https://sourceware.org/bugzilla/show_bug.cgi?id=32576
Bug ID: 32576
Summary: ld memory leak in xmalloc
Product: binutils
Version: 2.43
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: swj22 at mails dot tsinghua.edu.cn
Target Milestone: ---
Created attachment 15887
--> https://sourceware.org/bugzilla/attachment.cgi?id=15887&action=edit
poc
Hello,
We are currently working on fuzz testing feature, and we found a **memory
leak** on `ld`.
The stack traces are as follow:
```
/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld -w /tmp/bug
/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld: warning: /tmp/bug has a
section extending past end of file
=================================================================
==3147400==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2080 byte(s) in 2 object(s) allocated from:
#0 0x55cf25a88dce in __interceptor_malloc
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x1dcdce) (BuildId:
d9731e405748db264b62c84ded760ba4f068cb0a)
#1 0x55cf25ffb69b in xmalloc
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xmalloc.c:149:12
#2 0x55cf25b909fa in add_link_order_input_section
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldelfgen.c:65:17
#3 0x55cf25b8f2cb in link_order_scan
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldelfgen.c:130:10
#4 0x55cf25b8eea4 in link_order_scan
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldelfgen.c:105:8
#5 0x55cf25b8ef8d in link_order_scan
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldelfgen.c:114:11
#6 0x55cf25b8e002 in ldelf_map_segments
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldelfgen.c:274:8
#7 0x55cf25b5d8d4 in gldelf_x86_64_after_allocation
/data/swj/optfuzz/benchmark/binutils-2.43/ld/eelf_x86_64.c:151:5
#8 0x55cf25b43036 in ldemul_after_allocation
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldemul.c:90:3
#9 0x55cf25b04dc0 in lang_process
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:8473:3
#10 0x55cf25b2e34c in main
/data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:529:3
#11 0x7fda55f1b082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
Direct leak of 1928 byte(s) in 171 object(s) allocated from:
#0 0x55cf25a88dce in __interceptor_malloc
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x1dcdce) (BuildId:
d9731e405748db264b62c84ded760ba4f068cb0a)
#1 0x55cf25ffb69b in xmalloc
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xmalloc.c:149:12
#2 0x55cf25ffb8dd in xstrdup
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xstrdup.c:34:24
#3 0x55cf25ad4ff7 in yylex
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlex.l:401:21
#4 0x55cf25ac43fa in yyparse
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldgram.c:2520:16
#5 0x55cf25b2dee3 in main
/data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:434:7
#6 0x7fda55f1b082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
Direct leak of 800 byte(s) in 1 object(s) allocated from:
#0 0x55cf25a88dce in __interceptor_malloc
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x1dcdce) (BuildId:
d9731e405748db264b62c84ded760ba4f068cb0a)
#1 0x55cf25bc4ad2 in bfd_malloc
/data/swj/optfuzz/benchmark/binutils-2.43/bfd/libbfd.c:291:9
#2 0x55cf25d39021 in bfd_elf_final_link
/data/swj/optfuzz/benchmark/binutils-2.43/bfd/elflink.c:12905:44
#3 0x55cf25b33d0e in ldwrite
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldwrite.c:550:8
#4 0x55cf25b2e4e9 in main
/data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:556:3
#5 0x7fda55f1b082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
Direct leak of 338 byte(s) in 12 object(s) allocated from:
#0 0x55cf25a88dce in __interceptor_malloc
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x1dcdce) (BuildId:
d9731e405748db264b62c84ded760ba4f068cb0a)
#1 0x55cf25ffb69b in xmalloc
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xmalloc.c:149:12
#2 0x55cf25ffb840 in xmemdup
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xmemdup.c:37:18
#3 0x55cf25ad5462 in yylex
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlex.l:442:17
#4 0x55cf25ac43fa in yyparse
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldgram.c:2520:16
#5 0x55cf25b2dee3 in main
/data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:434:7
#6 0x7fda55f1b082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
Direct leak of 258 byte(s) in 129 object(s) allocated from:
#0 0x55cf25a88dce in __interceptor_malloc
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x1dcdce) (BuildId:
d9731e405748db264b62c84ded760ba4f068cb0a)
#1 0x55cf25ffb69b in xmalloc
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xmalloc.c:149:12
#2 0x55cf25ffb8dd in xstrdup
/data/swj/optfuzz/benchmark/binutils-2.43/libiberty/./xstrdup.c:34:24
#3 0x55cf25ad53e6 in yylex
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlex.l:435:21
#4 0x55cf25ac43fa in yyparse
/data/swj/optfuzz/benchmark/binutils-2.43/ld/ldgram.c:2520:16
#5 0x55cf25b2dee3 in main
/data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:434:7
#6 0x7fda55f1b082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: 5404 byte(s) leaked in 315 allocation(s).
```
**Step to reproduce**
We configured `objudmp` using
`CFLAGS="-g -fsanitize=address" ./configure --prefix=$(pwd)/ `
and build it using `make -j `, and run it with:
```
./ld -w
```
The input file is attached.
**Environment**
- OS: Ubuntu 20.04.6 LTS
- Clang version: Ubuntu clang version 14.0.6
- binutils version: 2.43 https://ftp.gnu.org/gnu/binutils/binutils-2.43.tar.xz
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
