[Bug binutils/26167] New: execess free on non malloc memory, nm

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/26167] New: execess free on non malloc memory, nm

From:	featherrain26 at gmail dot com
Subject:	[Bug binutils/26167] New: execess free on non malloc memory, nm
Date:	Wed, 24 Jun 2020 15:59:57 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26167

            Bug ID: 26167
           Summary: execess free on non malloc memory, nm
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: featherrain26 at gmail dot com
  Target Milestone: ---

Created attachment 12658
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12658&action=edit
POC input

Hi,

There is a memeory corruption problem which attempt to free the non malloc
memory.

This is my environment:
DISTRIB_DESCRIPTION="Ubuntu 16.04.6 LTS"

Here is the trace reported by ASAN:
==42616==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x61e00000f4e0 in thread T0
    #0 0x7f82d981a32a in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x789095 in _bfd_coff_free_symbols ../../bfd/coffgen.c:1782
    #2 0x789095 in _bfd_coff_close_and_cleanup ../../bfd/coffgen.c:3180
    #3 0x466df8 in bfd_close_all_done ../../bfd/opncls.c:789
    #4 0x466df8 in bfd_close ../../bfd/opncls.c:759
    #5 0x4129fa in display_file ../../binutils/nm.c:1392
    #6 0x4081a7 in main ../../binutils/nm.c:1860
    #7 0x7f82d91d482f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x40a248 in _start
(/mnt/data/playground/binutils-2.34-a/build/binutils/nm-new+0x40a248)

0x61e00000f4e0 is located 1120 bytes inside of 2505-byte region
[0x61e00000f080,0x61e00000fa49)
allocated by thread T0 here:
    #0 0x7f82d981a7fa in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x987fa)
    #1 0x45a82a in bfd_malloc ../../bfd/libbfd.c:275
    #2 0x45a82a in bfd_zmalloc ../../bfd/libbfd.c:360

SUMMARY: AddressSanitizer: bad-free ??:0 __interceptor_free
==42616==ABORTING


To reproduce, compile the program with address sanitizer, then run 

nm -C -a -l --synthetic input

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/26167] New: execess free on non malloc memory, nm, featherrain26 at gmail dot com <=
- [Bug binutils/26167] execess free on non malloc memory, nm, amodra at gmail dot com, 2020/06/25

Prev by Date: [Bug ld/26165] Odd ld --help output
Next by Date: [Bug binutils/26168] New: Feature request: support .symtab .strtab and .shstrtab as output section descriptions
Previous by thread: [Bug binutils/26166] New: Heap user after free in nm
Next by thread: [Bug binutils/26167] execess free on non malloc memory, nm
Index(es):
- Date
- Thread