1== HEAP SUMMARY: ==1== in use at exit: 0 bytes in 0 blocks ==1== total heap usage: 29 allocs, 29 frees, 178,276 bytes allocated ==1== ==1== All heap blocks were freed -- no leaks are possible ==1== ==1== For lists of detected and suppressed errors, rerun with: -s ==1== ERROR SUMMARY: 29 errors from 8 contexts (suppressed: 0 from 0)
2022-03-30 17:33:26	Marc Deslauriers	binutils (Ubuntu): status	New	Incomplete
2022-03-31 07:31:34	Nils	attachment added		Crashing input and script for reproduction. https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1967082/+attachment/5575093/+files/objdump_01.zip
2022-07-24 04:17:16	Launchpad Janitor	binutils (Ubuntu): status	Incomplete	Expired

Ubuntubinutils package

Activity log for bug #1967082

Ubuntu
binutils package