https://sourceware.org/bugzilla/show_bug.cgi?id=33012
Bug ID: 33012
Summary: Memory Leak in objdump During Section and Symbol Table
Processing
Product: binutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: xdcao.cs at gmail dot com
Target Milestone: ---
Summary
Memory Leak in objdump During Section and Symbol Table Processing
Environment
elfutils version: 0.192
OS: Ubuntu 22.04.5 LTS
Steps to reproduce
# export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address"
# export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address"
# ./configure --enable-maintainer-mode --disable-debuginfod
# make -j64 & make install
root@46b925a575de:# ./objdump -x -d --endian=little POC
./objdump: warning: POC has a section extending past end of file
POC: file format elf64-x86-64
POC
architecture: i386:x86-64, flags 0x00000011:
HAS_RELOC, HAS_SYMS
start address 0x0000000000000000
Sections:
Idx Name Size VMA LMA File off Algn
0 ux-gnu/bits 00000574 0000000000000000 0000000000000000 00000040 2**4
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 /bits 00000000 0000000000000000 0000000000000000 000005b4 2**0
CONTENTS, ALLOC, LOAD, DATA
2 /uss 00000019 0000000000000000 0000000000000000 000005b8 2**3
ALLOC
3 .text.unlikely 00000000 0000000000000000 0000000000000000 000005b8 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
4 .debug_info 0000011f 0000000000000000 0000000000000000 000005b8 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
5 .debug_abbrev 000000b2 0000000000000000 0000000000000000 000006d7 2**0
CONTENTS, READONLY, DEBUGGING, OCTETS
6 .debug_loc 00000139 0000000000000000 0000000000000000 00000789 2**0
CONTENTS, READONLY, DEBUGGING, OCTETS
7 .debug_aranges 00000030 0000000000000000 0000000000000000 000008c2 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
8 .debug_line 000000d9 0000000000000000 0000000000000000 000008f2 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
9 .debug_str 0000017c 0000000000000000 0000000000000000 000009cb 2**0
CONTENTS, READONLY, DEBUGGING, OCTETS
10 .comment 00000036 0000000000000000 0000000000000000 00000b47 2**0
CONTENTS, READONLY
11 .note.GNU-stack 00000000 0000000000000000 0000000000000000 00000b7d
2**0
CONTENTS, READONLY
12 .mh_frame 00000038 0000000000000000 0000000000000000 00000b80 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
SYMBOL TABLE:
0000000000000000 l df *ABS* 0000000000000000 openbsd-reallocarray.c
0000000000000000 l d ux-gnu/bits 0000000000000000 ux-gnu/bits
0000000000000000 l d /bits 0000000000000000 /bits
0000000000000000 l d /uss 0000000000000000 /uss
0000000000000000 l d .text.unlikely 0000000000000000 .text.unlikely
0000000000000180 l ux-gnu/bits 0000000000000000 __afl_maybe_log
0000000000000000 l d .debug_info 0000000000000000 .debug_info
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_loc 0000000000000000 .debug_loc
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_line 0000000000000000 .debug_line
0000000000000000 l .debug_str f8ffffff00000000
0000000000000000 l d .note.GNU-stack 0000000000000000
.note.GNU-stack
0000000000000000 l O /uss 0000000000000008 __afl_area_ptr
00000000000001b0 l ux-gnu/bits 0000000000000000 __afl_setup
0000000000000190 l ux-gnu/bits 0000000000000000 __afl_store
0000000000000008 l O /uss 0000000000000008 __afl_prev_loc
00000000000001a8 l ux-gnu/bits 0000000000000000 __afl_return
0000000000000018 l O /uss 0000000000000001 __afl_setup_failure
00000000000001d1 l ux-gnu/bits 0000000000000000 __afl_setup_first
0000000000000567 l ux-gnu/bits 0000000000000000 .AFL_SHM_ENV
0000000000000496 l ux-gnu/bits 0000000000000000 __afl_setup_abort
00000000000002eb l ux-gnu/bits 0000000000000000 __afl_forkserver
0000000000000014 l O /uss 0000000000000004 __afl_temp
00000000000003a9 l ux-gnu/bits 0000000000000000 __afl_fork_resume
0000000000000311 l ux-gnu/bits 0000000000000000 __afl_fork_wait_loop
000000000000048e l ux-gnu/bits 0000000000000000 __afl_die
0000000000000010 l O /uss 0000000000000004 __afl_fork_pid
0000000000000567 l ux-gnu/bits 0000000000000000 .AFL_VARS
0000000000000000 l d .mh_frame 0000000000000000 .mh_frame
0000000000000000 l d .comment 0000000000000000 .comment
0000000000000000 g F ux-gnu/bits 000000000000017e reallocarray
0000000000000000 *UND* 0000000000000000 realloc
0000000000000000 *UND* 0000000000000000 _
0000000000000000 *UND* 0000000000000000 :
;
'I@ABLE_
0000000000000008 O *COM* 0000000000000008 __afl_global_area_ptr
0000000000000000 *UND* 0000000000000000 getenv
0000000000000000 *UND* 0000000000000000 atoi
0000000000000000 *UND* 0000000000000000 shmat
0000000000000000 *UND* 0000000000000000 write
0000000000000000 *UND* 0000000000000000 read
0000000000000000 *UND* 0000000000000000 fork
0000000000000000 *UND* 0000000000000000 waitpid
0000000000000000 *UND* 0000000000000000 close
0000000000000000 *UND* 0000000000000000 _exit
./objdump: POC: unsupported relocation type 0xa3
./objdump: POC: bad value
Disassembly of section ux-gnu/bits:
0000000000000000 <reallocarray>:
0: 48 8d a4 24 68 ff ff lea -0x98(%rsp),%rsp
7: ff
8: 48 89 14 24 mov %rdx,(%rsp)
