https://sourceware.org/bugzilla/show_bug.cgi?id=23338
Bug ID: 23338
Summary: Segfault in output.h, line 374
Product: binutils
Version: 2.32 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at gmail dot com
Reporter: bugs at feusi dot co
CC: ian at airs dot com
Target Milestone: ---
Created attachment 11099
--> https://sourceware.org/bugzilla/attachment.cgi?id=11099&action=edit
Corrupt elf file which causes linker to crash
Hi, I am working on a project in which I use different fuzzers to search
for bugs in open source software and I decided to fuzz the gold linker.
In doing so I discovered a segmentation fault in output.h. It is reproducible
with clang and gcc compiled with the address sanitizer. However, I can not
reproduce it with off-the-shelf installations of gold on debian or arch
linux. In these cases, the linker simply states "internal error in find_view,
at fileread.cc:336." Is this due to a signal handler inside these
installations?
Below, you will find a detailed backtrace, as supplied by the address
sanitizer:
./ld-new: error: ../../binutils-gdb/gold/exploits/1/min-man: section name
section has wrong type: 1094795585
./ld-new: error: ../../binutils-gdb/gold/exploits/1/min-man: invalid alignment
4702111234474983745 for section ""
ASAN:DEADLYSIGNAL
=================================================================
==45815==ERROR: AddressSanitizer: SEGV on unknown address 0x7ec0598c11bc (pc
0x7f7f16381ebf bp 0x7ffc6203e510 sp 0x7ffc6203dc88 T0)
==45815==The signal is caused by a WRITE memory access.
#0 0x7f7f16381ebe in memcpy (/lib/x86_64-linux-gnu/libc.so.6+0x9febe)
#1 0x7f7f1746066d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7666d)
#2 0x555aad4af8e1 in gold::Output_data::write(gold::Output_file*)
/home/jfe/binutils-gdb-noasan/gold/output.h:374
#3 0x555aad4af8e1 in
gold::Output_section::Input_section::write(gold::Output_file*)
/home/jfe/binutils-gdb-noasan/gold/output.cc:2302
#4 0x555aad4af8e1 in gold::Output_section::do_write(gold::Output_file*)
/home/jfe/binutils-gdb-noasan/gold/output.cc:3763
#5 0x555aad1ff04e in gold::Output_data::write(gold::Output_file*)
/home/jfe/binutils-gdb-noasan/gold/output.h:374
#6 0x555aad1ff04e in
gold::Layout::write_output_sections(gold::Output_file*) const
/home/jfe/binutils-gdb-noasan/gold/layout.cc:5756
#7 0x555aad1ff04e in gold::Write_sections_task::run(gold::Workqueue*)
/home/jfe/binutils-gdb-noasan/gold/layout.cc:6003
#8 0x555aad9fc198 in gold::Workqueue::find_and_run_task(int)
/home/jfe/binutils-gdb-noasan/gold/workqueue.cc:319
#9 0x555aad9fe231 in gold::Workqueue::process(int)
/home/jfe/binutils-gdb-noasan/gold/workqueue.cc:495
#10 0x555aac2b729c in main /home/jfe/binutils-gdb-noasan/gold/main.cc:252
#11 0x7f7f16303a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
#12 0x555aac2bf5b9 in _start
(/home/jfe/binutils-gdb-noasan/gold/ld-new+0x1615b9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x9febe) in
memcpy
==45815==ABORTING
This bug can be reproduced by compiling gold with the address sanitizer
flag and the running it as follows:
./ld-new -i <file> -o /dev/null
Where <file> is the attached file.
cheers,
project-repo
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
