binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c)

binutils is a set of tools necessary to build programs.

This issue was initially discovered because the nm process eat ~230GB of ram. Later on, another testcase hits the issue and now I have a stracktrace.
The relevant ASan output of the issue:

# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
    #8 0x4d8de4 in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-5.0.0/work/compiler-rt-5.0.0.src/lib/asan/
    #9 0x7fd0deccb41d in _objalloc_alloc /var/tmp/portage/sys-devel/binutils-9999/work/binutils/libiberty/objalloc.c:143:22
    #10 0x7fd0de921c24 in bfd_alloc /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/opncls.c:949:9
    #11 0x7fd0de921c24 in bfd_zalloc2 /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/opncls.c:1031
    #12 0x7fd0de9b2db8 in _bfd_elf_slurp_version_tables /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8222:2
    #13 0x7fd0de999da7 in bfd_elf64_slurp_symbol_table /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elfcode.h:1165:9
    #14 0x7fd0de9ed876 in _bfd_elf_canonicalize_dynamic_symtab /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elf.c:8099:19
    #15 0x7fd0de935fc7 in _bfd_generic_read_minisymbols /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/syms.c
    #16 0x513a53 in display_rel_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1107:14
    #17 0x510f56 in display_file /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1318:7
    #18 0x50faae in main /var/tmp/portage/sys-devel/binutils-9999/work/binutils/binutils/nm.c:1792:12
    #19 0x7fd0dd934680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
    #20 0x41ac18 in _init (/usr/x86_64-pc-linux-gnu/binutils-bin/git/nm+0x41ac18)

Affected version: and maybe past releases

Fixed version:

Commit fix:;h=bd61e135492ecf624880e6b78e5fcde3c9716df6

This bug was discovered by Agostino Sarubbo of Gentoo.



2017-09-21: bug discovered and reported to upstream
2017-09-24: upstream released a patch
2017-09-26: blog post about the issue
2017-09-29: CVE assigned

This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.


binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c)

This entry was posted in advisories, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.