https://sourceware.org/bugzilla/show_bug.cgi?id=23177
Bug ID: 23177 Summary: Stack Overflow in nm-new Product: binutils Version: 2.31 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Created attachment 11015 --> https://sourceware.org/bugzilla/attachment.cgi?id=11015&action=edit crash-inducing sample file Dear all, This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu. This bug was found on Ubuntu 16.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is 68e91e42492551e165b103d819c021c4953da10b (April 14 2018) To reproduce: Compile binutils with ASAN enabled CC=gcc-6 CXX=g++-6 CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" CXXFLAGS="$CFLAGS" ./configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim Download the attached file - crash_4 nm-new -C crash_4 Valgrind says: ==49727== Memcheck, a memory error detector ==49727== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==49727== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==49727== Command: ../binutils-gdb/binutils/nm-new -C crash_4 ==49727== ==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000 ==49727== ==49727== Process terminating with default action of signal 11 (SIGSEGV) ==49727== Access not within mapped region at address 0xFFE801FD8 ==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000 ==49727== at 0x7B5638: string_need (cplus-dem.c:4900) ==49727== by 0x7B5638: string_append (cplus-dem.c:4961) ==49727== by 0x7B5638: demangle_args (cplus-dem.c:4578) ==49727== If you believe this happened as a result of a stack ==49727== overflow in your program's main thread (unlikely but ==49727== possible), you can try to increase the size of the ==49727== main thread stack using the --main-stacksize= flag. ==49727== The main thread stack size used in this run was 8388608. ==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000 ==49727== ==49727== Process terminating with default action of signal 11 (SIGSEGV) ==49727== Access not within mapped region at address 0xFFE801FD0 ==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000 ==49727== at 0x4A28680: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so) ==49727== If you believe this happened as a result of a stack ==49727== overflow in your program's main thread (unlikely but ==49727== possible), you can try to increase the size of the ==49727== main thread stack using the --main-stacksize= flag. ==49727== The main thread stack size used in this run was 8388608. ASAN says: ASAN:DEADLYSIGNAL ================================================================= ==49728==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc5da2ee68 (pc 0x7fdfe8646eb6 bp 0x7ffc5da2f6f0 sp 0x7ffc5da2ee70 T0) #0 0x7fdfe8646eb5 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3ceb5) #1 0x82c4e2 in string_append cplus-dem.c:4960 #2 0x827ec5 in demangle_args cplus-dem.c:4578 #3 0x82907a in demangle_nested_args cplus-dem.c:4713 #4 0x81f894 in do_type cplus-dem.c:3719 #5 0x8257c5 in do_arg cplus-dem.c:4332 #6 0x8288d4 in demangle_args cplus-dem.c:4659 #7 0x82907a in demangle_nested_args cplus-dem.c:4713 #8 0x81f894 in do_type cplus-dem.c:3719 #9 0x8257c5 in do_arg cplus-dem.c:4332 #10 0x8288d4 in demangle_args cplus-dem.c:4659 #11 0x82907a in demangle_nested_args cplus-dem.c:4713 #12 0x81f894 in do_type cplus-dem.c:3719 #13 0x8257c5 in do_arg cplus-dem.c:4332 #14 0x8288d4 in demangle_args cplus-dem.c:4659 #15 0x82907a in demangle_nested_args cplus-dem.c:4713 #16 0x81f894 in do_type cplus-dem.c:3719 #17 0x8257c5 in do_arg cplus-dem.c:4332 #18 0x8288d4 in demangle_args cplus-dem.c:4659 #19 0x82907a in demangle_nested_args cplus-dem.c:4713 #20 0x81f894 in do_type cplus-dem.c:3719 #21 0x8257c5 in do_arg cplus-dem.c:4332 #22 0x8288d4 in demangle_args cplus-dem.c:4659 #23 0x82907a in demangle_nested_args cplus-dem.c:4713 #24 0x81f894 in do_type cplus-dem.c:3719 ... Regards, Thuan -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils