[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/24435] heap overflow in bfd_getl64
From: |
ago at gentoo dot org |
Subject: |
[Bug binutils/24435] heap overflow in bfd_getl64 |
Date: |
Wed, 10 Apr 2019 18:19:56 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=24435
--- Comment #3 from Agostino Sarubbo <ago at gentoo dot org> ---
I can reproduce the issue with the master compiled today, so I really guess
that the fix was not complete:
gf (CHROOT) crashes $ ld -v
GNU ld (Gentoo 9999) 2.32.51.20190410
gf (CHROOT) crashes $ ld 1.crashes.elf
ld: warning: 1.crashes.elf has a corrupt section with a size (180000000010)
larger than the file size
=================================================================
==27723==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000028bf at pc 0x7efd46d96abb bp 0x7ffc2316a3e0 sp 0x7ffc2316a3d8
READ of size 1 at 0x6020000028bf thread T0
#0 0x7efd46d96aba in bfd_getl64
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/libbfd.c:758:8
#1 0x7efd46e2ceaf in bfd_elf64_swap_dyn_in
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elfcode.h:457:21
#2 0x7efd46ea9d76 in elf_link_add_object_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elflink.c:4084:8
#3 0x7efd46ea734a in bfd_elf_link_add_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elflink.c:5772:14
#4 0x528b26 in load_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:3080:7
#5 0x5448a2 in open_input_bfds
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:3529:13
#6 0x538a7a in lang_process
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:7382:3
#7 0x55eb86 in main
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldmain.c:440:3
#8 0x7efd45d292aa in __libc_start_main
/var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/csu/../csu/libc-start.c:308:16
#9 0x41ecd9 in _init
(/usr/x86_64-pc-linux-gnu/binutils-bin/9999/ld+0x41ecd9)
0x6020000028bf is located 7 bytes to the right of 8-byte region
[0x6020000028b0,0x6020000028b8)
allocated by thread T0 here:
#0 0x4ca673 in malloc
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/asan_malloc_linux.cc:146:3
#1 0x7efd46d94d0e in bfd_malloc
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/libbfd.c:275:9
#2 0x7efd46d84db2 in bfd_get_full_section_contents
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/compress.c:253:21
#3 0x7efd46ea9b24 in elf_link_add_object_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elflink.c:4066:9
#4 0x7efd46ea734a in bfd_elf_link_add_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/elflink.c:5772:14
#5 0x528b26 in load_symbols
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:3080:7
#6 0x5448a2 in open_input_bfds
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:3529:13
#7 0x538a7a in lang_process
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldlang.c:7382:3
#8 0x55eb86 in main
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/ld/ldmain.c:440:3
#9 0x7efd45d292aa in __libc_start_main
/var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow
/var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/libbfd.c:758:8 in
bfd_getl64
Shadow bytes around the buggy address:
0x0c047fff84c0: fa fa 00 07 fa fa 00 07 fa fa 00 00 fa fa 00 00
0x0c047fff84d0: fa fa 00 00 fa fa 00 00 fa fa 00 06 fa fa 00 06
0x0c047fff84e0: fa fa 00 05 fa fa 00 05 fa fa 00 04 fa fa 00 04
0x0c047fff84f0: fa fa 00 00 fa fa 00 00 fa fa 00 02 fa fa 00 00
0x0c047fff8500: fa fa 00 07 fa fa 00 03 fa fa 07 fa fa fa 06 fa
=>0x0c047fff8510: fa fa 00 06 fa fa 00[fa]fa fa fa fa fa fa fa fa
0x0c047fff8520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8530: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==27723==ABORTING
Aborted
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/24435] New: heap overflow in bfd_getl64, ago at gentoo dot org, 2019/04/10
- [Bug binutils/24435] heap overflow in bfd_getl64, ago at gentoo dot org, 2019/04/10
- [Bug binutils/24435] heap overflow in bfd_getl64, amodra at gmail dot com, 2019/04/10
- [Bug binutils/24435] heap overflow in bfd_getl64,
ago at gentoo dot org <=
- [Bug binutils/24435] heap overflow in bfd_getl64, amodra at gmail dot com, 2019/04/10
- [Bug binutils/24435] heap overflow in bfd_getl64, ago at gentoo dot org, 2019/04/11
- [Bug binutils/24435] heap overflow in bfd_getl64, amodra at gmail dot com, 2019/04/11
- [Bug binutils/24435] heap overflow in bfd_getl64, amodra at gmail dot com, 2019/04/11
- [Bug binutils/24435] heap overflow in bfd_getl64, ago at gentoo dot org, 2019/04/11
- [Bug binutils/24435] buffer overflow reading dynamic entries, amodra at gmail dot com, 2019/04/11
- [Bug binutils/24435] buffer overflow reading dynamic entries, cvs-commit at gcc dot gnu.org, 2019/04/11
- [Bug binutils/24435] buffer overflow reading dynamic entries, amodra at gmail dot com, 2019/04/11