[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/32556] New: nm address points to the zero page
From: |
swj22 at mails dot tsinghua.edu.cn |
Subject: |
[Bug binutils/32556] New: nm address points to the zero page |
Date: |
Tue, 14 Jan 2025 02:33:26 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=32556
Bug ID: 32556
Summary: nm address points to the zero page
Product: binutils
Version: 2.43
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: swj22 at mails dot tsinghua.edu.cn
Target Milestone: ---
Created attachment 15881
--> https://sourceware.org/bugzilla/attachment.cgi?id=15881&action=edit
file to trigger this bug
This bug is found by my fuzzers with option mutated support
When exec nm with `nm --ifunc-chars "c-Gii-a---?" $inputfile` amy case `Hint:
address points to the zero page.`
The ASAN stack is attached below
/data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm --ifunc-chars
"c-Gii-a---?"
id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1
/data/xxx/optfuzz/benchmark/binutils-2.43/bins/bin/nm:
id:000000,sig:11,src:000934,time:1639157,execs:1523186,op:opt_fuzz,rep:1:
invalid string offset 4278190081 >= 22 for section `.strtab'
0000000000000000 B is_strip
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2882363==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000021 (pc
0x56116e3f3c80 bp 0x7ffe2df77b10 sp 0x7ffe2df77288 T0)
==2882363==The signal is caused by a READ memory access.
==2882363==Hint: address points to the zero page.
#0 0x56116e3f3c80 in __sanitizer::internal_strlen(char const*)
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)
#1 0x56116e37c0ab in printf_common(void*, char const*, __va_list_tag*)
asan_interceptors.cpp.o
#2 0x56116e37d5e9 in printf
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x1255e9) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)
#3 0x56116e419f7b in print_symbol_info_bsd
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1880:7
#4 0x56116e42241f in print_symbol
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1228:3
#5 0x56116e41ffdb in print_symbols
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1388:7
#6 0x56116e41e51f in display_rel_file
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1503:5
#7 0x56116e41964f in display_file
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:1655:7
#8 0x56116e418a0a in main
/data/swj/optfuzz/benchmark/binutils-2.43/binutils/nm.c:2170:12
#9 0x7f0ee8e3c082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
#10 0x56116e35a58d in _start
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x10258d) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/nm+0x19bc80) (BuildId:
9d598c4b9c0b057147ee0991995238de5ef0bab6) in __sanitizer::internal_strlen(char
const*)
==2882363==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug binutils/32556] New: nm address points to the zero page,
swj22 at mails dot tsinghua.edu.cn <=