[Bug binutils/24243] readelf: heap buffer overflow in process_mips_specific
https://sourceware.org/bugzilla/show_bug.cgi?id=24243 --- Comment #3 from spinpx --- CVE-2019-9077 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24236] size: Heap buffer overflow in _bfd_archive_64_bit_slurp_armap
https://sourceware.org/bugzilla/show_bug.cgi?id=24236 --- Comment #4 from spinpx --- CVE-2019-9075 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24235] objdump: Read memory violation in libbfd.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24235 --- Comment #5 from spinpx --- CVE-2019-9074 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24247] New: readelf: heap buffer overflow in unw_decode_p2_p5
https://sourceware.org/bugzilla/show_bug.cgi?id=24247 Bug ID: 24247 Summary: readelf: heap buffer overflow in unw_decode_p2_p5 Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11627 --> https://sourceware.org/bugzilla/attachment.cgi?id=11627=edit Heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file ... P5:frgr_mem(grmask=[r4,r5,r7],frmask=[f2,f5,f16,f17,f19,f20,f23,f24,f25,f27,f28,f31]) P5:frgr_mem(grmask=[r4,r5,r7],frmask=[f2,f5,f16,f17,f19,f20,f23,f24,f25,f27,f28,f31]) P5:frgr_mem(grmask=[r4,r5,r7],frmask=[f2,f5,f16,f17,f19,f20,f23,f24,f25,f27,f28,f31]) P5:frgr_mem(grmask=[r4,r5,r7],frmask=[f2,f5,f16,f17,f19,= ==673002==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d01d01 at pc 0x005856b7 bp 0x7fffeb4b1650 sp 0x7fffeb4b1648 READ of size 1 at 0x61d01d01 thread T0 #0 0x5856b6 in unw_decode_p2_p5 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:770:15 #1 0x58430c in unw_decode /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:1072:10 #2 0x55fe61 in dump_ia64_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7519:7 #3 0x5533a5 in ia64_process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7814:6 #4 0x51a1c6 in process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:9338:14 #5 0x505b0d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19275:9 #6 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #7 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #8 0x7f0aa0d1209a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #9 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x61d01d01 is located 0 bytes to the right of 2177-byte region [0x61d01480,0x61d01d01) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x4f179f in get_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:426:9 #2 0x552ff6 in ia64_process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7796:33 #3 0x51a1c6 in process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:9338:14 #4 0x505b0d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19275:9 #5 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #6 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #7 0x7f0aa0d1209a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:770:15 in unw_decode_p2_p5 Shadow bytes around the buggy address: 0x0c3a7fff8350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3a7fff8360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3a7fff8370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3a7fff8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3a7fff8390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c3a7fff83a0:[01]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fff83b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fff83d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fff83e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3a7fff83f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order:
[Bug binutils/24246] New: readelf: heap buffer overflow in print_stapsdt_note
https://sourceware.org/bugzilla/show_bug.cgi?id=24246 Bug ID: 24246 Summary: readelf: heap buffer overflow in print_stapsdt_note Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11626 --> https://sourceware.org/bugzilla/attachment.cgi?id=11626=edit Heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file ELF Header: Magic: 7f 45 4c 46 01 01 01 f4 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: ABI Version: 0 Type: CORE (Core file) Machine: : 0x7303 Version: 0x73706174 Entry point address: 0x8047464 Start of program headers: 52 (bytes into file) Start of section headers: 164 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 6 Size of section headers: 0 (bytes) Number of section headers: 4096 Section header string table index: 0 readelf: Error: Section headers are not available! = ==661418==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6120014d at pc 0x0042f615 bp 0x7ffe1629dfd0 sp 0x7ffe1629d778 READ of size 1 at 0x6120014d thread T0 #0 0x42f614 in __interceptor_strlen /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:284:5 #1 0x5707b5 in print_stapsdt_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:17879:11 #2 0x56c175 in process_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18583:12 #3 0x56a944 in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18769:13 #4 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #5 0x524202 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18944:12 #6 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #7 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #8 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #9 0x7ff3f4b7809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #10 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x6120014d is located 0 bytes to the right of 269-byte region [0x61200040,0x6120014d) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x4f179f in get_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:426:9 #2 0x56965e in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18635:36 #3 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #4 0x524202 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18944:12 #5 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #6 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #7 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #8 0x7ff3f4b7809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) SUMMARY: AddressSanitizer: heap-buffer-overflow /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:284:5 in __interceptor_strlen Shadow bytes around the buggy address: 0x0c247fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c247fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c247fff7ff0:
[Bug binutils/24245] New: readelf: heap buffer overflow in print_ia64_vms_note
https://sourceware.org/bugzilla/show_bug.cgi?id=24245 Bug ID: 24245 Summary: readelf: heap buffer overflow in print_ia64_vms_note Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11625 --> https://sourceware.org/bugzilla/attachment.cgi?id=11625=edit heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file ELF Header: Magic: 7f 45 4c 46 02 00 00 00 05 00 00 e5 ff 10 00 00 Class: ELF64 Data: none Version: 0 OS/ABI:UNIX - System V ABI Version: 5 Type: CORE (Core file) Machine: AArch64 Version: 0x190 Entry point address: 0x8049080 Start of program headers: 12 (bytes into file) Start of section headers: -1945836514000764928 (bytes into file) Flags: 0xff0b Size of this header: 65535 (bytes) Size of program headers: 255 (bytes) Number of program headers: 6 Size of section headers: 0 (bytes) Number of section headers: 32884 Section header string table index: 2052 readelf: Error: Section headers are not available! readelf: Warning: The e_phentsize field in the ELF header is larger than the size of an ELF program header = ==457681==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200141 at pc 0x00441291 bp 0x7fff0c19ab60 sp 0x7fff0c19a2d0 READ of size 1 at 0x61200141 thread T0 #0 0x441290 in printf_common(void*, char const*, __va_list_tag*) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:544:9 #1 0x442c55 in __interceptor_vprintf /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1388:1 #2 0x442c55 in __interceptor_printf /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1434 #3 0x56f2a8 in print_ia64_vms_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:17950:11 #4 0x56c09f in process_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18579:12 #5 0x56a944 in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18769:13 #6 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #7 0x524202 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18944:12 #8 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #9 0x505363 in process_archive /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19623:17 #10 0x4f538f in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19698:13 #11 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #12 0x7f20eec1209a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #13 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x61200141 is located 0 bytes to the right of 257-byte region [0x61200040,0x61200141) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x4f179f in get_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:426:9 #2 0x56965e in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18635:36 #3 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #4 0x524202 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18944:12 #5 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #6 0x505363 in process_archive /mnt/raid/user/chenpeng/FuzzingBench/binut
[Bug binutils/24244] New: readelf: heap buffer overflow in unw_decode_uleb128
https://sourceware.org/bugzilla/show_bug.cgi?id=24244 Bug ID: 24244 Summary: readelf: heap buffer overflow in unw_decode_uleb128 Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11624 --> https://sourceware.org/bugzilla/attachment.cgi?id=11624=edit Heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file - asan_report: ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI:UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Intel IA-64 Version: 0x1 Entry point address: 0x8048074 Start of program headers: 52 (bytes into file) Start of section headers: 164 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 2 Size of section headers: 40 (bytes) Number of section headers: 4 Section header string table index: 3 readelf: Warning: Section 1 has an out of range sh_link value of 512 readelf: Error: Section 3 has invalid sh_entsize of readelf: Error: (Using the expected size of 16 for the rest of this dump) Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] .IA_64.unwind_inf NULL 00 64 100 0 0 4294967268 [ 1] nd_info PROGBITS08048081 67 0c 00 AX 512 0 4 readelf: Warning: section 1: sh_link value of 512 is larger than the number of sections [ 2] o IA_64_UNWIND00049000 00 0c 00 WA 0 0 570425348 readelf: Warning: [ 3]: Link field (0) should index a string section. = ==427698==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b03225 at pc 0x005871b5 bp 0x7ffdc2270470 sp 0x7ffdc2270468 READ of size 1 at 0x60b03225 thread T0 #0 0x5871b4 in unw_decode_uleb128 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:553:14 #1 0x58464f in unw_decode_r2 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:674:10 #2 0x58430c in unw_decode /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/unwind-ia64.c:1072:10 #3 0x55fe61 in dump_ia64_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7519:7 #4 0x5533a5 in ia64_process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7814:6 #5 0x51a1c6 in process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:9338:14 #6 0x505b0d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19275:9 #7 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #8 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #9 0x7fa6d20d609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #10 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x60b03225 is located 0 bytes to the right of 101-byte region [0x60b031c0,0x60b03225) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x4f179f in get_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:426:9 #2 0x552ff6 in ia64_process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:7796:33 #3 0x51a1c6 in process_unwind /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:9338:14 #4 0x505b0d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19275:9 #5 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #6 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binut
[Bug binutils/24243] New: readelf: heap buffer overflow in process_mips_specific
https://sourceware.org/bugzilla/show_bug.cgi?id=24243 Bug ID: 24243 Summary: readelf: heap buffer overflow in process_mips_specific Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11623 --> https://sourceware.org/bugzilla/attachment.cgi?id=11623=edit Heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file - asan_report: ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 2d 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI:UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: MIPS R3000 Version: 0x1 Entry point address: 0x7029 Start of program headers: 52 (bytes into file) Start of section headers: 164 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 2 Size of section headers: 40 (bytes) Number of section headers: 4 Section header string table index: 3 readelf: Warning: Section 1 has an out of range sh_link value of 127 Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL1000 00 00 00 0 0 0 [ 1] .text MIPS_OPTIONS08048074 74 01 00 AX 127 0 4 readelf: Warning: section 1: sh_link value of 127 is larger than the number of sections [ 2] .data LOUSER+0x5dff00 0800 80 0d 00 WADop 0 57087 4 [ 3] .shstrtab STRTAB 8c 17 00 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), p (processor specific) There are no section groups in this file. Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align DYNAMIC0x00 0x08048000 0x08048000 0x00090 0x00080 R E 0x1000 readelf: Error: no .dynamic section in the dynamic segment LOAD 0x1780 0x08049080 0x08049080 0xc 0xc RW 0x1000 Section to Segment mapping: Segment Sections... 00 .text 01 TagType Name/Value 0x464c457f (: 464c457f)0x10101 0x2d00 (: 2d00)0x0 0x00080002 (: 80002) 0x1 0x7029 (MIPS_OPTIONS) 0x34 0x00a4 (: a4) 0x0 0x00200034 (: 200034) 0x280002 0x00030004 (: 30004) 0x2 0x (NULL) 0x8048000 There are no relocations in this file. The decoding of unwind sections for machine type MIPS R3000 is not currently supported. No version information found in this file. readelf: Warning: Virtual address 0x34 not located in any PT_LOAD segment. = ==395575==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000f1 at pc 0x0057a23d bp 0x7fff14a78db0 sp 0x7fff14a78da8 WRITE of size 1 at 0x602000f1 thread T0 #0 0x57a23c in process_mips_specific /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:16211:21 #1 0x5255f7 in process_arch_specific /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18994:14 #2 0x505ccf in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19309:9 #3 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #4 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #5 0x7f8ee3f4709a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #6 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x602000f1 is located 0 bytes to the right of 1-byte region [0x602000f0,0x602000f1) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3
[Bug binutils/24242] New: readelf: heap buffer overflow in byte_get_little_endian
https://sourceware.org/bugzilla/show_bug.cgi?id=24242 Bug ID: 24242 Summary: readelf: heap buffer overflow in byte_get_little_endian Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11622 --> https://sourceware.org/bugzilla/attachment.cgi?id=11622=edit Heap buffer overflow input - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: readelf -a input_file - asan_report: ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 34 00 20 e9 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI:UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Intel IA-64 Version: 0xee01 Entry point address: 0x8048074 Start of program headers: 52 (bytes into file) Start of section headers: 164 (bytes into file) Flags: 0xde00, 32-bit Size of this header: 51 (bytes) Size of program headers: 32 (bytes) Number of program headers: 2 Size of section headers: 40 (bytes) Number of section headers: 4 Section header string table index: 3 readelf: Error: Reading 160 bytes extends past end of file for section headers readelf: Error: Section headers are not available! = ==328304==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d000c1 