[Bug binutils/21880] Memory leak in demangle

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=21880

Dongliang Mu  changed:

   What|Removed |Added

 CC||mudongliangabcd at gmail dot 
com

--- Comment #4 from Dongliang Mu  ---
Hello Google AutoFuzz Team:

I tried to reproduce this bug in the docker, but when I compiled
demangle_fuzzer.cc. It encounters one error:

$ $CXX $CXXFLAGS $LDFLAGS -I../include ../libiberty/demangle_fuzzer.cc
libiberty.a -lFuzzer -o demangle_fuzzer
In file included from ../libiberty/demangle_fuzzer.cc:5:
In file included from ../include/demangle.h:32:
../include/libiberty.h:112:14: error: 'basename' is missing exception
specification 'throw()'
extern char *basename (const char *) ATTRIBUTE_RETURNS_NONNULL
ATTRIBUTE_NONNULL(1);
 ^
 throw()
/usr/include/string.h:601:26: note: previous declaration is here
extern "C++" const char *basename (const char *__filename)
 ^
1 error generated.


How do I fix this problem and then trigger the bug?

Note, in the confguration of binutils, "--host" option is essential.

The new Dockerfile for my case is
https://gist.github.com/mudongliang/3c14d1c4937a9aa6035957f34adfe68f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/21880] Memory leak in demangle

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=21880

--- Comment #5 from Dongliang Mu  ---
(In reply to Dongliang Mu from comment #4)
> Hello Google AutoFuzz Team:
> 
> I tried to reproduce this bug in the docker, but when I compiled
> demangle_fuzzer.cc. It encounters one error:
> 
> $ $CXX $CXXFLAGS $LDFLAGS -I../include ../libiberty/demangle_fuzzer.cc
> libiberty.a -lFuzzer -o demangle_fuzzer
> In file included from ../libiberty/demangle_fuzzer.cc:5:
> In file included from ../include/demangle.h:32:
> ../include/libiberty.h:112:14: error: 'basename' is missing exception
> specification 'throw()'
> extern char *basename (const char *) ATTRIBUTE_RETURNS_NONNULL
> ATTRIBUTE_NONNULL(1);
>  ^
>  throw()
> /usr/include/string.h:601:26: note: previous declaration is here
> extern "C++" const char *basename (const char *__filename)
>  ^
> 1 error generated.
> 
> 
> How do I fix this problem and then trigger the bug?
>

-DHAVE_DECL_BASENAME is missing.

Sorry for the noise. 
> Note, in the confguration of binutils, "--host" option is essential.
> 
> The new Dockerfile for my case is
> https://gist.github.com/mudongliang/3c14d1c4937a9aa6035957f34adfe68f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] New: Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

Bug ID: 23008
   Summary: Stack Overflow(Stack Exhaustion) in demangle related
functions
   Product: binutils
   Version: 2.30
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

Created attachment 10917
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10917&action=edit
PoC to trigger stack exhaustion

One Stack Exhausting issue found in binutils-2.29 and 2.30.

The configuration of binutils is :

CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
make

The trigger method is :

cd 
./binutils/cxxfilt < poc

Then you will see message log in binutils 2.29,

==3711==ERROR: AddressSanitizer: stack-overflow on address 0x7fffa0a43fc8 (pc
0x00476e18 bp 0x7fffa0a44850 sp 0x7fffa0a43fd0 T0)
#0 0x476e17 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x476e17)
#1 0x91170e 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x91170e)
#2 0x91f24e 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x91f24e)
#3 0x921a47 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921a47)
#4 0x900f13 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x900f13)
#5 0x921316 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921316)
#6 0x92020d 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x92020d)
#7 0x921a47 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921a47)
#8 0x900f13 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x900f13)
#9 0x921316 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921316)
#10 0x92020d 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x92020d)
#11 0x921a47 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921a47)
#12 0x900f13 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x900f13)
#13 0x921316 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921316)
#14 0x92020d 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x92020d)
#15 0x921a47 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x921a47)
#16 0x900f13 
(/home/jun/revision/testsuites/binutils-2.29/binutils/cxxfilt+0x900f13)
..

and message log in binutils 2.30:

Program received signal SIGSEGV, Segmentation fault.
0x74e6040c in malloc () from /usr/lib/x86_64-linux-gnu/libasan.so.0
(gdb) info stack
#0  0x74e6040c in malloc () from /usr/lib/x86_64-linux-gnu/libasan.so.0
#1  0x006c7465 in xmalloc (size=32) at ./xmalloc.c:147
#2  0x0069f731 in string_need (s=0x7f7ff950, n=32) at
./cplus-dem.c:4906
#3  0x0069fc5a in string_append (p=0x7f7ff950, s=0x753f60 "(") at
./cplus-dem.c:4961
#4  0x0069cf75 in demangle_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f7ff950) at ./cplus-dem.c:4578
#5  0x0069da72 in demangle_nested_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f7ff950) at ./cplus-dem.c:4713
#6  0x00697c48 in do_type (work=0x7fffe3b0, mangled=0x7fffe2c0,
result=0x6006000eb5d0) at ./cplus-dem.c:3719
#7  0x0069b798 in do_arg (work=0x7fffe3b0, mangled=0x7fffe2c0,
result=0x7f7ffb40) at ./cplus-dem.c:4332
#8  0x0069d60c in demangle_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f7ffcc0) at ./cplus-dem.c:4659
#9  0x0069da72 in demangle_nested_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f7ffcc0) at ./cplus-dem.c:4713
#10 0x00697c48 in do_type (work=0x7fffe3b0, mangled=0x7fffe2c0,
result=0x6006000eb630) at ./cplus-dem.c:3719
#11 0x0069b798 in do_arg (work=0x7fffe3b0, mangled=0x7fffe2c0,
result=0x7f7ffeb0) at ./cplus-dem.c:4332
#12 0x0069d60c in demangle_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f800030) at ./cplus-dem.c:4659
#13 0x0069da72 in demangle_nested_args (work=0x7fffe3b0,
mangled=0x7fffe2c0, declp=0x7f800030) at ./cplus-dem.c:4713
#14 0x00697c48 in do_type (work=0x7fffe3b0, mangled=0x7fffe2c0,
result=0x6006000eb690) at ./cplus-dem.c:3719

One interesting point: The address sanitizer in gcc is enabled, but it does not
detect this stack overflow/exhaustion in binutils-2.30. The same to the current
master branch in binutils git repo.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #2 from Dongliang Mu  ---
Hi Nick,

first let me show my concrete instructions to convince you it is reproducible.
And then I will post it to GCC Bugzilla.

```
wget https://ftp.gnu.org/gnu/binutils/binutils-2.29.tar.gz
tar -xvf binutils-2.29.tar.gz 
cd binutils-2.29/
CC=clang CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address"
./configure
make
cd binutils/
ls
./cxxfilt < ~/Downloads/poc
```
Then you will see :

```
ASAN:DEADLYSIGNAL
=
==25076==ERROR: AddressSanitizer: stack-overflow on address 0x7ffeaf715ff8 (pc
0x0042315c bp 0x7ffeaf716890 sp 0x7ffeaf716000 T0)
#0 0x42315b in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*)
(/home/mdl/Downloads/binutils-2.29/binutils/cxxfilt+0x42315b)
#1 0x4d23cb in malloc
(/home/mdl/Downloads/binutils-2.29/binutils/cxxfilt+0x4d23cb)
#2 0x9289c7 in xmalloc
/home/mdl/Downloads/binutils-2.29/libiberty/./xmalloc.c:147:12
#3 0x8dfe15 in string_need
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4906:21
#4 0x8de7b8 in string_append
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4961:3
#5 0x8ebd1f in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4578:7
#6 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
#7 0x8ce628 in do_type
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:3719:9
#8 0x8edd4d in do_arg
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4332:8
#9 0x8eccac in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4659:9
#10 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
#11 0x8ce628 in do_type
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:3719:9
#12 0x8edd4d in do_arg
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4332:8
#13 0x8eccac in demangle_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4659:9
#14 0x8ee467 in demangle_nested_args
/home/mdl/Downloads/binutils-2.29/libiberty/./cplus-dem.c:4713:12
```

Originally I reproduced this issue in Ubuntu 14.04.5 LTS. Now I test and
successfully reproduce it in Debian Testing.

The same method to reproduce it in binutils-2.30. You will get the following
error message:

```
ASAN:DEADLYSIGNAL
=
==25373==ERROR: AddressSanitizer: stack-overflow on address 0x7fff177ecff8 (pc
0x008dfe9b bp 0x7fff177ed3b0 sp 0x7fff177ed000 T0)
#0 0x8dfe9a in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4578:22
#1 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
#2 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
#3 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
#4 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
#5 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
#6 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
#7 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
#8 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
#9 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
#10 0x8c27a8 in do_type
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:3719:9
#11 0x8e1ecd in do_arg
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4332:8
#12 0x8e0e2c in demangle_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4659:9
#13 0x8e25e7 in demangle_nested_args
/home/mdl/Downloads/binutils-2.30/libiberty/./cplus-dem.c:4713:12
```

