[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/29925] New: Memroy leak in nm-new
From: |
pdeng21 at m dot fudan.edu.cn |
Subject: |
[Bug binutils/29925] New: Memroy leak in nm-new |
Date: |
Wed, 21 Dec 2022 08:10:12 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=29925
Bug ID: 29925
Summary: Memroy leak in nm-new
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: pdeng21 at m dot fudan.edu.cn
Target Milestone: ---
Created attachment 14534
--> https://sourceware.org/bugzilla/attachment.cgi?id=14534&action=edit
PoC to replay the vulnerability
#Summary
There is a memory leak vulnerability in nm-new, which can be triggered by a
craft elf file.
#Verification
git clone git://sourceware.org/git/binutils-gdb.git
CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" ./configure
--disable-shared && make -j$(nproc)
./binutils/nm-new -A -a -l -S -s --special-syms --synthetic
--with-symbol-versions -D poc
#ASAN
poc:0000000000001948 t ./binutils/nm-new: BFD (GNU Binutils) 2.39.50.20221221
assertion fail ./dwarf2.c:5044
poc:0000000000000000 0000000000000064 d __afl_area_ptr./binutils/nm-new: DWARF
error: offset (4278190080) greater than or equal to .debug_str size (1224)
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (4278190080) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (16973824) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (355469056) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: could not find abbrev number 126975
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x113
./binutils/nm-new: DWARF error: could not find abbrev number 991
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x114
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (4278190080) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (4278190080) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (16973824) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (355469056) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: could not find abbrev number 126975
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x113
./binutils/nm-new: DWARF error: could not find abbrev number 991
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x114
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (4278190080) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (4278190080) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (16973824) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (355469056) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: could not find abbrev number 126975
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x113
./binutils/nm-new: DWARF error: could not find abbrev number 991
./binutils/nm-new: DWARF error: could not find variable specification at offset
0x114
./binutils/nm-new: DWARF error: offset (25115) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (1612316672) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (472973653) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (8192596) greater than or equal to
.debug_str size (1224)
./binutils/nm-new: DWARF error: offset (72417564) greater than or equal to
.debug_str size (1224)
poc:0000000000001c2e t __afl_die
poc:0000000000000010 0000000000000004 d __afl_fork_pid
poc:0000000000001b49 t __afl_fork_resume
poc:0000000000001a8b t __afl_forkserver
poc:0000000000001ab1 0000000000000064 t __afl_fork_wait_loop
poc:0000000000000008 0000000000000008 C __afl_global_area_ptr
poc:0000000000001920 t __afl_maybe_log
poc:e900000000000008 0000000000000007 d __afl_prev_loc
poc:0000000000001950 t __afl_setup
poc:0000000000000018 0000000000000001 d __afl_setup_failure
poc:0000000000001971 t __afl_setup_first
poc:0000000000001d07 t .AFL_SHM_ENV
poc:0000000000001930 t __afl_store
poc:0000000000000014 0000000000000004 d __afl_temp
poc:0000000000001d07 t .AFL_VARS
poc: U atoi
poc:0000000000001750 00000000000001c9 T CatPath
poc: U close
poc:0000000000000000 d .data
poc:0000000000000000 N .debug_abbrev st_rdev/paths.c:25
poc:0000000000000000 N .debug_aranges st_rdev/paths.c:25
poc:0000000000000000 N .debug_info st_rdev/paths.c:25
poc:0000000000000000 N .debug_info
poc:0000000000000000 N .debug_info
poc:0000000000000000 N .debug_line st_rdev/paths.c:25
poc:0000000000000000 N .debug_str st_rdev/paths.c:25
poc:0000000000000000 0000000000001741 T EnsurePathExists
st_rdev/paths.c:25
poc: U etenv
poc: U _exit
poc: U __fprintf_chk
poc: U getenv
poc: U _GLOBAL_OFFSET_TABLE_
poc:0000000000000000 b .gnu.linkonce.wi..8 st_rdev/paths.c:36
poc:0000000000001c36 t I~afl_setup_abort
poc: U intf_chk
poc:0000000000000000 r linkonce.wi..8
poc:0000000000000080 t linkonce.wi..8
poc: U mkdi�
poc:0000000000000000 n .note.GNU-stack st_rdev/paths.c:25
poc:0000000000000000 a paths.c
poc:0000000000000000 A read
poc:0000000000000000 N .rela.debug_aranges st_rdev/paths.c:25
poc:0000000000000000 a .rela.debug_line
poc: U __stack_chk_fail
poc: U stderr
poc: U __stpcpy_chk
poc: U strcat
poc: U strcpy
poc: U strlen
poc:0000000000000000 t .text st_rdev/paths.c:25
poc: U waitpid
poc: U write
poc: U __xstat
=================================================================
==40988==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 63 byte(s) in 3 object(s) allocated from:
#0 0x493fed in malloc (/binutils-gdb/binutils/nm-new+0x493fed)
#1 0x4e3683 in bfd_malloc /binutils-gdb/bfd/libbfd.c:289:9
#2 0x5f7141 in comp_unit_find_line /binutils-gdb/bfd/./dwarf2.c:4733:8
SUMMARY: AddressSanitizer: 63 byte(s) leaked in 3 allocation(s).
#Envieonment
Ubuntu 18.04
clang 10.0.0
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/29925] New: Memroy leak in nm-new,
pdeng21 at m dot fudan.edu.cn <=
- [Bug binutils/29925] Memroy leak in nm-new, amodra at gmail dot com, 2022/12/21
- [Bug binutils/29925] Memroy leak in find_abstract_instance, amodra at gmail dot com, 2022/12/21
- [Bug binutils/29925] Memory leak in find_abstract_instance, amodra at gmail dot com, 2022/12/21
- [Bug binutils/29925] Memory leak in find_abstract_instance, cvs-commit at gcc dot gnu.org, 2022/12/21
- [Bug binutils/29925] Memory leak in find_abstract_instance, amodra at gmail dot com, 2022/12/21