[Bug binutils/30653] New: segment fault in as

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/30653] New: segment fault in as

From:	mengda2020 at iscas dot ac.cn
Subject:	[Bug binutils/30653] New: segment fault in as
Date:	Wed, 19 Jul 2023 14:28:31 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=30653

            Bug ID: 30653
           Summary: segment fault in as
           Product: binutils
           Version: 2.39
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mengda2020 at iscas dot ac.cn
  Target Milestone: ---

Created attachment 14986
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14986&action=edit
POC

as segment fault

Hello, Binutils developers!
I found a segment fault in as.
It caused the operand function to keep recursing at line 1049 in expr.c,
exhausting the stack resources
Please confirm.
Thanks!



Test Environment
Ubuntu 20.04, 64 bit binutils (version: v2.39 

How to trigger
Compile the program 
Run command $ ./as --alternate --gdwarf-5 --gstabs --gstabs+
--traditional-format -a -g $POC 
Details
'''
GDB report
$.(gdb) set args --alternate --gdwarf-5 --gstabs --gstabs+ --traditional-format
-a -g $POC
out/default/crashes/id\:000001\,sig\:11\,src\:001595+001814\,time\:73187270\,execs\:7351020\,op\:splice\,rep\:4
(gdb) r
Starting program:
/home/cmd/sp/Fuzz/aflpp_fuzz/OSmart/Binutils/as/al_alternate_gdwarf-5_gstabs_gstabs+_traditional-format_a_g/as_2/as
--alternate --gdwarf-5 --gstabs --gstabs+ --traditional-format -a -g  
out/default/crashes/id\:000001\,sig\:11\,src\:001595+001814\,time\:73187270\,execs\:7351020\,op\:splice\,rep\:4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:
Assembler messages:
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:
Warning: end of file not at end of a line; newline inserted
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: unknown pseudo-op: `.�'
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: unknown pseudo-op: `.'
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:3:
Error: invalid character (0x80) in mnemonic
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: junk at end of line, first unrecognized character valued 0x12
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: junk at end of line, first unrecognized character valued 0x4
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: bad expression
out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4:4:
Error: bad expression

Program received signal SIGSEGV, Segmentation fault. 
'''
backtrace:
'''
#3584 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3585 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3586 0x000000000051efac in expr (rankarg=5, resultP=0x7fffffffc900,
mode=expr_normal) at expr.c:1800
#3587 0x000000000051f24d in expr (rankarg=0, resultP=0x7fffffffd180,
mode=expr_normal) at expr.c:1814
#3588 0x0000000000591b2d in get_segmented_expression (expP=0x7fffffffd180) at
read.c:5616
#3589 0x000000000057afa6 in get_known_segmented_expression
(expP=0x7fffffffd180) at read.c:5632
#3590 0x000000000057d083 in assign_symbol (name=0x63100000084e ".", mode=0) at
read.c:3126
#3591 0x000000000056a977 in equals (sym_name=0x63100000084e ".", reassign=1) at
read.c:5753
#3592 0x0000000000567720 in read_a_source_file (
    name=0x7fffffffe2db
"out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4")
    at read.c:1075
#3593 0x00000000004dc118 in perform_an_assembly_pass (argc=0,
argv=0x607000000108) at as.c:1256
#3594 0x00000000004d6d05 in main (argc=2, argv=0x607000000100) at as.c:1418
'''

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/30653] New: segment fault in as, mengda2020 at iscas dot ac.cn <=
- [Bug binutils/30653] segment fault in as, amodra at gmail dot com, 2023/07/19

Prev by Date: [Bug ld/10957] Missing option to really print section+offset
Next by Date: [Bug binutils/30654] New: segment fault in as at line 1520 in symbols.c
Previous by thread: Issue 58345 in oss-fuzz: binutils:fuzz_as: Heap-use-after-free in S_IS_WEAK
Next by thread: [Bug binutils/30653] segment fault in as
Index(es):
- Date
- Thread