[Bug libctf/28269] New: [nm] stack-overflow in nm-new 'demangle

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug libctf/28269] New: [nm] stack-overflow in nm-new 'demangle_path'

From:	tricker51449 at gmail dot com
Subject:	[Bug libctf/28269] New: [nm] stack-overflow in nm-new 'demangle_path'
Date:	Thu, 26 Aug 2021 12:12:36 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=28269

            Bug ID: 28269
           Summary: [nm] stack-overflow in nm-new 'demangle_path'
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libctf
          Assignee: unassigned at sourceware dot org
          Reporter: tricker51449 at gmail dot com
  Target Milestone: ---

Created attachment 13624
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13624&action=edit
test cases triggering the exception

Hello, 

I detected the following crash exception through fuzz testing, which I think
might be a vulnerability. 

The configuration of bin-utils is:

$ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure
--disable-shared && make -j

And nm-new is compiled with clang-8.0.

The test cases that trigger the crash are in the attachment.

Here is the stack trace by address sanitizer: 

AddressSanitizer:DEADLYSIGNAL
=================================================================
==96419==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc1d373e20 (pc
0x000000904f08 bp 0x7ffc1d374150 sp 0x7ffc1d373e20 T0)
    #0 0x904f07 in demangle_path (/binutils-2.36-asan/bin/nm+0x904f07)
    #1 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    #2 0x905c7f in demangle_path (/binutils-2.36-asan/bin/nm+0x905c7f)
    #3 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    #4 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    #5 0x905c7f in demangle_path (/binutils-2.36-asan/bin/nm+0x905c7f)
    #6 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    #7 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    #8 0x905c7f in demangle_path (/binutils-2.36-asan/bin/nm+0x905c7f)
    #9 0x905a42 in demangle_path (/binutils-2.36-asan/bin/nm+0x905a42)
    ...

    SUMMARY: AddressSanitizer: stack-overflow
(/binutils-2.36-asan/bin/nm+0x904f07) in demangle_path


Thanks & Best Regards

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug libctf/28269] New: [nm] stack-overflow in nm-new 'demangle_path', tricker51449 at gmail dot com <=
- [Bug binutils/28269] [nm] stack-overflow in nm-new 'demangle_path', tricker51449 at gmail dot com, 2021/08/26
- [Bug binutils/28269] [nm] stack-overflow in nm-new 'demangle_path', amodra at gmail dot com, 2021/08/27

Prev by Date: [Bug gold/28192] powerpc64le: gold generates wrong address with a relocation of symbol+offset@got@pcrel
Next by Date: [Bug binutils/28272] New: [strip] SEGV in group_signature - v2.30
Previous by thread: [Bug gas/28266] New: CWD present in object file even after use of -fdebug-prefix-map=$PWD=foo
Next by thread: [Bug binutils/28269] [nm] stack-overflow in nm-new 'demangle_path'
Index(es):
- Date
- Thread