heap-buffer-overflow vulnerability in function bfd_getb32 at libbfd.c:833; SEGV on unknown address, in function filter_symbols at nm.c:797

2025-04-04 Thread 苏童
Hi, I recently discovered a heap-buffer-overflow vulnerability when fuzzing nm-new. Here are some details: compile: export CC=gcc export CXX=g++ export CFLAGS="-g -fsanitize=address,undefined" export CXXFLAGS="-g -fsanitize=address,undefined" ./configure --disable-libdecnumber --disa

[Bug ld/24600] Support --start-lib --end-lib

2025-04-04 Thread macro at orcam dot me.uk
https://sourceware.org/bugzilla/show_bug.cgi?id=24600 Maciej W. Rozycki changed: What|Removed |Added Severity|normal |enhancement CC|

[Bug ld/32816] --{undefined,--require-defined} appears to fail against shared libraries

2025-04-04 Thread hjl.tools at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=32816 --- Comment #3 from H.J. Lu --- (In reply to Aliaksey Kandratsenka from comment #2) > As noted above, I have tried --no-as-needed. And yes it kinda "works", but > it is not great. > > There several imperfections with --no-as-needed: > > *)

[Bug binutils/32732] Binutils (objcopy) generates abnormally large, non-functional binaries since 121a3f4b4f4aac216abe239f6f3bd491b63e5e34

2025-04-04 Thread jbeulich at suse dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=32732 --- Comment #9 from Jan Beulich --- Before marking this resolved, I wonder if the change should be cherry-picked onto the 2.44 branch (there's likely little point in also putting it on the 2.43 one). Nick? -- You are receiving this mail beca

[Bug ld/32816] --{undefined,--require-defined} appears to fail against shared libraries

2025-04-04 Thread sam at gentoo dot org
https://sourceware.org/bugzilla/show_bug.cgi?id=32816 Sam James changed: What|Removed |Added CC||sam at gentoo dot org -- You are receivi

[Bug gas/32813] Missing REX prefix for LSL

2025-04-04 Thread hjl.tools at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=32813 --- Comment #7 from H.J. Lu --- (In reply to Andreas Abel from comment #5) > If it is not a bug, but a conscious choice to prefer the form without the > REX prefix to optimize the instruction size, I would expect that > `{nooptimize} LSL RCX,

[Bug ld/32816] --{undefined,--require-defined} appears to fail against shared libraries

2025-04-04 Thread alkondratenko at gmail dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=32816 --- Comment #2 from Aliaksey Kandratsenka --- As noted above, I have tried --no-as-needed. And yes it kinda "works", but it is not great. There several imperfections with --no-as-needed: *) automake stuff insists on having only -lfoobar (and

[Bug binutils/32732] Binutils (objcopy) generates abnormally large, non-functional binaries since 121a3f4b4f4aac216abe239f6f3bd491b63e5e34

2025-04-04 Thread cvs-commit at gcc dot gnu.org
https://sourceware.org/bugzilla/show_bug.cgi?id=32732 --- Comment #8 from Sourceware Commits --- The master branch has been updated by Jan Beulich : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43ea7d00a76eb3a8e30aa91657e535f86e8658c4 commit 43ea7d00a76eb3a8e30aa91657e535f86e8658c

Issue 408254000: binutils:fuzz_addr2line: Heap-buffer-overflow in bfd_getb16

2025-04-04 Thread buganizer-system
Replying to this email means your email address will be shared with the team that works on this product. https://issues.oss-fuzz.com/issues/408254000 Reference Info: 408254000 binutils:fuzz_addr2line: Heap-buffer-overflow in bfd_getb16 component: Public Trackers > 1362134 > OSS Fuzz status: New