[Bug gas/23075] New: Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled

Tue, 17 Apr 2018 10:13:04 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=23075

            Bug ID: 23075
           Summary: Stack Exhaustion in resolve_expression when address
                    sanitizer of GCC is enabled
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

Created attachment 10953
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10953&action=edit
PoC to trigger stack exhaustion

Trigger Method:

```
https://ftp.gnu.org/gnu/binutils/binutils-2.30.tar.gz
tar -xvf binutils-2.30.tar.gz
cd binutils-2.30/
CFLAGS="-O2 -g -fstack-protector-all -fsanitize=address" LDFLAGS="-ldl"
./configure --enable-shared=no --enable-static=yes
make

cd gas
gdb ./as-new
(gdb) r poc.segv
```

Result of Address Sanitizer:

```
=================================================================
==11406==ERROR: AddressSanitizer: stack-overflow on address 0x7ffda8ea3f90 (pc
0x55c063bee4d4 bp 0x7ffda8ea3f90 sp 0x7ffda8ea3f70 T0)
    #0 0x55c063bee4d3 in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521
    #1 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #2 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
    ......
    #247 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #248 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
    #249 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #250 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543

SUMMARY: AddressSanitizer: stack-overflow
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521 in snapshot_symbol
==11406==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to