[Bug ld/20849] [avr][avr_tiny] Don't put .rodata in RAM.
https://sourceware.org/bugzilla/show_bug.cgi?id=20849 Georg-Johann Lay changed: What|Removed |Added Target Milestone|--- |2.28 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21380] [Aarch64] Invalid ld3r and ld4r loads decoded as valid
https://sourceware.org/bugzilla/show_bug.cgi?id=21380 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=792f174f8af4291c222d0a6de919118e488258bc commit 792f174f8af4291c222d0a6de919118e488258bc Author: Nick Clifton Date: Fri Apr 21 12:18:06 2017 +0100 Fix detection of illegal AArch64 opcodes that resemble LD1R, LD2R, LD3R and LD4R. PR binutils/21380 opcodes * aarch64-tbl.h (aarch64_opcode_table): Fix masks for LD1R, LD2R, LD3R and LD4R. gas * testsuite/gas/aarch64/illegal-3.s: New file. * testsuite/gas/aarch64/illegal-3.d: New file. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21380] [Aarch64] Invalid ld3r and ld4r loads decoded as valid
https://sourceware.org/bugzilla/show_bug.cgi?id=21380 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Thanks for reporting this problem. The issue was the mask used to check for required bits in the opcodes - it was not covering bit 12. I have checked in a small patch to cover this bit, and to add a testcase to the assembler. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21378] readelf: shift exponent too large for unsigned long
https://sourceware.org/bugzilla/show_bug.cgi?id=21378 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54 commit ddef72cdc10d82ba011a7ff81cafbbd3466acf54 Author: Nick Clifton Date: Fri Apr 21 12:31:59 2017 +0100 Fix shift overflow when parsing an overlarge note value. PR binutils/21378 * readelf.c (print_gnu_build_attribute_name): Check for an overlarge name field. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21378] readelf: shift exponent too large for unsigned long
https://sourceware.org/bugzilla/show_bug.cgi?id=21378 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Agostino, Thanks for the bug report. The problem was a simple assumption that numeric values in notes would always be of a reasonable size. Guess I was wrong ... :-) Anyway I have checked in a patch to fix this, so hopefully there will be no more problems with this part of readelf. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21377] readelf: NULL pointer dereference in print_symbol_for_build_attribute (readelf.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21377 Nick Clifton changed: What|Removed |Added CC||nickc at redhat dot com --- Comment #1 from Nick Clifton --- Hi Agostino, > this is compiled from master. I don't know if previous version are affected. > > # readelf -a $FILE > ==7569==ERROR: AddressSanitizer: SEGV on unknown address 0x0004 (pc > /tmp/portage/sys-devel/binutils-/work/binutils/binutils/readelf.c:16671: I think that this one may have already been fixed. Please could you recheck ? Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21404] [avr] assertion fail in bfd/elf32-avr.c:2145
https://sourceware.org/bugzilla/show_bug.cgi?id=21404 --- Comment #4 from Senthil Kumar Selvaraj --- Created attachment 10004 --> https://sourceware.org/bugzilla/attachment.cgi?id=10004&action=edit Minimal testcase This is caused by incorrect size adjustment of a symbol in certain situations when its size straddles an alignment boundary. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21376] binutils 2.28 objdump memory leaks
https://sourceware.org/bugzilla/show_bug.cgi?id=21376 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |WONTFIX --- Comment #1 from Nick Clifton --- Hi, Thanks for reporting this problem. Unfortunately we are not really interested in fixing memory leaks unless they can lead to memory exhaustion. In this case you simply have a buffer that is allocated and used and then the program terminates, successfully, leaving the OS to clean up the memory. Not a big deal. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/20941] New: AS crashes when resolving an expression
