[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/15157] New: readelf crash (double free?)
From: |
paul.marinescu at imperial dot ac.uk |
Subject: |
[Bug binutils/15157] New: readelf crash (double free?) |
Date: |
Tue, 19 Feb 2013 11:00:37 +0000 |
http://sourceware.org/bugzilla/show_bug.cgi?id=15157
Bug #: 15157
Summary: readelf crash (double free?)
Product: binutils
Version: 2.23
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: address@hidden
ReportedBy: address@hidden
Classification: Unclassified
Created attachment 6878
--> http://sourceware.org/bugzilla/attachment.cgi?id=6878
bug trigger. readelf -wR buggy1.o
I came across a bug which in readelf which seems to be present in
2.23.52.20130219 as well. I attached the input file to reproduce. The output on
my machine (64bit Fedora 16) is
$ binutils/readelf -wR buggy1.o
Contents of the .debug_ranges section:
Offset Begin End
00000000 00000000 00000002
00000000 <End of list>
00000010 00000000 00000002
00000010 <End of list>
*** glibc detected *** binutils/readelf: double free or corruption (out):
0x000000000179e630 ***
======= Backtrace: =========
/lib64/libc.so.6[0x376887da76]
/lib64/libc.so.6[0x376887ed5e]
binutils/readelf[0x41ce33]
binutils/readelf[0x41d452]
binutils/readelf[0x41eb12]
binutils/readelf[0x420e9c]
/lib64/libc.so.6(__libc_start_main+0xed)[0x376882169d]
binutils/readelf[0x401799]
======= Memory map: ========
00400000-0045f000 r-xp 00000000 fd:00 2771716
/home/pdm110/binutils-latest/binutils/readelf
0045f000-00462000 rw-p 0005e000 fd:00 2771716
/home/pdm110/binutils-latest/binutils/readelf
00462000-00464000 rw-p 00000000 00:00 0
0179c000-017bd000 rw-p 00000000 00:00 0 [heap]
3768400000-3768422000 r-xp 00000000 fd:03 2883586
/lib64/ld-2.14.90.so
3768621000-3768622000 r--p 00021000 fd:03 2883586
/lib64/ld-2.14.90.so
3768622000-3768623000 rw-p 00022000 fd:03 2883586
/lib64/ld-2.14.90.so
3768623000-3768624000 rw-p 00000000 00:00 0
3768800000-37689ad000 r-xp 00000000 fd:03 2883587
/lib64/libc-2.14.90.so
37689ad000-3768bad000 ---p 001ad000 fd:03 2883587
/lib64/libc-2.14.90.so
3768bad000-3768bb1000 r--p 001ad000 fd:03 2883587
/lib64/libc-2.14.90.so
3768bb1000-3768bb3000 rw-p 001b1000 fd:03 2883587
/lib64/libc-2.14.90.so
3768bb3000-3768bb8000 rw-p 00000000 00:00 0
3769c00000-3769c17000 r-xp 00000000 fd:03 2883596
/lib64/libz.so.1.2.5
3769c17000-3769e16000 ---p 00017000 fd:03 2883596
/lib64/libz.so.1.2.5
3769e16000-3769e17000 rw-p 00016000 fd:03 2883596
/lib64/libz.so.1.2.5
376a000000-376a015000 r-xp 00000000 fd:03 2883600
/lib64/libgcc_s-4.6.3-20120306.so.1
376a015000-376a214000 ---p 00015000 fd:03 2883600
/lib64/libgcc_s-4.6.3-20120306.so.1
376a214000-376a215000 rw-p 00014000 fd:03 2883600
/lib64/libgcc_s-4.6.3-20120306.so.1
7f6ab5120000-7f6ab5222000 rw-p 00000000 00:00 0
7f6ab5222000-7f6abb645000 r--p 00000000 fd:03 1069018
/usr/lib/locale/locale-archive
7f6abb645000-7f6abb648000 rw-p 00000000 00:00 0
7f6abb65c000-7f6abb65d000 rw-p 00000000 00:00 0
7fff7834e000-7fff7836f000 rw-p 00000000 00:00 0
[stack]
7fff783ff000-7fff78400000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted
objdump on the other hand seems to be fine. binutils/objdump -WR buggy1.o says
Can't get contents for section '.debug_ranges'.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
- [Bug binutils/15157] New: readelf crash (double free?),
paul.marinescu at imperial dot ac.uk <=