https://sourceware.org/bugzilla/show_bug.cgi?id=25961
Bug ID: 25961 Summary: [nm] crash at _IO_flush_all_lockp at genops.c:779 Product: binutils Version: 2.34 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dkcjd2000 at gmail dot com Target Milestone: --- Hello, I'm currently developing a new fuzzing feature, and I found a crash in nm. It crashed in _IO_flush_all_lockp at genops.c:779 I built it with Ubuntu 16.04 with gcc 5.4.0, and the following command to build nm from the source: ./configure --enable-targets=all ; make clean all -j 4; make install You can reproduce the crash with the following command: ./nm <attached file> Program received signal SIGSEGV, Segmentation fault. _IO_flush_all_lockp (do_lock=do_lock@entry=0) at genops.c:779 779 genops.c: No such file or directory. (gdb) bt #0 _IO_flush_all_lockp (do_lock=do_lock@entry=0) at genops.c:779 #1 0x00007ffff783ffbd in __GI_abort () at abort.c:74 #2 0x00007ffff78807ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff7999ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff788937a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7ffff799a008 "double free or corruption (!prev)", action=3) at malloc.c:5006 #4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867 #5 0x00007ffff788d53c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968 #6 0x0000000000720eac in objalloc_free_block (o=0xb14f70, block=block@entry=0xb165f0) at ./objalloc.c:286 #7 0x0000000000410855 in bfd_release (abfd=abfd@entry=0xb15290, block=block@entry=0xb165f0) at opncls.c:1072 #8 0x00000000004754e1 in coff_get_normalized_symtab (abfd=abfd@entry=0xb15290) at coffgen.c:1864 #9 0x000000000057fe67 in coff_slurp_symbol_table (abfd=0xb15290) at coffcode.h:4465 #10 0x00000000004731a1 in coff_get_symtab_upper_bound (abfd=0xb15290) at coffgen.c:426 #11 0x0000000000411b94 in _bfd_generic_read_minisymbols (abfd=0xb15290, dynamic=0, minisymsp=0x7fffffffe188, sizep=0x7fffffffe184) at syms.c:813 #12 0x0000000000403e99 in display_rel_file (abfd=abfd@entry=0xb15290, archive_bfd=archive_bfd@entry=0x0) at nm.c:1112 #13 0x000000000040488b in display_file (filename=0x7fffffffe5b0 "./report/crash3") at nm.c:1379 #14 0x0000000000404d50 in main (argc=2, argv=0x7fffffffe318) at nm.c:1860 -- You are receiving this mail because: You are on the CC list for the bug.