[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25072] New: malloc(): memory corruption in function print_
From: |
bugzilla.sourceware at qiushi dot ac.cn |
Subject: |
[Bug binutils/25072] New: malloc(): memory corruption in function print_symbol |
Date: |
Mon, 07 Oct 2019 16:49:38 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25072
Bug ID: 25072
Summary: malloc(): memory corruption in function print_symbol
Product: binutils
Version: 2.34 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: bugzilla.sourceware at qiushi dot ac.cn
Target Milestone: ---
Created attachment 12027
--> https://sourceware.org/bugzilla/attachment.cgi?id=12027&action=edit
poc3
```
# gdb ./binutils-gdb/binutils/nm-new -ex 'r -A -a -l -S -s --special-syms
--synthetic --with-symbol-versions -D
poc3_malloc-memory-corruption_print_symbol' -ex bt -ex quit
malloc(): memory corruption
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff7603801 in __GI_abort () at abort.c:79
#2 0x00007ffff764c897 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff7779b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff765390a in malloc_printerr (str=str@entry=0x7ffff7777e0e
"malloc(): memory corruption") at malloc.c:5350
#4 0x00007ffff7657994 in _int_malloc (av=av@entry=0x7ffff79aec40 <main_arena>,
bytes=bytes@entry=280) at malloc.c:3738
#5 0x00007ffff765a0fc in __GI___libc_malloc (bytes=280) at malloc.c:3057
#6 0x00000000007b608d in xmalloc (size=<optimized out>) at ./xmalloc.c:147
#7 0x0000000000408f5b in print_symbol (abfd=abfd@entry=0xa0d6b0, sym=0xa1d4a0,
ssize=ssize@entry=0, archive_bfd=archive_bfd@entry=0x0) at nm.c:965
#8 0x000000000040a59d in print_symbols (archive_bfd=0x0, size=8,
symcount=<optimized out>, minisyms=<optimized out>, is_dynamic=1,
abfd=0xa0d6b0) at nm.c:1088
#9 display_rel_file (abfd=abfd@entry=0xa0d6b0,
archive_bfd=archive_bfd@entry=0x0) at nm.c:1210
#10 0x000000000040d6de in display_file (filename=0x7fffffffe738
"poc3_malloc-memory-corruption_print_symbol") at nm.c:1377
#11 0x0000000000405882 in main (argc=11, argv=0x7fffffffe448) at nm.c:1858
```
Reproducible docker image has been pushed to
`zjuchenyuan/dockerized_poc:binutils-pocs`, but ASAN build seems cannot giving
backtrace information.
Dockerfile: (I would suggest removing AFL_USE_ASAN environment)
```
FROM zjuchenyuan/afl
ENV AFL_USE_ASAN=1
RUN git clone git://sourceware.org/git/binutils-gdb.git --depth 50 &&\
cd binutils-gdb &&\
git checkout 816228ed09dc867fa16dc5458277d649885d98fe &&\
./configure --disable-shared &&\
for i in bfd libiberty opcodes libctf; do cd $i; ./configure
--disable-shared && make -j; cd ..; done &&\
cd binutils &&\
./configure --disable-shared &&\
make objdump nm-new size readelf cxxfilt
RUN apt install -y gdb &&\
echo -e "set pagination off\nset confirm off" > /root/.gdbinit
ADD . /
# we may need to compile again without ASAN to use gdb
RUN gdb ./binutils-gdb/binutils/nm-new -ex 'r -A -a -l -S -s --special-syms
--synthetic --with-symbol-versions -D
poc3_malloc-memory-corruption_print_symbol' -ex bt -ex quit
```
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/25072] New: malloc(): memory corruption in function print_symbol,
bugzilla.sourceware at qiushi dot ac.cn <=