[Bug ld/23806] New: Invalid Address Read problem was discovered in funct

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/23806] New: Invalid Address Read problem was discovered in funct

From:	wcventure at 126 dot com
Subject:	[Bug ld/23806] New: Invalid Address Read problem was discovered in function merge_strings() in merge.c in bfd
Date:	Sun, 21 Oct 2018 10:59:19 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23806

            Bug ID: 23806
           Summary: Invalid Address Read problem was discovered in
                    function merge_strings() in merge.c in bfd
           Product: binutils
           Version: 2.31
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: wcventure at 126 dot com
  Target Milestone: ---

Created attachment 11358
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11358&action=edit
POC

Hi, there.
An Invalid Memory Address Dereference problem was discovered in function
merge_strings() in merge.c in bfd of binutils 2.31 the latest code base. A
crafted ELF input can cause segment faults and I have confirmed them with
address sanitizer too.

Please use the "./ld -E $POC" to reproduce the bug.


The ASAN dumps the stack trace as follows:

> ASAN:DEADLYSIGNAL
> =================================================================
> ==7821==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 
> 0x00000109f0a5 bp 0x7ffd27ebac70 sp 0x7ffd27eba4e0 T0)
>     #0 0x109f0a4 in merge_strings bintuils_gdb/bfd/merge.c:712:32
>     #1 0x10979ce in _bfd_merge_sections bintuils_gdb/bfd/merge.c:762:9
>     #2 0xba24d3 in _bfd_elf_merge_sections bintuils_gdb/bfd/elflink.c:7398:5
>     #3 0x589ea4 in lang_process bintuils_gdb/ld/ldlang.c:7543:7
>     #4 0x5fd19c in main bintuils_gdb/ld/./ldmain.c:438:3
>     #5 0x7f6f3917682f in __libc_start_main 
> /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
>     #6 0x419638 in _start 
> (/media/hjwang/01D3344861A8D2E0/wcventure/Project/binutils_latest_ASAN_O0/build/bin/ld+0x419638)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV bintuils_gdb/bfd/merge.c:712:32 in 
> merge_strings
> ==7821==ABORTING
> Aborted

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/23806] New: Invalid Address Read problem was discovered in function merge_strings() in merge.c in bfd, wcventure at 126 dot com <=
- [Bug ld/23806] NULL Pointer Dereference problem was discovered in function merge_strings() in merge.c in bfd, wcventure at 126 dot com, 2018/10/21
- [Bug ld/23806] NULL Pointer Dereference problem was discovered in function merge_strings() in merge.c in bfd, amodra at gmail dot com, 2018/10/23
- [Bug ld/23806] NULL Pointer Dereference problem was discovered in function merge_strings() in merge.c in bfd, cvs-commit at gcc dot gnu.org, 2018/10/23
- [Bug ld/23806] NULL Pointer Dereference problem was discovered in function merge_strings() in merge.c in bfd, amodra at gmail dot com, 2018/10/23

Prev by Date: [Bug binutils/23804] New: Heap-buffer-overflow problem in function Sec_merge_hash_lookup in merge.c, as demonstrated by "ld -E"
Next by Date: [Bug ld/23805] New: An Invalid Memory Address Dereference exists in the function elf_link_input_bfd() in merge.c
Previous by thread: [Bug binutils/23804] New: Heap-buffer-overflow problem in function Sec_merge_hash_lookup in merge.c, as demonstrated by "ld -E"
Next by thread: [Bug ld/23806] NULL Pointer Dereference problem was discovered in function merge_strings() in merge.c in bfd
Index(es):
- Date
- Thread