[Bug binutils/29677] New: Field `the_bfd` of `asymbol` is uninitialized

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/29677] New: Field `the_bfd` of `asymbol` is uninitialized

From:	r3tr0spect2019 at gmail dot com
Subject:	[Bug binutils/29677] New: Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
Date:	Thu, 13 Oct 2022 02:33:42 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=29677

            Bug ID: 29677
           Summary: Field `the_bfd` of `asymbol` is uninitialized in
                    function `bfd_mach_o_get_synthetic_symtab`
           Product: binutils
           Version: 2.40 (HEAD)
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: r3tr0spect2019 at gmail dot com
  Target Milestone: ---

Created attachment 14396
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14396&action=edit
bug analysis and poc

# Reproduce

cd binutils-gdb
git reset --hard 1d4e62f498b1340569fd58c401f98c287cb5d071
mkdir build
../configure --disable-gdb --disable-gdbserver --disable-gdbsupport
--disable-libdecnumber --disable-readline --disable-sim --disable-libbacktrace
--disable-gas --disable-ld --disable-werror --enable-targets=all
CPPFLAGS=-DDEBUG CFLAGS="-g -O0 -fsanitize=address"
make all-binutils MAKEINFO=true && true
binutils/objdump -d the_bfd_uninit.bin

# Output

../../fuzz/poc/the_bfd_uninit.bin:     file format mach-o-x86-64

./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type
field 0x6: setting to undefined
./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type
field 0x4: setting to undefined
AddressSanitizer:DEADLYSIGNAL
=================================================================
==474946==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x55795709e9ec
bp 0x7ffd19b7eaf0 sp 0x7ffd19b7eae0 T0)
==474946==The signal is caused by a READ memory access.
==474946==Hint: this fault was caused by a dereference of a high value address
(see register values below).  Dissassemble the provided pc to learn which
register was used.
    #0 0x55795709e9ec in bfd_get_flavour ../bfd/bfd.h:7803
    #1 0x5579570a2b2b in compare_symbols ../../binutils/objdump.c:1204
    #2 0x7f3971b6940e in msort_with_tmp stdlib/msort.c:82
    #3 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44
    #4 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53
    #5 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44
    #6 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52
    #7 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44
    #8 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52
    #9 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44
    #10 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53
    #11 0x7f3971b69a55 in msort_with_tmp stdlib/msort.c:44
    #12 0x7f3971b69a55 in __GI___qsort_r stdlib/msort.c:296
    #13 0x7f3971da0934 in __interceptor_qsort
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9917
    #14 0x5579570ae4fb in disassemble_section ../../binutils/objdump.c:3780
    #15 0x5579575a429f in bfd_map_over_sections ../../bfd/section.c:1373
    #16 0x5579570b0855 in disassemble_data ../../binutils/objdump.c:4152
    #17 0x5579570b80a3 in dump_bfd ../../binutils/objdump.c:5564
    #18 0x5579570b837d in display_object_bfd ../../binutils/objdump.c:5627
    #19 0x5579570b86b7 in display_any_bfd ../../binutils/objdump.c:5713
    #20 0x5579570b8730 in display_file ../../binutils/objdump.c:5734
    #21 0x5579570b9fd1 in main ../../binutils/objdump.c:6130
    #22 0x7f3971b4ed8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #23 0x7f3971b4ee3f in __libc_start_main_impl ../csu/libc-start.c:392
    #24 0x55795709e584 in _start
(/home/holing/pro/github/binutils-gdb/build/binutils/objdump+0xdf0584)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../bfd/bfd.h:7803 in bfd_get_flavour
==474946==ABORTING
Aborted

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/29677] New: Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`, r3tr0spect2019 at gmail dot com <=
- [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`, r3tr0spect2019 at gmail dot com, 2022/10/12
- [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`, amodra at gmail dot com, 2022/10/13
- [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`, cvs-commit at gcc dot gnu.org, 2022/10/14
- [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`, amodra at gmail dot com, 2022/10/15

Prev by Date: [Bug gas/29655] s390x gas generates PC32DBL instead of PLT32DBL for function call
Next by Date: [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
Previous by thread: Issue 49287 in oss-fuzz: binutils:fuzz_nm: Stack-overflow in mmo_get_symbols
Next by thread: [Bug binutils/29677] Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
Index(es):
- Date
- Thread