[Bug other/89394] New: libiberty :stack overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 Bug ID: 89394 Summary: libiberty :stack overflow in nm Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 45757 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=45757&action=edit inputs trigger bugs reference from: https://sourceware.org/bugzilla/show_bug.cgi?id=24227 - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==1992137==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc986fff68 (pc 0x008975c5 bp 0x7ffc987000a0 sp 0x7ffc986fff70 T0) #0 0x8975c4 in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4149:7 #1 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #2 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #3 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #4 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #5 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #6 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #7 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #8 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #9 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #10 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #11 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #12 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #13 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #14 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #15 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #16 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #17 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #18 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #19 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #20 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #21 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #22 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #23 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #24 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #25 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #26 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #27 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #28 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #29 0x89
[Bug other/89395] New: libiberty: heap buffer overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 Bug ID: 89395 Summary: libiberty: heap buffer overflow in nm Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 45758 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=45758&action=edit inputs trigger bugs reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229 - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 (2019 Jan 24) - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==2003322==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e000d8 at pc 0x008957c6 bp 0x7ffdf2e36340 sp 0x7ffdf2e36338 READ of size 1 at 0x60e000d8 thread T0 #0 0x8957c5 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3356:12 #1 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #2 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #3 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #4 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #5 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #6 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #7 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #8 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #9 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #10 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #11 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #12 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #13 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #14 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #15 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #16 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #17 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #18 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #19 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #20 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #21 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #22 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #23 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #24 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #25 0x89610c in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3416:18 #26 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #27 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #28 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #29 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #30 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/b
[Bug other/89395] libiberty: heap buffer overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 --- Comment #1 from Peng Chen --- the code is from binutils: https://github.com/bminor/binutils-gdb/tree/master/libiberty git commit: 388a192d73df7439bf375d8b8042bb53a6be9c60
[Bug other/89394] libiberty :stack overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 --- Comment #1 from Peng Chen --- the code is from binutils: https://github.com/bminor/binutils-gdb/tree/master/libiberty git commit: 388a192d73df7439bf375d8b8042bb53a6be9c60
[Bug other/89394] libiberty :stack overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 --- Comment #2 from spinpx --- It can be reproduced in bintuils commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019)
[Bug other/89395] libiberty: heap buffer overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 --- Comment #2 from spinpx --- It can be reproduced in commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019)
[Bug other/89396] New: objdump: Out of memory in objalloc.c
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396 Bug ID: 89396 Summary: objdump: Out of memory in objalloc.c Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 45761 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=45761&action=edit input file trigger bugs Has reported on https://sourceware.org/bugzilla/show_bug.cgi?id=24232. - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1221228==ERROR: AddressSanitizer failed to allocate 0xc0e4e83000 (828474142720) bytes of LargeMmapAllocator (error code: 12) ==1221228==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x0041d000-0x00996000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00996000-0x00bc9000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bca000-0x00bcb000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bcb000-0x00c78000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00c78000-0x018e9000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f00
[Bug other/89398] New: objdump: Out of memory in xmalloc.c (libiberty)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89398 Bug ID: 89398 Summary: objdump: Out of memory in xmalloc.c (libiberty) Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 45762 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=45762&action=edit inputs trigger the bugs Has reported on https://sourceware.org/bugzilla/show_bug.cgi?id=24234 - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019) - run objdump -x input_file - asan report ==1247614==ERROR: AddressSanitizer failed to allocate 0x552000 (365072228352) bytes of LargeMmapAllocator (error code: 12) ==1247614==Process memory map follows: 0x0040-0x0041d000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x0041d000-0x00996000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00996000-0x00bc9000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bca000-0x00bcb000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00bcb000-0x00c78000 /mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump 0x00c78000-0x018e9000 0x7fff7000-0x8fff7000 0x8fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000-0x6020 0x6020-0x6021 0x6021-0x602e 0x602e-0x602e0001 0x602e0001-0x6030 0x6030-0x6031 0x6031-0x603e 0x603e-0x603e0001 0x603e0001-0x6040 0x6040-0x6041 0x6041-0x604e 0x604e-0x604e0001 0x604e0001-0x6060 0x6060-0x6061 0x6061-0x606e 0x606e-0x606e0001 0x606e0001-0x6070 0x6070-0x6071 0x6071-0x607e 0x607e-0x607e0001 0x607e0001-0x6080 0x6080-0x6081 0x6081-0x608e 0x608e-0x608e0001 0x608e0001-0x60b0 0x60b0-0x60b1 0x60b1-0x60be 0x60be-0x60be0001 0x60be0001-0x60c0 0x60c0-0x60c1 0x60c1-0x60ce 0x60ce-0x60ce0001 0x60ce0001-0x60f0 0x60f0-0x60f1 0x60f1-0x60fe 0x60fe-0x60fe0001 0x60fe0001-0x6100 0x6100-0x6101 0x6101-0x610e 0x610e-0x610e0001 0x610e0001-0x6110 0x6110-0x6111 0x6111-0x611e 0x611e-0x611e0001 0x611e0001-0x6120 0x6120-0x6121 0x6121-0x612e 0x612e-0x612e0001 0x612e0001-0x6140 0x6140-0x6141 0x6141-0x614e 0x614e-0x614e0001 0x614e0001-0x6160 0x6160-0x6161 0x6161-0x616e 0x616e-0x616e0001 0x616e0001-0x6180 0x6180-0x6181 0x6181-0x618e 0x618e-0x618e0001 0x618e0001-0x6190 0x6190-0x6191 0x6191-0x619e 0x619e-0x619e0001 0x619e0001-0x61a0 0x61a0-0x61a1 0x61a1-0x61ae 0x61ae-0x61ae0001 0x61ae0001-0x61b0 0x61b0-0x61b1 0x61b1-0x61be 0x61be-0x61be0001 0x61be0001-0x61d0 0x61d0-0x61d1 0x61d1-0x61de 0x61de-0x61de0001 0x61de0001-0x61f0 0x61f0-0x61f00
[Bug other/89395] libiberty: heap buffer overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 --- Comment #3 from spinpx --- CVE-2019-9070
[Bug other/89394] libiberty :stack overflow in nm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 --- Comment #3 from spinpx --- CVE-2019-9071