https://sourceware.org/bugzilla/show_bug.cgi?id=20941 Bug ID: 20941 Summary: AS crashes when resolving an expression Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The assembler crashes with an invalid read of size 8 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version v2.24. $ printf "\n#0\"\"0\x210+\x2e\x2e>\x2e\x2e+\x2e&" > test $ as test test: Assembler messages: test: Warning: end of file not at end of a line; newline inserted test:2: Warning: missing operand; zero assumed Segmentation fault VALGRIND says: ==43098== Invalid read of size 8 ==43098==at 0x45517C: frag_offset_fixed_p (frags.c:420) ==43098==by 0x4459CF: resolve_expression (expr.c:2195) ==43098==by 0x446A87: expr (expr.c:2063) ==43098==by 0x4D79E5: get_absolute_expr (read.c:488) ==43098==by 0x4D79E5: get_absolute_expression (read.c:504) ==43098==by 0x4D79E5: get_linefile_number (read.c:1990) ==43098==by 0x4D79E5: s_app_line (read.c:2045) ==43098==by 0x4BB6FF: read_a_source_file (read.c:1146) ==43098==by 0x40D471: perform_an_assembly_pass (as.c:1172) ==43098==by 0x40D471: main (as.c:1296) ==43098== Address 0x20 is not stack'd, malloc'd or (recently) free'd Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21404] [avr] assertion fail in bfd/elf32-avr.c:2145
https://sourceware.org/bugzilla/show_bug.cgi?id=21404 Senthil Kumar Selvaraj changed: What|Removed |Added Assignee|unassigned at sourceware dot org |saaadhu at gcc dot gnu.org -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21086] static linking with --dynamic-list adds dynamic section and interpreter
https://sourceware.org/bugzilla/show_bug.cgi?id=21086 --- Comment #6 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3c5fce9bc29b216af7d10f8d6e4d8c3f11a48359 commit 3c5fce9bc29b216af7d10f8d6e4d8c3f11a48359 Author: H.J. Lu Date: Fri Apr 21 12:00:55 2017 -0700 Require --no-dynamic-linker with -static -E/--dynamic-list When -static -E/--dynamic-list are passed to linker, linker may create executable with dynamic sections which aren't supported by run-time. We require --no-dynamic-linker together with -static -E/--dynamic-list before adding dynamic symbol table to static executable. bfd/ PR ld/19617 PR ld/21086 * elflink.c (elf_link_add_object_symbols): Require --no-dynamic-linker with -E/--dynamic-list when creating dynamic sections. ld/ PR ld/19617 PR ld/21086 * testsuite/ld-elf/pr19617a.d: Pass --no-dynamic-linker to ld. * testsuite/ld-elf/pr19617b.d: Likewise. * testsuite/ld-elf/pr19617c.d: Likewise. *testsuite/ld-i386/pr19636-4d.d: Likewise. * testsuite/ld-elf/readelf.exp: Pass --no-dynamic-linker to ld with --export-dynamic. * testsuite/ld-elf/shared.exp: Pass --no-dynamic-linker to ld with -E. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19617] ELF: Allow -E to work without -pic/-pie/-shared in the absence of undefined symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=19617 --- Comment #7 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3c5fce9bc29b216af7d10f8d6e4d8c3f11a48359 commit 3c5fce9bc29b216af7d10f8d6e4d8c3f11a48359 Author: H.J. Lu Date: Fri Apr 21 12:00:55 2017 -0700 Require --no-dynamic-linker with -static -E/--dynamic-list When -static -E/--dynamic-list are passed to linker, linker may create executable with dynamic sections which aren't supported by run-time. We require --no-dynamic-linker together with -static -E/--dynamic-list before adding dynamic symbol table to static executable. bfd/ PR ld/19617 PR ld/21086 * elflink.c (elf_link_add_object_symbols): Require --no-dynamic-linker with -E/--dynamic-list when creating dynamic sections. ld/ PR ld/19617 PR ld/21086 * testsuite/ld-elf/pr19617a.d: Pass --no-dynamic-linker to ld. * testsuite/ld-elf/pr19617b.d: Likewise. * testsuite/ld-elf/pr19617c.d: Likewise. *testsuite/ld-i386/pr19636-4d.d: Likewise. * testsuite/ld-elf/readelf.exp: Pass --no-dynamic-linker to ld with --export-dynamic. * testsuite/ld-elf/shared.exp: Pass --no-dynamic-linker to ld with -E. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21402] i386: indirect5 failures
https://sourceware.org/bugzilla/show_bug.cgi?id=21402 --- Comment #7 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e133d00576f3da89e7772149e8d2b6a059d26919 commit e133d00576f3da89e7772149e8d2b6a059d26919 Author: H.J. Lu Date: Fri Apr 21 12:03:14 2017 -0700 i386: Avoid dynamic symbol with GOT reference in PIE GOT reference to global symbol in PIE will lead to dynamic symbol. It becomes a problem when "time" or "times" is defined as a variable in an executable, clashing with functions of the same name in libc. If a symbol isn't undefined weak symbol, don't make it dynamic in PIE and generate R_386_RELATIVE relocation. bfd/ PR ld/21402 * elf32-i386.c (elf_i386_link_hash_entry): Add no_finish_dynamic_symbol. (elf_i386_link_hash_newfunc): Set no_finish_dynamic_symbol to 0. (elf_i386_allocate_dynrelocs): If a symbol isn't undefined weak symbol, don't make it dynamic in PIE. (elf_i386_relocate_section): If a symbol isn't dynamic in PIE, set no_finish_dynamic_symbol and generate R_386_RELATIVE relocation for R_386_GOT32 (elf_i386_finish_dynamic_symbol): Abort if no_finish_dynamic_symbol isn't 0. ld/ PR ld/21402 * testsuite/ld-elf/indirect.exp: Don't skip PIE indirect5 and indirect6 tests on i386. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21402] i386: indirect5 failures
https://sourceware.org/bugzilla/show_bug.cgi?id=21402 H.J. Lu changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #8 from H.J. Lu --- Fixed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21086] static linking with --dynamic-list adds dynamic section and interpreter
https://sourceware.org/bugzilla/show_bug.cgi?id=21086 H.J. Lu changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Version|unspecified |2.29 (HEAD) Resolution|--- |FIXED Target Milestone|--- |2.29 --- Comment #7 from H.J. Lu --- Fixed for 2.29. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21408] New: objdump segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21408 Bug ID: 21408 Summary: objdump segfault - null pointer dereferencing Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10005 --> https://sourceware.org/bugzilla/attachment.cgi?id=10005&action=edit Crashing input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug3 objdump -WL bug3 ASAN says: ==148381==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x0060fc56 bp 0x7fffd13821b0 sp 0x7fffd13805a0 T0) #0 0x60fc55 in display_debug_lines_decoded /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/dwarf.c:3813:8 #1 0x56ef61 in display_debug_lines /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/dwarf.c:4195:21 #2 0x52f2c4 in dump_dwarf_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2618:6 #3 0x9e4315 in bfd_map_over_sections /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1395:5 #4 0x4e0652 in dump_dwarf /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2684:3 #5 0x4d7539 in dump_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3522:5 #6 0x4d5fe8 in display_object_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3589:7 #7 0x4d5dcc in display_any_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3678:5 #8 0x4d45f3 in display_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3699:3 #9 0x4d26d3 in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:4001:6 #10 0x7f041d2a2f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #11 0x4cb13c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objdump+0x4cb13c) VALGRIND says: ==148383== Invalid read of size 8 ==148383==at 0x416644: display_debug_lines_decoded (dwarf.c:3813) ==148383==by 0x4177A9: display_debug_lines (dwarf.c:4195) ==148383==by 0x407DE2: dump_dwarf_section (objdump.c:2618) ==148383==by 0x469C57: bfd_map_over_sections (section.c:1395) ==148383==by 0x407F43: dump_dwarf (objdump.c:2684) ==148383==by 0x409E26: dump_bfd (objdump.c:3522) ==148383==by 0x40A02E: display_object_bfd (objdump.c:3589) ==148383==by 0x40A270: display_any_bfd (objdump.c:3678) ==148383==by 0x40A2E4: display_file (objdump.c:3699) ==148383==by 0x40ABB7: main (objdump.c:4001) ==148383== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==148383== ==148383== ==148383== Process terminating with default action of signal 11 (SIGSEGV) ==148383== Access not within mapped region at address 0x0 ==148383==at 0x416644: display_debug_lines_decoded (dwarf.c:3813) ==148383==by 0x4177A9: display_debug_lines (dwarf.c:4195) ==148383==by 0x407DE2: dump_dwarf_section (objdump.c:2618) ==148383==by 0x469C57: bfd_map_over_sections (section.c:1395) ==148383==by 0x407F43: dump_dwarf (objdump.c:2684) ==148383==by 0x409E26: dump_bfd (objdump.c:3522) ==148383==by 0x40A02E: display_object_bfd (objdump.c:3589) ==148383==by 0x40A270: display_any_bfd (objdump.c:3678) ==148383==by 0x40A2E4: display_file (objdump.c:3699) ==148383==by 0x40ABB7: main (objdump.c:4001) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21409] New: objdump segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21409 Bug ID: 21409 Summary: objdump segfault - null pointer dereferencing Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10006 --> https://sourceware.org/bugzilla/attachment.cgi?id=10006&action=edit Crashing input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_7 objdump -SD bug_7 ASAN says: ==148394==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x010f21d7 bp 0x7ffe42ecf670 sp 0x7ffe42ece6c0 T0) #0 0x10f21d6 in _bfd_dwarf2_find_nearest_line /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/dwarf2.c:4212:9 #1 0xd095d9 in _bfd_elf_find_nearest_line /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:8642:7 #2 0x511d79 in show_line /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:1486:9 #3 0x506b94 in disassemble_bytes /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:1791:6 #4 0x4f6b0a in disassemble_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2304:7 #5 0x9e4315 in bfd_map_over_sections /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1395:5 #6 0x4e4f50 in disassemble_data /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2438:3 #7 0x4d76be in dump_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3532:5 #8 0x4d5fe8 in display_object_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3589:7 #9 0x4d5dcc in display_any_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3678:5 #10 0x4d45f3 in display_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3699:3 #11 0x4d26d3 in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:4001:6 #12 0x7fb407a88f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #13 0x4cb13c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objdump+0x4cb13c) VALGRIND says: ==148401== Invalid read of size 8 ==148401==at 0x4D209A: _bfd_dwarf2_find_nearest_line (dwarf2.c:4212) ==148401==by 0x49B5EA: _bfd_elf_find_nearest_line (elf.c:8642) ==148401==by 0x4050CC: show_line (objdump.c:1486) ==148401==by 0x405B52: disassemble_bytes (objdump.c:1791) ==148401==by 0x407248: disassemble_section (objdump.c:2304) ==148401==by 0x469C57: bfd_map_over_sections (section.c:1395) ==148401==by 0x40779C: disassemble_data (objdump.c:2438) ==148401==by 0x409EA8: dump_bfd (objdump.c:3532) ==148401==by 0x40A02E: display_object_bfd (objdump.c:3589) ==148401==by 0x40A270: display_any_bfd (objdump.c:3678) ==148401==by 0x40A2E4: display_file (objdump.c:3699) ==148401==by 0x40ABB7: main (objdump.c:4001) ==148401== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==148401== ==148401== ==148401== Process terminating with default action of signal 11 (SIGSEGV) ==148401== Access not within mapped region at address 0x0 ==148401==at 0x4D209A: _bfd_dwarf2_find_nearest_line (dwarf2.c:4212) ==148401==by 0x49B5EA: _bfd_elf_find_nearest_line (elf.c:8642) ==148401==by 0x4050CC: show_line (objdump.c:1486) ==148401==by 0x405B52: disassemble_bytes (objdump.c:1791) ==148401==by 0x407248: disassemble_section (objdump.c:2304) ==148401==by 0x469C57: bfd_map_over_sections (section.c:1395) ==148401==by 0x40779C: disassemble_data (objdump.c:2438) ==148401==by 0x409EA8: dump_bfd (objdump.c:3532) ==148401==by 0x40A02E: display_object_bfd (objdump.c:3589) ==148401==by 0x40A270: display_any_bfd (objdump.c:3678) ==148401==by 0x40A2E4: display_file (objdump.c:3699) ==148401==by 0x40ABB7: main (objdump.c:4001) -- You are receiving this mail because: You are on the CC list for the bug. __
[Bug binutils/21410] New: global-buffer-overflow in objcopy
https://sourceware.org/bugzilla/show_bug.cgi?id=21410 Bug ID: 21410 Summary: global-buffer-overflow in objcopy Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10007 --> https://sourceware.org/bugzilla/attachment.cgi?id=10007&action=edit Bug triggering input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_8 objcopy --compress-debug-sections bug_8 ASAN says: ==148402==ERROR: AddressSanitizer: global-buffer-overflow on address 0x01a69aa5 at pc 0x0044f150 bp 0x7ffec8592db0 sp 0x7ffec8592570 READ of size 1 at 0x01a69aa5 thread T0 #0 0x44f14f in __interceptor_strcmp (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objcopy+0x44f14f) #1 0xb11a0a in _bfd_elf_get_reloc_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3568:10 #2 0xb3e092 in assign_section_numbers /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3844:8 #3 0xb15eb0 in _bfd_elf_compute_section_file_positions /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:4184:8 #4 0xbad0f6 in _bfd_elf_set_section_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:8748:12 #5 0x86b5db in bfd_set_section_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1533:7 #6 0x5267e5 in copy_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:3887:12 #7 0x869135 in bfd_map_over_sections /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1395:5 #8 0x502117 in copy_object /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:2858:3 #9 0x4ebe2c in copy_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c::13 #10 0x4d6716 in copy_main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5266:3 #11 0x4cac8a in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5367:5 #12 0x7fa14cf70f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #13 0x4ca31c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objcopy+0x4ca31c) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21412] New: global-buffer-overflow in objcopy
