[Bug binutils/20801] New: objdump memory exhausted when trying to malloc

joseph.bisch at gmail dot com Wed, 09 Nov 2016 20:35:27 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=20801


            Bug ID: 20801
           Summary: objdump memory exhausted when trying to malloc
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: joseph.bisch at gmail dot com
  Target Milestone: ---

Created attachment 9617
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9617&action=edit
crash reproducer testcase

I am getting a memory exhausted message from objdump, when I try to run
"objdump -x testcase" on the attached testcase. The testcase was found using
afl with binutils compiled using ASan.

Here is the ASan output (which I will also attach):

==18566==ERROR: AddressSanitizer failed to allocate 0x8000003000 (549755826176)
bytes of LargeMmapAllocator (error code: 12)
==18566==Process memory map follows:
        0x000000400000-0x000000c44000  
/home/joseph/binutils/binutils-gdb/binutils/objdump
        0x000000e43000-0x000000e44000  
/home/joseph/binutils/binutils-gdb/binutils/objdump
        0x000000e44000-0x000000ee9000  
/home/joseph/binutils/binutils-gdb/binutils/objdump
        0x000000ee9000-0x000001b75000   
        0x00007fff7000-0x00008fff7000   
        0x00008fff7000-0x02008fff7000   
        0x02008fff7000-0x10007fff8000   
        0x600000000000-0x602000000000   
        0x602000000000-0x602000010000   
        0x602000010000-0x603000000000   
        0x603000000000-0x603000010000   
        0x603000010000-0x604000000000   
        0x604000000000-0x604000010000   
        0x604000010000-0x606000000000   
        0x606000000000-0x606000010000   
        0x606000010000-0x607000000000   
        0x607000000000-0x607000010000   
        0x607000010000-0x608000000000   
        0x608000000000-0x608000010000   
        0x608000010000-0x60b000000000   
        0x60b000000000-0x60b000020000   
        0x60b000020000-0x60c000000000   
        0x60c000000000-0x60c000010000   
        0x60c000010000-0x60f000000000   
        0x60f000000000-0x60f000010000   
        0x60f000010000-0x610000000000   
        0x610000000000-0x610000010000   
        0x610000010000-0x611000000000   
        0x611000000000-0x611000010000   
        0x611000010000-0x612000000000   
        0x612000000000-0x612000010000   
        0x612000010000-0x613000000000   
        0x613000000000-0x613000010000   
        0x613000010000-0x614000000000   
        0x614000000000-0x614000020000   
        0x614000020000-0x616000000000   
        0x616000000000-0x616000020000   
        0x616000020000-0x618000000000   
        0x618000000000-0x618000020000   
        0x618000020000-0x619000000000   
        0x619000000000-0x619000020000   
        0x619000020000-0x61a000000000   
        0x61a000000000-0x61a000020000   
        0x61a000020000-0x621000000000   
        0x621000000000-0x621000020000   
        0x621000020000-0x624000000000   
        0x624000000000-0x624000020000   
        0x624000020000-0x640000000000   
        0x640000000000-0x640000003000   
        0x7f5da741f000-0x7f5da7600000   /usr/lib/locale/locale-archive
        0x7f5da7600000-0x7f5da7700000   
        0x7f5da7800000-0x7f5da7900000   
        0x7f5da7a00000-0x7f5da7b00000   
        0x7f5da7c00000-0x7f5da7d00000   
        0x7f5da7d78000-0x7f5daa0ca000   
        0x7f5daa0ca000-0x7f5daa25f000   /usr/lib/libc-2.24.so
        0x7f5daa25f000-0x7f5daa45e000   /usr/lib/libc-2.24.so
        0x7f5daa45e000-0x7f5daa462000   /usr/lib/libc-2.24.so
        0x7f5daa462000-0x7f5daa464000   /usr/lib/libc-2.24.so
        0x7f5daa464000-0x7f5daa468000   
        0x7f5daa468000-0x7f5daa46a000   /usr/lib/libdl-2.24.so
        0x7f5daa46a000-0x7f5daa66a000   /usr/lib/libdl-2.24.so
        0x7f5daa66a000-0x7f5daa66b000   /usr/lib/libdl-2.24.so
        0x7f5daa66b000-0x7f5daa66c000   /usr/lib/libdl-2.24.so
        0x7f5daa66c000-0x7f5daa76f000   /usr/lib/libm-2.24.so
        0x7f5daa76f000-0x7f5daa96e000   /usr/lib/libm-2.24.so
        0x7f5daa96e000-0x7f5daa96f000   /usr/lib/libm-2.24.so
        0x7f5daa96f000-0x7f5daa970000   /usr/lib/libm-2.24.so
        0x7f5daa970000-0x7f5daa977000   /usr/lib/librt-2.24.so
        0x7f5daa977000-0x7f5daab76000   /usr/lib/librt-2.24.so
        0x7f5daab76000-0x7f5daab77000   /usr/lib/librt-2.24.so
        0x7f5daab77000-0x7f5daab78000   /usr/lib/librt-2.24.so
        0x7f5daab78000-0x7f5daab90000   /usr/lib/libpthread-2.24.so
        0x7f5daab90000-0x7f5daad8f000   /usr/lib/libpthread-2.24.so
        0x7f5daad8f000-0x7f5daad90000   /usr/lib/libpthread-2.24.so
        0x7f5daad90000-0x7f5daad91000   /usr/lib/libpthread-2.24.so
        0x7f5daad91000-0x7f5daad95000   
        0x7f5daad95000-0x7f5daadb8000   /usr/lib/ld-2.24.so
        0x7f5daae84000-0x7f5daaf81000   
        0x7f5daaf81000-0x7f5daafb7000   
        0x7f5daafb7000-0x7f5daafb8000   /usr/lib/ld-2.24.so
        0x7f5daafb8000-0x7f5daafb9000   /usr/lib/ld-2.24.so
        0x7f5daafb9000-0x7f5daafba000   
        0x7ffc137e8000-0x7ffc13809000   [stack]
        0x7ffc13920000-0x7ffc13922000   [vvar]
        0x7ffc13922000-0x7ffc13924000   [vdso]
        0xffffffffff600000-0xffffffffff601000   [vsyscall]
==18566==End of process memory map.
==18566==AddressSanitizer CHECK failed:
/build/llvm/src/llvm-3.9.0.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120
"((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x4d3b8f in __asan::AsanCheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x4d3b8f)
    #1 0x4ed885 in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long)
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x4ed885)
    #2 0x4dd782 in __sanitizer::ReportMmapFailureAndDie(unsigned long, char
const*, char const*, int, bool)
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x4dd782)
    #3 0x4e6be5 in __sanitizer::MmapOrDie(unsigned long, char const*, bool)
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x4e6be5)
    #4 0x42059f in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*)
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x42059f)
    #5 0x4c8f64 in malloc
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x4c8f64)
    #6 0x66eab3 in bfd_malloc
/home/joseph/binutils/binutils-gdb/bfd/libbfd.c:184:9
    #7 0x665df0 in bfd_get_full_section_contents
/home/joseph/binutils/binutils-gdb/bfd/compress.c:248:21
    #8 0x6deb6d in _bfd_elf_make_section_from_shdr
/home/joseph/binutils/binutils-gdb/bfd/elf.c:1062:12
    #9 0x6eb59c in bfd_section_from_shdr
/home/joseph/binutils/binutils-gdb/bfd/elf.c:2459:14
    #10 0x6cbf91 in bfd_elf64_object_p
/home/joseph/binutils/binutils-gdb/bfd/./elfcode.h:803:7
    #11 0x66919c in bfd_check_format_matches
/home/joseph/binutils/binutils-gdb/bfd/format.c:311:14
    #12 0x503e35 in display_object_bfd
/home/joseph/binutils/binutils-gdb/binutils/./objdump.c:3524:7
    #13 0x503e35 in display_any_bfd
/home/joseph/binutils/binutils-gdb/binutils/./objdump.c:3615
    #14 0x5031d3 in display_file
/home/joseph/binutils/binutils-gdb/binutils/./objdump.c:3636:3
    #15 0x5031d3 in main
/home/joseph/binutils/binutils-gdb/binutils/./objdump.c:3919
    #16 0x7f5daa0ea290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
    #17 0x419679 in _start
(/home/joseph/binutils/binutils-gdb/binutils/objdump+0x419679)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20801] New: objdump memory exhausted when trying to malloc

Reply via email to