[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/28518] New: objdump : signed integer overflow & free on un

From: shaohua.li at inf dot ethz.ch
Subject: [Bug binutils/28518] New: objdump : signed integer overflow & free on unmalloced address
Date: Fri, 29 Oct 2021 14:50:26 +0000


            Bug ID: 28518
           Summary: objdump : signed integer overflow & free on unmalloced
           Product: binutils
           Version: 2.38 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: shaohua.li at inf dot ethz.ch
  Target Milestone: ---

Created attachment 13745
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13745&action=edit

Hi there,

For the poc file I provided, it triggered both a signed integer overflow and
free on unmalloced address.

- Compiler: clang13 (compile with -fsanitize=address,undefined)

- Platform: Ubuntu 20.04.3 LTS, x86_64

- Reproduce: run `objdump -S -D poc_signed`

Sanitize report:

vms-alpha.c:4832:29: runtime error: signed integer overflow: 1724079360 +
778462822 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior vms-alpha.c:4832:29 in
==251==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x6170000006a4 in thread T0
    #0 0x499af2 in free (/objdump/repo/clang13-O3/binutils/objdump+0x499af2)
    #1 0x1cac27c in build_module_list
    #2 0x1cac27c in _bfd_vms_find_nearest_line
    #3 0x4f616b in show_line
    #4 0x4f616b in disassemble_bytes
    #5 0x4ec60a in disassemble_section
    #6 0xeb382b in bfd_map_over_sections
    #7 0x4d5c97 in disassemble_data
    #8 0x4d5c97 in dump_bfd
    #9 0x4d09c2 in display_object_bfd
    #10 0x4d09c2 in display_any_bfd
    #11 0x4cede5 in display_file
    #12 0x4cede5 in main /objdump/repo/clang13-O3/binutils/./objdump.c:5533:6
    #13 0x7fbf3f1e60b2 in __libc_start_main
    #14 0x41d5ad in _start (/objdump/repo/clang13-O3/binutils/objdump+0x41d5ad)

0x6170000006a4 is located 676 bytes inside of 680-byte region
allocated by thread T0 here:
    #0 0x499d5d in __interceptor_malloc
    #1 0xea0233 in bfd_malloc /objdump/repo/clang13-O3/bfd/libbfd.c:289:9

SUMMARY: AddressSanitizer: bad-free
(/objdump/repo/clang13-O3/binutils/objdump+0x499af2) in free

You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]