[Bug binutils/33017] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33017 --- Comment #1 from Xudong Cao --- Summary Stack Overflow in c++filt's demangle_path and eat Functions Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./c++filt -i -r -s auto @POC AddressSanitizer:DEADLYSIGNAL = ==512814==ERROR: AddressSanitizer: stack-overflow on address 0x7fff44b1bff8 (pc 0x008a5631 bp 0x7fff44b1c190 sp 0x7fff44b1c000 T0) #0 0x8a5631 in eat /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:98 #1 0x8a7e4f in parse_integer_62 /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:125:7 #2 0x8a47fe in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:781:17 #3 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #4 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #5 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #6 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #7 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #8 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #9 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #10 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #11 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #12 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #13 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #14 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #15 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #16 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #17 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #18 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #19 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #20 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #21 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #22 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #23 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #24 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #25 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #26 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #27 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #28 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #29 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #30 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #31 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #32 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #33 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #34 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #35 0x8a4983 in demangle_path
[Bug binutils/33017] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33017 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #2 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33007] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33007 Xudong Cao changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33019] New: Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking
https://sourceware.org/bugzilla/show_bug.cgi?id=33019 Bug ID: 33019 Summary: Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@c6c01f72391e:# ./ld-new --gc-sections -z nosectionheader POC ./ld-new: warning: cannot find entry symbol _start; not setting start address AddressSanitizer:DEADLYSIGNAL = ==895047==ERROR: AddressSanitizer: SEGV on unknown address 0x00e0 (pc 0x00c7f1ee bp 0x7fff70e7aea0 sp 0x7fff70e7ac40 T0) ==895047==The signal is caused by a READ memory access. ==895047==Hint: address points to the zero page. #0 0xc7f1ee in elf_x86_64_finish_dynamic_symbol /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5246:34 #1 0xc94c49 in elf_x86_64_finish_local_dynamic_symbol /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5540:10 #2 0x1def668 in htab_traverse_noresize /workspace/new-test/program/binutils-gdb/libiberty/./hashtab.c:775:7 #3 0xc83279 in elf_x86_64_output_arch_local_syms /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5742:3 #4 0xd7e47b in bfd_elf_final_link /workspace/new-test/program/binutils-gdb/bfd/elflink.c:13266:14 #5 0x544f29 in ldwrite /workspace/new-test/program/binutils-gdb/ld/ldwrite.c:548:8 #6 0x53b0b0 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:912:3 #7 0x7fe7bb858d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #8 0x7fe7bb858e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #9 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5246:34 in elf_x86_64_finish_dynamic_symbol ==895047==ABORTING POC https://drive.google.com/file/d/1Bny7b-su4OXmpn7cQKLAMM7KCiJl4tVP/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33020] New: Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33020 Bug ID: 33020 Summary: Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@c6c01f72391e:# ./ld-new --compress-debug-sections zlib --gc-sections POC ./ld-new: warning: cannot find entry symbol _start; not setting start address ./ld-new: BFD (GNU Binutils) 2.44.50.20250417 assertion fail elf-strtab.c:290 AddressSanitizer:DEADLYSIGNAL = ==955057==ERROR: AddressSanitizer: SEGV on unknown address 0x615807f8 (pc 0x00dcb551 bp 0x0c0e0036 sp 0x7ffef7e117a0 T0) ==955057==The signal is caused by a READ memory access. #0 0xdcb551 in _bfd_elf_strtab_offset /workspace/new-test/program/binutils-gdb/bfd/elf-strtab.c:292:11 #1 0xd0933c in _bfd_elf_write_object_contents /workspace/new-test/program/binutils-gdb/bfd/elf.c:7164:6 #2 0xc39cfa in bfd_close /workspace/new-test/program/binutils-gdb/bfd/opncls.c:865:11 #3 0x53b30b in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:954:12 #4 0x7f332fd17d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 POC https://drive.google.com/file/d/1jBPDK0fuIC0gKmJjTeqy3ntDsMIxc5b9/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33021] New: Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33021 Bug ID: 33021 Summary: Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@c6c01f72391e:# ./ld-new --eh-frame-hdr POC ./ld-new: warning: cannot find entry symbol _start; defaulting to 00401000 ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `reallocarray': openbsd-reallocarray.c:(.text+0x16d): undefined reference to `__errno_location' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_setup_first': openbsd-reallocarray.c:(.text+0x2a7): undefined reference to `getenv' ./ld-new: openbsd-reallocarray.c:(.text+0x2b8): undefined reference to `atoi' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_forkserver': openbsd-reallocarray.c:(.text+0x303): undefined reference to `write' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_fork_wait_loop': openbsd-reallocarray.c:(.text+0x327): undefined reference to `read' ./ld-new: openbsd-reallocarray.c:(.text+0x336): undefined reference to `fork' ./ld-new: openbsd-reallocarray.c:(.text+0x362): undefined reference to `write' ./ld-new: openbsd-reallocarray.c:(.text+0x37c): undefined reference to `waitpid' ./ld-new: openbsd-reallocarray.c:(.text+0x3a0): undefined reference to `write' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_fork_resume': openbsd-reallocarray.c:(.text+0x3b1): undefined reference to `close' ./ld-new: openbsd-reallocarray.c:(.text+0x3bd): undefined reference to `close' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_die': openbsd-reallocarray.c:(.text+0x492): undefined reference to `_exit' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `reallocarray': openbsd-reallocarray.c:(.text+0x161): undefined reference to `realloc' = ==1751117==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200518 at pc 0x00438aee bp 0x7ffe85da12e0 sp 0x7ffe85da0aa8 READ of size 12 at 0x60200518 thread T0 #0 0x438aed in fwrite (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x438aed) #1 0x1c7eaa9 in cache_bwrite /workspace/new-test/program/binutils-gdb/bfd/cache.c:435:12 #2 0xc06729 in bfd_write /workspace/new-test/program/binutils-gdb/bfd/bfdio.c:412:12 #3 0xc22f52 in _bfd_generic_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/libbfd.c:1351:10 #4 0xd1247f in _bfd_elf_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/elf.c:10006:10 #5 0xc4704f in bfd_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/section.c:1527:7 #6 0xde39aa in write_dwarf_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2507:8 #7 0xde230c in _bfd_elf_write_section_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2539:12 #8 0xd83762 in bfd_elf_final_link /workspace/new-test/program/binutils-gdb/bfd/elflink.c:13822:9 #9 0x544f29 in ldwrite /workspace/new-test/program/binutils-gdb/ld/ldwrite.c:548:8 #10 0x53b0b0 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:912:3 #11 0x7f2d1a920d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #12 0x7f2d1a920e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #13 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) 0x60200518 is located 0 bytes to the right of 8-byte region [0x60200510,0x60200518) allocated by thread T0 here: #0 0x49b5bd in malloc (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x49b5bd) #1 0xc1ea01 in bfd_malloc /workspace/new-test/program/binutils-gdb/bfd/libbfd.c:291:9 #2 0xde230c in _bfd_elf_write_section_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2539:12
[Bug binutils/33023] New: Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33023 Bug ID: 33023 Summary: Memory Leak in objdump During Section and Symbol Table Processing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Memory Leak in objdump During Section and Symbol Table Processing Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./objdump -x -d --endian=little POC ./objdump: warning: POC has a section extending past end of file POC: file format elf64-x86-64 POC architecture: i386:x86-64, flags 0x0011: HAS_RELOC, HAS_SYMS start address 0x Sections: Idx Name Size VMA LMA File off Algn 0 ux-gnu/bits 0574 0040 2**4 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 /bits 05b4 2**0 CONTENTS, ALLOC, LOAD, DATA 2 /uss 0019 05b8 2**3 ALLOC 3 .text.unlikely 05b8 2**0 CONTENTS, ALLOC, LOAD, READONLY, CODE 4 .debug_info 011f 05b8 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 5 .debug_abbrev 00b2 06d7 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 6 .debug_loc0139 0789 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 7 .debug_aranges 0030 08c2 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 8 .debug_line 00d9 08f2 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 9 .debug_str017c 09cb 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 10 .comment 0036 0b47 2**0 CONTENTS, READONLY 11 .note.GNU-stack 0b7d 2**0 CONTENTS, READONLY 12 .mh_frame 0038 0b80 2**3 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA SYMBOL TABLE: ldf *ABS* openbsd-reallocarray.c ld ux-gnu/bits ux-gnu/bits ld /bits /bits ld /uss /uss ld .text.unlikely .text.unlikely 0180 l ux-gnu/bits __afl_maybe_log ld .debug_info .debug_info ld .debug_abbrev .debug_abbrev ld .debug_loc .debug_loc ld .debug_aranges .debug_aranges ld .debug_line .debug_line l .debug_str f8ff ld .note.GNU-stack .note.GNU-stack l O /uss 0008 __afl_area_ptr 01b0 l ux-gnu/bits __afl_setup 0190 l ux-gnu/bits __afl_store 0008 l O /uss 0008 __afl_prev_loc 01a8 l ux-gnu/bits __afl_return 0018 l O /uss 0001 __afl_setup_failure 01d1 l ux-gnu/bits __afl_setup_first 0567 l ux-gnu/bits .AFL_SHM_ENV 0496 l ux-gnu/bits __afl_setup_abort 02eb l ux-gnu/bits __afl_forkserver 0014 l O /uss 0004 __afl_temp 03a9 l ux-gnu/bits __afl_fork_resume 0311 l ux-gnu/bits __afl_fork_wait_loop 048e l ux-gnu/bits __afl_die 0010 l O /uss 0004 __afl_fork_pid 0567 l ux-gnu/bits .AFL_VARS ld .mh_frame 000
[Bug gas/33029] New: Internal error (segfault) in dwarf2_finish with --gdwarf-5
https://sourceware.org/bugzilla/show_bug.cgi?id=33029
Bug ID: 33029
Summary: Internal error (segfault) in dwarf2_finish with
--gdwarf-5
Product: binutils
Version: 2.44
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gas
Assignee: unassigned at sourceware dot org
Reporter: rsworktech at outlook dot com
Target Milestone: ---
Host: x86_64-linux-gnu
Target: riscv64-linux-gnu
Created attachment 16108
--> https://sourceware.org/bugzilla/attachment.cgi?id=16108&action=edit
Reproducer
When assembling the attached assembly file, gas crashed with a segmentation
fault.
This is reproducible natively on riscv64 and also reproducible with
riscv64-linux-gnu-as on x86_64 linux.
$ riscv64-linux-gnu-as --gdwarf-5 $'-march=rv64gc' $'-mabi=lp64d'
$'-misa-spec=20191213' -o push_registers_asm.o push_registers_asm.s
push_registers_asm.s: Assembler messages:
push_registers_asm.s: Internal error (Segmentation fault).
Please report this bug.
The relevant CLI flag is --gdwarf-5, removing that flag could workaround this
bug.
GDB:
Program received signal SIGSEGV, Segmentation fault.
0x003ff7ac530e in strlen () from /usr/lib/libc.so.6
(gdb) bt
#0 0x003ff7ac530e in strlen () from /usr/lib/libc.so.6
#1 0x002db5ee in out_debug_str (str_seg=0x2aaab27a70,
name_sym=, comp_dir_sym=,
producer_sym=) at
/usr/src/debug/binutils/binutils-gdb/gas/dwarf2dbg.c:3055
#2 dwarf2_finish () at
/usr/src/debug/binutils/binutils-gdb/gas/dwarf2dbg.c:3270
#3 0x002d53aa in main (argc=, argv=) at
/usr/src/debug/binutils/binutils-gdb/gas/as.c:1461
(gdb) bt full
#0 0x003ff7ac530e in strlen () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x002db5ee in out_debug_str (str_seg=0x2aaab27a70,
name_sym=, comp_dir_sym=,
producer_sym=) at
/usr/src/debug/binutils/binutils-gdb/gas/dwarf2dbg.c:3055
producer =
"\032ī\252*\000\000\000\"\000\000\000\000\000\000\000\360k\341\367?\000\000\000\260嵪*\000\000\000`\000\000\000\000\000\000\000
\360\377\377?\000\000\000\356=\326\367?\000\000\000@\360\377\377?\000\000\\263\260\25
2*\000\000\000\005", '\000' ,
"\250֫\252*\000\000\\263\260\252*", '\000' ,
"\t\266\252*\000\000\000p\360\377\377?\000\000"
len =
p =
first_file =
comp_dir =
producer =
p =
len =
first_file =
__PRETTY_FUNCTION__ =
comp_dir =
dirname =
#2 dwarf2_finish () at
/usr/src/debug/binutils/binutils-gdb/gas/dwarf2dbg.c:3270
abbrev_seg = 0x2aaab28130
aranges_seg =
str_seg = 0x2aaab27a70
producer_sym =
ranges_sym = 0x0
func_form = 0 '\000'
name_sym = 0x2aaab6b0d0
comp_dir_sym =
line_seg = 0x2aaab27948
s =
info_seg = 0x2aaab28008
emit_other_sections =
empty_debug_line =
__PRETTY_FUNCTION__ = "dwarf2_finish"
#3 0x002d53aa in main (argc=, argv=) at
/usr/src/debug/binutils/binutils-gdb/gas/as.c:1461
argv_orig =
sob = {st_dev = 66307, st_ino = 2103156, st_mode = 33188, st_nlink = 1,
st_uid = 1010, st_gid = 1010, st_rdev = 0, __pad1 = 0, st_size = 0, st_blksize
= 4096, __pad2 = 0, st_blocks = 0, st_atim = {tv_sec = 174834920
[Bug ld/33021] Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33021 --- Comment #1 from Sourceware Commits --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5d4465be2b2acacb5e56064c2ffcd329a3f31b58 commit 5d4465be2b2acacb5e56064c2ffcd329a3f31b58 Author: Alan Modra Date: Wed May 28 15:12:39 2025 +0930 PR 33021, buffer overflow in write_dwarf_eh_frame_hdr * elf-eh-frame.c (write_dwarf_eh_frame_hdr): Use size of contents, not section size, in bfd_set_section_contents call. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33023] Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33023 --- Comment #1 from Sourceware Commits --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5e3176dd79bc5db4ba778c59162f43f2bd4392cb commit 5e3176dd79bc5db4ba778c59162f43f2bd4392cb Author: Alan Modra Date: Wed May 28 15:52:55 2025 +0930 PR 33023 memory leak in objdump when specifying --endian * objdump.c (disassemble_data): Free modified xvec and replace original. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33018] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33018 --- Comment #1 from Sourceware Commits --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04395ea00492a63a586459acd834af8ab1a02546 commit 04395ea00492a63a586459acd834af8ab1a02546 Author: Alan Modra Date: Wed May 28 09:44:26 2025 +0930 PR 33018 segv in elf_x86_64_scan_relocs * elf64-x86-64.c (elf_x86_64_scan_relocs): Error on NULL howto. Use bfd_reloc_offset_in_range. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33021] Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33021 Alan Modra changed: What|Removed |Added Resolution|--- |FIXED Target Milestone|--- |2.45 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Status|UNCONFIRMED |RESOLVED --- Comment #2 from Alan Modra --- Fixed for 2.45 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33018] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33018 Alan Modra changed: What|Removed |Added Assignee|unassigned at sourceware dot org |amodra at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33023] Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33023 Alan Modra changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Assignee|unassigned at sourceware dot org |amodra at gmail dot com Target Milestone|--- |2.45 --- Comment #2 from Alan Modra --- Fixed for 2.45 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33018] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33018 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.45 --- Comment #2 from Alan Modra --- Fixed for 2.45 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33007] New: Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33007 Bug ID: 33007 Summary: Segmentation Fault in ld-new due to Unsupported Relocation Type Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in ld-new due to Unsupported Relocation Type Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@c6c01f72391e:# ./ld-new --gc-sections POC ./ld-new: POC: unsupported relocation type 0x82 AddressSanitizer:DEADLYSIGNAL = ==848100==ERROR: AddressSanitizer: SEGV on unknown address 0x0004 (pc 0x00c8bfbd bp 0x7fff2e2473a0 sp 0x7fff2e2470f0 T0) ==848100==The signal is caused by a READ memory access. ==848100==Hint: address points to the zero page. #0 0xc8bfbd in bfd_get_reloc_size /workspace/new-test/program/binutils-gdb/bfd/./bfd.h:3224:17 #1 0xc8748b in elf_x86_64_scan_relocs /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:2555:27 #2 0xd4d733 in _bfd_elf_link_iterate_on_relocs /workspace/new-test/program/binutils-gdb/bfd/elflink.c:4282:9 #3 0xc6d57c in elf_x86_64_early_size_sections /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:3099:6 #4 0xd61507 in bfd_elf_size_dynamic_sections /workspace/new-test/program/binutils-gdb/bfd/elflink.c:6916:11 #5 0xbc167c in ldelf_before_allocation /workspace/new-test/program/binutils-gdb/ld/ldelf.c:1840:10 #6 0x50aa2a in lang_process /workspace/new-test/program/binutils-gdb/ld/ldlang.c:8623:3 #7 0x53aee3 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:882:3 #8 0x7f82b2d34d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #9 0x7f82b2d34e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #10 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /workspace/new-test/program/binutils-gdb/bfd/./bfd.h:3224:17 in bfd_get_reloc_size ==848100==ABORTING POC https://drive.google.com/file/d/14RVWK8gBGrLzMlev8t2fDXsIZokosak1/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33008] New: Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking
https://sourceware.org/bugzilla/show_bug.cgi?id=33008 Bug ID: 33008 Summary: Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@c6c01f72391e:# ./ld-new --gc-sections -z nosectionheader POC ./ld-new: warning: cannot find entry symbol _start; not setting start address AddressSanitizer:DEADLYSIGNAL = ==895047==ERROR: AddressSanitizer: SEGV on unknown address 0x00e0 (pc 0x00c7f1ee bp 0x7fff70e7aea0 sp 0x7fff70e7ac40 T0) ==895047==The signal is caused by a READ memory access. ==895047==Hint: address points to the zero page. #0 0xc7f1ee in elf_x86_64_finish_dynamic_symbol /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5246:34 #1 0xc94c49 in elf_x86_64_finish_local_dynamic_symbol /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5540:10 #2 0x1def668 in htab_traverse_noresize /workspace/new-test/program/binutils-gdb/libiberty/./hashtab.c:775:7 #3 0xc83279 in elf_x86_64_output_arch_local_syms /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5742:3 #4 0xd7e47b in bfd_elf_final_link /workspace/new-test/program/binutils-gdb/bfd/elflink.c:13266:14 #5 0x544f29 in ldwrite /workspace/new-test/program/binutils-gdb/ld/ldwrite.c:548:8 #6 0x53b0b0 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:912:3 #7 0x7fe7bb858d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #8 0x7fe7bb858e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #9 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:5246:34 in elf_x86_64_finish_dynamic_symbol ==895047==ABORTING POC https://drive.google.com/file/d/1Bny7b-su4OXmpn7cQKLAMM7KCiJl4tVP/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33015] New: Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33015 Bug ID: 33015 Summary: Stack Overflow in c++filt's demangle_path Function Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path Function Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./c++filt -r -t @POC AddressSanitizer:DEADLYSIGNAL = ==1349535==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0e5b9fe0 (pc 0x008a4292 bp 0x7ffc0e5ba110 sp 0x7ffc0e5b9fe0 T0) #0 0x8a4292 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:670 #1 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #2 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #3 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #4 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #5 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #6 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #7 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #8 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #9 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #10 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #11 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #12 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #13 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #14 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #15 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #16 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #17 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #18 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #19 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #20 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #21 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #22 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #23 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #24 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #25 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #26 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #27 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #28 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #29 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #30 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #31 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #32 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/l
[Bug binutils/33017] New: Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33017 Bug ID: 33017 Summary: Stack Overflow in c++filt's demangle_path and eat Functions Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path and eat Functions Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./c++filt -i -r -s auto @POC AddressSanitizer:DEADLYSIGNAL = ==512814==ERROR: AddressSanitizer: stack-overflow on address 0x7fff44b1bff8 (pc 0x008a5631 bp 0x7fff44b1c190 sp 0x7fff44b1c000 T0) #0 0x8a5631 in eat /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:98 #1 0x8a7e4f in parse_integer_62 /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:125:7 #2 0x8a47fe in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:781:17 #3 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #4 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #5 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #6 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #7 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #8 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #9 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #10 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #11 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #12 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #13 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #14 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #15 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #16 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #17 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #18 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #19 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #20 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #21 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #22 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #23 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #24 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #25 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #26 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #27 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #28 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #29 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #30 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #31 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #32 0x8a488d in demangle_path /ro
[Bug binutils/33016] New: Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33016 Bug ID: 33016 Summary: Stack Overflow in c++filt's demangle_path and demangle_type Functions Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path and demangle_type Functions Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./c++filt -r @POC AddressSanitizer:DEADLYSIGNAL = ==659719==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc02ed3ec8 (pc 0x004997f6 bp 0x7ffc02ed4710 sp 0x7ffc02ed3ed0 T0) #0 0x4997f6 in __asan_memcpy (/workspace/new-test/fuzzdir/fz-binutils/fz-c++filt/c++filt+0x4997f6) #1 0x8a55d5 in str_buf_append /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1572:3 #2 0x8a2586 in print_str /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:279:5 #3 0x8a4514 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:758:7 #4 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #5 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #6 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #7 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #8 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #9 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #10 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #11 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #12 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #13 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #14 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #15 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #16 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #17 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #18 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #19 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #20 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #21 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #22 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #23 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #24 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #25 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #26 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #27 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #28 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #29 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #30 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #31 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #32 0x8a6d56 in dem
[Bug binutils/33027] Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33027 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Alan Modra --- reported to the wrong project -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33026] Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33026 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Alan Modra --- libiberty bugs should be reported to the gcc project -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33022] Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33022 Alan Modra changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Alan Modra --- liblto_plugin is part of gcc -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33028] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33028 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Alan Modra --- reported to the wrong project -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33009] New: Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33009 Bug ID: 33009 Summary: Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@c6c01f72391e:# ./ld-new --compress-debug-sections zlib --gc-sections POC ./ld-new: warning: cannot find entry symbol _start; not setting start address ./ld-new: BFD (GNU Binutils) 2.44.50.20250417 assertion fail elf-strtab.c:290 AddressSanitizer:DEADLYSIGNAL = ==955057==ERROR: AddressSanitizer: SEGV on unknown address 0x615807f8 (pc 0x00dcb551 bp 0x0c0e0036 sp 0x7ffef7e117a0 T0) ==955057==The signal is caused by a READ memory access. #0 0xdcb551 in _bfd_elf_strtab_offset /workspace/new-test/program/binutils-gdb/bfd/elf-strtab.c:292:11 #1 0xd0933c in _bfd_elf_write_object_contents /workspace/new-test/program/binutils-gdb/bfd/elf.c:7164:6 #2 0xc39cfa in bfd_close /workspace/new-test/program/binutils-gdb/bfd/opncls.c:865:11 #3 0x53b30b in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:954:12 #4 0x7f332fd17d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 POC https://drive.google.com/file/d/1jBPDK0fuIC0gKmJjTeqy3ntDsMIxc5b9/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33014] Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference
https://sourceware.org/bugzilla/show_bug.cgi?id=33014 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33013] Segmentation Fault in elfedit's byte_get_little_endian Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33013 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33012] Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33012 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33011] Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33011 Xudong Cao changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33017] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33017 --- Comment #3 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33016] Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33016 Xudong Cao changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33009] Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33009 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33022] New: Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33022 Bug ID: 33022 Summary: Heap Buffer Overflow in nm with liblto_plugin.so During strncmp Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Heap Buffer Overflow in nm with liblto_plugin.so During strncmp Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./nm --plugin /usr/lib/bfd-plugins/liblto_plugin.so POC = ==1983516==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606001d2 at pc 0x0043268d bp 0x7ffd3f3fd1e0 sp 0x7ffd3f3fc980 READ of size 2 at 0x606001d2 thread T0 #0 0x43268c in strncmp (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x43268c) #1 0x7f89af140b21 (/usr/lib/bfd-plugins/liblto_plugin.so+0xeb21) #2 0x7f89af14087e (/usr/lib/bfd-plugins/liblto_plugin.so+0xe87e) #3 0x7f89af13fe90 (/usr/lib/bfd-plugins/liblto_plugin.so+0xde90) #4 0x7ef82e in try_claim /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:497:4 #5 0x7ee72c in try_load_plugin /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:608:8 #6 0x7ede8a in load_plugin /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:734:12 #7 0x7ed067 in bfd_plugin_object_p /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:761:53 #8 0x5017e2 in bfd_check_format_matches /root/this-program/binutils-gdb/build/bfd/../../bfd/format.c:497:17 #9 0x4cd5e8 in display_file /root/this-program/binutils-gdb/build/binutils/../../binutils/nm.c:1663:12 #10 0x4cc5c1 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/nm.c:2181:12 #11 0x7f89b1e3bd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #12 0x7f89b1e3be3f in __libc_start_main csu/../csu/libc-start.c:392:3 #13 0x41f5b4 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x41f5b4) 0x606001d2 is located 0 bytes to the right of 50-byte region [0x606001a0,0x606001d2) allocated by thread T0 here: #0 0x49a47d in malloc (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x49a47d) #1 0x7f89af13c18c in xmalloc (/usr/lib/bfd-plugins/liblto_plugin.so+0xa18c) SUMMARY: AddressSanitizer: heap-buffer-overflow (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x43268c) in strncmp Shadow bytes around the buggy address: 0x0c0c7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff8000: fa fa fa fa 00 00 00 00 00 00 05 fa fa fa fa fa 0x0c0c7fff8010: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 0x0c0c7fff8020: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 05 =>0x0c0c7fff8030: fa fa fa fa 00 00 00 00 00 00[02]fa fa fa fa fa 0x0c0c7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==1983516==ABORTING POC https://drive.google.com/file/d/1nWTkCqzxdajk451n0G-BYAluMMzqAP9m/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33015] Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33015 Xudong Cao changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33010] New: Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33010 Bug ID: 33010 Summary: Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@c6c01f72391e:# ./ld-new --eh-frame-hdr POC ./ld-new: warning: cannot find entry symbol _start; defaulting to 00401000 ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `reallocarray': openbsd-reallocarray.c:(.text+0x16d): undefined reference to `__errno_location' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_setup_first': openbsd-reallocarray.c:(.text+0x2a7): undefined reference to `getenv' ./ld-new: openbsd-reallocarray.c:(.text+0x2b8): undefined reference to `atoi' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_forkserver': openbsd-reallocarray.c:(.text+0x303): undefined reference to `write' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_fork_wait_loop': openbsd-reallocarray.c:(.text+0x327): undefined reference to `read' ./ld-new: openbsd-reallocarray.c:(.text+0x336): undefined reference to `fork' ./ld-new: openbsd-reallocarray.c:(.text+0x362): undefined reference to `write' ./ld-new: openbsd-reallocarray.c:(.text+0x37c): undefined reference to `waitpid' ./ld-new: openbsd-reallocarray.c:(.text+0x3a0): undefined reference to `write' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_fork_resume': openbsd-reallocarray.c:(.text+0x3b1): undefined reference to `close' ./ld-new: openbsd-reallocarray.c:(.text+0x3bd): undefined reference to `close' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `__afl_die': openbsd-reallocarray.c:(.text+0x492): undefined reference to `_exit' ./ld-new: /workspace/POC/binutils/POC_binutils_ld_heap-buffer-overflow: in function `reallocarray': openbsd-reallocarray.c:(.text+0x161): undefined reference to `realloc' = ==1751117==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200518 at pc 0x00438aee bp 0x7ffe85da12e0 sp 0x7ffe85da0aa8 READ of size 12 at 0x60200518 thread T0 #0 0x438aed in fwrite (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x438aed) #1 0x1c7eaa9 in cache_bwrite /workspace/new-test/program/binutils-gdb/bfd/cache.c:435:12 #2 0xc06729 in bfd_write /workspace/new-test/program/binutils-gdb/bfd/bfdio.c:412:12 #3 0xc22f52 in _bfd_generic_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/libbfd.c:1351:10 #4 0xd1247f in _bfd_elf_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/elf.c:10006:10 #5 0xc4704f in bfd_set_section_contents /workspace/new-test/program/binutils-gdb/bfd/section.c:1527:7 #6 0xde39aa in write_dwarf_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2507:8 #7 0xde230c in _bfd_elf_write_section_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2539:12 #8 0xd83762 in bfd_elf_final_link /workspace/new-test/program/binutils-gdb/bfd/elflink.c:13822:9 #9 0x544f29 in ldwrite /workspace/new-test/program/binutils-gdb/ld/ldwrite.c:548:8 #10 0x53b0b0 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:912:3 #11 0x7f2d1a920d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #12 0x7f2d1a920e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #13 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) 0x60200518 is located 0 bytes to the right of 8-byte region [0x60200510,0x60200518) allocated by thread T0 here: #0 0x49b5bd in malloc (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x49b5bd) #1 0xc1ea01 in bfd_malloc /workspace/new-test/program/binutils-gdb/bfd/libbfd.c:291:9 #2 0xde230c in _bfd_elf_write_section_eh_frame_hdr /workspace/new-test/program/binutils-gdb/bfd/elf-eh-frame.c:2539:12 #3 0x544f29 in ldwrite /
[Bug binutils/33011] New: Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33011 Bug ID: 33011 Summary: Heap Buffer Overflow in nm with liblto_plugin.so During strncmp Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Heap Buffer Overflow in nm with liblto_plugin.so During strncmp Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./nm --plugin /usr/lib/bfd-plugins/liblto_plugin.so POC = ==1983516==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606001d2 at pc 0x0043268d bp 0x7ffd3f3fd1e0 sp 0x7ffd3f3fc980 READ of size 2 at 0x606001d2 thread T0 #0 0x43268c in strncmp (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x43268c) #1 0x7f89af140b21 (/usr/lib/bfd-plugins/liblto_plugin.so+0xeb21) #2 0x7f89af14087e (/usr/lib/bfd-plugins/liblto_plugin.so+0xe87e) #3 0x7f89af13fe90 (/usr/lib/bfd-plugins/liblto_plugin.so+0xde90) #4 0x7ef82e in try_claim /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:497:4 #5 0x7ee72c in try_load_plugin /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:608:8 #6 0x7ede8a in load_plugin /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:734:12 #7 0x7ed067 in bfd_plugin_object_p /root/this-program/binutils-gdb/build/bfd/../../bfd/plugin.c:761:53 #8 0x5017e2 in bfd_check_format_matches /root/this-program/binutils-gdb/build/bfd/../../bfd/format.c:497:17 #9 0x4cd5e8 in display_file /root/this-program/binutils-gdb/build/binutils/../../binutils/nm.c:1663:12 #10 0x4cc5c1 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/nm.c:2181:12 #11 0x7f89b1e3bd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #12 0x7f89b1e3be3f in __libc_start_main csu/../csu/libc-start.c:392:3 #13 0x41f5b4 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x41f5b4) 0x606001d2 is located 0 bytes to the right of 50-byte region [0x606001a0,0x606001d2) allocated by thread T0 here: #0 0x49a47d in malloc (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x49a47d) #1 0x7f89af13c18c in xmalloc (/usr/lib/bfd-plugins/liblto_plugin.so+0xa18c) SUMMARY: AddressSanitizer: heap-buffer-overflow (/workspace/new-test/fuzzdir/fz-binutils/fz-nm/nm+0x43268c) in strncmp Shadow bytes around the buggy address: 0x0c0c7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c0c7fff8000: fa fa fa fa 00 00 00 00 00 00 05 fa fa fa fa fa 0x0c0c7fff8010: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 0x0c0c7fff8020: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 05 =>0x0c0c7fff8030: fa fa fa fa 00 00 00 00 00 00[02]fa fa fa fa fa 0x0c0c7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==1983516==ABORTING POC https://drive.google.com/file/d/1nWTkCqzxdajk451n0G-BYAluMMzqAP9m/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33012] New: Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33012 Bug ID: 33012 Summary: Memory Leak in objdump During Section and Symbol Table Processing Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Memory Leak in objdump During Section and Symbol Table Processing Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./objdump -x -d --endian=little POC ./objdump: warning: POC has a section extending past end of file POC: file format elf64-x86-64 POC architecture: i386:x86-64, flags 0x0011: HAS_RELOC, HAS_SYMS start address 0x Sections: Idx Name Size VMA LMA File off Algn 0 ux-gnu/bits 0574 0040 2**4 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 /bits 05b4 2**0 CONTENTS, ALLOC, LOAD, DATA 2 /uss 0019 05b8 2**3 ALLOC 3 .text.unlikely 05b8 2**0 CONTENTS, ALLOC, LOAD, READONLY, CODE 4 .debug_info 011f 05b8 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 5 .debug_abbrev 00b2 06d7 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 6 .debug_loc0139 0789 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 7 .debug_aranges 0030 08c2 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 8 .debug_line 00d9 08f2 2**0 CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS 9 .debug_str017c 09cb 2**0 CONTENTS, READONLY, DEBUGGING, OCTETS 10 .comment 0036 0b47 2**0 CONTENTS, READONLY 11 .note.GNU-stack 0b7d 2**0 CONTENTS, READONLY 12 .mh_frame 0038 0b80 2**3 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA SYMBOL TABLE: ldf *ABS* openbsd-reallocarray.c ld ux-gnu/bits ux-gnu/bits ld /bits /bits ld /uss /uss ld .text.unlikely .text.unlikely 0180 l ux-gnu/bits __afl_maybe_log ld .debug_info .debug_info ld .debug_abbrev .debug_abbrev ld .debug_loc .debug_loc ld .debug_aranges .debug_aranges ld .debug_line .debug_line l .debug_str f8ff ld .note.GNU-stack .note.GNU-stack l O /uss 0008 __afl_area_ptr 01b0 l ux-gnu/bits __afl_setup 0190 l ux-gnu/bits __afl_store 0008 l O /uss 0008 __afl_prev_loc 01a8 l ux-gnu/bits __afl_return 0018 l O /uss 0001 __afl_setup_failure 01d1 l ux-gnu/bits __afl_setup_first 0567 l ux-gnu/bits .AFL_SHM_ENV 0496 l ux-gnu/bits __afl_setup_abort 02eb l ux-gnu/bits __afl_forkserver 0014 l O /uss 0004 __afl_temp 03a9 l ux-gnu/bits __afl_fork_resume 0311 l ux-gnu/bits __afl_fork_wait_loop 048e l ux-gnu/bits __afl_die 0010 l O /uss 0004 __afl_fork_pid 0567 l ux-gnu/bits .AFL_VARS ld .mh_frame .mh_frame
[Bug binutils/33013] New: Segmentation Fault in elfedit's byte_get_little_endian Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33013 Bug ID: 33013 Summary: Segmentation Fault in elfedit's byte_get_little_endian Function Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in elfedit's byte_get_little_endian Function Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./elfedit --enable-x86-feature ibt POC AddressSanitizer:DEADLYSIGNAL = ==1700934==ERROR: AddressSanitizer: SEGV on unknown address 0x122ed5158a00 (pc 0x004d2c5b bp 0x7fff714a2d70 sp 0x7fff714a2b40 T0) ==1700934==The signal is caused by a READ memory access. #0 0x4d2c5b in byte_get_little_endian /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:132:26 #1 0x4cf713 in update_gnu_property /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:135:22 #2 0x4cd426 in process_file /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:803:8 #3 0x4cbd58 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:1102:15 #4 0x7f72ab62fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f72ab62fe3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x41f424 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-elfedit/elfedit+0x41f424) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:132:26 in byte_get_little_endian ==1700934==ABORTING POC https://drive.google.com/file/d/1uUnR_brFZFSEtDIJCKb1yLe_bHMGLah4/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33027] New: Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33027 Bug ID: 33027 Summary: Stack Overflow in c++filt's demangle_path and demangle_type Functions Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path and demangle_type Functions Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./c++filt -r @POC AddressSanitizer:DEADLYSIGNAL = ==659719==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc02ed3ec8 (pc 0x004997f6 bp 0x7ffc02ed4710 sp 0x7ffc02ed3ed0 T0) #0 0x4997f6 in __asan_memcpy (/workspace/new-test/fuzzdir/fz-binutils/fz-c++filt/c++filt+0x4997f6) #1 0x8a55d5 in str_buf_append /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1572:3 #2 0x8a2586 in print_str /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:279:5 #3 0x8a4514 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:758:7 #4 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #5 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #6 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #7 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #8 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #9 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #10 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #11 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #12 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #13 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #14 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #15 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #16 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #17 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #18 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #19 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #20 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #21 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #22 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #23 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #24 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #25 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #26 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #27 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #28 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1062:7 #29 0x8a6d56 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:1055:11 #30 0x8a451c in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:759:7 #31 0x8a6db9 in demangle_type /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:106
[Bug binutils/33028] New: Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33028 Bug ID: 33028 Summary: Stack Overflow in c++filt's demangle_path and eat Functions Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path and eat Functions Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./c++filt -i -r -s auto @POC AddressSanitizer:DEADLYSIGNAL = ==512814==ERROR: AddressSanitizer: stack-overflow on address 0x7fff44b1bff8 (pc 0x008a5631 bp 0x7fff44b1c190 sp 0x7fff44b1c000 T0) #0 0x8a5631 in eat /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:98 #1 0x8a7e4f in parse_integer_62 /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:125:7 #2 0x8a47fe in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:781:17 #3 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #4 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #5 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #6 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #7 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #8 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #9 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #10 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #11 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #12 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #13 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #14 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #15 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #16 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #17 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #18 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #19 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #20 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #21 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #22 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #23 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #24 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #25 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #26 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #27 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #28 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #29 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #30 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #31 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #32 0x
[Bug ld/33007] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33007 --- Comment #2 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33018] New: Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33018 Bug ID: 33018 Summary: Segmentation Fault in ld-new due to Unsupported Relocation Type Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in ld-new due to Unsupported Relocation Type Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@c6c01f72391e:# ./ld-new --gc-sections POC ./ld-new: POC: unsupported relocation type 0x82 AddressSanitizer:DEADLYSIGNAL = ==848100==ERROR: AddressSanitizer: SEGV on unknown address 0x0004 (pc 0x00c8bfbd bp 0x7fff2e2473a0 sp 0x7fff2e2470f0 T0) ==848100==The signal is caused by a READ memory access. ==848100==Hint: address points to the zero page. #0 0xc8bfbd in bfd_get_reloc_size /workspace/new-test/program/binutils-gdb/bfd/./bfd.h:3224:17 #1 0xc8748b in elf_x86_64_scan_relocs /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:2555:27 #2 0xd4d733 in _bfd_elf_link_iterate_on_relocs /workspace/new-test/program/binutils-gdb/bfd/elflink.c:4282:9 #3 0xc6d57c in elf_x86_64_early_size_sections /workspace/new-test/program/binutils-gdb/bfd/elf64-x86-64.c:3099:6 #4 0xd61507 in bfd_elf_size_dynamic_sections /workspace/new-test/program/binutils-gdb/bfd/elflink.c:6916:11 #5 0xbc167c in ldelf_before_allocation /workspace/new-test/program/binutils-gdb/ld/ldelf.c:1840:10 #6 0x50aa2a in lang_process /workspace/new-test/program/binutils-gdb/ld/ldlang.c:8623:3 #7 0x53aee3 in main /workspace/new-test/program/binutils-gdb/ld/./ldmain.c:882:3 #8 0x7f82b2d34d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #9 0x7f82b2d34e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #10 0x4206f4 in _start (/workspace/new-test/fuzzdir/fz-ld/ld-new+0x4206f4) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /workspace/new-test/program/binutils-gdb/bfd/./bfd.h:3224:17 in bfd_get_reloc_size ==848100==ABORTING POC https://drive.google.com/file/d/14RVWK8gBGrLzMlev8t2fDXsIZokosak1/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33024] New: Segmentation Fault in elfedit's byte_get_little_endian Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33024 Bug ID: 33024 Summary: Segmentation Fault in elfedit's byte_get_little_endian Function Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Segmentation Fault in elfedit's byte_get_little_endian Function Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./elfedit --enable-x86-feature ibt POC AddressSanitizer:DEADLYSIGNAL = ==1700934==ERROR: AddressSanitizer: SEGV on unknown address 0x122ed5158a00 (pc 0x004d2c5b bp 0x7fff714a2d70 sp 0x7fff714a2b40 T0) ==1700934==The signal is caused by a READ memory access. #0 0x4d2c5b in byte_get_little_endian /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:132:26 #1 0x4cf713 in update_gnu_property /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:135:22 #2 0x4cd426 in process_file /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:803:8 #3 0x4cbd58 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:1102:15 #4 0x7f72ab62fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f72ab62fe3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x41f424 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-elfedit/elfedit+0x41f424) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:132:26 in byte_get_little_endian ==1700934==ABORTING POC https://drive.google.com/file/d/1uUnR_brFZFSEtDIJCKb1yLe_bHMGLah4/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33025] New: Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference
https://sourceware.org/bugzilla/show_bug.cgi?id=33025 Bug ID: 33025 Summary: Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./elfedit --enable-x86-feature ibt POC = ==1663329==ERROR: AddressSanitizer: unknown-crash on address 0x7f0fdddb9000 at pc 0x004d315b bp 0x7fff57e13d90 sp 0x7fff57e13d88 READ of size 1 at 0x7f0fdddb9000 thread T0 #0 0x4d315a in byte_get_little_endian /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:162:26 #1 0x4cf87d in update_gnu_property /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:142:23 #2 0x4cd426 in process_file /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:803:8 #3 0x4cbd58 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:1102:15 #4 0x7f0fe0a7fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f0fe0a7fe3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x41f424 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-elfedit/elfedit+0x41f424) Address 0x7f0fdddb9000 is a wild pointer. SUMMARY: AddressSanitizer: unknown-crash /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:162:26 in byte_get_little_endian Shadow bytes around the buggy address: 0x0fe27bbaf1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0fe27bbaf200:[fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf210: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf220: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf230: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf240: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf250: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==1663329==ABORTING POC https://drive.google.com/file/d/1lcQ3pR4GSGJAeS-y3bCWaE3mlkA4EDQE/view?usp=sharing redit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33026] New: Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33026 Bug ID: 33026 Summary: Stack Overflow in c++filt's demangle_path Function Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Stack Overflow in c++filt's demangle_path Function Environment GNU Binutils version: 2.44.50 & master OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --disable-werror --enable-targets=all --enable-gold[=yes] # make -j64 & make install root@46b925a575de:# ./c++filt -r -t @POC AddressSanitizer:DEADLYSIGNAL = ==1349535==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0e5b9fe0 (pc 0x008a4292 bp 0x7ffc0e5ba110 sp 0x7ffc0e5b9fe0 T0) #0 0x8a4292 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:670 #1 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #2 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #3 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #4 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #5 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #6 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #7 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #8 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #9 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #10 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #11 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #12 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #13 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #14 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #15 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #16 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #17 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #18 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #19 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #20 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #21 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #22 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #23 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #24 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #25 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #26 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #27 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #28 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #29 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #30 0x8a4983 in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:708:7 #31 0x8a488d in demangle_path /root/this-program/binutils-gdb/build/libiberty/../../libiberty/rust-demangle.c:786:11 #32 0x8a4983 in demangle_path /root/this-p
[Bug binutils/33014] New: Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference
https://sourceware.org/bugzilla/show_bug.cgi?id=33014 Bug ID: 33014 Summary: Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference Product: binutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: xdcao.cs at gmail dot com Target Milestone: --- Summary Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference Environment elfutils version: 0.192 OS: Ubuntu 22.04.5 LTS Steps to reproduce # export CFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # export CXXFLAGS="-g -O0 -fno-inline -fno-lto -fsanitize=address" # ./configure --enable-maintainer-mode --disable-debuginfod # make -j64 & make install root@46b925a575de:# ./elfedit --enable-x86-feature ibt POC = ==1663329==ERROR: AddressSanitizer: unknown-crash on address 0x7f0fdddb9000 at pc 0x004d315b bp 0x7fff57e13d90 sp 0x7fff57e13d88 READ of size 1 at 0x7f0fdddb9000 thread T0 #0 0x4d315a in byte_get_little_endian /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:162:26 #1 0x4cf87d in update_gnu_property /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:142:23 #2 0x4cd426 in process_file /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:803:8 #3 0x4cbd58 in main /root/this-program/binutils-gdb/build/binutils/../../binutils/elfedit.c:1102:15 #4 0x7f0fe0a7fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f0fe0a7fe3f in __libc_start_main csu/../csu/libc-start.c:392:3 #6 0x41f424 in _start (/workspace/new-test/fuzzdir/fz-binutils/fz-elfedit/elfedit+0x41f424) Address 0x7f0fdddb9000 is a wild pointer. SUMMARY: AddressSanitizer: unknown-crash /root/this-program/binutils-gdb/build/binutils/../../binutils/elfcomm.c:162:26 in byte_get_little_endian Shadow bytes around the buggy address: 0x0fe27bbaf1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fe27bbaf1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0fe27bbaf200:[fe]fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf210: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf220: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf230: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf240: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 0x0fe27bbaf250: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==1663329==ABORTING POC https://drive.google.com/file/d/1lcQ3pR4GSGJAeS-y3bCWaE3mlkA4EDQE/view?usp=sharing Credit Xiaoguo Li (CUPL) Xudong Cao (UCAS) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33008] Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking
https://sourceware.org/bugzilla/show_bug.cgi?id=33008 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33010] Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33010 Xudong Cao changed: What|Removed |Added Resolution|--- |MOVED Status|UNCONFIRMED |RESOLVED --- Comment #1 from Xudong Cao --- There is an error in the version of the submitted information. Resubmit later and withdraw the report. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33010] Heap Buffer Overflow in ld-new's fwrite During EH Frame Header Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33010 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33011] Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33011 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33008] Segmentation Fault in elf_x86_64_finish_dynamic_symbol During Linking
https://sourceware.org/bugzilla/show_bug.cgi?id=33008 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33016] Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33016 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33007] Segmentation Fault in ld-new due to Unsupported Relocation Type
https://sourceware.org/bugzilla/show_bug.cgi?id=33007 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33017] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33017 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33028] Stack Overflow in c++filt's demangle_path and eat Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33028 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33014] Unknown Crash in elfedit's byte_get_little_endian Due to Wild Pointer Dereference
https://sourceware.org/bugzilla/show_bug.cgi?id=33014 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/33009] Segmentation Fault in _bfd_elf_strtab_offset During Object Content Writing
https://sourceware.org/bugzilla/show_bug.cgi?id=33009 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33012] Memory Leak in objdump During Section and Symbol Table Processing
https://sourceware.org/bugzilla/show_bug.cgi?id=33012 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33026] Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33026 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33022] Heap Buffer Overflow in nm with liblto_plugin.so During strncmp
https://sourceware.org/bugzilla/show_bug.cgi?id=33022 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33013] Segmentation Fault in elfedit's byte_get_little_endian Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33013 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33027] Stack Overflow in c++filt's demangle_path and demangle_type Functions
https://sourceware.org/bugzilla/show_bug.cgi?id=33027 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/33015] Stack Overflow in c++filt's demangle_path Function
https://sourceware.org/bugzilla/show_bug.cgi?id=33015 Sam James changed: What|Removed |Added Resolution|MOVED |INVALID -- You are receiving this mail because: You are on the CC list for the bug.