https://sourceware.org/bugzilla/show_bug.cgi?id=21412 Bug ID: 21412 Summary: global-buffer-overflow in objcopy Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10008 --> https://sourceware.org/bugzilla/attachment.cgi?id=10008&action=edit Bug triggering input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_1 objcopy --compress-debug-sections bug_1 ASAN says: ==149346==ERROR: AddressSanitizer: global-buffer-overflow on address 0x01a69aa4 at pc 0x0044f150 bp 0x7ffe5c0b4d90 sp 0x7ffe5c0b4550 READ of size 1 at 0x01a69aa4 thread T0 #0 0x44f14f in __interceptor_strcmp (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objcopy+0x44f14f) #1 0xb11a0a in _bfd_elf_get_reloc_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3568:10 #2 0xb3e092 in assign_section_numbers /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3844:8 #3 0xb15eb0 in _bfd_elf_compute_section_file_positions /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:4184:8 #4 0xb7af5f in _bfd_elf_write_object_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:6289:12 #5 0x846b86 in bfd_close /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/opncls.c:733:13 #6 0x4ebecf in copy_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:3340:51 #7 0x4d6716 in copy_main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5266:3 #8 0x4cac8a in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5367:5 #9 0x7f1ca55e3f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #10 0x4ca31c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objcopy+0x4ca31c) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21413] New: global-buffer-overflow in strip-new
https://sourceware.org/bugzilla/show_bug.cgi?id=21413 Bug ID: 21413 Summary: global-buffer-overflow in strip-new Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10009 --> https://sourceware.org/bugzilla/attachment.cgi?id=10009&action=edit Bug triggering input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_10 strip-new -g bug_10 ASAN says: ==149367==ERROR: AddressSanitizer: global-buffer-overflow on address 0x01a69a85 at pc 0x0044f150 bp 0x7ffcf8f2b330 sp 0x7ffcf8f2aaf0 READ of size 1 at 0x01a69a85 thread T0 #0 0x44f14f in __interceptor_strcmp (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/strip-new+0x44f14f) #1 0xb11a0a in _bfd_elf_get_reloc_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3568:10 #2 0xb3e092 in assign_section_numbers /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:3844:8 #3 0xb15eb0 in _bfd_elf_compute_section_file_positions /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:4184:8 #4 0xbad0f6 in _bfd_elf_set_section_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/elf.c:8748:12 #5 0x86b5db in bfd_set_section_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1533:7 #6 0x5267e5 in copy_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:3887:12 #7 0x869135 in bfd_map_over_sections /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1395:5 #8 0x502117 in copy_object /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:2858:3 #9 0x4f0698 in copy_archive /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:3129:11 #10 0x4eb926 in copy_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:3311:7 #11 0x4ccc09 in strip_main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:4258:7 #12 0x4cabeb in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5365:5 #13 0x7f093389ef44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #14 0x4ca31c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/strip-new+0x4ca31c) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21414] New: Segfault in objcopy
https://sourceware.org/bugzilla/show_bug.cgi?id=21414 Bug ID: 21414 Summary: Segfault in objcopy Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Attachment #10010 1 is obsolete: Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_11 objcopy -Gs bug_11 ASAN says: ../../binutils/objcopy.c:1555:52: runtime error: member access within null pointer of type 'struct bfd_symbol' ASAN:SIGSEGV = ==149416==ERROR: AddressSanitizer: SEGV on unknown address 0x0018 (pc 0x0051cdca bp 0x7ffec2588b50 sp 0x7ffec2588100 T0) #0 0x51cdc9 in filter_symbols /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:1553:16 #1 0x501ddb in copy_object /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:2840:18 #2 0x4ebe2c in copy_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c::13 #3 0x4d6716 in copy_main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5266:3 #4 0x4cac8a in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objcopy.c:5367:5 #5 0x7fbb012eff44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #6 