[Bug binutils/29846] NULL pointer segmentation fault when accessing field `the_bfd` in function `compare_symbols`
https://sourceware.org/bugzilla/show_bug.cgi?id=29846 Alan Modra changed: What|Removed |Added Last reconfirmed||2022-12-04 Severity|minor |normal Ever confirmed|0 |1 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Status|UNCONFIRMED |ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/20337] Objdump incorrectly disassembles zero-length functions
https://sourceware.org/bugzilla/show_bug.cgi?id=20337 --- Comment #5 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 commit 3d3af4ba39e892b1c544d667ca241846bc3df386 Author: Alan Modra Date: Sun Dec 4 22:15:40 2022 +1030 PR29846, segmentation fault in objdump.c compare_symbols Fixes a fuzzed object file problem where plt relocs were manipulated in such a way that two synthetic symbols were generated at the same plt location. Won't occur in real object files. PR 29846 PR 20337 * objdump.c (compare_symbols): Test symbol flags to exclude section and synthetic symbols before attempting to check flavour. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29846] NULL pointer segmentation fault when accessing field `the_bfd` in function `compare_symbols`
https://sourceware.org/bugzilla/show_bug.cgi?id=29846 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 commit 3d3af4ba39e892b1c544d667ca241846bc3df386 Author: Alan Modra Date: Sun Dec 4 22:15:40 2022 +1030 PR29846, segmentation fault in objdump.c compare_symbols Fixes a fuzzed object file problem where plt relocs were manipulated in such a way that two synthetic symbols were generated at the same plt location. Won't occur in real object files. PR 29846 PR 20337 * objdump.c (compare_symbols): Test symbol flags to exclude section and synthetic symbols before attempting to check flavour. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29846] NULL pointer segmentation fault when accessing field `the_bfd` in function `compare_symbols`
https://sourceware.org/bugzilla/show_bug.cgi?id=29846 Alan Modra changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #2 from Alan Modra --- Fixed, thanks for the helpful analysis. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29847] New: objdump: add --show-all-symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=29847 Bug ID: 29847 Summary: objdump: add --show-all-symbols Product: binutils Version: 2.40 (HEAD) Status: NEW Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: i at maskray dot me Target Milestone: --- llvm-objdump 16 will have a new option --show-all-symbols (https://reviews.llvm.org/D131589) which prints all symbols during disassembly. This is useful to know all symbols defined at a location. https://github.com/llvm/llvm-project/blob/main/llvm/test/tools/llvm-objdump/multiple-symbols.s and https://github.com/llvm/llvm-project/blob/main/llvm/test/tools/llvm-objdump/multiple-symbols-mangling.s demonstrate the behavior. Here is some dump for your convenience. You can reproduce by yourself if you have installed llvm-mc and yaml2obj and have cloned llvm-project. cd llvm-project/llvm/test/tools/llvm-objdump llvm-mc -triple armv8a-unknown-linux -filetype=obj multiple-symbols.s -o a.o % fllvm-objdump --triple armv8a -d a.o a.o:file format elf32-littlearm Disassembly of section .text: : 0: e0800080 add r0, r0, r0, lsl #1 4: e12fff1e bx lr 0008 : 8: eb00 0080 add.w r0, r0, r0, lsl #2 c: 4770 bx lr % fllvm-objdump --triple armv8a --show-all-symbols -d a.o a.o:file format elf32-littlearm Disassembly of section .text: <$a.0>: : : 0: e0800080 add r0, r0, r0, lsl #1 4: e12fff1e bx lr 0008 <$t.1>: 0008 : 0008 : 8: eb00 0080 add.w r0, r0, r0, lsl #2 c: 4770 bx lr % fllvm-objdump --triple armv8a --disassemble-symbols= -d a.o a.o:file format elf32-littlearm Disassembly of section .text: : 0: e0800080 add r0, r0, r0, lsl #1 4: e12fff1e bx lr (llvm-objdump doesn't have --disassemble[=symbol]. It uses --disassemble-symbols=) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29848] New: Out-of-bound read in function `parse_module`
https://sourceware.org/bugzilla/show_bug.cgi?id=29848 Bug ID: 29848 Summary: Out-of-bound read in function `parse_module` Product: binutils Version: 2.40 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: r3tr0spect2019 at gmail dot com Target Milestone: --- Created attachment 14479 --> https://sourceware.org/bugzilla/attachment.cgi?id=14479&action=edit PoC # Reproduce cd binutils-gdb git reset --hard aaa8dbc1b31233f66131476e03ab8635805e515d mkdir build && cd build ../configure --disable-gdb --disable-gdbserver --disable-gdbsupport --disable-libdecnumber --disable-readline --disable-sim --disable-libbacktrace --disable-gas --disable-ld --disable-werror --enable-targets=all CPPFLAGS=-DDEBUG CFLAGS="-g -O0 -fsanitize=address" make all-binutils MAKEINFO=true && true echo "" | binutils/addr2line -e ../parse_module_oob.bin # Output = ==72973==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000d3 at pc 0x5650a12e7550 bp 0x7ffcaa77e260 sp 0x7ffcaa77e250 READ of size 1 at 0x602000d3 thread T0 #0 0x5650a12e754f in bfd_getl16 ../../bfd/libbfd.c:633 #1 0x5650a18a6f11 in parse_module ../../bfd/vms-alpha.c:4373 #2 0x5650a18a8fb7 in module_find_nearest_line ../../bfd/vms-alpha.c:4902 #3 0x5650a18a991b in _bfd_vms_find_nearest_line ../../bfd/vms-alpha.c:4982 #4 0x5650a12ceb1e in find_address_in_section ../../binutils/addr2line.c:197 #5 0x5650a12f09fc in bfd_map_over_sections ../../bfd/section.c:1374 #6 0x5650a12cf8eb in translate_addresses ../../binutils/addr2line.c:337 #7 0x5650a12cffbc in process_file ../../binutils/addr2line.c:470 #8 0x5650a12d05b1 in main ../../binutils/addr2line.c:579 #9 0x7f9adfaf7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #10 0x7f9adfaf7e3f in __libc_start_main_impl ../csu/libc-start.c:392 #11 0x5650a12ce244 in _start (/binutils-gdb/build/binutils/addr2line+0x343244) 0x602000d3 is located 1 bytes to the right of 2-byte region [0x602000d0,0x602000d2) allocated by thread T0 here: #0 0x7f9adfdaa867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x5650a12e71d7 in bfd_malloc ../../bfd/libbfd.c:289 #2 0x5650a1892148 in _bfd_malloc_and_read ../../bfd/libbfd.h:970 #3 0x5650a18a8f81 in module_find_nearest_line ../../bfd/vms-alpha.c:4896 #4 0x5650a18a991b in _bfd_vms_find_nearest_line ../../bfd/vms-alpha.c:4982 #5 0x5650a12ceb1e in find_address_in_section ../../binutils/addr2line.c:197 #6 0x5650a12f09fc in bfd_map_over_sections ../../bfd/section.c:1374 #7 0x5650a12cf8eb in translate_addresses ../../binutils/addr2line.c:337 #8 0x5650a12cffbc in process_file ../../binutils/addr2line.c:470 #9 0x5650a12d05b1 in main ../../binutils/addr2line.c:579 #10 0x7f9adfaf7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: heap-buffer-overflow ../../bfd/libbfd.c:633 in bfd_getl16 Shadow bytes around the buggy address: 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff8000: fa fa fd fa fa fa 00 04 fa fa 00 04 fa fa 00 04 =>0x0c047fff8010: fa fa 00 01 fa fa fd fd fa fa[02]fa fa fa fa fa 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==72973==ABORTING Aborted (core dumped) # Analysis Function call `bfd_getl16 (ptr + 2)` can access byte `ptr[3]`, but the check `ptr < maxptr` only ensures that `ptr[0]` is accessible, which causes the out-of-bound read.[1] [1] https://github.com/bminor/binutils-gdb/blob/aaa8dbc1b31233f66131476e03ab8635805e515d/bfd/vms-alpha.c#L4373 -- You are receiving thi
[Bug binutils/29848] Out-of-bound read in function `parse_module`
https://sourceware.org/bugzilla/show_bug.cgi?id=29848 2019 changed: What|Removed |Added Target||addr2line Build||aaa8dbc1b31233f66131476e03a ||b8635805e515d -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/29827] gas: build failure in linux x86/kernel/signal.c:60: Error: register type mismatch for `lar'
https://sourceware.org/bugzilla/show_bug.cgi?id=29827 Manuel Lauss changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Manuel Lauss --- Fixed by H.J Lu in 29844 -- You are receiving this mail because: You are on the CC list for the bug.
