[Bug binutils/29988] AddressSanitizer: heap-buffer-overflow /binutils-gdb/bfd/libbfd.c:784 in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=29988 --- Comment #4 from 曾思維 <13579and24680 at gmail dot com> --- use CVE-2023-1579 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/27217] aarch64 as Internal error in md_apply_fix at ....../gas/config/tc-aarch64.c:8330.
https://sourceware.org/bugzilla/show_bug.cgi?id=27217 --- Comment #29 from Kinsey Moore --- Ah, great! Thanks so much for looking into this. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30267] Report a solved crash. In binutils-2_26_1 of the c++flit, heap buffer overflow in demangle_prefix() at cplus-dem.c:2744.
https://sourceware.org/bugzilla/show_bug.cgi?id=30267 Nick Clifton changed: What|Removed |Added Resolution|--- |FIXED CC||nickc at redhat dot com Status|UNCONFIRMED |RESOLVED --- Comment #1 from Nick Clifton --- (In reply to 烽征战 from comment #0) Hi, > When I was in the process of comparing experiments on the program for > fuzzing. I find a heap buffer overflow in the version binutils-2_26_1 of > c++flit at function demangle_prefix in cplus-dem.c:2744. But this crash has > been fixed in the binutils-2_40 version. However, I still feel that I should > report this to you, so I apologize for taking up your time. Thank you for taking the time to report this issue. Since the bug has already been fixed, I am going to close this PR, but I do not want to discourage you from filing other bug reports in the future. As a general rule we normally only fix bugs that exist in the current development sources, or the sources of the last two releases. (So 2.40 and/or 2.39 in this case). Many Linux and BSD distributions however do use older versions of the binutils in their releases, and so you may find that reporting the bug to them will result in action on their part. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/27217] aarch64 as Internal error in md_apply_fix at ....../gas/config/tc-aarch64.c:8330.
https://sourceware.org/bugzilla/show_bug.cgi?id=27217 --- Comment #28 from Jan Beulich --- (In reply to Jan Beulich from comment #26) > Quoting from the description of r_info in the ELF spec: "If the index is > STN_UNDEF, the undefined symbol index, the relocation uses 0 as the ``symbol > value''." Which makes me think we're dealing with a linker issue here, as > this is precisely the situation we're in. I'll see to find time to go hunt, > but I'm far less familiar with ld than with gas. (If others agree this is a > separate issue, I guess this would better be handled in a fresh bug report.) See https://sourceware.org/pipermail/binutils/2023-March/126759.html -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30267] New: Report a solved crash. In binutils-2_26_1 of the c++flit, heap buffer overflow in demangle_prefix() at cplus-dem.c:2744.
https://sourceware.org/bugzilla/show_bug.cgi?id=30267 Bug ID: 30267 Summary: Report a solved crash. In binutils-2_26_1 of the c++flit, heap buffer overflow in demangle_prefix() at cplus-dem.c:2744. Product: binutils Version: 2.26 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fengzhengzhan at gmail dot com Target Milestone: --- Created attachment 14774 --> https://sourceware.org/bugzilla/attachment.cgi?id=14774&action=edit poc # Report a solved crash. In binutils-2_26_1 of the c++flit, heap buffer overflow in demangle_prefix() at cplus-dem.c:2744. When I was in the process of comparing experiments on the program for fuzzing. I find a heap buffer overflow in the version binutils-2_26_1 of c++flit at function demangle_prefix in cplus-dem.c:2744. But this crash has been fixed in the binutils-2_40 version. However, I still feel that I should report this to you, so I apologize for taking up your time. ## Environment Ubuntu 18.04, 64 bit binutils-2_26_1 ## Steps to reproduce 1. download file ``` wget https://github.com/bminor/binutils-gdb/archive/refs/tags/binutils-2_26_1.tar.gz tar -zxvf binutils-2_26_1.tar.gz ``` 2. compile libming with ASAN ``` cd binutils-gdb-binutils-2_26_1/ export FORCE_UNSAFE_CONFIGURE=1 export LLVM_COMPILER=clang CC=wllvm CXX=wllvm++ CFLAGS="-DFORTIFY_SOURCE=2 -fno-omit-frame-pointer -g -O0 -Wno-error" LDFLAGS="-ldl -lutil" ./configure --prefix=`pwd`/obj-bc --enable-static --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld make make install cd obj-bc/bin/ extract-bc c++filt clang -fsanitize=address c++filt.bc -o c++filt_asan ``` 3. command for reproducing the error ``` ./c++filt_asan @poc ``` Download poc: [poc](https://github.com/fengzhengzhan/FzzVul/blob/main/c%2B%2Bfilt/binutils-gdb_c%2B%2Bflit226_heap-buffer-overflow_cplus-dem2744) ## ASAN report 1. binutils-2_26_1 version. ``` root@2413df779df0:~/compiler1804/binutils-gdb-binutils-2_26_1/obj-bc/bin# ./c++filt_asan @binutils-gdb_c++flit226_heap-buffer-overflow_cplus-dem2744 o_2__S0A4X530rE_;00 = ==112308==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020001a at pc 0x00439b84 bp 0x7fff173aa870 sp 0x7fff173aa020 READ of size 1 at 0x6020001a thread T0 #0 0x439b83 in __interceptor_strlen.part.36 /root/LLVM/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:372 #1 0x5f2eb6 in demangle_prefix /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./cplus-dem.c:2744:7 #2 0x5f24ae in internal_cplus_demangle /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./cplus-dem.c:1199:14 #3 0x5f191b in cplus_demangle /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./cplus-dem.c:886:9 #4 0x4f46ac in demangle_it /root/compiler1804/binutils-gdb-binutils-2_26_1/binutils/cxxfilt.c:62:12 #5 0x4f42ef in main /root/compiler1804/binutils-gdb-binutils-2_26_1/binutils/cxxfilt.c:227:4 #6 0x7f5e26e7bc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310 #7 0x41bfc9 in _start (/root/compiler1804/binutils-gdb-binutils-2_26_1/obj-bc/bin/c++filt_asan+0x41bfc9) 0x6020001a is located 0 bytes to the right of 10-byte region [0x60200010,0x6020001a) allocated by thread T0 here: #0 0x4ae5e0 in malloc /root/LLVM/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145 #1 0x6087d7 in xmalloc /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./xmalloc.c:147:12 #2 0x608909 in xstrdup /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./xstrdup.c:34:24 #3 0x600faf in buildargv /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./argv.c:271:17 #4 0x601382 in expandargv /root/compiler1804/binutils-gdb-binutils-2_26_1/libiberty/./argv.c:435:14 #5 0x4f4162 in main /root/compiler1804/binutils-gdb-binutils-2_26_1/binutils/cxxfilt.c:181:3 #6 0x7f5e26e7bc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310 SUMMARY: AddressSanitizer: heap-buffer-overflow /root/LLVM/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:372 in __interceptor_strlen.part.36 Shadow bytes around the buggy address: 0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c047fff8000: fa fa 00[02]fa fa 00 07 fa fa fd fa fa fa fd fa 0x0c047fff8010: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff8020: fa fa fd fa
[Bug ld/30076] aarch64: stubs can add indirect branch that breaks BTI
https://sourceware.org/bugzilla/show_bug.cgi?id=30076 Szabolcs Nagy changed: What|Removed |Added Target Milestone|--- |2.41 Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Szabolcs Nagy --- fixed at "bfd: aarch64: Fix stubs that may break BTI PR30076" https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=15b4f66b0a9a3be6caf1898d22a13c39e662006f and optimized at "bfd: aarch64: Optimize BTI stubs PR30076" https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=5834f36d93cabf1a8bcc7dd7654141aed3d296bc -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/30153] MIPS: gccrs failed to bootstrap with -mfix-loongson3-llsc
https://sourceware.org/bugzilla/show_bug.cgi?id=30153 --- Comment #2 from YunQiang Su --- Patches here: https://sourceware.org/pipermail/binutils/2023-March/126756.html -- You are receiving this mail because: You are on the CC list for the bug.