[Bug binutils/22191] New: memory leak in dwarf2.c in gnu binutils 2.29
https://sourceware.org/bugzilla/show_bug.cgi?id=22191 Bug ID: 22191 Summary: memory leak in dwarf2.c in gnu binutils 2.29 Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: luanjunchao at 163 dot com Target Milestone: --- Created attachment 10463 --> https://sourceware.org/bugzilla/attachment.cgi?id=10463&action=edit memory leak poc The output of running "objdump --x -SD -Wl -R leak.elf" is as follows: ==78968==ERROR: LeakSanitizer: detected memory leaks Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193 #2 0x5e6dd7 in add_line_info dwarf2.c:1528 #3 0x5eaf10 in decode_line_info dwarf2.c:2383 #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562 #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622 #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653 #7 0x409469 in show_line objdump.c:1486 #8 0x40aaf6 in disassemble_bytes objdump.c:1791 #9 0x40e0c3 in disassemble_section objdump.c:2313 #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395 #11 0x40eb05 in disassemble_data objdump.c:2449 #12 0x4141c9 in dump_bfd objdump.c:3546 #13 0x414498 in display_object_bfd objdump.c:3603 #14 0x414894 in display_any_bfd objdump.c:3692 #15 0x414909 in display_file objdump.c:3713 #16 0x415918 in main objdump.c:4015 #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) Indirect leak of 240 byte(s) in 6 object(s) allocated from: #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193 #2 0x5e6dd7 in add_line_info dwarf2.c:1528 #3 0x5eaf10 in decode_line_info dwarf2.c:2383 #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562 #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622 #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653 #7 0x409469 in show_line objdump.c:1486 #8 0x40aaf6 in disassemble_bytes objdump.c:1791 #9 0x40e0c3 in disassemble_section objdump.c:2313 #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395 #11 0x40eb05 in disassemble_data objdump.c:2449 #12 0x4141c9 in dump_bfd objdump.c:3546 #13 0x414498 in display_object_bfd objdump.c:3603 #14 0x414894 in display_any_bfd objdump.c:3692 #15 0x414909 in display_file objdump.c:3713 #16 0x415918 in main objdump.c:4015 #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) Indirect leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f484f64f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x4cfdfb in bfd_malloc /work/binutils-gdb-asan/bfd/libbfd.c:193 #2 0x5e6dd7 in add_line_info dwarf2.c:1528 #3 0x5ea651 in decode_line_info dwarf2.c:2296 #4 0x5f05b8 in comp_unit_find_nearest_line dwarf2.c:3562 #5 0x5f5351 in _bfd_dwarf2_find_nearest_line dwarf2.c:4622 #6 0x565d9a in _bfd_elf_find_nearest_line /work/binutils-gdb-asan/bfd/elf.c:8653 #7 0x409469 in show_line objdump.c:1486 #8 0x40aaf6 in disassemble_bytes objdump.c:1791 #9 0x40e0c3 in disassemble_section objdump.c:2313 #10 0x4d8871 in bfd_map_over_sections /work/binutils-gdb-asan/bfd/section.c:1395 #11 0x40eb05 in disassemble_data objdump.c:2449 #12 0x4141c9 in dump_bfd objdump.c:3546 #13 0x414498 in display_object_bfd objdump.c:3603 #14 0x414894 in display_any_bfd objdump.c:3692 #15 0x414909 in display_file objdump.c:3713 #16 0x415918 in main objdump.c:4015 #17 0x7f484f00982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: 320 byte(s) leaked in 8 allocation(s). It seems that some memory allocted by bfd_malloc is not freed during disassemble process. The poc file is attached -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22169] heap-based buffer overflow in read_1_byte (dwarf2.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22169 --- Comment #2 from Alan Modra --- *** Bug 22171 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22171] heap-based buffer overflow in _bfd_safe_read_leb128 (libbfd.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22171 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #2 from Alan Modra --- This is the same underlying problem at pr22169 *** This bug has been marked as a duplicate of bug 22169 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22174] memory allocation failure in objalloc.c (_objalloc_alloc)
https://sourceware.org/bugzilla/show_bug.cgi?id=22174 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #2 from Alan Modra --- Same underlying problem as pr22166 *** This bug has been marked as a duplicate of bug 22166 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22166] big memory allocation failure
https://sourceware.org/bugzilla/show_bug.cgi?id=22166 --- Comment #3 from Alan Modra --- *** Bug 22174 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22192] New: float point exception in decode_line_info in binutils 2.29 dwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=22192
Bug ID: 22192
Summary: float point exception in decode_line_info in binutils
2.29 dwarf2.c
Product: binutils
Version: 2.29
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: luanjunchao at 163 dot com
Target Milestone: ---
Created attachment 10464
--> https://sourceware.org/bugzilla/attachment.cgi?id=10464&action=edit
floating point exception poc
The result of gdb debugging "objdump -x -SD -Wl -R crash_float.elf " is as
follows:
Program received signal SIGFPE, Arithmetic exception.
0x007861e5 in decode_line_info (unit=0xd6f980,
stash=stash@entry=0xd69270) at ./dwarf2.c:2440
2440address += (lh.minimum_instruction_length
(gdb) bt
#0 0x007861e5 in decode_line_info (unit=0xd6f980,
stash=stash@entry=0xd69270) at ./dwarf2.c:2440
#1 0x0079ad3c in comp_unit_find_nearest_line (unit=0xd6f980,
addr=4198724, filename_ptr=0x7fffdec8, function_ptr=0x7fffded0,
linenumber_ptr=0x7fffdeb8, discriminator_ptr=0x7fffdebc,
stash=0xd69270) at ./dwarf2.c:3562
#2 0x007a44f5 in _bfd_dwarf2_find_nearest_line
(abfd=abfd@entry=0xd601c0, symbols=symbols@entry=0xd69c40,
symbol=symbol@entry=0x0, section=section@entry=0xd655e8, offset=offset@entry=0,
filename_ptr=filename_ptr@entry=0x7fffe0b0,
functionname_ptr=0x7fffe0b8, linenumber_ptr=0x7fffe0a4,
discriminator_ptr=0x7fffe0a8, debug_sections=0xb03840
, addr_size=0, pinfo=0xd60620) at ./dwarf2.c:4622
#3 0x006c286e in _bfd_elf_find_nearest_line (abfd=0xd601c0,
symbols=0xd69c40, section=0xd655e8, offset=0, filename_ptr=0x7fffe0b0,
functionname_ptr=0x7fffe0b8, line_ptr=0x7fffe0a4,
discriminator_ptr=0x7fffe0a8) at elf.c:8653
#4 0x00422f41 in show_line (addr_offset=0, section=,
abfd=0xd601c0) at ./objdump.c:1486
#5 disassemble_bytes (inf=inf@entry=0x7fffe360, disassemble_fn=0x59c380
, insns=insns@entry=1, data=,
start_offset=start_offset@entry=0, stop_offset=stop_offset@entry=9,
rel_offset=4198724, relppp=0x7fffe278, relppend=0xd6c720)
at ./objdump.c:1791
#6 0x0042ddfe in disassemble_section (abfd=0xd601c0,
section=, inf=0x7fffe360) at ./objdump.c:2313
#7 0x005f390c in bfd_map_over_sections (abfd=abfd@entry=0xd601c0,
operation=operation@entry=0x42b580 ,
user_storage=user_storage@entry=0x7fffe360) at section.c:1395
#8 0x004165a0 in disassemble_data (abfd=abfd@entry=0xd601c0) at
./objdump.c:2449
#9 0x0041c620 in dump_bfd (abfd=abfd@entry=0xd601c0) at
./objdump.c:3546
#10 0x0041e0f0 in display_object_bfd (abfd=0xd601c0) at
./objdump.c:3603
#11 display_any_bfd (file=file@entry=0xd601c0, level=level@entry=0) at
./objdump.c:3692
#12 0x0040c75e in display_file (last_file=1, target=,
filename=0x7fffe8aa "crash_float.elf") at ./objdump.c:3713
#13 main (argc=6, argv=0x7fffe658) at ./objdump.c:4015
(gdb) list
2435 break;
2436case DW_LNS_set_basic_block:
2437 break;
2438case DW_LNS_const_add_pc:
2439 if (lh.maximum_ops_per_insn == 1)
2440address += (lh.minimum_instruction_length
2441* ((255 - lh.opcode_base) /
lh.line_range));
2442 else
2443{
2444 bfd_vma adjust = ((255 - lh.opcode_base) /
lh.line_range);
(gdb) x/i $rip
=> 0x7861e5 : idivl 0x78(%rsp)
(gdb) x/xw $rsp+0x78
0x7fffdcd8: 0x
We can see clearly that lh.line_range =0 resulting the floating point
exception.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22175] memory allocation failure in _objalloc_alloc (objalloc.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22175 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |WONTFIX --- Comment #2 from Alan Modra --- Well, you've said .plt is 7x10^16 bytes [11] .plt PROGBITS 00400420 000420 800040 10 AX 0 0 16 Unsurprisingly, you can't malloc that much. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22176] memory allocation failure in print_symbol (nm.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22176 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |WONTFIX --- Comment #2 from Alan Modra --- Another one where a ridiculous section size results in an attempt to malloc a huge amount of memory. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22192] float point exception in decode_line_info in binutils 2.29 dwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=22192 --- Comment #1 from skysider --- Oops, it's perhaps a dupicate of bug 22186. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22186] divide-by-zero in decode_line_info (dwarf2.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22186 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-09-23 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22192] float point exception in decode_line_info in binutils 2.29 dwarf2.c
https://sourceware.org/bugzilla/show_bug.cgi?id=22192 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #2 from Alan Modra --- The same problem as pr22186 *** This bug has been marked as a duplicate of bug 22186 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22186] divide-by-zero in decode_line_info (dwarf2.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22186 Alan Modra changed: What|Removed |Added CC||luanjunchao at 163 dot com --- Comment #2 from Alan Modra --- *** Bug 22192 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22187] infinite loop in find_abstract_instance_name (dwarf2.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=22187 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-09-24 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
