[Bug ld/22831] ld causes massive thrashing if object files are not fully memory-resident: new algorithm needed
https://sourceware.org/bugzilla/show_bug.cgi?id=22831 --- Comment #7 from Luke Kenneth Casson Leighton --- hi hjl, so how are you getting on with analysing this problem? is there anything that is unclear that i can assist you with understanding? -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22962] New: [RISCV] add abi subdirectories support to ld
https://sourceware.org/bugzilla/show_bug.cgi?id=22962 Bug ID: 22962 Summary: [RISCV] add abi subdirectories support to ld Product: binutils Version: 2.31 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: belyshev at depni dot sinp.msu.ru Target Milestone: --- ld/emulparams/elf64lriscv-defs.sh and friends were not updated after a change in glibc that placed libraries with different ABIs in subdirectories of lib64. This causes linker failure to find shared libraries in the standard locations. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 H.J. Lu changed: What|Removed |Added Status|WAITING |NEW --- Comment #18 from H.J. Lu --- A patch is posted at https://sourceware.org/ml/binutils/2018-03/msg00175.html -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 Dave Malcolm changed: What|Removed |Added CC||dmalcolm at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 --- Comment #17 from H.J. Lu --- Created attachment 10892 --> https://sourceware.org/bugzilla/attachment.cgi?id=10892=edit A patch I got [hjl@gnu-cfl-1 rhbz-1543912]$ make mkdir build /usr/gcc-8.0.1-x32/bin/gcc -I ./src -flto -B./ -O2 -g -c src/bootchart.c -o build/bootchart.o /usr/gcc-8.0.1-x32/bin/gcc -I ./src -flto -B./ -O2 -g -c src/log.c -o build/log.o /usr/gcc-8.0.1-x32/bin/gcc -flto -B./ -g -Wl,--gc-sections -Wl,--print-gc-sections \ build/bootchart.o build/log.o \ -o build/systemd-bootchart ./ld: removing unused section '.rodata.cst4' in file '/lib/../lib64/crt1.o' ./ld: removing unused section '.data' in file '/lib/../lib64/crt1.o' ./ld: removing unused section '.data' in file '/usr/gcc-8.0.1-x32/lib/gcc/x86_64-pc-linux-gnu/8.0.1/crtbegin.o' /usr/lib/rpm/debugedit build/systemd-bootchart [hjl@gnu-cfl-1 rhbz-1543912]$ I am trying to find a small test. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22957] Heap out of bounds read in pop_bincl()
https://sourceware.org/bugzilla/show_bug.cgi?id=22957 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Kamil, Thanks for reporting this problem. I have added a small patch to check for the STABS file stack being unwound incorrectly, so hopefully this bug should now be fixed. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22957] Heap out of bounds read in pop_bincl()
https://sourceware.org/bugzilla/show_bug.cgi?id=22957 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e45ad1239d7d8591d5e80d8cbba7d404c6c3640f commit e45ad1239d7d8591d5e80d8cbba7d404c6c3640f Author: Nick Clifton Date: Tue Mar 13 17:03:04 2018 + Prevent a buffer overrun when parsing corrupt STABS debug information. PR 22957 * stabs.c (pop_binincl): Fail if the file index is off the end of the stack. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22955] Heap out of bounds read in parse_stab_array_type()
https://sourceware.org/bugzilla/show_bug.cgi?id=22955 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Kamil, Thanks for reporting this problem. I have now checked in a patch to add some more range checking to cover this area of the code. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22956] Heap out of bounds read in pex64_get_unwind_info()
https://sourceware.org/bugzilla/show_bug.cgi?id=22956 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |WAITING Last reconfirmed||2018-03-13 CC||nickc at redhat dot com Ever confirmed|0 |1 --- Comment #1 from Nick Clifton --- Hi Kamil, I could not reproduce this bug, but I think that might be because of the recent fix for PR 22113. Please could you recheck and see if the problem still exists for you. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22955] Heap out of bounds read in parse_stab_array_type()
https://sourceware.org/bugzilla/show_bug.cgi?id=22955 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=81db3241f2c888c4fae188953085be224815 commit 81db3241f2c888c4fae188953085be224815 Author: Nick Clifton Date: Tue Mar 13 16:10:45 2018 + Add range changing to STABS parsing functions, in order to prevent buffer overruns. PR 22955 * stabs.c (parse_number): Add p_end parameter and use it to check the validity of the pp parameter. Add checks to prevent walking off the end of the string buffer. (parse_stab_string): Likewise. (parse_stab_type): Likewise. (parse_stab_type_number): Likewise. (parse_stab_range_type): Likewise. (parse_stab_sun_builtin_type): Likewise. (parse_stab_sun_floating_type): Likewise. (parse_stab_enum_type): Likewise. (parse_stab_struct_type): Likewise. (parse_stab_baseclasses): Likewise. (parse_stab_struct_fields): Likewise. (parse_stab_cpp_abbrev): Likewise. (parse_stab_one_struct_field): Likewise. (parse_stab_members): Likewise. (parse_stab_tilde_field): Likewise. (parse_stab_array_type): Likewise. * parse_stab: Compute the end of the string and then pass it on to individual parser functions. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 H.J. Lu changed: What|Removed |Added Status|REOPENED|WAITING --- Comment #16 from H.J. Lu --- (In reply to Richard Biener from comment #15) > The original testcase is fixed tho. For https://github.com/davidmalcolm/rhbz-1543912 with binutils master branch, I got mkdir build gcc -I ./src -flto -O2 -g -c src/bootchart.c -o build/bootchart.o gcc -I ./src -flto -O2 -g -c src/log.c -o build/log.o gcc -flto -g -Wl,--gc-sections -Wl,--print-gc-sections \ build/bootchart.o build/log.o \ -o build/systemd-bootchart /usr/local/bin/ld: removing unused section '.rodata.cst4' in file '/usr/lib/gcc/x86_64-redhat-linux/7/../../../../lib64/crt1.o' /usr/local/bin/ld: removing unused section '.data' in file '/usr/lib/gcc/x86_64-redhat-linux/7/../../../../lib64/crt1.o' /usr/local/bin/ld: removing unused section '.rodata' in file '/usr/lib/gcc/x86_64-redhat-linux/7/crtbegin.o' /usr/lib/rpm/debugedit build/systemd-bootchart It looks normal to me. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 Richard Biener changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- --- Comment #14 from Richard Biener --- The issue persists in 2.29.1 at least. Index: libstdc++-v3/testsuite/libstdc++-prettyprinters/prettyprinters.exp === --- libstdc++-v3/testsuite/libstdc++-prettyprinters/prettyprinters.exp (revision 258481) +++ libstdc++-v3/testsuite/libstdc++-prettyprinters/prettyprinters.exp (working copy) @@ -50,7 +50,7 @@ gdb-dg-runtest [lsort [glob $srcdir/$sub if { [check_effective_target_lto] } { append cxxflags " -flto" # work around sourceware.org 20882 - regsub {^(.*)-Wl,--gc-sections(.*)$} $cxxldflags {\1\2} cxxldflags + #regsub {^(.*)-Wl,--gc-sections(.*)$} $cxxldflags {\1\2} cxxldflags gdb-dg-runtest [lsort [glob $srcdir/$subdir/*.cc]] \ "" "$DEFAULT_CXXFLAGS -flto $PCH_CXXFLAGS" } shows the issue in a gcc tree with > make check-target-libstdc++-v3 RUNTESTFLAGS="prettyprinters.exp" you then get UNSUPPORTED tests with complaints like spawn gdb -nx -nw -quiet -batch -x cxx11.gdb^M Dwarf Error: could not find abbrev number 151 [in module /tmp/obj/x86_64-pc-linux-gnu/libstdc++-v3/testsuite/cxx11.exe]^M skipping: Dwarf Error: could not find abbrev number 151 [in module /tmp/obj/x86_64-pc-linux-gnu/libstdc++-v3/testsuite/cxx11.exe]^M cxx11.gdb:5: Error in sourced command file:^M No symbol table is loaded. Use the "file" command.^M skipping: cxx11.gdb:5: Error in sourced command file:^M skipping: No symbol table is loaded. Use the "file" command.^M UNSUPPORTED: libstdc++-prettyprinters/cxx11.cc See also https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84847 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20882] GNU ld discards sections required by relocations in .debug_info with --gc-sections
https://sourceware.org/bugzilla/show_bug.cgi?id=20882 --- Comment #15 from Richard Biener --- The original testcase is fixed tho. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22113] Heap out of bounds read in bfd_getl16()
https://sourceware.org/bugzilla/show_bug.cgi?id=22113 --- Comment #7 from Nick Clifton --- Hi Kamil, Thanks for reporting this problem. It is actually a differnt bug, albeit one in a similar area of code. I have checked in a patch that adds the necessary bounds checking, so this problem should now be resolved. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22113] Heap out of bounds read in bfd_getl16()
https://sourceware.org/bugzilla/show_bug.cgi?id=22113 --- Comment #6 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e33b239450771394fa6c83b67b9de80169f35e8 commit 3e33b239450771394fa6c83b67b9de80169f35e8 Author: Nick Clifton Date: Tue Mar 13 14:02:52 2018 + Prevent memory access violations when attempting to parse an x86_64 PE binary containing corrupt unwind information. PR 22113 incldue * coff/pe.h (struct pex64_unwind_info): Add a rawUnwindCodesEnd field. bfd * pei-x86_64.c (pex64_get_unwind_info): Change to a boolean function. Add an end address parameter. Check access of the data pointer to make sure that they do not extend beyond the end address. Return FALSE if any check fails. Add the end address pointer to the ui structure. (pex64_xdata_print_uwd_codes): Check accesses of the raw unwind codes to make sure that they do not extend beyond the end address pointer. Print an error message and return immediately if any check fails. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22957] New: Heap out of bounds read in pop_bincl()
https://sourceware.org/bugzilla/show_bug.cgi?id=22957 Bug ID: 22957 Summary: Heap out of bounds read in pop_bincl() Product: binutils Version: 2.30 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10891 --> https://sourceware.org/bugzilla/attachment.cgi?id=10891=edit Crashing test case (objdump) After some fuzz testing I found a crashing test case. Version: 2.30 Command: objdump -x -D -S -s -G -g -e -t -T -r -R objdump_hoobr_pop_bincl ASAN Context: ==2062==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020db70 at pc 0x00535b77 bp 0x7ffeaf342190 sp 0x7ffeaf342180 READ of size 8 at 0x6020db70 thread T0 #0 0x535b76 in pop_bincl XYZ/binutils-2.30.0/binutils/stabs.c:3213 #1 0x535b76 in parse_stab XYZ/binutils-2.30.0/binutils/stabs.c:565 #2 0x4ebd89 in read_section_stabs_debugging_info XYZ/binutils-2.30.0/binutils/rddbg.c:239 #3 0x4ebd89 in read_debugging_info XYZ/binutils-2.30.0/binutils/rddbg.c:56 #4 0x41f654 in dump_bfd objdump.c:3607 #5 0x421a77 in display_object_bfd objdump.c:3658 #6 0x421a77 in display_any_bfd objdump.c:3747 #7 0x40ea81 in display_file objdump.c:3768 #8 0x40ea81 in main objdump.c:4070 #9 0x7f36620ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #10 0x411ca8 in _start (/usr/local/bin/objdump+0x411ca8) 0x6020db71 is located 0 bytes to the right of 1-byte region [0x6020db70,0x6020db71) allocated by thread T0 here: #0 