bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/20912] New: LD crashes when building global constructor tables


From: boehme.marcel at gmail dot com
Subject: [Bug ld/20912] New: LD crashes when building global constructor tables
Date: Fri, 02 Dec 2016 10:07:58 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=20912

            Bug ID: 20912
           Summary: LD crashes when building global constructor tables
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: boehme.marcel at gmail dot com
  Target Milestone: ---

Dear all,

The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.

The linker crashes with an invalid read of size 8 for the following execution
on Binutils in trunk for Ubuntu 16.04 x86_64 and 14.04 x86_64. However, it does
*not* crash on preinstalled versions v2.24 and v2.26.1 on 14.04 and 16.04,
respectively.

$ printf
"%%50300000000000000000003E000000000000008000000008800000000800000000\x000000000000000"
> test
$ ld -Ur test
Segmentation fault

UBSAN says:
eelf_x86_64.c:1899:14: runtime error: member access within null pointer of type
'struct bfd_elf_section_data'

VALGRIND says:
==10933== Invalid read of size 8
==10933==    at 0x4E0E7E: gldelf_x86_64_place_orphan (eelf_x86_64.c:1900)
==10933==    by 0x46E56D: ldlang_place_orphan (ldlang.c:6258)
==10933==    by 0x46E56D: lang_place_orphans (ldlang.c:6315)
==10933==    by 0x46E56D: lang_process (ldlang.c:7002)
==10933==    by 0x4081AC: main (ldmain.c:428)
==10933==  Address 0x8 is not stack'd, malloc'd or (recently) free'd

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]