[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/26007] New: [objdump] memory exhaustion
|
From: |
dkcjd2000 at gmail dot com |
|
Subject: |
[Bug binutils/26007] New: [objdump] memory exhaustion |
|
Date: |
Mon, 18 May 2020 03:22:55 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=26007
Bug ID: 26007
Summary: [objdump] memory exhaustion
Product: binutils
Version: 2.35 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: dkcjd2000 at gmail dot com
Target Milestone: ---
Created attachment 12553
--> https://sourceware.org/bugzilla/attachment.cgi?id=12553&action=edit
crash test case
Hello,
I'm currently developing a new fuzzing feature, and I found a possible memory
leak of objdump with memory exhaustion.
I downloaded from git master, and I built it with Ubuntu 16.04 with gcc 5.4.0
with ASAN, and the following command to build objdump from the source:
CFLAGS="-O1 -fsanitize=address -U_FORTIFY_SOURCE" ./configure; make clean all;
Both with or without ASAN, objdump show memory exhaustion.
You can reproduce the crash with the following command:
./objdump -d <attached file>
The AddressSanitizer message of the crash is:
==6194==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable
to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0x7fed3dbb7631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
#1 0x7fed3dbbc5e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
#2 0x7fed3dbc4611 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xad611)
#3 0x7fed3db39c0c (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22c0c)
#4 0x7fed3dbaf5d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
#5 0x6409e3 in _objalloc_alloc
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x6409e3)
#6 0x4acee2 in bfd_alloc
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x4acee2)
#7 0x5876f9 in bfd_elf32_slurp_reloc_table
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x5876f9)
#8 0x50e98d in _bfd_elf_canonicalize_dynamic_reloc
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x50e98d)
#9 0x4db3ac in _bfd_x86_elf_get_synthetic_symtab
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x4db3ac)
#10 0x582c38 in elf_i386_get_synthetic_symtab
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x582c38)
#11 0x40bf90 in dump_bfd
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x40bf90)
#12 0x40c9e7 in display_any_bfd
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x40c9e7)
#13 0x40cb6d in display_file
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x40cb6d)
#14 0x413e47 in main
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x413e47)
#15 0x7fed3d56982f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#16 0x403268 in _start
(/home/cheong/results/crashes/objdump_crash/objdump.master_asan+0x403268)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/26007] New: [objdump] memory exhaustion,
dkcjd2000 at gmail dot com <=