If you have any problem to reproduce this issue, please let me know.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #4 from Dongliang Mu  ---
Created attachment 10921
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10921&action=edit
Dockerfile for Ubuntu 14.04

Dockerfile for Ubuntu 14.04LTS to prove it is reproducible

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #5 from Dongliang Mu  ---
Created attachment 10922
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10922&action=edit
Dockerfile for Debian Stable

Dockerfile to prove it is reproducible with Address Sanitizer in clang

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #6 from Dongliang Mu  ---
When I try to reproduce this problem with Address Sanitizer in GCC, there are
some wired errors when I compiled binutils:

```
/usr/bin/ld: ../bfd/.libs/libbfd.a(plugin.o): undefined reference to symbol
'dlsym@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libdl.so.2: error adding symbols: DSO missing from
command line
collect2: error: ld returned 1 exit status
```
And "Dockerfile for Ubuntu 14.04" is related with Address Sanitizer in GCC,
"Dockerfile for Debian Stable" is related with Address Sanitizer in Clang.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

Dongliang Mu  changed:

   What|Removed |Added

  Attachment #10922|Dockerfile for Debian   |Dockerfile for Debian
description|Stable  |Stable (Clang with
   ||AddressSanitizer)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

Dongliang Mu  changed:

   What|Removed |Added

  Attachment #10921|Dockerfile for Ubuntu 14.04 |Dockerfile for Ubuntu
description||14.04(GCC AddressSanitizer)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

Dongliang Mu  changed:

   What|Removed |Added

  Attachment #10921|Dockerfile for Ubuntu   |Dockerfile for Ubuntu
description|14.04(GCC AddressSanitizer) |14.04(GCC with
   ||AddressSanitizer)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #9 from Dongliang Mu  ---
Created attachment 10925
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10925&action=edit
Dockerfile for Debian Stable (GCC with AddressSanitizer)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23008] Stack Overflow(Stack Exhaustion) in demangle related functions

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23008

--- Comment #10 from Dongliang Mu  ---
Hi, Nick:

Thank you for pointing out that issue. I have tested that issue on Debian
Stable(GCC + AddressSanitizer, and Clang + AddressSanitizer) and attached three
Dockerfiles to prove it is reproducible.

Now I will try to report this bug in GCC Bugzilla.

Finally, thanks for your good work, Nick.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/23049] New: Endless recursive call inside resolve_symbol_value

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23049

Bug ID: 23049
   Summary: Endless recursive call inside resolve_symbol_value
   Product: binutils
   Version: 2.30
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: gas
  Assignee: unassigned at sourceware dot org
  Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/23049] Endless recursive call inside resolve_symbol_value

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23049

--- Comment #1 from Dongliang Mu  ---
Created attachment 10940
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10940&action=edit
PoC to trigger endless recursive calls

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/23049] Endless recursive call inside resolve_symbol_value

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23049

--- Comment #2 from Dongliang Mu  ---
Trigger method: 

wget https://ftp.gnu.org/gnu/binutils/binutils-2.30.tar.gz
tar -xvf binutils-2.30.tar.gz 
cd binutils-2.30/
./configure 
make
cd gas/
wget https://sourceware.org/bugzilla/attachment.cgi?id=10940 -O poc_hang
gdb ./as-new
(gdb) r poc_hang

Stack Trace:

#0  resolve_symbol_value (symp=symp@entry=0x55999fa0) at symbols.c:1345
#1  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x55999ec0)
at symbols.c:1320
#2  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x5599a4f0)
at symbols.c:1320
#3  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x5599a550)
at symbols.c:1320
#4  0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x5599a5b0)
at symbols.c:1321
#5  0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x5599a070)
at symbols.c:1321
#6  0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x5599a0d0)
at symbols.c:1321
#7  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x5599a190)
at symbols.c:1320
#8  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x5599a250)
at symbols.c:1320
#9  0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x5599a2b0)
at symbols.c:1320
#10 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559ddfb0)
at symbols.c:1320
#11 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559de010)
at symbols.c:1320
#12 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559de070)
at symbols.c:1321
#13 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559de250)
at symbols.c:1320
#14 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559de2b0)
at symbols.c:1321
#15 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559de310)
at symbols.c:1321
#16 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x5599a610)
at symbols.c:1321
#17 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559dd8f0)
at symbols.c:1321
#18 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559dd950)
at symbols.c:1320
#19 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559dda10)
at symbols.c:1320
#20 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559dda70)
at symbols.c:1320
#21 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559de380)
at symbols.c:1321
#22 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e6530)
at symbols.c:1320
#23 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e6590)
at symbols.c:1320
#24 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e7610)
at symbols.c:1321
#25 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e7670)
at symbols.c:1320
#26 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e7790)
at symbols.c:1320
#27 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e7970)
at symbols.c:1320
#28 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e7a90)
at symbols.c:1320
#29 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e7f70)
at symbols.c:1320
#30 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e7fd0)
at symbols.c:1321
#31 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e8030)
at symbols.c:1321
#32 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e8090)
at symbols.c:1321
#33 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559de3e0)
at symbols.c:1321
#34 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e3ad0)
at symbols.c:1321
#35 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e3b30)
at symbols.c:1321
#36 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559e3b90)
at symbols.c:1320
#37 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559e8100)
at symbols.c:1321
#38 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f2110)
at symbols.c:1320
#39 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f2170)
at symbols.c:1320
#40 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559f21d0)
at symbols.c:1321
#41 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f23b0)
at symbols.c:1320
#42 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f24d0)
at symbols.c:1320
#43 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f39d0)
at symbols.c:1320
#44 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f3af0)
at symbols.c:1320
#45 0x555cd1a1 in resolve_symbol_value (symp=symp@entry=0x559f61f0)
at symbols.c:1320
#46 0x555cd1b2 in resolve_symbol_value (symp=symp@entry=0x559f6250)
at symbols.c:1321
#47 0x555cd1a1 in resolve_symbol_value (symp

