[Bug binutils/28186] New: AddressSanitizer: SEGV /home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30 in _bfd_elf_fixup_group_sections

2021-08-04 Thread duytai.cse at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=28186

Bug ID: 28186
   Summary: AddressSanitizer: SEGV
/home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30 in
_bfd_elf_fixup_group_sections
   Product: binutils
   Version: 2.37
Status: UNCONFIRMED
  Severity: critical
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: duytai.cse at gmail dot com
  Target Milestone: ---

Created attachment 13590
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13590&action=edit
input file

I execute following command:

./strip-new id:00 -o /dev/null

 OUTPUT ---
./strip-new: id:00: invalid entry in SHT_GROUP section [15]
./strip-new: id:00: invalid entry in SHT_GROUP section [15]
./strip-new: id:00: no group info for section '.hnu.'
./strip-new: id:00: warning: secondary relocation section '.hnu.' for
section .hnu. found - ignoring
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
elf.c:7991:25: runtime error: member access within null pointer of type 'struct
bfd_section'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf.c:7991:25 in
AddressSanitizer:DEADLYSIGNAL
=
==423909==ERROR: AddressSanitizer: SEGV on unknown address 0x0040 (pc
0x009d820c bp 0x7ffc6fc347f0 sp 0x7ffc6fc34770 T0)
==423909==The signal is caused by a WRITE memory access.
==423909==Hint: address points to the zero page.
#0 0x9d820c in _bfd_elf_fixup_group_sections
/home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30
#1 0x9d97f2 in _bfd_elf_copy_private_header_data
/home/tai/CVEs/binutils-2.37/bfd/elf.c:8024:10
#2 0x4e7795 in setup_bfd_headers
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:3981:9
#3 0x4e7795 in copy_object
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:2822:5
#4 0x4df7fd in copy_file
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:3866:13
#5 0x4c64e7 in strip_main
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:4856:7
#6 0x4c64e7 in main /home/tai/CVEs/binutils-2.37/binutils/objcopy.c:6052:5
#7 0x7f46fe8dd0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c5ed in _start
(/home/tai/CVEs/binutils-2.37/binutils/strip-new+0x41c5ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30
in _bfd_elf_fixup_group_sections
==423909==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.


[Bug binutils/28187] New: AddressSanitizer: SEGV /home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30 in _bfd_elf_fixup_group_sections

2021-08-04 Thread duytai.cse at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=28187

Bug ID: 28187
   Summary: AddressSanitizer: SEGV
/home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30 in
_bfd_elf_fixup_group_sections
   Product: binutils
   Version: 2.37
Status: UNCONFIRMED
  Severity: critical
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: duytai.cse at gmail dot com
  Target Milestone: ---

Created attachment 13591
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13591&action=edit
id:00

I execute following command:

./strip-new id\:00 -o /dev/null

-OUTPUT

./strip-new: id:00: invalid entry in SHT_GROUP section [15]
./strip-new: id:00: invalid entry in SHT_GROUP section [15]
./strip-new: id:00: no group info for section '.hnu.'
./strip-new: id:00: warning: secondary relocation section '.hnu.' for
section .hnu. found - ignoring
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
./strip-new: id:00: attempt to load strings from a non-string section
(number 0)
elf.c:7991:25: runtime error: member access within null pointer of type 'struct
bfd_section'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf.c:7991:25 in
AddressSanitizer:DEADLYSIGNAL
=
==423909==ERROR: AddressSanitizer: SEGV on unknown address 0x0040 (pc
0x009d820c bp 0x7ffc6fc347f0 sp 0x7ffc6fc34770 T0)
==423909==The signal is caused by a WRITE memory access.
==423909==Hint: address points to the zero page.
#0 0x9d820c in _bfd_elf_fixup_group_sections
/home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30
#1 0x9d97f2 in _bfd_elf_copy_private_header_data
/home/tai/CVEs/binutils-2.37/bfd/elf.c:8024:10
#2 0x4e7795 in setup_bfd_headers
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:3981:9
#3 0x4e7795 in copy_object
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:2822:5
#4 0x4df7fd in copy_file
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:3866:13
#5 0x4c64e7 in strip_main
/home/tai/CVEs/binutils-2.37/binutils/objcopy.c:4856:7
#6 0x4c64e7 in main /home/tai/CVEs/binutils-2.37/binutils/objcopy.c:6052:5
#7 0x7f46fe8dd0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c5ed in _start
(/home/tai/CVEs/binutils-2.37/binutils/strip-new+0x41c5ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tai/CVEs/binutils-2.37/bfd/elf.c:7991:30
in _bfd_elf_fixup_group_sections
==423909==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.