[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23177] New: Stack Overflow in nm-new
From: |
thuanpv at comp dot nus.edu.sg |
Subject: |
[Bug binutils/23177] New: Stack Overflow in nm-new |
Date: |
Sun, 13 May 2018 08:12:17 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=23177
Bug ID: 23177
Summary: Stack Overflow in nm-new
Product: binutils
Version: 2.31 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: thuanpv at comp dot nus.edu.sg
Target Milestone: ---
Created attachment 11015
--> https://sourceware.org/bugzilla/attachment.cgi?id=11015&action=edit
crash-inducing sample file
Dear all,
This bug was found with AFLSmart, an extension of AFL. Thanks also to Marcel
Böhme, Andrew Santosa and Alexandru Razvan Caciulescu.
This bug was found on Ubuntu 16.04 64-bit & binutils was checked out from main
repository at git://sourceware.org/git/binutils-gdb.git. Its commit is
68e91e42492551e165b103d819c021c4953da10b (April 14 2018)
To reproduce:
Compile binutils with ASAN enabled
CC=gcc-6 CXX=g++-6 CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all
-fsanitize=undefined,address -fno-omit-frame-pointer -g -Wno-error"
CXXFLAGS="$CFLAGS" ./configure --disable-shared --disable-gdb
--disable-libdecnumber --disable-readline --disable-sim
Download the attached file - crash_4
nm-new -C crash_4
Valgrind says:
==49727== Memcheck, a memory error detector
==49727== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==49727== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==49727== Command: ../binutils-gdb/binutils/nm-new -C crash_4
==49727==
==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000
==49727==
==49727== Process terminating with default action of signal 11 (SIGSEGV)
==49727== Access not within mapped region at address 0xFFE801FD8
==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000
==49727== at 0x7B5638: string_need (cplus-dem.c:4900)
==49727== by 0x7B5638: string_append (cplus-dem.c:4961)
==49727== by 0x7B5638: demangle_args (cplus-dem.c:4578)
==49727== If you believe this happened as a result of a stack
==49727== overflow in your program's main thread (unlikely but
==49727== possible), you can try to increase the size of the
==49727== main thread stack using the --main-stacksize= flag.
==49727== The main thread stack size used in this run was 8388608.
==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000
==49727==
==49727== Process terminating with default action of signal 11 (SIGSEGV)
==49727== Access not within mapped region at address 0xFFE801FD0
==49727== Stack overflow in thread #1: can't grow stack to 0xffe801000
==49727== at 0x4A28680: _vgnU_freeres (in
/usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==49727== If you believe this happened as a result of a stack
==49727== overflow in your program's main thread (unlikely but
==49727== possible), you can try to increase the size of the
==49727== main thread stack using the --main-stacksize= flag.
==49727== The main thread stack size used in this run was 8388608.
ASAN says:
ASAN:DEADLYSIGNAL
=================================================================
==49728==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc5da2ee68 (pc
0x7fdfe8646eb6 bp 0x7ffc5da2f6f0 sp 0x7ffc5da2ee70 T0)
#0 0x7fdfe8646eb5 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3ceb5)
#1 0x82c4e2 in string_append cplus-dem.c:4960
#2 0x827ec5 in demangle_args cplus-dem.c:4578
#3 0x82907a in demangle_nested_args cplus-dem.c:4713
#4 0x81f894 in do_type cplus-dem.c:3719
#5 0x8257c5 in do_arg cplus-dem.c:4332
#6 0x8288d4 in demangle_args cplus-dem.c:4659
#7 0x82907a in demangle_nested_args cplus-dem.c:4713
#8 0x81f894 in do_type cplus-dem.c:3719
#9 0x8257c5 in do_arg cplus-dem.c:4332
#10 0x8288d4 in demangle_args cplus-dem.c:4659
#11 0x82907a in demangle_nested_args cplus-dem.c:4713
#12 0x81f894 in do_type cplus-dem.c:3719
#13 0x8257c5 in do_arg cplus-dem.c:4332
#14 0x8288d4 in demangle_args cplus-dem.c:4659
#15 0x82907a in demangle_nested_args cplus-dem.c:4713
#16 0x81f894 in do_type cplus-dem.c:3719
#17 0x8257c5 in do_arg cplus-dem.c:4332
#18 0x8288d4 in demangle_args cplus-dem.c:4659
#19 0x82907a in demangle_nested_args cplus-dem.c:4713
#20 0x81f894 in do_type cplus-dem.c:3719
#21 0x8257c5 in do_arg cplus-dem.c:4332
#22 0x8288d4 in demangle_args cplus-dem.c:4659
#23 0x82907a in demangle_nested_args cplus-dem.c:4713
#24 0x81f894 in do_type cplus-dem.c:3719
...
Regards,
Thuan
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/23177] New: Stack Overflow in nm-new,
thuanpv at comp dot nus.edu.sg <=