[Bug gas/23075] New: Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23075

Bug ID: 23075
   Summary: Stack Exhaustion in resolve_expression when address
sanitizer of GCC is enabled
   Product: binutils
   Version: 2.30
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: gas
  Assignee: unassigned at sourceware dot org
  Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

Created attachment 10953
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10953&action=edit
PoC to trigger stack exhaustion

Trigger Method:

```
https://ftp.gnu.org/gnu/binutils/binutils-2.30.tar.gz
tar -xvf binutils-2.30.tar.gz
cd binutils-2.30/
CFLAGS="-O2 -g -fstack-protector-all -fsanitize=address" LDFLAGS="-ldl"
./configure --enable-shared=no --enable-static=yes
make

cd gas
gdb ./as-new
(gdb) r poc.segv
```

Result of Address Sanitizer:

```
=
==11406==ERROR: AddressSanitizer: stack-overflow on address 0x7ffda8ea3f90 (pc
0x55c063bee4d4 bp 0x7ffda8ea3f90 sp 0x7ffda8ea3f70 T0)
#0 0x55c063bee4d3 in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521
#1 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
#2 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
..
#247 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
#248 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
#249 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
#250 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543

SUMMARY: AddressSanitizer: stack-overflow
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521 in snapshot_symbol
==11406==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23165] New: Several Memory Leaks in chew of binutils

[mudongliangabcd at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23165

Bug ID: 23165
   Summary: Several Memory Leaks in chew of binutils
   Product: binutils
   Version: 2.31 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

I found several memory leaks with Address Sanitizer or Valgrind.

Reproduction method:

```
git clone git://sourceware.org/git/binutils-gdb.git

mkdir obj_clang
CC=clang CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address"
../configure
make
cd bfd/doc/
./chew -f < ../../../bfd/aoutx.h 

or

mkdir obj_native
../configure 
make
cd bfd/doc/
valgrind --leak-check=full  --show-leak-kinds=all ./chew -f <
../../../bfd/aoutx.h 
```

Result of Address Sanitizer:

```
$ ./chew -f < ../../../bfd/aoutx.h
Can't open the input file (null)

=
==21926==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4d1cc5 in realloc
(/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/chew+0x4d1cc5)
#1 0x5137db in catbuf
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:231:30
#2 0x5128c9 in read_in
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:1505:7
#3 0x50db66 in main
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:1582:3
#4 0x7f573d8f1a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)

Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4d1cc5 in realloc
(/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/chew+0x4d1cc5)
#1 0x51267f in catchar
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:204:30
#2 0x512b55 in remove_noncomments
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:479:5
#3 0x50dba4 in main
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:1583:3
#4 0x7f573d8f1a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)

Direct leak of 5000 byte(s) in 1 object(s) allocated from:
#0 0x4d18a0 in malloc
(/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/chew+0x4d18a0)
#1 0x513ac9 in init_string_with_size
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:131:26
#2 0x50e269 in init_string
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:138:3
#3 0x50dcfd in main
/home/mdl/Downloads/binutils-gdb/obj_afl/bfd/doc/../../../bfd/doc/chew.c:1592:8
#4 0x7f573d8f1a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)

SUMMARY: AddressSanitizer: 345000 byte(s) leaked in 3 allocation(s).
```

Result of Valgrind:

```
https://gist.github.com/mudongliang/03c97f7c39c19c6013c3bd5a549a2282
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils