[Bug gprof/23056] New: Multiple memory corruption in gprof (binuitils-2.

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gprof/23056] New: Multiple memory corruption in gprof (binuitils-2.

From:	sergej at schumilo dot de
Subject:	[Bug gprof/23056] New: Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1)
Date:	Fri, 13 Apr 2018 13:23:17 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23056

            Bug ID: 23056
           Summary: Multiple memory corruption in gprof
                    (binuitils-2.30-15ubuntu1)
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gprof
          Assignee: unassigned at sourceware dot org
          Reporter: sergej at schumilo dot de
  Target Milestone: ---

Created attachment 10944
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10944&action=edit
gprof ASAN executable, ASAN reports and crashing inputs

Dear all,
after reporting the following bugs to the Ubuntu security team
(https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763098), we were ask
to report them directly to the binutils developers: 

----------------------------------------------------

Dear all,
The following binutils gprof memory corruptions were found by a modified
version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have
attached the crashing inputs and each ASAN report.

Steps to reproduce:

Build current verison of binutils:
```
pull-lp-source binutils
cd binutils-2.30
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb"
LDFLAGS="-fsanitize=address" ./configure
CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address
-ggdb" CXXFLAGS="-fsanitize=address
-fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
```

Run inputs under ASAN:

```
ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./gprof $file
```

We can verify those issues for gprof binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4
LTS / sources from "pull-lp-source bintuils").

Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität
Bochum)

Best regards,
Sergej Schumilo

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug gprof/23056] New: Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), sergej at schumilo dot de <=
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), nickc at redhat dot com, 2018/04/18
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), sergej at schumilo dot de, 2018/04/18
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), nickc at redhat dot com, 2018/04/20
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), sergej at schumilo dot de, 2018/04/23
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), cvs-commit at gcc dot gnu.org, 2018/04/23
- [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1), nickc at redhat dot com, 2018/04/23

Prev by Date: [Bug ld/23055] New: Multiple memory corruption in ld-new (binuitils-2.30-15ubuntu1)
Next by Date: [Bug binutils/23057] New: Multiple memory corruptions in objdump (binuitils-2.30-15ubuntu1)
Previous by thread: [Bug ld/23055] New: Multiple memory corruption in ld-new (binuitils-2.30-15ubuntu1)
Next by thread: [Bug gprof/23056] Multiple memory corruption in gprof (binuitils-2.30-15ubuntu1)
Index(es):
- Date
- Thread