[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25961] New: [nm] crash at _IO_flush_all_lockp at genops.c:
|
From: |
dkcjd2000 at gmail dot com |
|
Subject: |
[Bug binutils/25961] New: [nm] crash at _IO_flush_all_lockp at genops.c:779 |
|
Date: |
Sat, 09 May 2020 15:42:04 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25961
Bug ID: 25961
Summary: [nm] crash at _IO_flush_all_lockp at genops.c:779
Product: binutils
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: dkcjd2000 at gmail dot com
Target Milestone: ---
Hello,
I'm currently developing a new fuzzing feature, and I found a crash in nm.
It crashed in _IO_flush_all_lockp at genops.c:779
I built it with Ubuntu 16.04 with gcc 5.4.0, and the following command to build
nm from the source:
./configure --enable-targets=all ; make clean all -j 4; make install
You can reproduce the crash with the following command:
./nm <attached file>
Program received signal SIGSEGV, Segmentation fault.
_IO_flush_all_lockp (do_lock=do_lock@entry=0) at genops.c:779
779 genops.c: No such file or directory.
(gdb) bt
#0 _IO_flush_all_lockp (do_lock=do_lock@entry=0) at genops.c:779
#1 0x00007ffff783ffbd in __GI_abort () at abort.c:74
#2 0x00007ffff78807ea in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x7ffff7999ed8 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff788937a in malloc_printerr (ar_ptr=<optimized out>,
ptr=<optimized out>, str=0x7ffff799a008 "double free or corruption (!prev)",
action=3) at malloc.c:5006
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at
malloc.c:3867
#5 0x00007ffff788d53c in __GI___libc_free (mem=<optimized out>) at
malloc.c:2968
#6 0x0000000000720eac in objalloc_free_block (o=0xb14f70,
block=block@entry=0xb165f0) at ./objalloc.c:286
#7 0x0000000000410855 in bfd_release (abfd=abfd@entry=0xb15290,
block=block@entry=0xb165f0) at opncls.c:1072
#8 0x00000000004754e1 in coff_get_normalized_symtab (abfd=abfd@entry=0xb15290)
at coffgen.c:1864
#9 0x000000000057fe67 in coff_slurp_symbol_table (abfd=0xb15290) at
coffcode.h:4465
#10 0x00000000004731a1 in coff_get_symtab_upper_bound (abfd=0xb15290) at
coffgen.c:426
#11 0x0000000000411b94 in _bfd_generic_read_minisymbols (abfd=0xb15290,
dynamic=0, minisymsp=0x7fffffffe188, sizep=0x7fffffffe184) at syms.c:813
#12 0x0000000000403e99 in display_rel_file (abfd=abfd@entry=0xb15290,
archive_bfd=archive_bfd@entry=0x0) at nm.c:1112
#13 0x000000000040488b in display_file (filename=0x7fffffffe5b0
"./report/crash3") at nm.c:1379
#14 0x0000000000404d50 in main (argc=2, argv=0x7fffffffe318) at nm.c:1860
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/25961] New: [nm] crash at _IO_flush_all_lockp at genops.c:779,
dkcjd2000 at gmail dot com <=
- [Bug binutils/25961] [nm] crash at _IO_flush_all_lockp at genops.c:779, dkcjd2000 at gmail dot com, 2020/05/09
- [Bug binutils/25961] [nm] crash at _IO_flush_all_lockp at genops.c:779, amodra at gmail dot com, 2020/05/11
- [Bug binutils/25961] buffer overflow in coff_swap_aux_in, amodra at gmail dot com, 2020/05/11
- [Bug binutils/25961] buffer overflow in coff_swap_aux_in, cvs-commit at gcc dot gnu.org, 2020/05/11
- [Bug binutils/25961] buffer overflow in coff_swap_aux_in, amodra at gmail dot com, 2020/05/11