[Bug binutils/32556] New: nm address points to the zero page

Mon, 13 Jan 2025 18:33:50 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=32556

            Bug ID: 32556
           Summary: nm  address points to the zero page
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15881
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15881&action=edit
file to trigger this bug

This bug is found by my fuzzers with option mutated support

When exec nm with `nm --ifunc-chars "c-Gii-a---?" $inputfile` amy case `Hint:
address points to the zero page.`

The ASAN stack is attached below


/data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm --ifunc-chars
"c-Gii-a---?"
id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1

/data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm:
id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1:
invalid string offset 4278190081 >= 22 for section `.strtab'
0000000000000000 B is_strip
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2882363==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000021 (pc
0x56116e3f3c80 bp 0x7ffe2df77b10 sp 0x7ffe2df77288 T0)
==2882363==The signal is caused by a READ memory access.
==2882363==Hint: address points to the zero page.
    #0 0x56116e3f3c80 in __sanitizer::internal_strlen(char const*)
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)
    #1 0x56116e37c0ab in printf_common(void*, char const*, __va_list_tag*)
asan_interceptors.cpp.o
    #2 0x56116e37d5e9 in printf
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x1255e9) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)
    #3 0x56116e419f7b in print_symbol_info_bsd
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1880:7
    #4 0x56116e42241f in print_symbol
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1228:3
    #5 0x56116e41ffdb in print_symbols
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1388:7
    #6 0x56116e41e51f in display_rel_file
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1503:5
    #7 0x56116e41964f in display_file
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1655:7
    #8 0x56116e418a0a in main
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:2170:12
    #9 0x7f0ee8e3c082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #10 0x56116e35a58d in _start
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x10258d) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6) in __sanitizer::internal_strlen(char
const*)
==2882363==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to