[Bug gas/23075] New: Stack Exhaustion in resolve

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gas/23075] New: Stack Exhaustion in resolve_expression when address

From:	mudongliangabcd at gmail dot com
Subject:	[Bug gas/23075] New: Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled
Date:	Tue, 17 Apr 2018 17:12:34 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23075

            Bug ID: 23075
           Summary: Stack Exhaustion in resolve_expression when address
                    sanitizer of GCC is enabled
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: mudongliangabcd at gmail dot com
  Target Milestone: ---

Created attachment 10953
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10953&action=edit
PoC to trigger stack exhaustion

Trigger Method:

```
https://ftp.gnu.org/gnu/binutils/binutils-2.30.tar.gz
tar -xvf binutils-2.30.tar.gz
cd binutils-2.30/
CFLAGS="-O2 -g -fstack-protector-all -fsanitize=address" LDFLAGS="-ldl"
./configure --enable-shared=no --enable-static=yes
make

cd gas
gdb ./as-new
(gdb) r poc.segv
```

Result of Address Sanitizer:

```
=================================================================
==11406==ERROR: AddressSanitizer: stack-overflow on address 0x7ffda8ea3f90 (pc
0x55c063bee4d4 bp 0x7ffda8ea3f90 sp 0x7ffda8ea3f70 T0)
    #0 0x55c063bee4d3 in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521
    #1 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #2 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
    ......
    #247 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #248 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543
    #249 0x55c063bbd050 in resolve_expression
/home/mdl/Downloads/binutils-2.30-test/gas/expr.c:2127
    #250 0x55c063beea6d in snapshot_symbol
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1543

SUMMARY: AddressSanitizer: stack-overflow
/home/mdl/Downloads/binutils-2.30-test/gas/symbols.c:1521 in snapshot_symbol
==11406==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug gas/23075] New: Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled, mudongliangabcd at gmail dot com <=
- [Bug gas/23075] Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled, amodra at gmail dot com, 2018/04/17

Prev by Date: [Bug ld/23055] Multiple memory corruption in ld-new (binuitils-2.30-15ubuntu1)
Next by Date: [Bug gas/23075] Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled
Previous by thread: [Bug binutils/23071] New: gas and binutils testsuite errors for mipsisa32r2el-linux-gnu apparently due to defaulted architecture
Next by thread: [Bug gas/23075] Stack Exhaustion in resolve_expression when address sanitizer of GCC is enabled
Index(es):
- Date
- Thread