[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #24 from Nick Clifton  ---
Hi Hanno,

  Running objdump -x with multiple arguments is now working for me.  Maybe it
is something to do with this strings-bfd-badfree binary that you are using. 
Please could you upload it to this issue ?  (Or is strings-bfd-badfree another
name for strings-bfd-badptr ?)

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread hanno at hboeck dot de 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #25 from Hanno Boeck  ---
Created attachment 7860
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7860&action=edit
strings-bfd-badfree

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #26 from Nick Clifton  ---
Hi Hanno,

  Thanks for the upload.  Unfortunately objdump (and nm and strings) all
continue to work with single and multiple arguments.  And this is definitely
with address sanitization enabled as well, and with the very latest FSF master
sources, with no local patches applied. :-(

  If the problem still exists with you, would you mind doing a little
investigation please ?  The use-after-free is almost certainly happening at
line 1610 or 1616 of bfd/elf.c.  Could you confirm this ?

  Also can you etll me the exact command line you are using to reproduce the
problem, and also how you configured and built the toolchain that you are using
?

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17489] dlltool --kill-at documentation wrong

2014-10-29 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=17489

Nick Clifton  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||nickc at redhat dot com

--- Comment #1 from Nick Clifton  ---
Hi Daniel,

  Do you have a suggestion for a correct version of that last sentance ?

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread hanno at hboeck dot de 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #27 from Hanno Boeck  ---
Okay, here's the super-step-by-step-instruction to reproduce the UAF:
git clone git://sourceware.org/git/binutils-gdb.git
cd binutils-gdb/
./configure --disable-shared CFLAGS="-fsanitize=address -g"
make
binutils/objdump -x [path_to]/objdump-elf-crasher [path_to]/strings-bfd-badfree

According to asan the use-after-free happens in line 2110/elf.c, this is the
code:
sections_being_created [shindex] = FALSE;

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/15428] Linker crash on R_MIPS_GOT_PAGE relocations referring to absolute symbols

2014-10-29 Thread james410 at cowgill dot org.uk 
https://sourceware.org/bugzilla/show_bug.cgi?id=15428

James Cowgill  changed:

   What|Removed |Added

 CC||james410 at cowgill dot org.uk

--- Comment #1 from James Cowgill  ---
This seems to have been fixed in b75d42bce5609eff ("Fix mips segfault on GOT
access of absolute symbol")

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/15428] Linker crash on R_MIPS_GOT_PAGE relocations referring to absolute symbols

2014-10-29 Thread ma...@linux-mips.org 
https://sourceware.org/bugzilla/show_bug.cgi?id=15428

--- Comment #2 from Maciej W. Rozycki  ---
James, good to know, thanks.  I see there was no test case included
with the fix so one I posted here should be integrated in the test
suite instead.  I'll see if I can do it sometime; I can't afford
doing it right away, I'm afraid.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread cvs-commit at gcc dot gnu.org 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #28 from cvs-commit at gcc dot gnu.org  ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
   via  e5b470e24ce448a56230137a37d3b17299593041 (commit)
  from  f60325bea599bab4cb721c6e797bc6b908fa616c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e5b470e24ce448a56230137a37d3b17299593041

commit e5b470e24ce448a56230137a37d3b17299593041
Author: Nick Clifton 
Date:   Wed Oct 29 20:58:13 2014 +

Fixes another memory corruption bug introduced by patches for PR 17512.

* elf.c (bfd_section_from_shdr): Fix heap use after free memory
leak.

---

Summary of changes:
 bfd/ChangeLog |7 ++-
 bfd/elf.c |2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #29 from Nick Clifton  ---
Hi Hanno,

  Thanks for the step by step guide.  With that I was able to reproduce the
problem.  I do not know why it did not show for me in my original tests, but at
least now I can report that the latest git head sources should work for you as
well as for me.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

2014-10-29 Thread hanno at hboeck dot de 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #30 from Hanno Boeck  ---
Created attachment 7862
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7862&action=edit
fuzzed objdump-pe-crasher

Hi Nick, thanks for the fixes.

However, further fuzzing turned up another asan-detected issue. This is
actually a fuzzed version of the objdump-pe-crasher binary (attachment 7854):

==2937== ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6008b834 at pc 0x4d0c67 bp 0x7fffdd272be0 sp 0x7fffdd272bd8
READ of size 1 at 0x6008b834 thread T0
#0 0x4d0c66 in bfd_getl32
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:619:0
#1 0x650684 in _bfd_pei_swap_aux_in
/data/binutils/binutils-gdb-asan/bfd/peigen.c:314:0
#2 0x4c9ab1 in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1781:0
#3 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
#4 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
#5 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
#6 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
#7 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
#8 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
#9 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
#10 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
#11 0x7f0eb1633a64 in __libc_start_main ??:0:0
#12 0x402f78 in _start ??:0:0
0x6008b834 is located 0 bytes to the right of 36-byte region
[0x6008b810,0x6008b834)
allocated by thread T0 here:
#0 0x7f0eb1de4dda in malloc ??:0:0
#1 0x4d01ed in bfd_malloc
/data/binutils/binutils-gdb-asan/bfd/libbfd.c:181:0
#2 0x4c8d02 in _bfd_coff_get_external_symbols
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1619:0
#3 0x4c973f in coff_get_normalized_symtab
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:1752:0
#4 0x64c021 in coff_slurp_symbol_table
/data/binutils/binutils-gdb-asan/bfd/coffcode.h:4663:0
#5 0x4c0b5c in coff_get_symtab_upper_bound
/data/binutils/binutils-gdb-asan/bfd/coffgen.c:410:0
#6 0x4044ab in slurp_symtab
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:563:0
#7 0x4123ee in dump_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3227:0
#8 0x41285d in display_object_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3315:0
#9 0x412b85 in display_any_bfd
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3389:0
#10 0x412bf6 in display_file
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3410:0
#11 0x41370e in main
/data/binutils/binutils-gdb-asan/binutils/./objdump.c:3692:0
#12 0x7f0eb1633a64 in __libc_start_main ??:0:0

-- 
You are receiving this mail because:
You are on the CC list for the bug.

___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils