https://sourceware.org/bugzilla/show_bug.cgi?id=29677
Bug ID: 29677
Summary: Field `the_bfd` of `asymbol` is uninitialized in
function `bfd_mach_o_get_synthetic_symtab`
Product: binutils
Version: 2.40 (HEAD)
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: r3tr0spect2019 at gmail dot com
Target Milestone: ---
Created attachment 14396
--> https://sourceware.org/bugzilla/attachment.cgi?id=14396&action=edit
bug analysis and poc
# Reproduce
cd binutils-gdb
git reset --hard 1d4e62f498b1340569fd58c401f98c287cb5d071
mkdir build
../configure --disable-gdb --disable-gdbserver --disable-gdbsupport
--disable-libdecnumber --disable-readline --disable-sim --disable-libbacktrace
--disable-gas --disable-ld --disable-werror --enable-targets=all
CPPFLAGS=-DDEBUG CFLAGS="-g -O0 -fsanitize=address"
make all-binutils MAKEINFO=true && true
binutils/objdump -d the_bfd_uninit.bin
# Output
../../fuzz/poc/the_bfd_uninit.bin: file format mach-o-x86-64
./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type
field 0x6: setting to undefined
./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type
field 0x4: setting to undefined
AddressSanitizer:DEADLYSIGNAL
=================================================================
==474946==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x55795709e9ec
bp 0x7ffd19b7eaf0 sp 0x7ffd19b7eae0 T0)
==474946==The signal is caused by a READ memory access.
==474946==Hint: this fault was caused by a dereference of a high value address
(see register values below). Dissassemble the provided pc to learn which
register was used.
#0 0x55795709e9ec in bfd_get_flavour ../bfd/bfd.h:7803
#1 0x5579570a2b2b in compare_symbols ../../binutils/objdump.c:1204
#2 0x7f3971b6940e in msort_with_tmp stdlib/msort.c:82
#3 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44
#4 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53
#5 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44
#6 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52
#7 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44
#8 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52
#9 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44
#10 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53
#11 0x7f3971b69a55 in msort_with_tmp stdlib/msort.c:44
#12 0x7f3971b69a55 in __GI___qsort_r stdlib/msort.c:296
#13 0x7f3971da0934 in __interceptor_qsort
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9917
#14 0x5579570ae4fb in disassemble_section ../../binutils/objdump.c:3780
#15 0x5579575a429f in bfd_map_over_sections ../../bfd/section.c:1373
#16 0x5579570b0855 in disassemble_data ../../binutils/objdump.c:4152
#17 0x5579570b80a3 in dump_bfd ../../binutils/objdump.c:5564
#18 0x5579570b837d in display_object_bfd ../../binutils/objdump.c:5627
#19 0x5579570b86b7 in display_any_bfd ../../binutils/objdump.c:5713
#20 0x5579570b8730 in display_file ../../binutils/objdump.c:5734
#21 0x5579570b9fd1 in main ../../binutils/objdump.c:6130
#22 0x7f3971b4ed8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#23 0x7f3971b4ee3f in __libc_start_main_impl ../csu/libc-start.c:392
#24 0x55795709e584 in _start
(/home/holing/pro/github/binutils-gdb/build/binutils/objdump+0xdf0584)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../bfd/bfd.h:7803 in bfd_get_flavour
==474946==ABORTING
Aborted
--
You are receiving this mail because:
You are on the CC list for the bug.