c: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
11: 48 89 44 24 10 mov %rax,0x10(%rsp)
16: 48 c7 c1 72 74 00 00 mov $0x7472,%rcx
1d: e8 5e 01 00 00 call 180 <__afl_maybe_log>
22: 48 8b 44 24 10 mov 0x10(%rsp),%rax
27: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
2c: 48 8b 14 24 mov (%rsp),%rdx
30: 48 8d a4 24 98 00 00 lea 0x98(%rsp),%rsp
37: 00
38: b8 ff ff ff ff mov $0xffffffff,%eax
3d: 48 89 d1 mov %rdx,%rcx
40: 48 39 c6 cmp %rax,%rsi
43: 0f 97 c2 seta %dl
46: 48 39 c1 cmp %rax,%rcx
49: 41 0f 97 c0 seta %r8b
4d: 44 08 c2 or %r8b,%dl
50: 0f 84 ce 00 00 00 je 124 <reallocarray+0x124>
56: 66 90 xchg %ax,%ax
58: 48 8d a4 24 68 ff ff lea -0x98(%rsp),%rsp
5f: ff
60: 48 89 14 24 mov %rdx,(%rsp)
64: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
69: 48 89 44 24 10 mov %rax,0x10(%rsp)
6e: 48 c7 c1 2c 5f 00 00 mov $0x5f2c,%rcx
75: e8 06 01 00 00 call 180 <__afl_maybe_log>
7a: 48 8b 44 24 10 mov 0x10(%rsp),%rax
7f: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
84: 48 8b 14 24 mov (%rsp),%rdx
88: 48 8d a4 24 98 00 00 lea 0x98(%rsp),%rsp
8f: 00
90: 48 85 f6 test %rsi,%rsi
93: 0f 84 8b 00 00 00 je 124 <reallocarray+0x124>
99: 0f 1f 00 nopl (%rax)
9c: 48 8d a4 24 68 ff ff lea -0x98(%rsp),%rsp
a3: ff
a4: 48 89 14 24 mov %rdx,(%rsp)
a8: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
ad: 48 89 44 24 10 mov %rax,0x10(%rsp)
b2: 48 c7 c1 2b 12 00 00 mov $0x122b,%rcx
b9: e8 c2 00 00 00 call 180 <__afl_maybe_log>
be: 48 8b 44 24 10 mov 0x10(%rsp),%rax
c3: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
c8: 48 8b 14 24 mov (%rsp),%rdx
cc: 48 8d a4 24 98 00 00 lea 0x98(%rsp),%rsp
d3: 00
d4: 31 d2 xor %edx,%edx
d6: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
dd: 48 f7 f6 div %rsi
e0: 48 39 c1 cmp %rax,%rcx
e3: 0f 87 7f 00 00 00 ja 168 <reallocarray+0x168>
e9: 0f 1f 00 nopl (%rax)
ec: 48 8d a4 24 68 ff ff lea -0x98(%rsp),%rsp
f3: ff
f4: 48 89 14 24 mov %rdx,(%rsp)
f8: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
fd: 48 89 44 24 10 mov %rax,0x10(%rsp)
102: 48 c7 c1 83 e8 00 00 mov $0xe883,%rcx
109: e8 72 00 00 00 call 180 <__afl_maybe_log>
10e: 48 8b 44 24 10 mov 0x10(%rsp),%rax
113: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
118: 48 8b 14 24 mov (%rsp),%rdx
11c: 48 8d a4 24 98 00 00 lea 0x98(%rsp),%rsp
123: 00
124: 48 8d a4 24 68 ff ff lea -0x98(%rsp),%rsp
12b: ff
12c: 48 89 14 24 mov %rdx,(%rsp)
130: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
135: 48 89 44 24 10 mov %rax,0x10(%rsp)
13a: 48 c7 c1 6f c6 00 00 mov $0xc66f,%rcx
141: e8 3a 00 00 00 call 180 <__afl_maybe_log>
146: 48 8b 44 24 10 mov 0x10(%rsp),%rax
14b: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
150: 48 8b 14 24 mov (%rsp),%rdx
154: 48 8d a4 24 98 00 00 lea 0x98(%rsp),%rsp
15b: 00
15c: 48 0f af f1 imul %rcx,%rsi
160: e9 00 00 00 00 jmp 165 <reallocarray+0x165>
165: 0f 1f 00 nopl (%rax)
168: 48 83 ec 08 sub $0x8,%rsp
16c: e8 00 00 00 00 call 171 <reallocarray+0x171>
171: c7 00 0c 00 00 00 movl $0xc,(%rax)
177: 31 c0 xor %eax,%eax
179: 48 83 c4 08 add $0x8,%rsp
17d: c3 ret
17e: 66 90 xchg %ax,%ax
0000000000000180 <__afl_maybe_log>:
180: 9f lahf
181: 0f 90 c0 seto %al
184: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 18b
<__afl_maybe_log+0xb>
18b: 48 85 d2 test %rdx,%rdx
18e: 74 20 je 1b0 <__afl_setup>
0000000000000190 <__afl_store>:
190: 48 33 0d 00 00 00 00 xor 0x0(%rip),%rcx # 197
<__afl_store+0x7>
197: 48 31 0d 00 00 00 00 xor %rcx,0x0(%rip) # 19e
<__afl_store+0xe>
19e: 48 d1 2d 00 00 00 00 shrq $1,0x0(%rip) # 1a5
<__afl_store+0x15>
1a5: fe 04 0a incb (%rdx,%rcx,1)
00000000000001a8 <__afl_return>:
1a8: 04 7f add $0x7f,%al
1aa: 9e sahf
1ab: c3 ret
1ac: 0f 1e 40 00 nopl 0x0(%rax)
00000000000001b0 <__afl_setup>:
1b0: 80 3d 00 00 00 00 00 cmpb $0x0,0x0(%rip) # 1b7
<__afl_setup+0x7>
1b7: 75 ef jne 1a8 <__afl_return>
1b9: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 1c0
<__afl_setup+0x10>
1c0: 48 8b 12 mov (%rdx),%rdx
1c3: 48 85 d2 test %rdx,%rdx
1c6: 74 09 je 1d1 <__afl_setup_first>
1c8: 48 89 15 00 00 00 00 mov %rdx,0x0(%rip) # 1cf
<__afl_setup+0x1f>
1cf: eb ca jmp 19b <__afl_store+0xb>
00000000000001d1 <__afl_setup_first>:
1d1: 48 8d a4 24 a0 fe ff lea -0x160(%rsp),%rsp
1d8: ff
1d9: 48 89 04 24 mov %rax,(%rsp)
1dd: 48 89 4c 24 08 mov %rcx,0x8(%rsp)
1e2: 48 89 7c 24 10 mov %rdi,0x10(%rsp)
1e7: 48 89 74 24 20 mov %rsi,0x20(%rsp)
1ec: 4c 89 44 24 28 mov %r8,0x28(%rsp)
1f1: 4c 89 4c 24 30 mov %r9,0x30(%rsp)
1f6: 4c 89 54 24 38 mov %r10,0x38(%rsp)
1fb: 4c 89 5c 24 40 mov %r11,0x40(%rsp)
200: 66 0f d6 44 24 60 movq %xmm0,0x60(%rsp)
206: 66 0f d6 4c 24 70 movq %xmm1,0x70(%rsp)
20c: 66 0f d6 94 24 80 00 movq %xmm2,0x80(%rsp)
213: 00 00
215: 66 0f d6 9c 24 90 00 movq %xmm3,0x90(%rsp)
21c: 00 00
21e: 66 0f d6 a4 24 a0 00 movq %xmm4,0xa0(%rsp)
225: 00 00
227: 66 0f d6 ac 24 b0 00 movq %xmm5,0xb0(%rsp)
22e: 00 00
230: 66 0f d6 b4 24 c0 00 movq %xmm6,0xc0(%rsp)
237: 00 00
239: 66 0f d6 bc 24 d0 00 movq %xmm7,0xd0(%rsp)
240: 00 00
242: 66 44 0f d6 84 24 e0 movq %xmm8,0xe0(%rsp)
249: 00 00 00
24c: 66 44 0f d6 8c 24 f0 movq %xmm9,0xf0(%rsp)
253: 00 00 00
256: 66 44 0f d6 94 24 00 movq %xmm10,0xd00(%rsp)
25d: 0d 00 00
260: 66 44 0f d6 9c 24 10 movq %xmm11,0x110(%rsp)
267: 01 00 00
26a: 66 44 0f d6 a4 24 20 movq %xmm12,0x120(%rsp)
271: 01 00 00
274: 66 44 0f d6 ac 24 30 movq %xmm13,0x130(%rsp)
27b: 01 00 00
27e: 66 44 0f d6 b4 24 40 movq %xmm14,0x140(%rsp)
285: 01 00 00
288: 66 44 0f d6 bc 24 50 movq %xmm15,0x150(%rsp)
28f: 01 00 00
292: 41 54 push %r12
294: 49 89 e4 mov %rsp,%r12
297: 48 83 ec 10 sub $0x10,%rsp
29b: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
29f: 48 8d 3d c1 02 00 00 lea 0x2c1(%rip),%rdi # 567
<.AFL_SHM_ENV>
2a6: e8 00 00 00 00 call 2ab <__afl_setup_first+0xda>
2ab: 48 85 c0 test %rax,%rax
2ae: 0f 84 e2 01 00 00 je 496 <__afl_setup_abort>
2b4: 48 89 c7 mov %rax,%rdi
2b7: e8 00 00 00 00 call 2bc <__afl_setup_first+0xeb>
2bc: 48 31 d2 xor %rdx,%rdx
2bf: 48 31 f6 xor %rsi,%rsi
2c2: 48 89 c7 mov %rax,%rdi
2c5: e8 00 00 00 00 call 2ca <__afl_setup_first+0xf9>
2ca: 48 83 f8 ff cmp $0xffffffffffffffff,%rax
2ce: 0f 84 c2 01 00 00 je 496 <__afl_setup_abort>
2d4: 48 89 c2 mov %rax,%rdx
2d7: 48 89 05 00 00 00 00 mov %rax,0x0(%rip) # 2de
<__afl_setup_first+0x10d>
2de: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 2e5
<__afl_setup_first+0x114>
2e5: 48 89 02 mov %rax,(%rdx)
2e8: 48 89 c2 mov %rax,%rdx
00000000000002eb <__afl_forkserver>:
2eb: 52 push %rdx
2ec: 52 push %rdx
2ed: 48 c7 c2 04 00 00 00 mov $0x4,%rdx
2f4: 48 8d 35 00 00 00 00 lea 0x0(%rip),%rsi # 2fb
<__afl_forkserver+0x10>
2fb: 48 c7 c7 c7 00 00 00 mov $0xc7,%rdi
302: e8 00 00 00 00 call 307 <__afl_forkserver+0x1c>
307: 48 83 f8 04 cmp $0x4,%rax
30b: 0f 85 98 00 00 00 jne 3a9 <__afl_fork_resume>
0000000000000311 <__afl_fork_wait_loop>:
311: 48 c7 c2 04 00 00 00 mov $0x4,%rdx
318: 48 8d 35 00 00 00 00 lea 0x0(%rip),%rsi # 31f
<__afl_fork_wait_loop+0xe>
31f: 48 c7 c7 c6 00 00 00 mov $0xc6,%rdi
326: e8 00 00 00 00 call 32b <__afl_fork_wait_loop+0x1a>
32b: 48 83 f8 04 cmp $0x4,%rax
32f: 0f 85 59 01 00 00 jne 48e <__afl_die>
335: e8 00 00 00 00 call 33a <__afl_fork_wait_loop+0x29>
33a: 48 83 f8 00 cmp $0x0,%rax
33e: 0f 8c 4a 01 00 00 jl 48e <__afl_die>
344: 74 63 je 3a9 <__afl_fork_resume>
346: 89 05 00 00 00 00 mov %eax,0x0(%rip) # 34c
<__afl_fork_wait_loop+0x3b>
34c: 48 c7 c2 04 00 00 00 mov $0x4,%rdx
353: 48 8d 35 00 00 00 00 lea 0x0(%rip),%rsi # 35a
<__afl_fork_wait_loop+0x49>
35a: 48 c7 c7 c7 00 00 00 mov $0xc7,%rdi
361: e8 00 00 00 00 call 366 <__afl_fork_wait_loop+0x55>
366: 48 c7 c2 00 00 00 00 mov $0x0,%rdx
36d: 48 8d 35 00 00 09 00 lea 0x90000(%rip),%rsi # 90374
<.AFL_SHM_ENV+0x8fe0d>
374: 48 8b 3d 00 00 00 00 mov 0x0(%rip),%rdi # 37b
<__afl_fork_wait_loop+0x6a>
37b: e8 00 00 00 00 call 380 <__afl_fork_wait_loop+0x6f>
380: 48 83 f8 00 cmp $0x0,%rax
384: 0f 8e 04 01 00 00 jle 48e <__afl_die>
38a: 48 c7 c2 04 00 00 00 mov $0x4,%rdx
391: 48 8d 35 00 00 00 00 lea 0x0(%rip),%rsi # 398
<__afl_fork_wait_loop+0x87>
398: 48 c7 c7 c7 00 00 00 mov $0xc7,%rdi
39f: e8 00 00 00 00 call 3a4 <__afl_fork_wait_loop+0x93>
3a4: e9 68 ff ff ff jmp 311 <__afl_fork_wait_loop>
00000000000003a9 <__afl_fork_resume>:
3a9: 48 c7 c7 c6 00 00 00 mov $0xc6,%rdi
3b0: e8 00 00 00 00 call 3b5 <__afl_fork_resume+0xc>
3b5: 48 c7 c7 c7 00 00 00 mov $0xc7,%rdi
3bc: e8 00 00 00 00 call 3c1 <__afl_fork_resume+0x18>
3c1: 5a pop %rdx
3c2: 5a pop %rdx
3c3: 4c 89 e4 mov %r12,%rsp
3c6: 41 5c pop %r12
3c8: 48 8b 04 24 mov (%rsp),%rax
3cc: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
3d1: 48 8b 7c 24 10 mov 0x10(%rsp),%rdi
3d6: 48 8b 74 24 20 mov 0x20(%rsp),%rsi
3db: 4c 8b 44 24 28 mov 0x28(%rsp),%r8
3e0: 4c 8b 4c 24 30 mov 0x30(%rsp),%r9
3e5: 4c 8b 54 24 38 mov 0x38(%rsp),%r10
3ea: 4c 8b 5c 24 40 mov 0x40(%rsp),%r11
3ef: f3 0f 7e 44 24 60 movq 0x60(%rsp),%xmm0
3f5: f3 0f 7e 4c 24 70 movq 0x70(%rsp),%xmm1
3fb: f3 0f 7e 94 24 80 00 movq 0x80(%rsp),%xmm2
402: 00 00
404: f3 0f 7e 9c 24 90 00 movq 0x90(%rsp),%xmm3
40b: 00 00
40d: f3 0f 7e a4 00 00 c4 movq 0xc400(%rax,%rax,1),%xmm4
414: 00 00
416: 00 00 add %al,(%rax)
418: 00 00 add %al,(%rax)
41a: 24 b0 and $0xb0,%al
41c: 00 00 add %al,(%rax)
41e: 00 f3 add %dh,%bl
420: 0f 7e b4 24 c0 00 00 movd %mm6,0xc0(%rsp)
427: 00
428: f3 0f 7e bc 24 d0 00 movq 0xd0(%rsp),%xmm7
42f: 00 00
431: f3 44 0f 7e 84 24 e0 movq 0xe0(%rsp),%xmm8
438: 00 00 00
43b: f3 44 0f 7e 8c 24 f0 movq 0xf0(%rsp),%xmm9
442: 00 00 00
445: f3 44 0f 7e 94 24 00 movq 0x100(%rsp),%xmm10
44c: 01 00 00
44f: f3 44 0f 7e 9c 24 10 movq 0x110(%rsp),%xmm11
456: 01 00 00
459: f3 44 0f 7e a4 24 20 movq 0x120(%rsp),%xmm12
460: 01 00 00
463: f3 44 0f 7e ac 24 30 movq 0x130(%rsp),%xmm13
46a: 01 00 00
46d: f3 44 0f 7e b4 24 40 movq 0x140(%rsp),%xmm14
474: 01 00 00
477: f3 44 0f 7e bc 24 50 movq 0x150(%rsp),%xmm15
47e: 01 00 00
481: 48 8d a4 24 60 01 00 lea 0x160(%rsp),%rsp
488: 00
489: e9 02 fd ff ff jmp 190 <__afl_store>
000000000000048e <__afl_die>:
48e: 48 31 c0 xor %rax,%rax
491: e8 00 00 00 00 call 496 <__afl_setup_abort>
0000000000000496 <__afl_setup_abort>:
496: fe 05 00 00 00 00 incb 0x0(%rip) # 49c
<__afl_setup_abort+0x6>
49c: 4c 89 e4 mov %r12,%rsp
49f: 41 5c pop %r12
4a1: 48 8b 04 24 mov (%rsp),%rax
4a5: 48 8b 4c 24 08 mov 0x8(%rsp),%rcx
4aa: 48 8b 7c 24 10 mov 0x10(%rsp),%rdi
4af: 48 8b 74 24 20 mov 0x20(%rsp),%rsi
4b4: 4c 8b 44 24 28 mov 0x28(%rsp),%r8
4b9: 4c 8b 4c 24 30 mov 0x30(%rsp),%r9
4be: 4c 8b 54 24 38 mov 0x38(%rsp),%r10
4c3: 4c 8b 5c 24 40 mov 0x40(%rsp),%r11
4c8: f3 0f 7e 44 24 60 movq 0x60(%rsp),%xmm0
4ce: f3 0f 7e 4c 24 70 movq 0x70(%rsp),%xmm1
4d4: f3 0f 7e 94 24 80 00 movq 0x80(%rsp),%xmm2
4db: 00 00
4dd: f3 0f 7e 9c 24 90 00 movq 0x90(%rsp),%xmm3
4e4: 00 00
4e6: f3 0f 7e a4 24 a0 00 movq 0xa0(%rsp),%xmm4
4ed: 00 00
4ef: f3 0f 7e ac 24 b0 00 movq 0xb0(%rsp),%xmm5
4f6: 00 00
4f8: f3 0f 7e b4 24 c0 00 movq 0xc0(%rsp),%xmm6
4ff: 00 00
501: f3 0f 7e bc 24 d0 00 movq 0xd0(%rsp),%xmm7
508: 00 00
50a: f3 44 0f 7e 84 24 e0 movq 0xe0(%rsp),%xmm8
511: 00 00 00
514: f3 44 0f 7e 8c 24 f0 movq 0xf0(%rsp),%xmm9
51b: 00 00 00
51e: f3 44 0f 7e 94 24 00 movq 0x100(%rsp),%xmm10
525: 01 00 00
528: f3 44 0f 7e 9c 24 10 movq 0x110(%rsp),%xmm11
52f: 01 00 00
532: f3 44 0f 7e a4 24 20 movq 0x120(%rsp),%xmm12
539: 01 00 00
53c: f3 44 0f 7e ac 24 30 movq 0x130(%rsp),%xmm13
543: 01 00 00
546: f3 44 0f 7e b4 24 40 movq 0x140(%rsp),%xmm14
54d: 01 00 00
550: f3 44 0f 7e bc 24 50 movq 0x150(%rsp),%xmm15
557: 01 00 00
55a: 48 8d a4 24 60 01 00 lea 0x160(%rsp),%rsp
561: 00
562: e9 41 fc ff ff jmp 1a8 <__afl_return>
0000000000000567 <.AFL_SHM_ENV>:
567: 5f pop %rdi
568: 5f pop %rdi
569: 41 rex.B
56a: 46 rex.RX
56b: 4c 5f rex.WR pop %rdi
56d: 53 push %rbx
56e: 48 rex.W
56f: 4d 5f rex.WRB pop %r15
571: 49 rex.WB
572: 44 rex.R
...
=================================================================
==1503382==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 896 byte(s) in 1 object(s) allocated from:
#0 0x49a4fd in malloc (objdump+0x49a4fd)
#1 0xa11a3f in xmalloc
/root/this-program/binutils-gdb/build/libiberty/../../libiberty/xmalloc.c:149:12
#2 0x4d313d in dump_bfd
/root/this-program/binutils-gdb/build/binutils/../../binutils/objdump.c:5853:2
#3 0x4d1d3d in display_object_bfd
/root/this-program/binutils-gdb/build/binutils/../../binutils/objdump.c:5914:7
#4 0x4d1821 in display_any_bfd
/root/this-program/binutils-gdb/build/binutils/../../binutils/objdump.c:5993:5
SUMMARY: AddressSanitizer: 896 byte(s) leaked in 1 allocation(s).
POC
https://drive.google.com/file/d/1FB9fNNN5ixsWiwn-dWZowOvQpoigTvY5/view?usp=sharing
Credit
Xiaoguo Li (CUPL)
Xudong Cao (UCAS)
--
You are receiving this mail because:
You are on the CC list for the bug.
