bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/26251] New: An error in bfd_malloc


From: 15664243668 at 163 dot com
Subject: [Bug binutils/26251] New: An error in bfd_malloc
Date: Thu, 16 Jul 2020 10:56:29 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26251

            Bug ID: 26251
           Summary: An error in bfd_malloc
           Product: binutils
           Version: 2.34
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 15664243668 at 163 dot com
  Target Milestone: ---

I have found an error in bdf_malloc by fuzzing. This bug is triggered by

#./objdump -d PoC

I compiled binutils-2.34 with the address sanitizer in x86-64 format on ubuntu
16.04. And the debug information is printed below:

./asan_target64/objdump: warning:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4 has a
corrupt section with a size (ef0002a0) larger than the file size
./asan_target64/objdump: warning:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4 has a
corrupt section with a size (2000000000008) larger than the file size

./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:    
file format elf64-x86-64

./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3103785419 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2198611068 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324105 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1149978624 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 13906 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1207967503 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3254779648 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324107 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1217422848 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3251062800 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1210324107 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 262334 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 565152 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5328 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4294720645 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1207959552 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2298486543 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3230222592 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1150353407 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 571648 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1894383615 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 608471368 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1208493132 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 3204464687 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 25181 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1747231885 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 58400 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2552538253 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1888350748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1103837508 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2383409721 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2370099740 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 255971129 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2383403577 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136596617 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2336755748 >= 1428 for section `.strtab'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5090 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4202665 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5526 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 20721921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1422142 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 973078553 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 120717312 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1409367040 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 50942977 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 7843985 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 4198558 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2751463445 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1409367089 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2000 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 2818771284 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 29360128 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 136839168 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 156303676 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 5526 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 20721921 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1832124416 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 336723968 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1178468352 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1797251 >= 692 for section `.dynstr'
./asan_target64/objdump:
./bug/binutils-2-34/objdump/2/id:000017,sig:06,src:002031,op:havoc,rep:4:
invalid string offset 1006632990 >= 692 for section `.dynstr'
==32285==WARNING: AddressSanitizer failed to allocate 0x2000000000008 bytes
==32285==AddressSanitizer's allocator is terminating the process instead of
returning 0
==32285==If you don't like this behavior set allocator_may_return_null=1
==32285==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
    #0 0x7f3e971ec631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f3e971f15e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f3e97169425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7f3e971ef865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7f3e9716eb4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7f3e971e45d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
    #6 0x4f3bec in bfd_malloc
(/home/ubuntu/yuetai/asan_target64/objdump+0x4f3bec)
    #7 0x52e074 in elf_x86_64_get_synthetic_symtab
(/home/ubuntu/yuetai/asan_target64/objdump+0x52e074)
    #8 0x417f5e in dump_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x417f5e)
    #9 0x418361 in display_object_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x418361)
    #10 0x418661 in display_any_bfd
(/home/ubuntu/yuetai/asan_target64/objdump+0x418661)
    #11 0x4186d6 in display_file
(/home/ubuntu/yuetai/asan_target64/objdump+0x4186d6)
    #12 0x4199a4 in main (/home/ubuntu/yuetai/asan_target64/objdump+0x4199a4)
    #13 0x7f3e96b9e82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x403418 in _start (/home/ubuntu/yuetai/asan_target64/objdump+0x403418)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]