[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/26251] New: An error in bfd_malloc
From: |
15664243668 at 163 dot com |
Subject: |
[Bug binutils/26251] New: An error in bfd_malloc |
Date: |
Thu, 16 Jul 2020 10:56:29 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=26251
Bug ID: 26251
Summary: An error in bfd_malloc
Product: binutils
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: 15664243668 at 163 dot com
Target Milestone: ---
I have found an error in bdf_malloc by fuzzing. This bug is triggered by
#./objdump -d PoC
I compiled binutils-2.34 with the address sanitizer in x86-64 format on ubuntu
16.04. And the debug information is printed below:
./asan_target64/objdump: warning:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4 has a
corrupt section with a size (ef0002a0) larger than the file size
./asan_target64/objdump: warning:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4 has a
corrupt section with a size (2000000000008) larger than the file size
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
file format elf64-x86-64
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3103785419 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2198611068 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324105 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1149978624 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 13906 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1207967503 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3254779648 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324107 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1217422848 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3251062800 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324107 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 262334 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 565152 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5328 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4294720645 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1207959552 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2298486543 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3230222592 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1150353407 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 571648 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1894383615 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3204464687 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 25181 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 58400 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1888350748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1103837508 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2383409721 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2370099740 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 255971129 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2383403577 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5090 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4202665 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5526 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 20721921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1422142 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 973078553 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 120717312 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1409367040 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 50942977 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 7843985 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4198558 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2751463445 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1409367089 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2000 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2818771284 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 29360128 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136839168 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 156303676 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5526 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 20721921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1832124416 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 336723968 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1178468352 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1797251 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1006632990 >= 692 for section `.dynstr'
==32285==WARNING: AddressSanitizer failed to allocate 0x2000000000008 bytes
==32285==AddressSanitizer's allocator is terminating the process instead of
returning 0
==32285==If you don't like this behavior set allocator_may_return_null=1
==32285==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
#0 0x7f3e971ec631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
#1 0x7f3e971f15e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
#2 0x7f3e97169425 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
#3 0x7f3e971ef865 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
#4 0x7f3e9716eb4d (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
#5 0x7f3e971e45d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
#6 0x4f3bec in bfd_malloc
(/home/ubuntu/yuetai/asan_target64/objdump+0x4f3bec)
#7 0x52e074 in elf_x86_64_get_synthetic_symtab
(/home/ubuntu/yuetai/asan_target64/objdump+0x52e074)
#8 0x417f5e in dump_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x417f5e)
#9 0x418361 in display_object_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x418361)
#10 0x418661 in display_any_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x418661)
#11 0x4186d6 in display_file
(/home/ubuntu/yuetai/asan_target64/objdump+0x4186d6)
#12 0x4199a4 in main (/home/ubuntu/yuetai/asan_target64/objdump+0x4199a4)
#13 0x7f3e96b9e82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x403418 in _start (/home/ubuntu/yuetai/asan_target64/objdump+0x403418)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/26251] New: An error in bfd_malloc,
15664243668 at 163 dot com <=