Bug ID: 20901
           Summary: AS: Hangs
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: boehme.marcel at gmail dot com
  Target Milestone: ---

Dear all,

The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.

The assembler hangs for the following execution on Ubuntu 16.04 x86_64 and
14.04 x86_64 for Binutils v2.24, v2.26.1, and trunk:

$ printf
> a

$ ./as a

It slowly eats up the available memory. Couldn't determine whether this is
actually an infinite loop or just a very long execution. Was unable to minimize
the test case with this execution time.

STRACE reports repeated calls to brk:
brk(0x2705000)                          = 0x2705000
brk(0x2726000)                          = 0x2726000
brk(0x2747000)                          = 0x2747000
brk(0x2768000)                          = 0x2768000
brk(0x2789000)                          = 0x2789000
brk(0x27aa000)                          = 0x27aa000

ASAN reports as signed integer overflow:
../../gas/expr.c:1939:46: runtime error: signed integer overflow: 44444 *
444555555885555555 cannot be represented in type 'long int'

Interupting GDB at a random point during the execution gives:
(gdb) bt
#0  frag_more (nchars=2) at frags.c:208
#1  0x0000000000498c8f in emit_expr_with_reloc (reloc=BFD_RELOC_NONE,
nbytes=<optimized out>, exp=0x7fffffffe180) at read.c:4336
#2  emit_expr (nbytes=<optimized out>, exp=0x7fffffffe180) at read.c:4184
#3  s_space (mult=<optimized out>) at read.c:3401
#4  0x00000000004b5bb0 in read_a_source_file (name=<optimized out>) at
#5  0x0000000000407ed2 in perform_an_assembly_pass (argv=0xccef08,
argc=<optimized out>) at as.c:1172
#6  main (argc=<optimized out>, argv=<optimized out>) at as.c:1296
(gdb) p *exp
$1 = {X_add_symbol = 0x0, X_op_symbol = 0x0, X_add_number = 55555, X_op =
O_constant, X_unsigned = 1, X_extrabit = 0, X_md = 63469}

Best regards,
- Marcel

You are receiving this mail because:
You are on the CC list for the bug.
bug-binutils mailing list

Reply via email to