dwarf-5-irp.s in cross-assember to aarch64-elf

jamborm at gcc dot gnu.org Mon, 17 Jun 2024 08:13:36 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=31903


            Bug ID: 31903
           Summary: Asan heap-buffer-overflow in test
                    gas/elf/dwarf-5-irp.s in cross-assember to aarch64-elf
           Product: binutils
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: jamborm at gcc dot gnu.org
  Target Milestone: ---

When configuring binutils revision c3d23f753da with:

  ../src/configure --prefix=/home/mjambor/binutils/inst --build=x86_64-linux
--disable-gdb --disable-gdbserver --disable-werror --enable-obsolete
--target=aarch64-elf CFLAGS="-g -O2 -fsanitize=address,undefined -Wno-error"
CXXLAGS="-g -O2 -fsanitize=address,undefined -Wno-error" LDFLAGS="-ldl"

silencing leak detection with:

  export  ASAN_OPTIONS=detect_leaks=0

buiding binutils and then, in the build gas subdirectory, running:

  make -k check RUNTESTFLAGS="elf.exp=dwarf-5-irp.s"

Results in FAIL of test "elf line."

In test log, there is an AddressSanitizer heap-buffer-overflow error:

Executing on host: sh -c {../as-new  --gdwarf-5  -o tmpdir/dwarf-5-irp.o
/home/mjambor/binutils/src/gas/testsuite/gas/elf/dwarf-5-irp.s 2>&1}  /dev/null
dump.tmp (timeout = 300)
spawn [open ...]
=================================================================
==21873==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x50b000000420 at pc 0x7fe9bfe7b4e6 bp 0x7ffccdd5fbf0 
sp 0x7ffccdd5f3b0
READ of size 113 at 0x50b000000420 thread T0
    #0 0x7fe9bfe7b4e5  (/lib64/libasan.so.8+0x7b4e5) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #1 0x7fe9bfeca4e2 in strstr (/lib64/libasan.so.8+0xca4e2) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #2 0x49ec74 in do_repeat ../../src/gas/read.c:3106
    #3 0x49f493 in s_rept ../../src/gas/read.c:3075
    #4 0x4b27ae in read_a_source_file ../../src/gas/read.c:1205
    #5 0x4264f2 in perform_an_assembly_pass ../../src/gas/as.c:1260
    #6 0x4264f2 in main ../../src/gas/as.c:1439
    #7 0x7fe9bf22a1ef in __libc_start_call_main (/lib64/libc.so.6+0x2a1ef)
(BuildId: a2c0942c27fb9483b47886a1b937337a797
bbceb)
    #8 0x7fe9bf22a2b8 in __libc_start_main_alias_2 (/lib64/libc.so.6+0x2a2b8)
(BuildId: a2c0942c27fb9483b47886a1b937337a
797bbceb)
    #9 0x42aba4 in _start ../sysdeps/x86_64/start.S:115

0x50b000000420 is located 0 bytes after 112-byte region
[0x50b0000003b0,0x50b000000420)
allocated by thread T0 here:
    #0 0x7fe9bfefa5e8  (/lib64/libasan.so.8+0xfa5e8) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #1 0xb51370 in xrealloc ../../src/libiberty/xmalloc.c:181

SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x7b4e5)
(BuildId: 1827a4c72065a9f25ba519b25166029e
ebbf519f) 
Shadow bytes around the buggy address:
  0x50b000000180: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x50b000000200: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x50b000000280: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x50b000000300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
  0x50b000000380: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
=>0x50b000000400: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21873==ABORTING
failed with: <=================================================================
==21873==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x50b000000420 at pc 0x7fe9bfe7b4e6 bp 0x7ffccdd5fbf0 sp 0x7ffccdd5f3b0
READ of size 113 at 0x50b000000420 thread T0
    #0 0x7fe9bfe7b4e5  (/lib64/libasan.so.8+0x7b4e5) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #1 0x7fe9bfeca4e2 in strstr (/lib64/libasan.so.8+0xca4e2) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #2 0x49ec74 in do_repeat ../../src/gas/read.c:3106
    #3 0x49f493 in s_rept ../../src/gas/read.c:3075
    #4 0x4b27ae in read_a_source_file ../../src/gas/read.c:1205
    #5 0x4264f2 in perform_an_assembly_pass ../../src/gas/as.c:1260
    #6 0x4264f2 in main ../../src/gas/as.c:1439
    #7 0x7fe9bf22a1ef in __libc_start_call_main (/lib64/libc.so.6+0x2a1ef)
(BuildId: a2c0942c27fb9483b47886a1b937337a797bbceb)
    #8 0x7fe9bf22a2b8 in __libc_start_main_alias_2 (/lib64/libc.so.6+0x2a2b8)
(BuildId: a2c0942c27fb9483b47886a1b937337a797bbceb)
    #9 0x42aba4 in _start ../sysdeps/x86_64/start.S:115

0x50b000000420 is located 0 bytes after 112-byte region
[0x50b0000003b0,0x50b000000420)
allocated by thread T0 here:
    #0 0x7fe9bfefa5e8  (/lib64/libasan.so.8+0xfa5e8) (BuildId:
1827a4c72065a9f25ba519b25166029eebbf519f)
    #1 0xb51370 in xrealloc ../../src/libiberty/xmalloc.c:181

SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x7b4e5)
(BuildId: 1827a4c72065a9f25ba519b25166029eebbf519f) 
Shadow bytes around the buggy address:
  0x50b000000180: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x50b000000200: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x50b000000280: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x50b000000300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
  0x50b000000380: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
=>0x50b000000400: 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50b000000680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21873==ABORTING>, no expected output
FAIL: line number entries for section changes inside .irp


This error does not seem to be present in just slightly older revision
c3d23f753da.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gas/31903] New: Asan heap-buffer-overflow in test gas/elf/dwarf-5-irp.s in cross-assember to aarch64-elf

Reply via email to