[Bug binutils/25071] New: excessive memory allocation in _bfd_x86_elf_get_synthetic_symtab

[bugzilla.sourceware at qiushi dot ac.cn]

https://sourceware.org/bugzilla/show_bug.cgi?id=25071

            Bug ID: 25071
           Summary: excessive memory allocation in
                    _bfd_x86_elf_get_synthetic_symtab
           Product: binutils
           Version: 2.34 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: bugzilla.sourceware at qiushi dot ac.cn
  Target Milestone: ---

Created attachment 12026
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12026&action=edit
poc file

```
Step 7/10 : RUN ./binutils-gdb/binutils/nm-new -A -a -l -S -s --special-syms
--synthetic --with-symbol-versions -D
poc2_excessive-malloc__bfd_x86_elf_get_synthetic_symtab || exit 0
 ---> Running in cc859742afde
./binutils-gdb/binutils/nm-new: warning:
poc2_excessive-malloc__bfd_x86_elf_get_synthetic_symtab has a corrupt section
with a size (ffffff8e38e2d42e) larger than the file size
./binutils-gdb/binutils/nm-new: warning:
poc2_excessive-malloc__bfd_x86_elf_get_synthetic_symtab has a corrupt section
with a size (fffffffffffffff9) larger than the file size
./binutils-gdb/binutils/nm-new: warning:
poc2_excessive-malloc__bfd_x86_elf_get_synthetic_symtab has a corrupt section
with a size (aa0010) larger than the file size
==6==WARNING: AddressSanitizer failed to allocate 0x5555552f684b9c10 bytes
==6==AddressSanitizer's allocator is terminating the process instead of
returning 0
==6==If you don't like this behavior set allocator_may_return_null=1
==6==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
    #0 0x7ffff6f0a631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7ffff6f0f5e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7ffff6e87425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7ffff6f0d865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7ffff6e8cb4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7ffff6f025d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
    #6 0x459db7 in bfd_malloc /binutils-gdb/bfd/libbfd.c:275
    #7 0x4efda3 in _bfd_x86_elf_get_synthetic_symtab
/binutils-gdb/bfd/elfxx-x86.c:2177
    #8 0x4af89a in elf_x86_64_get_synthetic_symtab
/binutils-gdb/bfd/elf64-x86-64.c:4839
    #9 0x40f609 in display_rel_file /binutils-gdb/binutils/nm.c:1159
    #10 0x411b5d in display_file /binutils-gdb/binutils/nm.c:1377
    #11 0x4077a7 in main /binutils-gdb/binutils/nm.c:1858
    #12 0x7ffff66a282f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x4094b8 in _start (/binutils-gdb/binutils/nm-new+0x4094b8)

```

Reproducible docker image has been pushed to
`zjuchenyuan/dockerized_poc:binutils-pocs`

Dockerfile:

```
FROM zjuchenyuan/afl
ENV AFL_USE_ASAN=1
RUN git clone git://sourceware.org/git/binutils-gdb.git --depth 50 &&\
    cd binutils-gdb &&\
    git checkout 816228ed09dc867fa16dc5458277d649885d98fe &&\
    ./configure --disable-shared &&\
    for i in bfd libiberty opcodes libctf; do cd $i; ./configure
--disable-shared && make -j; cd ..; done  &&\
    cd binutils  &&\
    ./configure --disable-shared &&\
    make objdump nm-new size readelf cxxfilt

RUN apt install -y gdb &&\
    echo -e "set pagination off\nset confirm off" > /root/.gdbinit

ADD . /
RUN ./binutils-gdb/binutils/nm-new -A -a -l -S -s --special-syms --synthetic
--with-symbol-versions -D
poc2_excessive-malloc__bfd_x86_elf_get_synthetic_symtab || exit 0
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils