[Bug gprof/30324] New: gprof SEGV out-of-bound read bug

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gprof/30324] New: gprof SEGV out-of-bound read bug

From:	mengda2020 at iscas dot ac.cn
Subject:	[Bug gprof/30324] New: gprof SEGV out-of-bound read bug
Date:	Fri, 07 Apr 2023 08:07:48 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=30324

            Bug ID: 30324
           Summary: gprof SEGV out-of-bound read bug
           Product: binutils
           Version: 2.39
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gprof
          Assignee: unassigned at sourceware dot org
          Reporter: mengda2020 at iscas dot ac.cn
  Target Milestone: ---

Created attachment 14807
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14807&action=edit
PoC file

### Test Environment
Ubuntu 20.04, 64 bit binutils  (version: v2.39)

### How to trigger
Compile the program with AddressSanitizer
Run command 
$ ./gprof -l -a -D $PoC

### Details
ASAN report
$./gprof -l -a -D $PoC
```
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a section extending past end of file
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
unknown type [0x7f0007] section `-tag'
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD: warning:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2
has a program header with invalid alignment
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 538976288 >= 537 for section `shstrtab'
BFD:
out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2:
invalid string offset 4640 >= 537 for section `shstrtab'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2013900==ERROR: AddressSanitizer: SEGV on unknown address 0x612ffffffef0 (pc
0x0000005086d9 bp 0x7ffd5dcf7230 sp 0x7ffd5dcf6e30 T0)
==2013900==The signal is caused by a READ memory access.
    #0 0x5086d9 in symtab_finalize
/home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/symtab.c:150:40
    #1 0x4f2be0 in core_create_line_syms
/home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/corefile.c:911:3
    #2 0x4fcaef in main
/home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/gprof.c:534:5
    #3 0x7f4f90cd5082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #4 0x41d54d in _start
(/home/cmd/randomFuzz/binutils/gprof/gprof_l_a_D/gprof+0x41d54d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/symtab.c:150:40
in symtab_finalize
==2013900==ABORTING
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug gprof/30324] New: gprof SEGV out-of-bound read bug, mengda2020 at iscas dot ac.cn <=
- [Bug gprof/30324] gprof SEGV out-of-bound read bug, nickc at redhat dot com, 2023/04/11
- [Bug gprof/30324] gprof SEGV out-of-bound read bug, cvs-commit at gcc dot gnu.org, 2023/04/11
- [Bug gprof/30324] gprof SEGV out-of-bound read bug, nickc at redhat dot com, 2023/04/11

Prev by Date: ORIGIN Grammar Typo in Some Documentation
Next by Date: [Bug binutils/30326] New: Use of uninitialized value in objdump.c
Previous by thread: ORIGIN Grammar Typo in Some Documentation
Next by thread: [Bug gprof/30324] gprof SEGV out-of-bound read bug
Index(es):
- Date
- Thread