[Bug binutils/26244] New: An error in _objalloc

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/26244] New: An error in _objalloc_alloc

From:	15664243668 at 163 dot com
Subject:	[Bug binutils/26244] New: An error in _objalloc_alloc
Date:	Wed, 15 Jul 2020 15:59:10 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26244

            Bug ID: 26244
           Summary: An error in _objalloc_alloc
           Product: binutils
           Version: 2.34
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 15664243668 at 163 dot com
  Target Milestone: ---

Created attachment 12702
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12702&action=edit
PoC

I have found an error in _objalloc_alloc function by fuzzing. This error is
triggered by

#size PoC

I compiled binutils-2.34 with the address sanitizer in Ubuntu 16.04 as x86-64
version, and rerun the command. The information is printed below:

./asan_target64/size 
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (ac000000000010) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (d600010000000000) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (20000010) larger than the file size
./asan_target64/size:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16:
unknown type [0xff000008] section `'
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (ac000000000010) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (d600010000000000) larger than the file size
./asan_target64/size: warning:
./output/binutils-2-34/size/3/crashes/id:000220,sig:06,src:004277,op:havoc,rep:16
has a corrupt section with a size (20000010) larger than the file size
==9969==WARNING: AddressSanitizer failed to allocate 0x158000000000030 bytes
==9969==AddressSanitizer's allocator is terminating the process instead of
returning 0
==9969==If you don't like this behavior set allocator_may_return_null=1
==9969==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
    #0 0x7f81e64c2631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f81e64c75e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f81e643f425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7f81e64c5865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7f81e6444b4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7f81e64ba5d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
    #6 0x67e17b in _objalloc_alloc
(/home/ubuntu/yuetai/asan_target64/size+0x67e17b)
    #7 0x42ba5f in bfd_alloc (/home/ubuntu/yuetai/asan_target64/size+0x42ba5f)
    #8 0x42baec in bfd_alloc2 (/home/ubuntu/yuetai/asan_target64/size+0x42baec)
    #9 0x48a0e4 in setup_group
(/home/ubuntu/yuetai/asan_target64/size+0x48a0e4)
    #10 0x48c8b5 in _bfd_elf_make_section_from_shdr
(/home/ubuntu/yuetai/asan_target64/size+0x48c8b5)
    #11 0x4972f8 in bfd_section_from_shdr
(/home/ubuntu/yuetai/asan_target64/size+0x4972f8)
    #12 0x47ccf0 in bfd_elf64_object_p
(/home/ubuntu/yuetai/asan_target64/size+0x47ccf0)
    #13 0x422dcc in bfd_check_format_matches
(/home/ubuntu/yuetai/asan_target64/size+0x422dcc)
    #14 0x403d0c in display_bfd
(/home/ubuntu/yuetai/asan_target64/size+0x403d0c)
    #15 0x404026 in display_file
(/home/ubuntu/yuetai/asan_target64/size+0x404026)
    #16 0x403800 in main (/home/ubuntu/yuetai/asan_target64/size+0x403800)
    #17 0x7f81e5e7482f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x402dd8 in _start (/home/ubuntu/yuetai/asan_target64/size+0x402dd8)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/26244] New: An error in _objalloc_alloc, 15664243668 at 163 dot com <=
- [Bug binutils/26244] An error in _objalloc_alloc, nickc at redhat dot com, 2020/07/16

Prev by Date: [Bug gas/26237] addr32 is mishandled
Next by Date: [Bug binutils/26246] New: invalid access in bfd/elf32-xtensa.c
Previous by thread: Issue 23296 in oss-fuzz: binutils:fuzz_readelf: Heap-buffer-overflow in byte_get_little_endian
Next by thread: [Bug binutils/26244] An error in _objalloc_alloc
Index(es):
- Date
- Thread