[Bug binutils/23863] New: binutils-2.31.1 stack buffer overflow in nm -C
https://sourceware.org/bugzilla/show_bug.cgi?id=23863 Bug ID: 23863 Summary: binutils-2.31.1 stack buffer overflow in nm -C Product: binutils Version: 2.31 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: mmmtoxic at gmail dot com Target Milestone: --- Created attachment 11384 --> https://sourceware.org/bugzilla/attachment.cgi?id=11384&action=edit nm -C crash_file A stack buffer overflow found in binutils-2.31.1, trigged by "nm -C crash_file", running on Ubuntu 16.04 64-bit. It was found by AFL. The error information is as follows: ==83901==ERROR: AddressSanitizer: stack-overflow on address 0x7fff50701ff0 (pc 0x7f36458d326e bp 0x0020 sp 0x7fff50701fe0 T0) #0 0x7f36458d326d (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xb026d) #1 0x7f36458d2d67 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xafd67) #2 0x7f3645845f4f (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22f4f) #3 0x7f36458bb5d2 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2) #4 0x696530 in xmalloc xmalloc.c:147 #5 0x66f713 in string_need cplus-dem.c:4906 #6 0x66fbcf in string_append cplus-dem.c:4961 #7 0x66d5d2 in demangle_args cplus-dem.c:4578 #8 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #9 0x668a0a in do_type cplus-dem.c:3719 #10 0x66c0ee in do_arg cplus-dem.c:4332 #11 0x66dc1f in demangle_args cplus-dem.c:4659 #12 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #13 0x668a0a in do_type cplus-dem.c:3719 #14 0x66c0ee in do_arg cplus-dem.c:4332 #15 0x66dc1f in demangle_args cplus-dem.c:4659 #16 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #17 0x668a0a in do_type cplus-dem.c:3719 #18 0x66c0ee in do_arg cplus-dem.c:4332 #19 0x66dc1f in demangle_args cplus-dem.c:4659 #20 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #21 0x668a0a in do_type cplus-dem.c:3719 #22 0x66c0ee in do_arg cplus-dem.c:4332 #23 0x66dc1f in demangle_args cplus-dem.c:4659 #24 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #25 0x668a0a in do_type cplus-dem.c:3719 #26 0x66c0ee in do_arg cplus-dem.c:4332 #27 0x66dc1f in demangle_args cplus-dem.c:4659 #28 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #29 0x668a0a in do_type cplus-dem.c:3719 #30 0x66c0ee in do_arg cplus-dem.c:4332 #31 0x66dc1f in demangle_args cplus-dem.c:4659 #32 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #33 0x668a0a in do_type cplus-dem.c:3719 #34 0x66c0ee in do_arg cplus-dem.c:4332 #35 0x66dc1f in demangle_args cplus-dem.c:4659 #36 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #37 0x668a0a in do_type cplus-dem.c:3719 #38 0x66c0ee in do_arg cplus-dem.c:4332 #39 0x66dc1f in demangle_args cplus-dem.c:4659 #40 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #41 0x668a0a in do_type cplus-dem.c:3719 #42 0x66c0ee in do_arg cplus-dem.c:4332 #43 0x66dc1f in demangle_args cplus-dem.c:4659 #44 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #45 0x668a0a in do_type cplus-dem.c:3719 #46 0x66c0ee in do_arg cplus-dem.c:4332 #47 0x66dc1f in demangle_args cplus-dem.c:4659 #48 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #49 0x668a0a in do_type cplus-dem.c:3719 #50 0x66c0ee in do_arg cplus-dem.c:4332 #51 0x66dc1f in demangle_args cplus-dem.c:4659 #52 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #53 0x668a0a in do_type cplus-dem.c:3719 #54 0x66c0ee in do_arg cplus-dem.c:4332 #55 0x66dc1f in demangle_args cplus-dem.c:4659 #56 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #57 0x668a0a in do_type cplus-dem.c:3719 #58 0x66c0ee in do_arg cplus-dem.c:4332 #59 0x66dc1f in demangle_args cplus-dem.c:4659 #60 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #61 0x668a0a in do_type cplus-dem.c:3719 #62 0x66c0ee in do_arg cplus-dem.c:4332 #63 0x66dc1f in demangle_args cplus-dem.c:4659 #64 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #65 0x668a0a in do_type cplus-dem.c:3719 #66 0x66c0ee in do_arg cplus-dem.c:4332 #67 0x66dc1f in demangle_args cplus-dem.c:4659 #68 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #69 0x668a0a in do_type cplus-dem.c:3719 #70 0x66c0ee in do_arg cplus-dem.c:4332 #71 0x66dc1f in demangle_args cplus-dem.c:4659 #72 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #73 0x668a0a in do_type cplus-dem.c:3719 #74 0x66c0ee in do_arg cplus-dem.c:4332 #75 0x66dc1f in demangle_args cplus-dem.c:4659 #76 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #77 0x668a0a in do_type cplus-dem.c:3719 #78 0x66c0ee in do_arg cplus-dem.c:4332 #79 0x66dc1f in demangle_args cplus-dem.c:4659 #80 0x66e0f0 in demangle_nested_args cplus-dem.c:4713 #81 0x
[Bug binutils/23863] binutils-2.31.1 stack buffer overflow in nm -C
https://sourceware.org/bugzilla/show_bug.cgi?id=23863 --- Comment #2 from mmmtoxic at gmail dot com --- OK, thanks for your reply! nickc at redhat dot com 于2018年11月7日周三 上午1:35写道: > https://sourceware.org/bugzilla/show_bug.cgi?id=23863 > > Nick Clifton changed: > >What|Removed |Added > > > CC||nickc at redhat dot com > > --- Comment #1 from Nick Clifton --- > Hi mmmtoxic, > > Thanks for reporting this problem. Unfortunately the issue is in the > name demangling code in the libiberty library, which is actually part > of gcc, rather than the binutils. (It is used in binutils, but not > maintained here). So please could you report the bug to gcc. > > I should also point out that it is quite possible that this problem > will not be fixed, as it has already been reported (to gcc) several > times before. The underlying issue is that the name mangling format > allows for infinite recursion, and so it is always possible to > construct an artificially mangled name that will require an infinite > amout of stack space in order to demangle properly. > > Cheers > Nick > > -- > You are receiving this mail because: > You reported the bug. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
