https://sourceware.org/bugzilla/show_bug.cgi?id=30887
Bug ID: 30887
Summary: nm: alloc-dealloc-mismatch (INVALID vs free) at
bfd/elf.c:9802 in _bfd_elf_slurp_version_tables
Product: binutils
Version: 2.42 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: yan.cs10 at nycu dot edu.tw
Target Milestone: ---
Created attachment 15126
--> https://sourceware.org/bugzilla/attachment.cgi?id=15126&action=edit
this poc with -D argument can crash nm-new in the latest version
Summary:
A crash caused when using nm
AddressSanitizer reported it as alloc-dealloc-mismatch (INVALID vs free)
git commit, OS, Compiler and processor
git commit: be8e83130
gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
g++ (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
Ubuntu 20.04.4 LTS
AMD Ryzen 5 3600X 6-Core Processor
Steps to reproduce:
$ cd binutils-gdb
$ export CFLAGS='-fsanitize=address -fsanitize-recover=address -g3'
$ export CXXFLAGS='-fsanitize=address -fsanitize-recover=address -g3'
$ make
$ binutils/nm-new -D ./poc_16
AddressSanitizer report:
$ /home/pt/sytseng/binutils-gdb-asan/binutils/nm-new -D ./poc_16
BFD: warning: ./pocs/poc_16 has a program header with invalid alignment
BFD: ./pocs/poc_16: .gnu.version_r invalid entry
=================================================================
==689764==ERROR: AddressSanitizer: alloc-dealloc-mismatch (INVALID vs free) on
0x621000007a88
#0 0x7f518765940f in __interceptor_free
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x557116e5113e in _bfd_elf_slurp_version_tables
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:9802
#2 0x557116e05cdd in bfd_elf64_slurp_symbol_table
/home/pt/sytseng/binutils-gdb-asan/bfd/elfcode.h:1278
#3 0x557116e4d705 in _bfd_elf_canonicalize_dynamic_symtab
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:9285
#4 0x557116d9efcf in _bfd_generic_read_minisymbols
/home/pt/sytseng/binutils-gdb-asan/bfd/syms.c:834
#5 0x557116d706da in display_rel_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1413
#6 0x557116d71838 in display_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1649
#7 0x557116d73827 in main
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:2161
#8 0x7f5187378082 in __libc_start_main ../csu/libc-start.c:308
#9 0x557116d6a15d in _start
(/home/pt/sytseng/binutils-gdb-asan/binutils/nm-new+0xa315d)
0x621000007a88 is located 392 bytes inside of 4064-byte region
[0x621000007900,0x6210000088e0)
allocated by thread T0 here:
#0 0x7f5187659808 in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x557117072354 in _objalloc_alloc objalloc.c:159
#2 0x557116d93db6 in bfd_alloc
/home/pt/sytseng/binutils-gdb-asan/bfd/libbfd.c:452
#3 0x557116e1cf2a in _bfd_elf_get_dynamic_symbols
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:2293
#4 0x557116e02c7d in bfd_elf64_object_p
/home/pt/sytseng/binutils-gdb-asan/bfd/elfcode.h:861
#5 0x557116d8f5ac in bfd_check_format_matches
/home/pt/sytseng/binutils-gdb-asan/bfd/format.c:365
#6 0x557116d717da in display_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1645
#7 0x557116d73827 in main
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:2161
#8 0x7f5187378082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: alloc-dealloc-mismatch
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 in
__interceptor_free
==689764==HINT: if you don't care about these errors you may set
ASAN_OPTIONS=alloc_dealloc_mismatch=0
==689764==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