at pc 0x005dd1d6 bp 0x7ffc427f3900 sp 0x7ffc427f38f8 READ of size 1 at 0x60d000c1 thread T0 #0 0x5dd1d5 in byte_get_little_endian /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/elfcomm.c:210:22 #1 0x56f778 in print_ia64_vms_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:17982:24 #2 0x56c09f in process_note /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18579:12 #3 0x56a944 in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18769:13 #4 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #5 0x5691c6 in process_note_sections /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18927:12 #6 0x524199 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18940:12 #7 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #8 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #9 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #10 0x7fe5604f009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #11 0x41d4b9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/readelf+0x41d4b9) 0x60d000c1 is located 0 bytes to the right of 129-byte region [0x60d00040,0x60d000c1) allocated by thread T0 here: #0 0x4c41ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x4f179f in get_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:426:9 #2 0x56965e in process_notes_at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18635:36 #3 0x5693a9 in process_corefile_note_segments /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18799:8 #4 0x5691c6 in process_note_sections /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18927:12 #5 0x524199 in process_notes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:18940:12 #6 0x505c9d in process_object /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19303:9 #7 0x4f547d in process_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19715:13 #8 0x4f3ec8 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/readelf.c:19774:11 #9 0x7fe5604f009a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) SUMMARY: AddressSanitizer: h
[Bug binutils/24233] objdump: Out of memory in libbfd.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24233 --- Comment #4 from spinpx --- size can also trigger this: https://sourceware.org/bugzilla/show_bug.cgi?id=24238 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24238] New: size: Out of memory in libbfd
https://sourceware.org/bugzilla/show_bug.cgi?id=24238 Bug ID: 24238 Summary: size: Out of memory in libbfd Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11620 --> https://sourceware.org/bugzilla/attachment.cgi?id=11620=edit OOM input size also has the OOM issue described in https://sourceware.org/bugzilla/show_bug.cgi?id=24233 - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: size input_file ==1671718==ERROR: AddressSanitizer failed to allocate 0xf8 (1099511103488) bytes of LargeMmapAllocator (error code: 12) ==1671718==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x0041d000-0x008b3000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x008b3000-0x00987000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x00988000-0x00989000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x00989000-0x009e8000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x009e8000-0x01654000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f1 0x61f1-0x61fe 0x61fe-0x61fe0001 0x61fe0001-0x6210 0x6210-0x6211 0x6211-0x621e 0x621e-0x621e0001 0x621e0001-0x6240 0x6240-0x6241 0x6241-0x624e 0x624e-0x624e0001 0x624e0001-0x6400 0x6400-0x64003000 0x7f1585c66
[Bug binutils/24232] objdump: Out of memory in objalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24232 --- Comment #4 from spinpx --- Related issue: https://sourceware.org/bugzilla/show_bug.cgi?id=24237 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24237] size: Out of memory in objalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24237 --- Comment #1 from spinpx --- Created attachment 11619 --> https://sourceware.org/bugzilla/attachment.cgi?id=11619=edit OOM input -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24237] New: size: Out of memory in objalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24237 Bug ID: 24237 Summary: size: Out of memory in objalloc.c Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- size also has the OOM issue described in https://sourceware.org/bugzilla/show_bug.cgi?id=24232 If the issue it in a library shared with nm and size and if other program use it, it will cause DOS attacks. - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: size input_file ==1601289==ERROR: AddressSanitizer failed to allocate 0xfe01363000 (1090942021632) bytes of LargeMmapAllocator (error code: 12) ==1601289==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x0041d000-0x008b3000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x008b3000-0x00987000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x00988000-0x00989000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x00989000-0x009e8000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size 0x009e8000-0x01654000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f1 0x61f1
[Bug binutils/24236] size: Heap buffer overflow in _bfd_archive_64_bit_slurp_armap
https://sourceware.org/bugzilla/show_bug.cgi?id=24236 --- Comment #1 from spinpx --- Created attachment 11618 --> https://sourceware.org/bugzilla/attachment.cgi?id=11618=edit input triggers the bug -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24236] New: size: Heap buffer overflow in _bfd_archive_64_bit_slurp_armap
