[Bug binutils/29892] New: Field `file_table` of `struct module *module`

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/29892] New: Field `file_table` of `struct module *module`

From:	r3tr0spect2019 at gmail dot com
Subject:	[Bug binutils/29892] New: Field `file_table` of `struct module *module` is uninitialized
Date:	Mon, 12 Dec 2022 03:45:12 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=29892

            Bug ID: 29892
           Summary: Field `file_table` of `struct module *module` is
                    uninitialized
           Product: binutils
           Version: 2.40 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: r3tr0spect2019 at gmail dot com
  Target Milestone: ---

Created attachment 14513
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14513&action=edit
PoC

# Reproduce

```bash
cd binutils-gdb
git reset --hard f2f58a399cf3f946983398cdfe52d0eaa72bf877
mkdir build && cd build
../configure --disable-gdb --disable-gdbserver --disable-gdbsupport
--disable-libdecnumber --disable-readline --disable-sim --disable-libbacktrace
--disable-gas --disable-ld --disable-werror --enable-targets=all
CPPFLAGS=-DDEBUG CFLAGS="-g -O0 -fsanitize=address"
make all-binutils MAKEINFO=true && true
binutils/addr2line -e poc.bin 0
```

# Output

```
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 52
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 192
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 66
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 99
/binutils-gdb/build/binutils/addr2line: unknown source command 116
/binutils-gdb/build/binutils/addr2line: unknown source command 105
/binutils-gdb/build/binutils/addr2line: unknown source command 103
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 84
/binutils-gdb/build/binutils/addr2line: unknown source command 88
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 148
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 161
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 98
/binutils-gdb/build/binutils/addr2line: unknown source command 99
/binutils-gdb/build/binutils/addr2line: unknown source command 109
/binutils-gdb/build/binutils/addr2line: unknown source command 116
/binutils-gdb/build/binutils/addr2line: unknown source command 110
/binutils-gdb/build/binutils/addr2line: unknown source command 109
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 69
/binutils-gdb/build/binutils/addr2line: unknown source command 84
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 228
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 18
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 164
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 98
/binutils-gdb/build/binutils/addr2line: unknown source command 99
/binutils-gdb/build/binutils/addr2line: unknown source command 99
/binutils-gdb/build/binutils/addr2line: unknown source command 97
/binutils-gdb/build/binutils/addr2line: unknown source command 115
/binutils-gdb/build/binutils/addr2line: unknown source command 97
/binutils-gdb/build/binutils/addr2line: unknown source command 101
/binutils-gdb/build/binutils/addr2line: unknown source command 95
/binutils-gdb/build/binutils/addr2line: unknown source command 69
/binutils-gdb/build/binutils/addr2line: unknown source command 84
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
/binutils-gdb/build/binutils/addr2line: unknown source command 0
AddressSanitizer:DEADLYSIGNAL
=================================================================
==172769==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f7f32ca7066
bp 0x7ffe23f9a990 sp 0x7ffe23f9a0d8 T0)
==172769==The signal is caused by a READ memory access.
==172769==Hint: this fault was caused by a dereference of a high value address
(see register values below).  Dissassemble the provided pc to learn which
register was used.
    #0 0x7f7f32ca7066 in __sanitizer::internal_strlen(char const*)
../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167
    #1 0x7f7f32c382ed in printf_common
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_format.inc:551
    #2 0x7f7f32c386cc in __interceptor_vprintf
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1660
    #3 0x7f7f32c387c6 in __interceptor_printf
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1718
    #4 0x564e4c920af9 in translate_addresses ../../binutils/addr2line.c:392
    #5 0x564e4c920fbc in process_file ../../binutils/addr2line.c:470
    #6 0x564e4c9215b1 in main ../../binutils/addr2line.c:579
    #7 0x7f7f329dbd8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #8 0x7f7f329dbe3f in __libc_start_main_impl ../csu/libc-start.c:392
    #9 0x564e4c91f244 in _start
(/binutils-gdb/build/binutils/addr2line+0x343244)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167 in
__sanitizer::internal_strlen(char const*)
==172769==ABORTING
```

# Analysis

The field `file_table` of `struct module *module` is created at [1] but without
being initialized, and then its uninitialized field is used to assign
`*file`[2], which is a pointer to a global variable `filename`[3]. Later on
when this variable is used[4], the segmentation fault occurs.

[1]
https://github.com/bminor/binutils-gdb/blob/85f9067d3a47d51a46ba369c60fdec752da0f885/bfd/vms-alpha.c#L4340
[2]
https://github.com/bminor/binutils-gdb/blob/85f9067d3a47d51a46ba369c60fdec752da0f885/bfd/vms-alpha.c#L4926
[3]
https://github.com/bminor/binutils-gdb/blob/85f9067d3a47d51a46ba369c60fdec752da0f885/binutils/addr2line.c#L167
[4]
https://github.com/bminor/binutils-gdb/blob/85f9067d3a47d51a46ba369c60fdec752da0f885/binutils/addr2line.c#L392

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/29892] New: Field `file_table` of `struct module *module` is uninitialized, r3tr0spect2019 at gmail dot com <=
- [Bug binutils/29892] Field `file_table` of `struct module *module` is uninitialized, amodra at gmail dot com, 2022/12/12
- [Bug binutils/29892] Field `file_table` of `struct module *module` is uninitialized, cvs-commit at gcc dot gnu.org, 2022/12/12
- [Bug binutils/29892] Field `file_table` of `struct module *module` is uninitialized, amodra at gmail dot com, 2022/12/12

Prev by Date: [Bug binutils/29891] New: Out of bound read at `case DST__K_TERM_W` handler in function `parse_module`
Next by Date: [Bug binutils/29872] objdump SEGV in display_debug_lines_decoded dwarf.c:5413
Previous by thread: [Bug binutils/29891] New: Out of bound read at `case DST__K_TERM_W` handler in function `parse_module`
Next by thread: [Bug binutils/29892] Field `file_table` of `struct module *module` is uninitialized
Index(es):
- Date
- Thread