[Bug binutils/30887] New: nm: alloc-dealloc-mismatch (INVALID vs free) at bfd/elf.c:9802 in _bfd_elf_slurp_version_tables

[yan.cs10 at nycu dot edu.tw]

https://sourceware.org/bugzilla/show_bug.cgi?id=30887

            Bug ID: 30887
           Summary: nm: alloc-dealloc-mismatch (INVALID vs free) at
                    bfd/elf.c:9802 in _bfd_elf_slurp_version_tables
           Product: binutils
           Version: 2.42 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: yan.cs10 at nycu dot edu.tw
  Target Milestone: ---

Created attachment 15126
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15126&action=edit
this poc with -D argument can crash nm-new in the latest version

Summary:

A crash caused when using nm
AddressSanitizer reported it as alloc-dealloc-mismatch (INVALID vs free)

git commit, OS, Compiler and processor

git commit: be8e83130
gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
g++ (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
Ubuntu 20.04.4 LTS
AMD Ryzen 5 3600X 6-Core Processor

Steps to reproduce:

$ cd binutils-gdb
$ export CFLAGS='-fsanitize=address -fsanitize-recover=address -g3'
$ export CXXFLAGS='-fsanitize=address -fsanitize-recover=address -g3'
$ make
$ binutils/nm-new -D ./poc_16

AddressSanitizer report:

$ /home/pt/sytseng/binutils-gdb-asan/binutils/nm-new -D ./poc_16

BFD: warning: ./pocs/poc_16 has a program header with invalid alignment
BFD: ./pocs/poc_16: .gnu.version_r invalid entry
=================================================================
==689764==ERROR: AddressSanitizer: alloc-dealloc-mismatch (INVALID vs free) on
0x621000007a88
    #0 0x7f518765940f in __interceptor_free
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x557116e5113e in _bfd_elf_slurp_version_tables
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:9802
    #2 0x557116e05cdd in bfd_elf64_slurp_symbol_table
/home/pt/sytseng/binutils-gdb-asan/bfd/elfcode.h:1278
    #3 0x557116e4d705 in _bfd_elf_canonicalize_dynamic_symtab
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:9285
    #4 0x557116d9efcf in _bfd_generic_read_minisymbols
/home/pt/sytseng/binutils-gdb-asan/bfd/syms.c:834
    #5 0x557116d706da in display_rel_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1413
    #6 0x557116d71838 in display_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1649
    #7 0x557116d73827 in main
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:2161
    #8 0x7f5187378082 in __libc_start_main ../csu/libc-start.c:308
    #9 0x557116d6a15d in _start
(/home/pt/sytseng/binutils-gdb-asan/binutils/nm-new+0xa315d)

0x621000007a88 is located 392 bytes inside of 4064-byte region
[0x621000007900,0x6210000088e0)
allocated by thread T0 here:
    #0 0x7f5187659808 in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x557117072354 in _objalloc_alloc objalloc.c:159
    #2 0x557116d93db6 in bfd_alloc
/home/pt/sytseng/binutils-gdb-asan/bfd/libbfd.c:452
    #3 0x557116e1cf2a in _bfd_elf_get_dynamic_symbols
/home/pt/sytseng/binutils-gdb-asan/bfd/elf.c:2293
    #4 0x557116e02c7d in bfd_elf64_object_p
/home/pt/sytseng/binutils-gdb-asan/bfd/elfcode.h:861
    #5 0x557116d8f5ac in bfd_check_format_matches
/home/pt/sytseng/binutils-gdb-asan/bfd/format.c:365
    #6 0x557116d717da in display_file
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:1645
    #7 0x557116d73827 in main
/home/pt/sytseng/binutils-gdb-asan/binutils/nm.c:2161
    #8 0x7f5187378082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 in
__interceptor_free
==689764==HINT: if you don't care about these errors you may set
ASAN_OPTIONS=alloc_dealloc_mismatch=0
==689764==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.