https://sourceware.org/bugzilla/show_bug.cgi?id=22009
Bug ID: 22009
Summary: Excessive memory allocation resulting from memory
leakge due to incorrect handling of input file
Product: binutils
Version: 2.29
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: me at adhokshajmishraonline dot in
Target Milestone: ---
Created attachment 10367
--> https://sourceware.org/bugzilla/attachment.cgi?id=10367&action=edit
Payload file which was passed to objdump
When objdump is invoked with a specially crafted file, it goes on memeory
allocation spree until it cannot allocate it anymore, and then it crashes.
Command
./objdump -x -C ./payload
Backtrace (soon after issue starts)
#0 0x00007f929418a015 in __strstr_sse2_unaligned () from /usr/lib/libc.so.6
#1 0x000055555570a1b1 in arm_pt (work=0x7fffffffdae0, mangled=0x555555ae32a5
"A______", 'w' <repeats 193 times>..., n=0x15558, anchor=0x7fffffffd5a8,
args=0x7fffffffd5b0)
at ./cplus-dem.c:2392
#2 0x000055555570a623 in demangle_arm_hp_template (work=0x7fffffffdae0,
mangled=0x7fffffffd828, n=0x15558, declp=0x7fffffffd6a0) at ./cplus-dem.c:2507
#3 0x000055555570aa00 in demangle_class_name (work=0x7fffffffdae0,
mangled=0x7fffffffd828, declp=0x7fffffffd6a0) at ./cplus-dem.c:2614
#4 0x000055555570dc4b in demangle_fund_type (work=0x7fffffffdae0,
mangled=0x7fffffffd828, result=0x555555a67240) at ./cplus-dem.c:4118
#5 0x000055555570d240 in do_type (work=0x7fffffffdae0, mangled=0x7fffffffd828,
result=0x555555a67240) at ./cplus-dem.c:3907
#6 0x000055555570e2db in do_arg (work=0x7fffffffdae0, mangled=0x7fffffffd828,
result=0x7fffffffd830) at ./cplus-dem.c:4332
#7 0x000055555570ebd4 in demangle_args (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:4641
#8 0x0000555555708a7c in demangle_signature (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:1732
#9 0x000055555570adb2 in iterate_demangle_function (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90,
scan=0x555555a8bc21 "__87384A______", 'w' <repeats 186 times>...) at
./cplus-dem.c:2743
#10 0x000055555570b619 in demangle_prefix (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:2971
#11 0x000055555570793b in internal_cplus_demangle (work=0x7fffffffdae0,
mangled=0x555555aa11a7 "20A__K\377\060\060\060#\344\300") at ./cplus-dem.c:1253
#12 0x0000555555706ea7 in cplus_demangle (mangled=0x555555a8bc20
"\236__87384A______", 'w' <repeats 185 times>..., options=0x3) at
./cplus-dem.c:918
#13 0x0000555555617a6c in bfd_demangle (abfd=0x555555a67000,
name=0x555555a8bc20 "\236__87384A______", 'w' <repeats 185 times>...,
options=0x3) at bfd.c:1961
#14 0x00005555555b9355 in dump_symbols (abfd=0x555555a67000, dynamic=0x0) at
./objdump.c:3163
#15 0x00005555555ba0df in dump_bfd (abfd=0x555555a67000) at ./objdump.c:3532
#16 0x00005555555ba342 in display_object_bfd (abfd=0x555555a67000) at
./objdump.c:3603
#17 0x00005555555ba596 in display_any_bfd (file=0x555555a67000, level=0x0) at
./objdump.c:3692
#18 0x00005555555ba60b in display_file (filename=0x7fffffffe248
"../../test/payload", target=0x0, last_file=0x1) at ./objdump.c:3713
#19 0x00005555555baf36 in main (argc=0x4, argv=0x7fffffffde88) at
./objdump.c:4015
#20 0x00007f929410f4ca in __libc_start_main () from /usr/lib/libc.so.6
#21 0x00005555555b24da in _start ()
Input file: attached herewith
NOTE: I am still investigating it in depth, and will share more details as soon
as I get something.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
