Issue 44796 in oss-fuzz: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols
Comment #2 on issue 44796 by amo...@gmail.com: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44796#c2 Won't fix this one. Fuzzed trie parsed by recursion in mmo_get_symbols can be arbitrarily deep, unless some limit is imposed. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 44796 in oss-fuzz: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols
Comment #3 on issue 44796 by p.ant...@catenacyber.fr: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44796#c3 If you wish, one way to fix this is to use `#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` to have some limit on recursion -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug gprofng/28965] jsynprog tests failed on CET enabled x86-64 machines
https://sourceware.org/bugzilla/show_bug.cgi?id=28965 H.J. Lu changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.39 --- Comment #2 from H.J. Lu --- Fixed. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gprofng/28965] jsynprog tests failed on CET enabled x86-64 machines
https://sourceware.org/bugzilla/show_bug.cgi?id=28965 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cac97c41c20c9866baecefbdc53976af1475f0a1 commit cac97c41c20c9866baecefbdc53976af1475f0a1 Author: H.J. Lu Date: Mon Mar 14 15:38:04 2022 -0700 gprofng: Skip jsynprog with a broken javac On CET enabled Linux/x86-64 machines, one can get $ javac simple.java Error: dl failure on line 894 Error: failed /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-6.fc35.x86_64/jre/lib/amd64/server/libjvm.so, because /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-6.fc35.x86_64/jre/lib/amd64/server/libjvm.so: rebuild shared object with SHSTK support enabled Set GPROFNG_BROKEN_JAVAC to "yes" only with a broken javac and skip the jsynprog test with a broken javac. PR gprofng/28965 * Makefile.am (GPROFNG_BROKEN_JAVAC): New. (check-DEJAGNU): Pass GPROFNG_BROKEN_JAVAC to runtest. * configure.ac (GPROFNG_BROKEN_JAVAC): New AC_SUBST. Set to yes with a broken javac. * Makefile.in: Regenerate. * configure: Likewise. * testsuite/gprofng.display/display.exp: Skip jsynprog with a broken javac. -- You are receiving this mail because: You are on the CC list for the bug.
Issue 44864 in oss-fuzz: binutils:fuzz_objdump: Heap-buffer-overflow in evax_bfd_print_dst
Updates: Labels: -restrict-view-commit Comment #3 on issue 44864 by sheriffbot: binutils:fuzz_objdump: Heap-buffer-overflow in evax_bfd_print_dst https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c3 This bug has been fixed. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug libctf/28933] buffer overflow on powerpc-linux
https://sourceware.org/bugzilla/show_bug.cgi?id=28933 --- Comment #2 from Nick Alcock --- FWIW, I cannot replicate this: not with the x86->ppc cross shown here, nor on ppc native, nor on ppc64. Nonetheless we should armour against this. I'll see what I can do... -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libctf/28933] buffer overflow on powerpc-linux
https://sourceware.org/bugzilla/show_bug.cgi?id=28933 --- Comment #3 from Alan Modra --- Created attachment 14023 --> https://sourceware.org/bugzilla/attachment.cgi?id=14023&action=edit testcase object file I built binutils on an Ubuntu 21.04 amd ryzen 9 box, configured with CFLAGS="-g -O2 -fsanitize=address,undefined" \ CXXFLAGS="-g -O2 -fsanitize=address,undefined" \ ~/src/binutils-gdb/configure --build=x86_64-linux \ --disable-nls \ --disable-gdb --disable-gdbserver --disable-gdbsupport --disable-gprofng \ --disable-libbacktrace --disable-libdecnumber --disable-readline --disable-sim \ --target=powerpc-linux I have a full cross toolchain installed, with gcc (12.0.1 20220214). You should be able to reproduce just with current binutils and the attached object file. export ASAN_OPTIONS=detect_leaks=0 ./ld-new -z norelro -L/home/alan/src/binutils-gdb/ld/testsuite/ld-ctf -shared -o tmpdir/dump tmpdir/diag-cttname-invalid.o -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libctf/28933] buffer overflow on powerpc-linux
https://sourceware.org/bugzilla/show_bug.cgi?id=28933 --- Comment #4 from Nick Alcock --- Aha! Yep, that's got it. Thank you, your object file was very helpful. Now to fix it... -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libctf/28933] buffer overflow on powerpc-linux
https://sourceware.org/bugzilla/show_bug.cgi?id=28933 --- Comment #5 from Nick Alcock --- This unchecked length is only an overrun in the uncompressed-and-corrupted foreign-endian CTF case (it's still wrong if the CTF is uncompressed but native-endian, but it's only used at serialization time, which is something you can't do to a dict you read out of a CTF section, since those are read-only). So, fairly obscure. Still not sure why it didn't happen to me: I can make it happen with a new testcase easily now. (Fixed, I think: will test my fix properly tomorrow.) -- You are receiving this mail because: You are on the CC list for the bug.
Issue 43790 in oss-fuzz: binutils:fuzz_as: Null-dereference READ in htab_find_slot
Comment #2 on issue 43790 by amo...@gmail.com: binutils:fuzz_as: Null-dereference READ in htab_find_slot https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43790#c2 This one is due to an error in the fuzzer. The NULL reference is to macro_hash. macro_init needs to be called. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug gas/28977] New: tc-i386.c internal error in parse_register
https://sourceware.org/bugzilla/show_bug.cgi?id=28977 Bug ID: 28977 Summary: tc-i386.c internal error in parse_register Product: binutils Version: 2.39 (HEAD) Status: NEW Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: amodra at gmail dot com Target Milestone: --- Found by oss-fuzz. cat > mad.s <<\EOF s=%rdx % %rcx x=s x=s EOF gas/as-new mad.s mad.s: Assembler messages: mad.s:3: Internal error in parse_register at /home/alan/src/binutils-gdb/gas/config/tc-i386.c:12955. Please report this bug. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28977] tc-i386.c internal error in parse_register
https://sourceware.org/bugzilla/show_bug.cgi?id=28977 Alan Modra changed: What|Removed |Added Target||x86_64-linux -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28977] tc-i386.c internal error in parse_register
https://sourceware.org/bugzilla/show_bug.cgi?id=28977 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5fac3f02edacfca458f7ee33a87e26e0e332 commit 5fac3f02edacfca458f7ee33a87e26e0e332 Author: Alan Modra Date: Fri Mar 18 16:33:51 2022 +1030 PR28977 tc-i386.c internal error in parse_register PR 28977 * config/tc-i386.c (parse_register): Handle X_op not O_register as for a non-reg_section symbol. Simplify array bounds check. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28977] tc-i386.c internal error in parse_register
https://sourceware.org/bugzilla/show_bug.cgi?id=28977 Alan Modra changed: What|Removed |Added Resolution|--- |FIXED Target Milestone|--- |2.39 Status|NEW |RESOLVED Assignee|unassigned at sourceware dot org |amodra at gmail dot com --- Comment #2 from Alan Modra --- Fixed for 2.39 -- You are receiving this mail because: You are on the CC list for the bug.
