https://sourceware.org/bugzilla/show_bug.cgi?id=20908
Bug ID: 20908
Summary: LD crashes when writing linked file
Product: binutils
Version: 2.28 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: boehme.marcel at gmail dot com
Target Milestone: ---
Dear all,
The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.
The linker crashes with an invalid read of size 8 for the following execution
on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1
and on Ubuntu 14.04 x86_64 for Binutils in trunk. It works fine for Binutils
v2.24.
$ printf
"\x00\x00\xff\xff\x00\x00L\x010000\x18\x00\x00\x0000\x0400000000000000000000\x00000\x00"
> test
$ ./ld -qN test
/home/ubuntu/subjects/binutils-gdb/ld/ld-new: i386 architecture of input file
`test2' is incompatible with i386:x86-64 output
/home/ubuntu/subjects/binutils-gdb/ld/ld-new: warning: cannot find entry symbol
_start; defaulting to 0000000000400078
Segmentation fault
VALGRIND says:
==8561== Invalid read of size 8
==8561== at 0x6DE6D0: bfd_elf_final_link (elflink.c:11427)
==8561== by 0x484B7C: ldwrite (ldwrite.c:577)
==8561== by 0x408334: main (ldmain.c:444)
==8561== Address 0x3030303030303068 is not stack'd, malloc'd or (recently)
free'd
UBSAN complains:
../../bfd/peicode.h:658:42: runtime error: member access within misaligned
address 0x61e00000f8c7 for type 'struct coff_section_tdata', which requires 8
byte alignment
0x61e00000f8c7: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
^
Best regards,
- Marcel
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