https://sourceware.org/bugzilla/show_bug.cgi?id=24236 Bug ID: 24236 Summary: size: Heap buffer overflow in _bfd_archive_64_bit_slurp_armap Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run: size input_file - Exploitable: Description: Heap error Short description: HeapError (10/22) Hash: 0ab5d0005e74fc041576aa73a2a94770.f78de5a987638de0bf17f6470949c81d Exploitability Classification: EXPLOITABLE Explanation: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable. Other tags: AbortSignal (20/22) - stack: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x7fb7ebcef535 in __GI_abort () at abort.c:79 #2 0x7fb7ebd46778 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fb7ebe5128d \"%s\\n\") at ../sysdeps/posix/libc_fatal.c:181 #3 0x7fb7ebd4ce6a in malloc_printerr (str=str@entry=0x7fb7ebe53018 \"double free or corruption (!prev)\") at malloc.c:5341 #4 0x7fb7ebd4e98c in _int_free (av=0x7fb7ebe88c40 , p=0xc49ac0, have_lock=) at malloc.c:4309 #5 0x005b6a64 in objalloc_free (o=0xc46780) at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/objalloc.c:187 #6 0x004227f9 in _bfd_delete_bfd (abfd=0xc46660) at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:126 #7 bfd_close_all_done (abfd=0xc46660) at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:773 #8 0x004225e8 in bfd_close (abfd=0xc46660) at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:735" #9 0x004043dd in display_file (filename=0x7ffceb73e23b \"/mnt/raid/user/chenpeng/FuzzingBench/size/crashes_matryoshka_cmin_crash/id:00-crash_2\") at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:409 #10 0x00403cc5 in main (argc=, argv=0x7fb7ebd048bb <__GI_raise+267>) at /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:241" - asan report: ==1423785==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62104e78 at pc 0x007f787c bp 0x7511d170 sp 0x7511d168 WRITE of size 1 at 0x62104e78 thread T0 #0 0x7f787b in _bfd_archive_64_bit_slurp_armap /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/archive64.c:126:15 #1 0x4fcfd6 in bfd_slurp_armap /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/archive.c:1152:14 #2 0x4fc895 in bfd_generic_archive_p /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/archive.c:875:8 #3 0x5207e5 in bfd_check_format_matches /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/format.c:315:14 #4 0x51f82e in bfd_check_format /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/format.c:94:10 #5 0x4f1eb5 in display_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:431:7 #6 0x4f1aa5 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:260:7 #7 0x7f0399a5209a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #8 0x41d5e9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size+0x41d5e9) 0x62104e78 is located 0 bytes to the right of 4472-byte region [0x62103d00,0x62104e78) allocated by thread T0 here: #0 0x4c42dc in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3 #1 0x8affb0 in _objalloc_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/objalloc.c:143:22 #2 0x52e450 in bfd_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:949:9 #3 0x52c5cc in bfd_zalloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:998:9 #4 0x7f74c7 in _bfd_archive_64_bit_slurp_armap /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/archive64.c:98:39 #5 0x4fcfd6 in bfd_slurp_armap /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/archive.c:1152:14 #6 0x4fc895 in bfd_generic_archive_p /mnt/raid/user/chenpeng/FuzzingBench/binutils/bi
[Bug binutils/24233] objdump: Out of memory in libbfd.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24233 --- Comment #3 from spinpx --- (In reply to Alan Modra from comment #2) > The testcase has a VERDEFS section claiming to be 0xff7f00 in size. I > suppose we should inform the user that they hit an out-of-memory here rather > than just silently ignoring the failure. Agree. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24235] New: objdump: Read memory violation in libbfd.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24235 Bug ID: 24235 Summary: objdump: Read memory violation in libbfd.c Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11617 --> https://sourceware.org/bugzilla/attachment.cgi?id=11617=edit the input triggers the bug - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1161627==ERROR: AddressSanitizer: SEGV on unknown address 0x613000bbe0fe (pc 0x00607197 bp 0x7ffcfa7de560 sp 0x7ffcfa7de500 T0) ==1161627==The signal is caused by a READ memory access. #0 0x607196 in bfd_getl32 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/libbfd.c:695:7 #1 0x896b30 in pex64_get_runtime_function /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/pei-x86_64.c:94:26 #2 0x88f222 in pex64_bfd_print_pdata_section /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/pei-x86_64.c:730:5 #3 0x88d555 in pex64_bfd_print_pdata /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/pei-x86_64.c:794:12 #4 0x8c3894 in _bfd_pex64_print_private_bfd_data_common /mnt/raid/user/chenpeng/FuzzingBench/build/asan/binutils-gdb/bfd/pex64igen.c:2911:5 #5 0x895d94 in pe_print_private_bfd_data /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/peicode.h:336:8 #6 0x4f65d5 in dump_bfd_private_header /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3181:3 #7 0x4f51f9 in dump_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3782:5 #8 0x4f4c71 in display_object_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3883:7 #9 0x4f4b67 in display_any_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3973:5 #10 0x4f424a in display_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3994:3 #11 0x4f3ab0 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:4304:6 #12 0x7f659f6c409a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #13 0x41d639 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump+0x41d639) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/libbfd.c:695:7 in bfd_getl32 ==1161627==ABORTING - Exploitable Description: Access violation on source operand Short description: SourceAv (19/22) Hash: bafff732c614888210a0d11ed0439a22.5360e10ba1488dec3bada789cf815760 Exploitability Classification: UNKNOWN "Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation. Other tags: AccessViolation (21/22) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24234] objdump: Out of memory in xmalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24234 --- Comment #1 from spinpx --- Also report on https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89398 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24234] New: objdump: Out of memory in xmalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24234 Bug ID: 24234 Summary: objdump: Out of memory in xmalloc.c Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11616 --> https://sourceware.org/bugzilla/attachment.cgi?id=11616=edit inputs trigger the bugs - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1247614==ERROR: AddressSanitizer failed to allocate 0x552000 (365072228352) bytes of LargeMmapAllocator (error code: 12) ==1247614==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x0041d000-0x00996000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00996000-0x00bc9000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bca000-0x00bcb000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bcb000-0x00c78000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00c78000-0x018e9000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f1 0x61f1-0x61fe 0x61fe0
[Bug binutils/24233] New: objdump: Out of memory in libbfd.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24233 Bug ID: 24233 Summary: objdump: Out of memory in libbfd.c Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11615 --> https://sourceware.org/bugzilla/attachment.cgi?id=11615=edit inputs that trigger bugs - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1243005==ERROR: AddressSanitizer failed to allocate 0xffa000 (1099511603200) bytes of LargeMmapAllocator (error code: 12) ==1243005==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x0041d000-0x00996000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00996000-0x00bc9000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bca000-0x00bcb000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bcb000-0x00c78000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00c78000-0x018e9000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f1 0x61f1-0x61fe 0x61fe0
[Bug binutils/24232] objdump: Out of memory in objalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24232 --- Comment #1 from spinpx --- Also report on https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24232] New: objdump: Out of memory in objalloc.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24232 Bug ID: 24232 Summary: objdump: Out of memory in objalloc.c Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1221228==ERROR: AddressSanitizer failed to allocate 0xc0e4e83000 (828474142720) bytes of LargeMmapAllocator (error code: 12) ==1221228==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x0041d000-0x00996000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00996000-0x00bc9000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bca000-0x00bcb000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bcb000-0x00c78000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00c78000-0x018e9000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f1 0x61f1-0x61fe 0x61fe-0x61fe0001 0x61fe0001-0x6210 0x6210-0x6211 0x6211
[Bug binutils/24227] nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 --- Comment #4 from spinpx --- It can be reproduced in commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 --- Comment #3 from spinpx --- report on gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24229] nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 --- Comment #2 from spinpx --- report on gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] New: nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 Bug ID: 24227 Summary: nm: stack overflow Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: critical Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==1992137==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc986fff68 (pc 0x008975c5 bp 0x7ffc987000a0 sp 0x7ffc986fff70 T0) #0 0x8975c4 in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4149:7 #1 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #2 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #3 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #4 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #5 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #6 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #7 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #8 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #9 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #10 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #11 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #12 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #13 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #14 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #15 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #16 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #17 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #18 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #19 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #20 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #21 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #22 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #23 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #24 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #25 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #26 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #27 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #28 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #29 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #30 0x89762f in d_count_templates_scopes /mnt/raid/user
[Bug binutils/24229] nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 spinpx changed: What|Removed |Added Severity|normal |critical -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 --- Comment #1 from Peng Chen --- Created attachment 11611 --> https://sourceware.org/bugzilla/attachment.cgi?id=11611=edit Inputs trigger the bug -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24229] New: nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 Bug ID: 24229 Summary: nm: heap buffer overflow Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11612 --> https://sourceware.org/bugzilla/attachment.cgi?id=11612=edit inputs that trigger bugs - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==2003322==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e000d8 at pc 0x008957c6 bp 0x7ffdf2e36340 sp 0x7ffdf2e36338 READ of size 1 at 0x60e000d8 thread T0 #0 0x8957c5 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3356:12 #1 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #2 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #3 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #4 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #5 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #6 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #7 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #8 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #9 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #10 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #11 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #12 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #13 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #14 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #15 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #16 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #17 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #18 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #19 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #20 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #21 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #22 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #23 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #24 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #25 0x89610c in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3416:18 #26 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #27 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #28 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #29 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #30 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #31 0x896210 in d_expression_1 /
[Bug binutils/22858] Crashes found by fuzzer
https://sourceware.org/bugzilla/show_bug.cgi?id=22858
--- Comment #3 from Peng Chen ---
I really found them crash in 2.29 in my PC.
Have you limit the memory? use "ulimit -Sv 50".
They won't trigger crash with unlimited memory.
But, you know, they must be available in limited memory.
test options:
nm -C {input}
objdump -x {input}
size {input}
I just ran my fuzzer 5 hours with one core.. I will run it more in future.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22858] Crashes found by fuzzer
https://sourceware.org/bugzilla/show_bug.cgi?id=22858 Peng Chen changed: What|Removed |Added CC||spinpx at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22858] New: Crashes found by fuzzer
https://sourceware.org/bugzilla/show_bug.cgi?id=22858 Bug ID: 22858 Summary: Crashes found by fuzzer Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 10830 --> https://sourceware.org/bugzilla/attachment.cgi?id=10830=edit Input of crashes and analysis Hi, I found some crashes in binutils by my developed fuzzer. They are found in nm, objdump and size program. They are 117 unique inputs in total. Each input has their unique program trace. Also, I did a simple analysis for these crashes. I attach the inputs triggering crashes and the report of my analysis for them (log.json and log_unique.json). Environment: Ubuntu16.04 64bit, and "ulimit -Sv 50"(The bug can't be trigger in unlimted memory..). -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