0x7f3662733602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0xb57fec in xmalloc xmalloc.c:147 SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.30.0/binutils/stabs.c:3213 pop_bincl Shadow bytes around the buggy address: 0x0c047fff9b10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9b20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9b50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c047fff9b60: fa fa fa fa fa fa 00 fa fa fa 01 fa fa fa[01]fa 0x0c047fff9b70: fa fa 00 00 fa fa 00 00 fa fa 07 fa fa fa 01 fa 0x0c047fff9b80: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 00 0x0c047fff9b90: fa fa 00 07 fa fa 01 fa fa fa 01 fa fa fa 00 00 0x0c047fff9ba0: fa fa 00 00 fa fa 00 01 fa fa 05 fa fa fa 04 fa 0x0c047fff9bb0: fa fa 00 01 fa fa 01 fa fa fa 01 fa fa fa 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe ==2062==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22954] Conditional jump or move depends on uninitialised value(s) in at 0x519BD27: __wmemchr_avx2 (memchr-avx2.S:260)
https://sourceware.org/bugzilla/show_bug.cgi?id=22954 H.J. Lu changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from H.J. Lu --- (In reply to Martin Liska from comment #0) > Maybe it's an issue of glibc, maybe valgrind can't handle that properly? > Thanks __wmemchr_avx2 uses vector compare and checks the elements of a vector within boundary: L(first_vec_x1_check): tzcntl %eax, %eax /* Check the end of data. */ cmpq%rax, %rdx jbe L(zero) addq$VEC_SIZE, %rax addq%rdi, %rax VZEROUPPER ret -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22956] New: Heap out of bounds read in pex64_get_unwind_info()
https://sourceware.org/bugzilla/show_bug.cgi?id=22956 Bug ID: 22956 Summary: Heap out of bounds read in pex64_get_unwind_info() Product: binutils Version: 2.30 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10890 --> https://sourceware.org/bugzilla/attachment.cgi?id=10890=edit Crashing test case (objdump) After some fuzz testing I found a crashing test case. Version: 2.30 Command: objdump -x -D -S -s -G -g -e -t -T -r -R objdump_hoobr_pex64_get_unwind_info ASAN Context: ==20442==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0dff7 at pc 0x00977e90 bp 0x7fffdace5b80 sp 0x7fffdace5b70 READ of size 1 at 0x60e0dff7 thread T0 #0 0x977e8f in pex64_get_unwind_info XYZ/binutils-2.30.0/bfd/pei-x86_64.c:113 #1 0x977e8f in pex64_dump_xdata XYZ/binutils-2.30.0/bfd/pei-x86_64.c:348 #2 0x977e8f in pex64_bfd_print_pdata_section XYZ/binutils-2.30.0/bfd/pei-x86_64.c:720 #3 0x97887d in pex64_print_all_pdata_sections XYZ/binutils-2.30.0/bfd/pei-x86_64.c:745 #4 0x61c56b in bfd_map_over_sections XYZ/binutils-2.30.0/bfd/section.c:1397 #5 0x9787e9 in pex64_bfd_print_pdata XYZ/binutils-2.30.0/bfd/pei-x86_64.c:759 #6 0x99abcd in _bfd_pex64_print_private_bfd_data_common XYZ/binutils-2.30.0/bfd/pex64igen.c:2908 #7 0x963640 in pe_print_private_bfd_data XYZ/binutils-2.30.0/bfd/peicode.h:336 #8 0x42009c in dump_bfd_private_header objdump.c:2966 #9 0x42009c in dump_bfd objdump.c:3559 #10 0x421a77 in display_object_bfd objdump.c:3658 #11 0x421a77 in display_any_bfd objdump.c:3747 #12 0x40ea81 in display_file objdump.c:3768 #13 0x40ea81 in main objdump.c:4070 #14 0x7fd3b68ca82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #15 0x411ca8 in _start (/usr/local/bin/objdump+0x411ca8) 0x60e0dff7 is located 0 bytes to the right of 151-byte region [0x60e0df60,0x60e0dff7) allocated by thread T0 here: #0 0x7fd3b6f10602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x601d1a in bfd_malloc XYZ/binutils-2.30.0/bfd/libbfd.c:193 #2 0x6120bfb7 () SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.30.0/bfd/pei-x86_64.c:113 pex64_get_unwind_info Shadow bytes around the buggy address: 0x0c1c7fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9be0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00 =>0x0c1c7fff9bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]fa 0x0c1c7fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff9c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe ==20442==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22955] New: Heap out of bounds read in parse_stab_array_type()
https://sourceware.org/bugzilla/show_bug.cgi?id=22955 Bug ID: 22955 Summary: Heap out of bounds read in parse_stab_array_type() Product: binutils Version: 2.30 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10889 --> https://sourceware.org/bugzilla/attachment.cgi?id=10889=edit Crashing test case (objdump) After some fuzz testing I found a crashing test case. Version: 2.30 Command: objdump -x -D -S -s -G -g -e -t -T -r -R objdump_hoobr_parse_stab_array_type ASAN Context: ==2449==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62112b1d at pc 0x00524449 bp 0x7ffeef745850 sp 0x7ffeef745840 READ of size 1 at 0x62112b1d thread T0 #0 0x524448 in parse_stab_array_type XYZ/binutils-2.30.0/binutils/stabs.c:3127 #1 0x524448 in parse_stab_type XYZ/binutils-2.30.0/binutils/stabs.c:1577 #2 0x5318b0 in parse_stab_string XYZ/binutils-2.30.0/binutils/stabs.c:968 #3 0x5318b0 in parse_stab XYZ/binutils-2.30.0/binutils/stabs.c:655 #4 0x4ebd89 in read_section_stabs_debugging_info XYZ/binutils-2.30.0/binutils/rddbg.c:239 #5 0x4ebd89 in read_debugging_info XYZ/binutils-2.30.0/binutils/rddbg.c:56 #6 0x41f654 in dump_bfd objdump.c:3607 #7 0x421a77 in display_object_bfd objdump.c:3658 #8 0x421a77 in display_any_bfd objdump.c:3747 #9 0x40ea81 in display_file objdump.c:3768 #10 0x40ea81 in main objdump.c:4070 #11 0x7f2bbf8db82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x411ca8 in _start (/usr/local/bin/objdump+0x411ca8) 0x62112b1d is located 0 bytes to the right of 4637-byte region [0x62111900,0x62112b1d) allocated by thread T0 here: #0 0x7f2bbff21602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0xb57fec in xmalloc xmalloc.c:147 SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.30.0/binutils/stabs.c:3127 parse_stab_array_type Shadow bytes around the buggy address: 0x0c427fffa510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c427fffa560: 00 00 00[05]fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa5a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c427fffa5b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe ==2449==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22113] Heap out of bounds read in bfd_getl16()
https://sourceware.org/bugzilla/show_bug.cgi?id=22113 --- Comment #4 from Kamil Frankowicz --- Hi, Problem still exists in 2.30: ==3183==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f0ec41 at pc 0x00602aa5 bp 0x7ffe6cea6600 sp 0x7ffe6cea65f0 READ of size 1 at 0x60f0ec41 thread T0 #0 0x602aa4 in bfd_getl16 XYZ/binutils-2.30.0/bfd/libbfd.c:505 #1 0x9777c8 in pex64_xdata_print_uwd_codes XYZ/binutils-2.30.0/bfd/pei-x86_64.c:241 #2 0x9777c8 in pex64_dump_xdata XYZ/binutils-2.30.0/bfd/pei-x86_64.c:403 #3 0x9777c8 in pex64_bfd_print_pdata_section XYZ/binutils-2.30.0/bfd/pei-x86_64.c:720 #4 0x97887d in pex64_print_all_pdata_sections XYZ/binutils-2.30.0/bfd/pei-x86_64.c:745 #5 0x61c56b in bfd_map_over_sections XYZ/binutils-2.30.0/bfd/section.c:1397 #6 0x9787e9 in pex64_bfd_print_pdata XYZ/binutils-2.30.0/bfd/pei-x86_64.c:759 #7 0x99abcd in _bfd_pex64_print_private_bfd_data_common XYZ/binutils-2.30.0/bfd/pex64igen.c:2908 #8 0x963640 in pe_print_private_bfd_data XYZ/binutils-2.30.0/bfd/peicode.h:336 #9 0x42009c in dump_bfd_private_header objdump.c:2966 #10 0x42009c in dump_bfd objdump.c:3559 #11 0x421a77 in display_object_bfd objdump.c:3658 #12 0x421a77 in display_any_bfd objdump.c:3747 #13 0x40ea81 in display_file objdump.c:3768 #14 0x40ea81 in main objdump.c:4070 #15 0x7fe1da1f782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #16 0x411ca8 in _start (/usr/local/bin/objdump+0x411ca8) 0x60f0ec41 is located 1 bytes to the right of 176-byte region [0x60f0eb90,0x60f0ec40) allocated by thread T0 here: #0 0x7fe1da83d602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x601d1a in bfd_malloc XYZ/binutils-2.30.0/bfd/libbfd.c:193 #2 0x6120bfb7 () SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.30.0/bfd/libbfd.c:505 bfd_getl16 Shadow bytes around the buggy address: 0x0c1e7fff9d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff9d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1e7fff9d70: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1e7fff9d80: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa 0x0c1e7fff9d90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1e7fff9da0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa 00 00 0x0c1e7fff9db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1e7fff9dc0: 00 00 00 00 fa fa fa fa fa fa fa fa fd fd fd fd 0x0c1e7fff9dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22954] New: Conditional jump or move depends on uninitialised value(s) in at 0x519BD27: __wmemchr_avx2 (memchr-avx2.S:260)
https://sourceware.org/bugzilla/show_bug.cgi?id=22954 Bug ID: 22954 Summary: Conditional jump or move depends on uninitialised value(s) in at 0x519BD27: __wmemchr_avx2 (memchr-avx2.S:260) Product: binutils Version: 2.31 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: mliska at suse dot cz Target Milestone: --- Hello. With current thunk I see: $ valgrind --leak-check=yes --trace-children=yes ~/bin/binutils/bin/ld --eh-frame-hdr -m elf_x86_64 ... ==21255== Conditional jump or move depends on uninitialised value(s) ==21255==at 0x519BD27: __wmemchr_avx2 (memchr-avx2.S:260) ==21255==by 0x510A579: internal_fnwmatch (fnmatch_loop.c:168) ==21255==by 0x510D5D7: fnmatch@@GLIBC_2.2.5 (fnmatch.c:433) ==21255==by 0x447DC8: find_target (targets.c:1590) ==21255==by 0x447EB8: bfd_set_default_target (targets.c:1624) ==21255==by 0x40348E: main (ldmain.c:246) ... When I put there a printf: diff --git a/bfd/targets.c b/bfd/targets.c index 43102d428b..7765c9ec53 100644 --- a/bfd/targets.c +++ b/bfd/targets.c @@ -1586,6 +1586,7 @@ find_target (const char *name) config.sub first, but that is hard. */ for (match = _target_match[0]; match->triplet != NULL; match++) { + fprintf (stderr, "pattern: %s, name: %s\n", match->triplet, name); if (fnmatch (match->triplet, name, 0) == 0) { while (match->vector == NULL) I see: ... pattern: i[3-7]86-*-linux-*, name: x86_64-pc-linux-gnu pattern: i[3-7]86-*-redox*, name: x86_64-pc-linux-gnu pattern: x86_64-*-dicos*, name: x86_64-pc-linux-gnu ==21255== Conditional jump or move depends on uninitialised value(s) ==21255==at 0x519BD27: __wmemchr_avx2 (memchr-avx2.S:260) ==21255==by 0x510A579: internal_fnwmatch (fnmatch_loop.c:168) ==21255==by 0x510D5D7: fnmatch@@GLIBC_2.2.5 (fnmatch.c:433) ==21255==by 0x447DC8: find_target (targets.c:1590) ==21255==by 0x447EB8: bfd_set_default_target (targets.c:1624) ==21255==by 0x40348E: main (ldmain.c:246) ==21255== pattern: x86_64-*-elf*, name: x86_64-pc-linux-gnu pattern: x86_64-*-rtems*, name: x86_64-pc-linux-gnu pattern: x86_64-*-fuchsia, name: x86_64-pc-linux-gnu pattern: x86_64-*-dragonfly*, name: x86_64-pc-linux-gnu ... Maybe it's an issue of glibc, maybe valgrind can't handle that properly? Thanks -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils