https://sourceware.org/bugzilla/show_bug.cgi?id=26244
Bug ID: 26244
Summary: An error in _objalloc_alloc
Product: binutils
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 15664243668 at 163 dot com
Target Milestone: ---
Created attachment 12702
--> https://sourceware.org/bugzilla/attachment.cgi?id=12702&action=edit
PoC
I have found an error in _objalloc_alloc function by fuzzing. This error is
triggered by
#size PoC
I compiled binutils-2.34 with the address sanitizer in Ubuntu 16.04 as x86-64
version, and rerun the command. The information is printed below:
./asan_target64/size
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (ac000000000010) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (d600010000000000) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (20000010) larger than the file size
./asan_target64/size:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16:
unknown type [0xff000008] section `'
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (ac000000000010) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (d600010000000000) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (20000010) larger than the file size
==9969==WARNING: AddressSanitizer failed to allocate 0x158000000000030 bytes
==9969==AddressSanitizer's allocator is terminating the process instead of
returning 0
==9969==If you don't like this behavior set allocator_may_return_null=1
==9969==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
#0 0x7f81e64c2631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
#1 0x7f81e64c75e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
#2 0x7f81e643f425 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
#3 0x7f81e64c5865 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
#4 0x7f81e6444b4d (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
#5 0x7f81e64ba5d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
#6 0x67e17b in _objalloc_alloc
(/home/ubuntu/yuetai/asan_target64/size+0x67e17b)
#7 0x42ba5f in bfd_alloc (/home/ubuntu/yuetai/asan_target64/size+0x42ba5f)
#8 0x42baec in bfd_alloc2 (/home/ubuntu/yuetai/asan_target64/size+0x42baec)
#9 0x48a0e4 in setup_group
(/home/ubuntu/yuetai/asan_target64/size+0x48a0e4)
#10 0x48c8b5 in _bfd_elf_make_section_from_shdr
(/home/ubuntu/yuetai/asan_target64/size+0x48c8b5)
#11 0x4972f8 in bfd_section_from_shdr
(/home/ubuntu/yuetai/asan_target64/size+0x4972f8)
#12 0x47ccf0 in bfd_elf64_object_p
(/home/ubuntu/yuetai/asan_target64/size+0x47ccf0)
#13 0x422dcc in bfd_check_format_matches
(/home/ubuntu/yuetai/asan_target64/size+0x422dcc)
#14 0x403d0c in display_bfd
(/home/ubuntu/yuetai/asan_target64/size+0x403d0c)
#15 0x404026 in display_file
(/home/ubuntu/yuetai/asan_target64/size+0x404026)
#16 0x403800 in main (/home/ubuntu/yuetai/asan_target64/size+0x403800)
#17 0x7f81e5e7482f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x402dd8 in _start (/home/ubuntu/yuetai/asan_target64/size+0x402dd8)
--
You are receiving this mail because:
You are on the CC list for the bug.
