[Bug binutils/29312] New: Stack overflow in demangle_const() and demangle_path_maybe_open_generics(), cxxfilt
https://sourceware.org/bugzilla/show_bug.cgi?id=29312 Bug ID: 29312 Summary: Stack overflow in demangle_const() and demangle_path_maybe_open_generics(), cxxfilt Product: binutils Version: 2.39 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: lqliuyuwei at outlook dot com Target Milestone: --- Created attachment 14190 --> https://sourceware.org/bugzilla/attachment.cgi?id=14190&action=edit poc for demangle_const PoCs to trigger the stack overflow. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29312] Stack overflow in demangle_const() and demangle_path_maybe_open_generics(), cxxfilt
https://sourceware.org/bugzilla/show_bug.cgi?id=29312 --- Comment #1 from Marsman1996 --- Created attachment 14191 --> https://sourceware.org/bugzilla/attachment.cgi?id=14191&action=edit poc for demangle_path_maybe_open_generics Both tested in Ubuntu 16.04, Binutils commit 2899490953879ccb22e64d6b8bc09fe9b9cdc5a7 To trigger the carsh, run command `$ ./cxxfilt < $POC` The ASAN report is ``` AddressSanitizer:DEADLYSIGNAL = ==23686==ERROR: AddressSanitizer: stack-overflow on address 0x7fff44f2ef40 (pc 0x0085c097 bp 0x7fff44f2f110 sp 0x7fff44f2ef40 T0) #0 0x85c096 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1144 #1 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #2 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #3 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #4 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #5 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #6 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #7 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #8 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #9 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #10 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #11 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 #12 0x85c722 in demangle_const /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1158:11 ... ``` And ``` AddressSanitizer:DEADLYSIGNAL = ==23696==ERROR: AddressSanitizer: stack-overflow on address 0x7ffebacebfd8 (pc 0x0085f947 bp 0x7ffebacec030 sp 0x7ffebacebfa0 T0) #0 0x85f946 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1082:12 #1 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #2 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #3 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #4 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #5 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #6 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #7 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #8 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #9 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #10 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #11 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #12 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #13 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #14 0x85ff03 in demangle_path_maybe_open_generics /opt/disk/marsman/binutils/2899490/build_asan/libiberty/../../code/libiberty/rust-demangle.c:1092:18 #15 0x85ff03 in demangle_path_maybe_open_ge
[Bug binutils/29312] Stack overflow in demangle_const() and demangle_path_maybe_open_generics(), cxxfilt
https://sourceware.org/bugzilla/show_bug.cgi?id=29312 --- Comment #4 from Marsman1996 --- Hi Nick, I apologize for not doing enough prior research and thanks for the information. GCC bugzilla system seems to limit the user account creation. Sincerely, Marsman -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29312] Stack overflow in demangle_const() and demangle_path_maybe_open_generics(), cxxfilt
https://sourceware.org/bugzilla/show_bug.cgi?id=29312 --- Comment #6 from Marsman1996 --- (In reply to Nick Clifton from comment #5) Hi Nick, > If you are unable to create an account then sending a bug report to > gcc-b...@gcc.gnu.org should work instead. Thanks for the advice, I have sent the bug report. Hope they will accept the patch and fix this soon. Sincerely, Marsman -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/23496] New: Memory Leak of objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=23496 Bug ID: 23496 Summary: Memory Leak of objdump Product: binutils Version: 2.31 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: lqliuyuwei at outlook dot com Target Milestone: --- Created attachment 11168 --> https://sourceware.org/bugzilla/attachment.cgi?id=11168&action=edit the poc file on ubuntu 16.04 64bit, binutils 2.31 How to reproduce: 1. compile: CC="gcc -fsanitize=address" CXX="g++ -fsanitize=address" ../configure 2. objdump -d poc asan info: ==82201==ERROR: LeakSanitizer: detected memory leaks Direct leak of 336 byte(s) in 1 object(s) allocated from: #0 0x7fb3e3986602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x488c62 in bfd_malloc ../../bfd/libbfd.c:271 #2 0x6120bebf () #3 0x65880f (/home/marsman/Desktop/crashana/binutils/bin/objdump+0x65880f) Direct leak of 184 byte(s) in 1 object(s) allocated from: #0 0x7fb3e3986602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x488c62 in bfd_malloc ../../bfd/libbfd.c:271 SUMMARY: AddressSanitizer: 520 byte(s) leaked in 2 allocation(s) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23496] Memory Leak of objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=23496 --- Comment #1 from Marsman1996 --- We use afl-mem, which is based on american fuzzy lop, to discover this problem. Thanks to american fuzzy lop and its author(lcam...@coredump.cx) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23496] Memory Leak of objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=23496 --- Comment #2 from Marsman1996 --- it was found by Yanhao and Marsman1996 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
