https://sourceware.org/bugzilla/show_bug.cgi?id=26765
Bug ID: 26765
Summary: SEGV on memchr (vg_replace_strmem.c:888)
Product: binutils
Version: 2.35
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at gmail dot com
Reporter: 2060909445 at qq dot com
CC: ian at airs dot com
Target Milestone: ---
Created attachment 12915
--> https://sourceware.org/bugzilla/attachment.cgi?id=12915&action=edit
a file that makes crash
binutils 2.35 on centos linux 7.7.1908
It can be reproduced by:
dwp poc -o ./test_out
information below from valgrind:
==13673== Invalid read of size 1
==13673== at 0x4C2E3A9: memchr (vg_replace_strmem.c:888)
==13673== by 0x43C52D: memchr (string.h:87)
==13673== by 0x43C52D: section_name (elfcpp_file.h:543)
==13673== by 0x43C52D: gold::Sized_relobj_dwo<32,
false>::do_section_name(unsigned int) const (dwp.cc:276)
==13673== by 0x41B03D: section_name (object.h:588)
==13673== by 0x41B03D: section_name (dwp.cc:171)
==13673== by 0x41B03D: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:909)
==13673== by 0x40A62F: main (dwp.cc:2446)
==13673== Address 0x4823097 is not stack'd, malloc'd or (recently) free'd
==13673==
==13673==
==13673== Process terminating with default action of signal 11 (SIGSEGV)
==13673== Access not within mapped region at address 0x4823097
==13673== at 0x4C2E3A9: memchr (vg_replace_strmem.c:888)
==13673== by 0x43C52D: memchr (string.h:87)
==13673== by 0x43C52D: section_name (elfcpp_file.h:543)
==13673== by 0x43C52D: gold::Sized_relobj_dwo<32,
false>::do_section_name(unsigned int) const (dwp.cc:276)
==13673== by 0x41B03D: section_name (object.h:588)
==13673== by 0x41B03D: section_name (dwp.cc:171)
==13673== by 0x41B03D: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:909)
==13673== by 0x40A62F: main (dwp.cc:2446)
==13673== If you believe this happened as a result of a stack
==13673== overflow in your program's main thread (unlikely but
==13673== possible), you can try to increase the size of the
==13673== main thread stack using the --main-stacksize= flag.
==13673== The main thread stack size used in this run was 8388608.
==13673==
==13673== HEAP SUMMARY:
==13673== in use at exit: 33,081 bytes in 764 blocks
==13673== total heap usage: 829 allocs, 65 frees, 44,438 bytes allocated
==13673==
==13673== LEAK SUMMARY:
==13673== definitely lost: 48 bytes in 1 blocks
==13673== indirectly lost: 0 bytes in 0 blocks
==13673== possibly lost: 0 bytes in 0 blocks
==13673== still reachable: 33,033 bytes in 763 blocks
==13673== of which reachable via heuristic:
==13673== stdstring : 27,229 bytes in 717
blocks
==13673== suppressed: 0 bytes in 0 blocks
==13673== Rerun with --leak-check=full to see details of leaked memory
==13673==
==13673== For lists of detected and suppressed errors, rerun with: -s
==13673== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