0x4ca31c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objcopy+0x4ca31c) VALGRIND says: ==148414== Invalid read of size 4 ==148414==at 0x404481: filter_symbols (objcopy.c:1555) ==148414==by 0x4077D5: copy_object (objcopy.c:2840) ==148414==by 0x408AED: copy_file (objcopy.c:) ==148414==by 0x40C8B8: copy_main (objcopy.c:5266) ==148414==by 0x40CBE5: main (objcopy.c:5367) ==148414== Address 0x18 is not stack'd, malloc'd or (recently) free'd ==148414== ==148414== ==148414== Process terminating with default action of signal 11 (SIGSEGV) ==148414== Access not within mapped region at address 0x18 ==148414==at 0x404481: filter_symbols (objcopy.c:1555) ==148414==by 0x4077D5: copy_object (objcopy.c:2840) ==148414==by 0x408AED: copy_file (objcopy.c:) ==148414==by 0x40C8B8: copy_main (objcopy.c:5266) ==148414==by 0x40CBE5: main (objcopy.c:5367) --- Comment #1 from Manh-Dung Nguyen --- Created attachment 10011 --> https://sourceware.org/bugzilla/attachment.cgi?id=10011&action=edit Crashing input -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21415] New: global-buffer-overflow in objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=21415 Bug ID: 21415 Summary: global-buffer-overflow in objdump Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10012 --> https://sourceware.org/bugzilla/attachment.cgi?id=10012&action=edit Bug triggering input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_13 objdump -S bug_13 ASAN says: ==148418==ERROR: AddressSanitizer: global-buffer-overflow on address 0x020f7518 at pc 0x008c32d8 bp 0x7ffe53508eb0 sp 0x7ffe53508ea8 READ of size 8 at 0x020f7518 thread T0 #0 0x8c32d7 in OP_G /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/opcodes/../../opcodes/i386-dis.c:15562:7 #1 0x88bbf0 in print_insn /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/opcodes/../../opcodes/i386-dis.c:13326:3 #2 0x891ff8 in print_insn_i386 /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/opcodes/../../opcodes/i386-dis.c:12562:10 #3 0x509983 in disassemble_bytes /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:1864:17 #4 0x4f6b0a in disassemble_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2304:7 #5 0x9e4315 in bfd_map_over_sections /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/bfd/../../bfd/section.c:1395:5 #6 0x4e4f50 in disassemble_data /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:2438:3 #7 0x4d76be in dump_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3532:5 #8 0x4d5fe8 in display_object_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3589:7 #9 0x4d5dcc in display_any_bfd /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3678:5 #10 0x4d45f3 in display_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:3699:3 #11 0x4d26d3 in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/objdump.c:4001:6 #12 0x7ffb11701f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #13 0x4cb13c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/objdump+0x4cb13c) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21416] New: readelf segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21416 Bug ID: 21416 Summary: readelf segfault - null pointer dereferencing Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Created attachment 10013 --> https://sourceware.org/bugzilla/attachment.cgi?id=10013&action=edit Crashing input Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: Download the attached file - bug_14 readelf -wL bug_14 ASAN says: ==148446==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x00762d96 bp 0x7ffc66657190 sp 0x7ffc66655580 T0) #0 0x762d95 in display_debug_lines_decoded /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/dwarf.c:3813:8 #1 0x6c20a1 in display_debug_lines /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/dwarf.c:4195:21 #2 0x5ae843 in display_debug_section /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/readelf.c:13299:16 #3 0x51ede8 in process_section_contents /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/readelf.c:13385:10 #4 0x4c99cb in process_object /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/readelf.c:17682:9 #5 0x4c46f0 in process_file /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/readelf.c:18074:13 #6 0x4c258a in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/readelf.c:18146:11 #7 0x7f5ab05c4f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #8 0x4bae9c in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/readelf+0x4bae9c) VALGRIND says: ==148448== Invalid read of size 8 ==148448==at 0x44686A: display_debug_lines_decoded (dwarf.c:3813) ==148448==by 0x4479CF: display_debug_lines (dwarf.c:4195) ==148448==by 0x42D4D3: display_debug_section (readelf.c:13299) ==148448==by 0x42D7BF: process_section_contents (readelf.c:13385) ==148448==by 0x437F14: process_object (readelf.c:17682) ==148448==by 0x438E37: process_file (readelf.c:18074) ==148448==by 0x438FDF: main (readelf.c:18146) ==148448== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==148448== ==148448== ==148448== Process terminating with default action of signal 11 (SIGSEGV) ==148448== Access not within mapped region at address 0x0 ==148448==at 0x44686A: display_debug_lines_decoded (dwarf.c:3813) ==148448==by 0x4479CF: display_debug_lines (dwarf.c:4195) ==148448==by 0x42D4D3: display_debug_section (readelf.c:13299) ==148448==by 0x42D7BF: process_section_contents (readelf.c:13385) ==148448==by 0x437F14: process_object (readelf.c:17682) ==148448==by 0x438E37: process_file (readelf.c:18074) ==148448==by 0x438FDF: main (readelf.c:18146) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21409] objdump segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21409 --- Comment #1 from Manh-Dung Nguyen --- Created attachment 10014 --> https://sourceware.org/bugzilla/attachment.cgi?id=10014&action=edit Another crashing input -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21417] New: heap buffer overflow in ar
https://sourceware.org/bugzilla/show_bug.cgi?id=21417 Bug ID: 21417 Summary: heap buffer overflow in ar Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: ar d ASAN says: ==148384==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030ef98 at pc 0x004e7efc bp 0x7ffe38a5e8f0 sp 0x7ffe38a5e8e8 READ of size 8 at 0x6030ef98 thread T0 #0 0x4e7efb in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/ar.c:792:12 #1 0x7f0f4a636f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #2 0x4c9fbc in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/ar+0x4c9fbc) VALGRIND says: ==148386== Invalid read of size 8 ==148386==at 0x405F88: main (ar.c:792) ==148386== Address 0x5401838 is 0 bytes after a block of size 24 alloc'd ==148386==at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==148386==by 0x50F27E: xmalloc (xmalloc.c:147) ==148386==by 0x4056FA: decode_options (ar.c:451) ==148386==by 0x405D73: main (ar.c:731) ==148386== ==148386== Syscall param stat(file_name) points to unaddressable byte(s) ==148386==at 0x5126045: _xstat (xstat.c:35) ==148386==by 0x40619D: open_inarch (ar.c:872) ==148386==by 0x405FD5: main (ar.c:797) ==148386== Address 0x0 is not stack'd, malloc'd or (recently) free'd -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21418] New: ar segfault - null pointer dereferencing
https://sourceware.org/bugzilla/show_bug.cgi?id=21418 Bug ID: 21418 Summary: ar segfault - null pointer dereferencing Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dungnguy at comp dot nus.edu.sg Target Milestone: --- Dear All, This bug was found with AFLGo, a directed version of AFL/AFLFast. Thanks also to Marcel Böhme and Van-Thuan Pham. This bug was found on Ubuntu 14.04 64-bit & binutils was checked out from main repository at git://sourceware.org/git/binutils-gdb.git. Its commit is a6c21d4a553de184562fd8409a5bcd3f2cc2561a (Wed Apr 19 13:16:05 2017). binutils was built with ASAN using gcc-6.2 and clang-3.4. The configure command was: CC=clang CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all -fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim To reproduce: ar -dN ASAN says: ==148387==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x7f956a8b6467 bp 0x sp 0x7ffc9ba1d910 T0) #0 0x7f956a8b6466 in __GI_strtol_l_internal /build/eglibc-oGUzwX/eglibc-2.19/stdlib/../stdlib/strtol_l.c:289 #1 0x4985f7 in __interceptor_atoi (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/ar+0x4985f7) #2 0x4e7a23 in main /home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/../../binutils/ar.c:785:27 #3 0x7f956a89af44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 #4 0x4c9fbc in _start (/home/ubuntu/binutils-analysis/binutils-gdb/obj-asan/binutils/ar+0x4c9fbc) VALGRIND says: ==148392== Invalid read of size 1 ==148392==at 0x5078467: strtol_l_internal (strtol_l.c:298) ==148392==by 0x5074EAF: atoi (atoi.c:27) ==148392==by 0x405F20: main (ar.c:785) ==148392== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==148392== ==148392== ==148392== Process terminating with default action of signal 11 (SIGSEGV) ==148392== Access not within mapped region at address 0x0 ==148392==at 0x5078467: strtol_l_internal (strtol_l.c:298) ==148392==by 0x5074EAF: atoi (atoi.c:27) ==148392==by 0x405F20: main (ar.c:785) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
