[Bug binutils/25624] New: attempting free on address which was not mallo

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/25624] New: attempting free on address which was not mallo

From:	natalierice at yeah dot net
Subject:	[Bug binutils/25624] New: attempting free on address which was not malloc()-ed
Date:	Tue, 03 Mar 2020 14:18:31 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=25624

            Bug ID: 25624
           Summary: attempting free on address which was not malloc()-ed
           Product: binutils
           Version: 2.34
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: natalierice at yeah dot net
  Target Milestone: ---

Created attachment 12337
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12337&action=edit
The crash which will trigger the bug.

natalie@mars:~/Research/Bug$ ./objdump --dwarf-check -C -g -f -dwarf -x
'/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16'
 

/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16:
    file format pei-i386
/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16
architecture: i386, flags 0x00000018:
HAS_DEBUG, HAS_SYMS
start address 0x00000000

Characteristics 0x104
        line numbers stripped
        32 bit words

Time/Date               Thu Jan  1 08:00:00 1970
Magic                   0000
MajorLinkerVersion      0
MinorLinkerVersion      0
SizeOfCode              00000000
SizeOfInitializedData   00000000
SizeOfUninitializedData 00000000
AddressOfEntryPoint     00000000
BaseOfCode              00000000
BaseOfData              00000000
ImageBase               00000000
SectionAlignment        00000000
FileAlignment           00000000
MajorOSystemVersion     0
MinorOSystemVersion     0
MajorImageVersion       0
MinorImageVersion       0
MajorSubsystemVersion   0
MinorSubsystemVersion   0
Win32Version            00000000
SizeOfImage             00000000
SizeOfHeaders           00000000
CheckSum                00000000
Subsystem               00000000        (unspecified)
DllCharacteristics      00000000
SizeOfStackReserve      00000000
SizeOfStackCommit       00000000
SizeOfHeapReserve       00000000
SizeOfHeapCommit        00000000
LoaderFlags             00000000
NumberOfRvaAndSizes     00000000

The Data Directory
Entry 0 00000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 00000000 00000000 Import Directory [parts of .idata]
Entry 2 00000000 00000000 Resource Directory [.rsrc]
Entry 3 00000000 00000000 Exception Directory [.pdata]
Entry 4 00000000 00000000 Security Directory
Entry 5 00000000 00000000 Base Relocation Directory [.reloc]
Entry 6 00000000 00000000 Debug Directory
Entry 7 00000000 00000000 Description Directory
Entry 8 00000000 00000000 Special Directory
Entry 9 00000000 00000000 Thread Storage Directory [.tls]
Entry a 00000000 00000000 Load Configuration Directory
Entry b 00000000 00000000 Bound Import Directory
Entry c 00000000 00000000 Import Address Table Directory
Entry d 00000000 00000000 Delay Import Directory
Entry e 00000000 00000000 CLR Runtime Header
Entry f 00000000 00000000 Reserved

Sections:
Idx Name          Size      VMA       LMA       File off  Algn  Flags
  0 .idata$4      00000004  00000000  00000000  00000000  2**2  CONTENTS,
ALLOC, LOAD, RELOC
  1 .idata$5      00000004  00000000  00000000  00000000  2**2  CONTENTS,
ALLOC, LOAD, RELOC
  2 .idata$6      00000004  00000000  00000000  00000000  2**2  CONTENTS,
ALLOC, LOAD
  3 .text         00000008  00000000  00000000  00000000  2**2  CONTENTS,
ALLOC, LOAD, RELOC, CODE
SYMBOL TABLE:
[  0](sec  0)(fl 0x00)(ty   0)(scl   3) (nx 0) 0x00000000 .idata$4
[  1](sec  1)(fl 0x00)(ty   0)(scl   3) (nx 0) 0x00000000 .idata$5
[  2](sec  2)(fl 0x00)(ty   0)(scl   3) (nx 0) 0x00000000 .idata$6
[  3](sec  1)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 _imp_
[  4](sec  3)(fl 0x00)(ty   0)(scl   3) (nx 0) 0x00000000 .text
[  5](sec  3)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 
[  6](sec  0)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 _IMPORT_DESCRIPTOR_



Disassembly of section .text:

00000000 <.text>:
   0:   ff 25 00 00 00 00       jmp    *0x0     2: dir32        _imp_
   6:   90                      nop
   7:   90                      nop
debug_name_type: no current file
=================================================================
==28956==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x61e0000004e0 in thread T0
    #0 0x4f2b58 in __interceptor_free
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
    #1 0x930929 in _bfd_coff_free_symbols
(/home/natalie/Research/Bug/objdump+0x930929)
    #2 0x94784c in _bfd_coff_close_and_cleanup
(/home/natalie/Research/Bug/objdump+0x94784c)
    #3 0x6b3960 in bfd_close_all_done
(/home/natalie/Research/Bug/objdump+0x6b3960)
    #4 0x53450c in display_file (/home/natalie/Research/Bug/objdump+0x53450c)
    #5 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
    #6 0x7fe6d16ba1e2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
    #7 0x41f60d in _start (/home/natalie/Research/Bug/objdump+0x41f60d)

0x61e0000004e0 is located 1120 bytes inside of 2505-byte region
[0x61e000000080,0x61e000000a49)
allocated by thread T0 here:
    #0 0x4f2f37 in malloc
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
    #1 0x6adebc in bfd_malloc (/home/natalie/Research/Bug/objdump+0x6adebc)
    #2 0x6ae174 in bfd_zmalloc (/home/natalie/Research/Bug/objdump+0x6ae174)
    #3 0x8cb5e8 in pe_ILF_build_a_bfd
(/home/natalie/Research/Bug/objdump+0x8cb5e8)
    #4 0x8ca374 in pe_ILF_object_p
(/home/natalie/Research/Bug/objdump+0x8ca374)
    #5 0x8c23ea in pe_bfd_object_p
(/home/natalie/Research/Bug/objdump+0x8c23ea)
    #6 0x6a7d7d in bfd_check_format_matches
(/home/natalie/Research/Bug/objdump+0x6a7d7d)
    #7 0x534aa9 in display_object_bfd
(/home/natalie/Research/Bug/objdump+0x534aa9)
    #8 0x5349b9 in display_any_bfd
(/home/natalie/Research/Bug/objdump+0x5349b9)
    #9 0x5344e8 in display_file (/home/natalie/Research/Bug/objdump+0x5344e8)
    #10 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
    #11 0x7fe6d16ba1e2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x271e2)

SUMMARY: AddressSanitizer: bad-free
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
in __interceptor_free
==28956==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/25624] New: attempting free on address which was not malloc()-ed, natalierice at yeah dot net <=
- [Bug binutils/25624] objdump: attempting free on address which was not malloc()-ed, natalierice at yeah dot net, 2020/03/03
- [Bug binutils/25624] objdump: attempting free on address which was not malloc()-ed, nickc at redhat dot com, 2020/03/03

Prev by Date: [Bug gas/25614] dwarf-5 allows for .file 0
Next by Date: [Bug binutils/25625] New: objdump: Aborted (core dumped)
Previous by thread: [Bug gas/25614] dwarf-5 allows for .file 0
Next by thread: [Bug binutils/25624] objdump: attempting free on address which was not malloc()-ed
Index(es):
- Date
- Thread