[Bug gas/33746] New: gas: Segmentation fault when generating bad object file with symbol definition loop

Wed, 24 Dec 2025 23:11:42 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=33746

            Bug ID: 33746
           Summary: gas: Segmentation fault when generating bad object
                    file with symbol definition loop
           Product: binutils
           Version: 2.45.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: xkittener at gmail dot com
  Target Milestone: ---

Created attachment 16538
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16538&action=edit
Poc

A segmentation fault occurs in gas when using the -W -Z flag on a file that
contains a symbol definition loop and an unterminated conditional. The crash
happens during the final stage of object file generation after the assembler
has already identified multiple errors.


Reproduce:
# export CFLAGS="-g -O0 -fsanitize=address"
# ./configure
# make -j

# gas/as-new -W -Z Poc

Description:
../../Downloads/as_fuzz/1/crashes/id:000001: Assembler messages:
../../Downloads/as_fuzz/1/crashes/id:00000: Error: junk at end of line, first
unrecognized character is `,'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: junk at end of line, first
unrecognized character valued 0x6
../../Downloads/as_fuzz/1/crashes/id:000001: Error: invalid character '^' in
mnemonic
../../Downloads/as_fuzz/1/crashes/id:000001: Error: missing reloc type
../../Downloads/as_fuzz/1/crashes/id:000001: Error: junk at end of line, first
unrecognized character is `3'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: junk at end of line, first
unrecognized character is `"'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: junk at end of line, first
unrecognized character is `5'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: end of file inside
conditional
../../Downloads/as_fuzz/1/crashes/id:000001: Error: here is the start of the
unterminated conditional
../../Downloads/as_fuzz/1/crashes/id:000001: Error: leb128 operand is an
undefined symbol: n
../../Downloads/as_fuzz/1/crashes/id:000001: Error: symbol definition loop
encountered at `sym'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: can't resolve value for
symbol `sym'
../../Downloads/as_fuzz/1/crashes/id:000001: Error: redefined symbol cannot be
used on reloc
13 errors, 0 warnings, generating bad object file
gas/as-new: a.out: symbol `sym' required but not present
../../Downloads/as_fuzz/1/crashes/id:000001: Fatal error: a.out: no symbols
../../Downloads/as_fuzz/1/crashes/id:000001: Internal error (Segmentation
fault).
Segmentation fault (core dumped)

Credit:
Kaiyu Xie(UCAS)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to