[Bug binutils/23674] New: Another stack overflow problem in c++filt
https://sourceware.org/bugzilla/show_bug.cgi?id=23674 Bug ID: 23674 Summary: Another stack overflow problem in c++filt Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wcventure at 126 dot com Target Milestone: --- Created attachment 11251 --> https://sourceware.org/bugzilla/attachment.cgi?id=11251&action=edit c++filt < POC1 We have found some stack overflow in c++filt of the latest binutils code base. Here are the POC files with different kinds of stack overflow. Please use the “c++filt < POC ” to reproduce the bug. Please check it and debug it. Thank you very much. ASAN output: (1)binutils-2.31/build/bin$ ./c++filt < POC1 ASAN:DEADLYSIGNAL = ==7555==ERROR: AddressSanitizer: stack-overflow on address 0x7fffefbe1f48 (pc 0x009566e8 bp 0x7fffefbe2140 sp 0x7fffefbe1f48 T0) #0 0x9566e7 (/mnt/d/Project/binutils-2.31/build/bin/c++filt+0x9566e7) #1 0xcccf00 (/mnt/d/Project/binutils-2.31/build/bin/c++filt+0xcccf00) SUMMARY: AddressSanitizer: stack-overflow (/mnt/d/Project/binutils-2.31/build/bin/c++filt+0x9566e7) ==7555==ABORTING Aborted (core dumped) (2)binutils-2.31/build/bin$ ./c++filt < POC2 ASAN:DEADLYSIGNAL = ==14325==ERROR: AddressSanitizer: stack-overflow on address 0x7fffdbe5dff8 (pc 0x7f9d75b4364f bp 0x0018 sp 0x7fffdbe5dfe0 T0) #0 0x7f9d75b4364e (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x10364e) #1 0x7f9d75b43137 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x103137) #2 0x7f9d75a682b1 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x282b1) #3 0x7f9d75b1eb5a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb5a) #4 0x9cad7c in xmalloc xmalloc.c:147 #5 0x8f22e0 in do_arg cplus-dem.c:4330 #6 0x8f2d70 in demangle_args cplus-dem.c:4659 #7 0x8d9039 in demangle_nested_args cplus-dem.c:4713 #8 0x8d9039 in do_type cplus-dem.c:3719 #9 0x8f1d39 in do_arg cplus-dem.c:4332 #10 0x8f2d70 in demangle_args cplus-dem.c:4659 #11 0x8d9039 in demangle_nested_args cplus-dem.c:4713 #12 0x8d9039 in do_type cplus-dem.c:3719 #13 0x8f1d39 in do_arg cplus-dem.c:4332 #14 0x8f2d70 in demangle_args cplus-dem.c:4659 #15 0x8d9039 in demangle_nested_args cplus-dem.c:4713 #16 0x8d9039 in do_type cplus-dem.c:3719 #17 0x8f1d39 in do_arg cplus-dem.c:4332 #18 0x8f2d70 in demangle_args cplus-dem.c:4659 #19 0x8d9039 in demangle_nested_args cplus-dem.c:4713 #20 0x8d9039 in do_type cplus-dem.c:3719 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23674] Please help me to delete this issue. I have rebuilt anoter issue.
https://sourceware.org/bugzilla/show_bug.cgi?id=23674 wcventure changed: What|Removed |Added Summary|Another stack overflow |Please help me to delete |problem in c++filt |this issue. I have rebuilt ||anoter issue. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23677] New: The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 ( c++filt -t )
https://sourceware.org/bugzilla/show_bug.cgi?id=23677 Bug ID: 23677 Summary: The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 ( c++filt -t ) Product: binutils Version: 2.31 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wcventure at 126 dot com Target Milestone: --- Created attachment 11252 --> https://sourceware.org/bugzilla/attachment.cgi?id=11252&action=edit POC-c++filt-t Hi, We have found a stack overflow in function cplus_demangle_type in cp-demangle.c:2565 in c++filt of the latest binutils code base. Here is the POC file. Please use the “c++filt -t < $POC ” to reproduce the bug. Thank you very much. Command:“c++filt -t < $POC ” (Please remember to use the option -t) AddressSanitizer:DEADLYSIGNAL = ==21814==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcafaefbc0 (pc 0x008d3eb1 bp 0x7ffcafaf02d0 sp 0x7ffcafaefbc0 T0) #0 0x8d3eb0 in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2367 #1 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #2 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #3 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #4 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #5 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #6 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #7 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #8 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #9 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 ... #246 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #247 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #248 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 #249 0x8d523c in cplus_demangle_type .../binutils-2.31/libiberty/./cp-demangle.c:2565:5 SUMMARY: AddressSanitizer: stack-overflow .../binutils-2.31/libiberty/./cp-demangle.c:2367 in cplus_demangle_type ==21814==ABORTING Aborted -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23677] The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 ( c++filt -t )
https://sourceware.org/bugzilla/show_bug.cgi?id=23677 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #1 from Nick Clifton --- Hi wcventure, Thank you for reporting this bug. The libiberty library, which includes the cplus_demangle_type function is actually part of the gcc project, rather than the binutils project. (The binutils use the library, but we do not maintain it). Therefore, please could you refile this bug report here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc Thank you. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23674] Please help me to delete this issue. I have rebuilt anoter issue.
https://sourceware.org/bugzilla/show_bug.cgi?id=23674 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #1 from Nick Clifton --- Hi wcventure, Thank you for reporting this bug. Unfortunately you have reported it to the wrong project. The demangler is part of the libiberty library which is maintained by the gcc project, not the binutils project. So please could you refile this bug report here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc Thanks. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23466] Issues with Windows reproducible builds starting with commit 13e570f80cbfb299a8858ce6830e91a6cb40ab7b
https://sourceware.org/bugzilla/show_bug.cgi?id=23466 --- Comment #2 from Nicolas Vigier --- (In reply to Alan Modra from comment #1) > The commit message for 13e570f80cb says "See the comment which I'm removing > from elf_link_add_archive_symbols." That's this comment: > > /* Add symbols from an ELF archive file to the linker hash table. We > - don't use _bfd_generic_link_add_archive_symbols because of a > - problem which arises on UnixWare. The UnixWare libc.so is an > - archive which includes an entry libc.so.1 which defines a bunch of > - symbols. The libc.so archive also includes a number of other > - object files, which also define symbols, some of which are the same > - as those defined in libc.so.1. Correct linking requires that we > - consider each object file in turn, and include it if it defines any > - symbols we need. _bfd_generic_link_add_archive_symbols does not do > - this; it looks through the list of undefined symbols, and includes > - any object file which defines them. When this algorithm is used on > - UnixWare, it winds up pulling in libc.so.1 early and defining a > - bunch of symbols. This means that some of the other objects in the > - archive are not included in the link, which is incorrect since they > - precede libc.so.1 in the archive. > + don't use _bfd_generic_link_add_archive_symbols because we need to > + handle versioned symbols. > > So... Commit 13e570f80cb may change the order in which files are extracted > from archives, which in turn can change the set of files extracted from > archives. Is that the case for your build? Link with -Wl,-t to see. Thanks. I will try a build using -Wl,-t to see if I can get more details about the issue. > > Also, you say "When running objdump -x on 2 builds of the same dll file". > Were the two builds comparing builds using different versions of the linker? > If so, it is quite possible that the output will differ. I meant two builds done using the same linker version (the same binutils commit), as it is expected that different binutils versions could produce different outputs. When we are doing two Tor Browser builds using a binutils commit before 13e570f80cbfb2, we get the same output in both builds. When we do two Tor Browser builds using 13e570f80cbfb2 or a later binutils commit, we get a different output in the two builds (although we used the same binutils commit in both builds). -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23645] Backport as .st_ino/.st_dev check to check input and output are different
https://sourceware.org/bugzilla/show_bug.cgi?id=23645 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #1 from Nick Clifton --- Applied. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23633] objcopy Segmentation fault
https://sourceware.org/bugzilla/show_bug.cgi?id=23633 --- Comment #7 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d839b9149957d9a8842c368caf97ef378d8c97af commit d839b9149957d9a8842c368caf97ef378d8c97af Author: H.J. Lu Date: Mon Sep 17 08:50:42 2018 -0700 Free symbol buffers if they are no longer in use add_specific_symbols allocates a buffer to hold symbols. It should be freed only if it is no longer in use. PR binutils/23633 * objcopy.c (strip_specific_buffer): New. (strip_unneeded_buffer): Likewise. (keep_specific_buffer): Likewise. (localize_specific_buffer): Likewise. (globalize_specific_buffer): Likewise. (keepglobal_specific_buffer): Likewise. (weaken_specific_buffer): Likewise. (add_specific_symbols): Add an argument to return pointer to allocated buffer. (copy_main): Update add_specific_symbols to update pointers to allocated buffer. Free pointers to allocated buffer before return. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
Re: c++filt stack overflow bug
Hi Peng, > Peng Li at Baidu X-Lab found a stack overflow bug in c++filt of the latest > binutils code base, I have confirmed it with address sanitizer. Please use > the “c++filt < stack_overflow_input ” to reproduce the bug. If you have any > questions, please let me know. Thank you for telling us about this bug. I did try to reproduce the bug using the latest version of the binutils development sources, but the problem did not occur. Possibly you are using an older set of sources, or you are running the test on a machine with a limited amount of stack space. Either way, please could you check the problem, and if it still exists, report it here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc This is actually the gcc bug reporting system, since the C++ demangling feature of the xc__filt program is actually supplied by the libiberty library, which is maintained as part of gcc rather than binutils. Cheers Nick ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23659] A stack overflow problem for c++filt
https://sourceware.org/bugzilla/show_bug.cgi?id=23659 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #1 from Nick Clifton --- Please report this bug on the gcc bugzilla system here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc The bug is in the name demangling functions supplied by the libiberty library, which is [art of gcc, not the binutils. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23670] Invalid -mevexlig=256 encoding
https://sourceware.org/bugzilla/show_bug.cgi?id=23670 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04e2a1829ea137ac23ac96e98fd60f9d720dcdcb commit 04e2a1829ea137ac23ac96e98fd60f9d720dcdcb Author: H.J. Lu Date: Mon Sep 17 09:33:20 2018 -0700 x86: Set EVex=2 on EVEX.128 only vmovd and vmovq EVEX "VMOVD xmm1, r32/m32", "VMOVD r32/m32, xmm2", "VMOVQ xmm1, r64/m64", "VMOVD r64/m64, xmm2", "VMOVQ xmm1, xmm2/m64" and "VMOVQ xmm1/m64, xmm2" can only be encoded with EVEX.128. Set EVex=2 on EVEX.128 only vmovd and vmovq. gas/ PR gas/23670 * testsuite/gas/i386/evex-lig-2.d: New file. * testsuite/gas/i386/evex-lig-2.s: Likewise. * testsuite/gas/i386/x86-64-evex-lig-2.d: Likewise. * testsuite/gas/i386/x86-64-evex-lig-2.s: Likewise. * testsuite/gas/i386/i386.exp: Run evex-lig-2 and x86-64-evex-lig-2. opcodes/ PR gas/23670 * i386-dis-evex.h (evex_table): Use EVEX_LEN_0F6E_P_2, EVEX_LEN_0F7E_P_1, EVEX_LEN_0F7E_P_2 and EVEX_LEN_0FD6_P_2. (EVEX_LEN_0F6E_P_2): New EVEX_LEN_TABLE entry. (EVEX_LEN_0F7E_P_1): Likewise. (EVEX_LEN_0F7E_P_2): Likewise. (EVEX_LEN_0FD6_P_2): Likewise. * i386-dis.c (USE_EVEX_LEN_TABLE): New. (EVEX_LEN_TABLE): Likewise. (EVEX_LEN_0F6E_P_2): New enum. (EVEX_LEN_0F7E_P_1): Likewise. (EVEX_LEN_0F7E_P_2): Likewise. (EVEX_LEN_0FD6_P_2): Likewise. (evex_len_table): New. (get_valid_dis386): Handle USE_EVEX_LEN_TABLE. * i386-opc.tbl: Set EVex=2 on EVEX.128 only vmovd and vmovq. * i386-tbl.h: Regenerated. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23674] stack overflow in c++filt
https://sourceware.org/bugzilla/show_bug.cgi?id=23674 wcventure changed: What|Removed |Added Summary|Please help me to delete|stack overflow in c++filt |this issue. I have rebuilt | |anoter issue. | -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23665] Invalid -mavxscalar=256 encoding
https://sourceware.org/bugzilla/show_bug.cgi?id=23665 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d5f787c2bc90793c1d781b7291758e77067daad5 commit d5f787c2bc90793c1d781b7291758e77067daad5 Author: H.J. Lu Date: Mon Sep 17 09:31:07 2018 -0700 x86: Set Vex=1 on VEX.128 only vmovd and vmovq AVX "VMOVD xmm1, r32/m32", "VMOVD r32/m32, xmm2", "VMOVQ xmm1, r64/m64" and "VMOVD r64/m64, xmm2" can only be encoded with VEX.128. Set Vex=1 on VEX.128 only vmovd and vmovq. gas/ PR gas/23665 * testsuite/gas/i386/avx-scalar.s: Remove vmovq and vmovd tests. * testsuite/gas/i386/x86-64-avx-scalar.s: Likewise. * testsuite/gas/i386/avx-scalar-intel.d: Updated. * testsuite/gas/i386/avx-scalar.d: Likewise. * testsuite/gas/i386/x86-64-avx-scalar-intel.d: Likewise. * testsuite/gas/i386/x86-64-avx-scalar.d: Likewise. * testsuite/gas/i386/i386.exp: Run avx-scalar2 and x86-64-avx-scalar2. * testsuite/gas/i386/avx-scalar-2.d: New file. * testsuite/gas/i386/avx-scalar-2.s: Likewise. * testsuite/gas/i386/x86-64-avx-scalar-2.d: Likewise. * testsuite/gas/i386/x86-64-avx-scalar-2.s: Likewise. opcodes/ PR gas/23665 * i386-dis.c (vex_len_table): Update VEX_LEN_0F6E_P_2 and VEX_LEN_0F7E_P_2 entries. * i386-opc.tbl: Set Vex=1 on VEX.128 only vmovd and vmovq. * i386-tbl.h: Regenerated. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23670] Invalid -mevexlig=256 encoding
https://sourceware.org/bugzilla/show_bug.cgi?id=23670 H.J. Lu changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.32 --- Comment #2 from H.J. Lu --- Fixed for 2.32. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23677] The stack overflow in function cplus_demangle_type in cp-demangle.c:2565 ( c++filt -t )
https://sourceware.org/bugzilla/show_bug.cgi?id=23677 --- Comment #2 from wcventure --- (In reply to Nick Clifton from comment #1) > Hi wcventure, > > Thank you for reporting this bug. > > The libiberty library, which includes the cplus_demangle_type function > is actually part of the gcc project, rather than the binutils project. > (The binutils use the library, but we do not maintain it). Therefore, > please could you refile this bug report here: > > https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc > > Thank you. > > Cheers > Nick Thank you very much, I have reported this bug to gcc project. The link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
