https://sourceware.org/bugzilla/show_bug.cgi?id=30653
Bug ID: 30653
Summary: segment fault in as
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mengda2020 at iscas dot ac.cn
Target Milestone: ---
Created attachment 14986
--> https://sourceware.org/bugzilla/attachment.cgi?id=14986&action=edit
POC
as segment fault
Hello, Binutils developers!
I found a segment fault in as.
It caused the operand function to keep recursing at line 1049 in expr.c,
exhausting the stack resources
Please confirm.
Thanks!
Test Environment
Ubuntu 20.04, 64 bit binutils (version: v2.39
How to trigger
Compile the program
Run command $ ./as --alternate --gdwarf-5 --gstabs --gstabs+
--traditional-format -a -g $POC
Details
'''
GDB report
$.(gdb) set args --alternate --gdwarf-5 --gstabs --gstabs+ --traditional-format
-a -g $POC
out/default/crashes/id\:000001\,sig\:11\,src\:001595+001814\,time\:73187270\,execs\:7351020\,op\:splice\,rep\:4
(gdb) r
Starting program:
/home/cmd/sp/Fuzz/aflpp_fuzz/OSmart/Binutils/as/al_alternate_gdwarf-5_gstabs_gstabs+_traditional-format_a_g/as_2/as
--alternate --gdwarf-5 --gstabs --gstabs+ --traditional-format -a -g
out/default/crashes/id\:000001\,sig\:11\,src\:001595+001814\,time\:73187270\,execs\:7351020\,op\:splice\,rep\:4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:
Assembler messages:
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:
Warning: end of file not at end of a line; newline inserted
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: unknown pseudo-op: `.�'
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: unknown pseudo-op: `.'
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: invalid character (0x80) in mnemonic
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: junk at end of line, first unrecognized character valued 0x12
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: junk at end of line, first unrecognized character valued 0x4
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: bad expression
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: bad expression
Program received signal SIGSEGV, Segmentation fault.
'''
backtrace:
'''
#3584 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3585 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3586 0x000000000051efac in expr (rankarg=5, resultP=0x7fffffffc900,
mode=expr_normal) at expr.c:1800
#3587 0x000000000051f24d in expr (rankarg=0, resultP=0x7fffffffd180,
mode=expr_normal) at expr.c:1814
#3588 0x0000000000591b2d in get_segmented_expression (expP=0x7fffffffd180) at
read.c:5616
#3589 0x000000000057afa6 in get_known_segmented_expression
(expP=0x7fffffffd180) at read.c:5632
#3590 0x000000000057d083 in assign_symbol (name=0x63100000084e ".", mode=0) at
read.c:3126
#3591 0x000000000056a977 in equals (sym_name=0x63100000084e ".", reassign=1) at
read.c:5753
#3592 0x0000000000567720 in read_a_source_file (
name=0x7fffffffe2db
"out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4")
at read.c:1075
#3593 0x00000000004dc118 in perform_an_assembly_pass (argc=0,
argv=0x607000000108) at as.c:1256
#3594 0x00000000004d6d05 in main (argc=2, argv=0x607000000100) at as.c:1418
'''
--
You are receiving this mail because:
You are on the CC list for the bug.
