bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gold/26765] New: SEGV on memchr (vg_replace_strmem.c:888)


From: 2060909445 at qq dot com
Subject: [Bug gold/26765] New: SEGV on memchr (vg_replace_strmem.c:888)
Date: Wed, 21 Oct 2020 10:50:28 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26765

            Bug ID: 26765
           Summary: SEGV on memchr (vg_replace_strmem.c:888)
           Product: binutils
           Version: 2.35
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gold
          Assignee: ccoutant at gmail dot com
          Reporter: 2060909445 at qq dot com
                CC: ian at airs dot com
  Target Milestone: ---

Created attachment 12915
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12915&action=edit
a file that makes crash

binutils 2.35 on centos linux 7.7.1908

It can be reproduced by: 
dwp poc -o ./test_out

information below from valgrind:
==13673== Invalid read of size 1
==13673==    at 0x4C2E3A9: memchr (vg_replace_strmem.c:888)
==13673==    by 0x43C52D: memchr (string.h:87)
==13673==    by 0x43C52D: section_name (elfcpp_file.h:543)
==13673==    by 0x43C52D: gold::Sized_relobj_dwo<32,
false>::do_section_name(unsigned int) const (dwp.cc:276)
==13673==    by 0x41B03D: section_name (object.h:588)
==13673==    by 0x41B03D: section_name (dwp.cc:171)
==13673==    by 0x41B03D: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:909)
==13673==    by 0x40A62F: main (dwp.cc:2446)
==13673==  Address 0x4823097 is not stack'd, malloc'd or (recently) free'd
==13673==
==13673==
==13673== Process terminating with default action of signal 11 (SIGSEGV)
==13673==  Access not within mapped region at address 0x4823097
==13673==    at 0x4C2E3A9: memchr (vg_replace_strmem.c:888)
==13673==    by 0x43C52D: memchr (string.h:87)
==13673==    by 0x43C52D: section_name (elfcpp_file.h:543)
==13673==    by 0x43C52D: gold::Sized_relobj_dwo<32,
false>::do_section_name(unsigned int) const (dwp.cc:276)
==13673==    by 0x41B03D: section_name (object.h:588)
==13673==    by 0x41B03D: section_name (dwp.cc:171)
==13673==    by 0x41B03D: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:909)
==13673==    by 0x40A62F: main (dwp.cc:2446)
==13673==  If you believe this happened as a result of a stack
==13673==  overflow in your program's main thread (unlikely but
==13673==  possible), you can try to increase the size of the
==13673==  main thread stack using the --main-stacksize= flag.
==13673==  The main thread stack size used in this run was 8388608.
==13673==
==13673== HEAP SUMMARY:
==13673==     in use at exit: 33,081 bytes in 764 blocks
==13673==   total heap usage: 829 allocs, 65 frees, 44,438 bytes allocated
==13673==
==13673== LEAK SUMMARY:
==13673==    definitely lost: 48 bytes in 1 blocks
==13673==    indirectly lost: 0 bytes in 0 blocks
==13673==      possibly lost: 0 bytes in 0 blocks
==13673==    still reachable: 33,033 bytes in 763 blocks
==13673==                       of which reachable via heuristic:
==13673==                         stdstring          : 27,229 bytes in 717
blocks
==13673==         suppressed: 0 bytes in 0 blocks
==13673== Rerun with --leak-check=full to see details of leaked memory
==13673==
==13673== For lists of detected and suppressed errors, rerun with: -s
==13673== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]