[Bug ld/32645] New: ld SEGV (illegal read access) in yylex (ld/ldlex.l:488:26) -w -T options

Wed, 05 Feb 2025 05:44:54 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=32645

            Bug ID: 32645
           Summary: ld SEGV (illegal read access) in yylex
                    (ld/ldlex.l:488:26)  -w -T options
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15920
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15920&action=edit
poc

**Description**
A segv can occur in ld (part of binutils 2.43) when using the  -w -T options
with a specially crafted input file. This issue leads to memory corruption
(illegal memory read access) and crashes.

**Affected Version**
GNU ld (GNU Binutils) 2.43

**Steps to Reproduce**

Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address"
./configure && make -j).
Run the following command:
./binutils-2.43/bins/bin/ld  -w -T/   / /tmp/poc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==488261==ERROR: AddressSanitizer: SEGV on unknown address 0x55a55b9fea18 (pc
0x559d5a8549b8 bp 0x7ffc2b06b790 sp 0x7ffc2b06b2d0 T0)
==488261==The signal is caused by a READ memory access.
    #0 0x559d5a8549b8 in yylex ./binutils-2.43/ld/ldlex.l:488:26
    #1 0x559d5a8433fa in yyparse ./binutils-2.43/ld/ldgram.c:2520:16
    #2 0x559d5a8758fe in load_symbols ./binutils-2.43/ld/ldlang.c:3051:7
    #3 0x559d5a886304 in open_input_bfds ./binutils-2.43/ld/ldlang.c:3622:13
    #4 0x559d5a8829f3 in lang_process ./binutils-2.43/ld/ldlang.c:8194:3
    #5 0x559d5a8ad34c in main ./binutils-2.43/ld/./ldmain.c:529:3
    #6 0x7f1610c3f082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x559d5a7856bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd)
(BuildId: d9731e405748db264b62c84ded760ba4f068cb0a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/ld/ldlex.l:488:26 in yylex
==488261==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to