https://sourceware.org/bugzilla/show_bug.cgi?id=20912
Bug ID: 20912
Summary: LD crashes when building global constructor tables
Product: binutils
Version: 2.28 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: boehme.marcel at gmail dot com
Target Milestone: ---
Dear all,
The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.
The linker crashes with an invalid read of size 8 for the following execution
on Binutils in trunk for Ubuntu 16.04 x86_64 and 14.04 x86_64. However, it does
*not* crash on preinstalled versions v2.24 and v2.26.1 on 14.04 and 16.04,
respectively.
$ printf
"%%50300000000000000000003E000000000000008000000008800000000800000000\x000000000000000"
> test
$ ld -Ur test
Segmentation fault
UBSAN says:
eelf_x86_64.c:1899:14: runtime error: member access within null pointer of type
'struct bfd_elf_section_data'
VALGRIND says:
==10933== Invalid read of size 8
==10933== at 0x4E0E7E: gldelf_x86_64_place_orphan (eelf_x86_64.c:1900)
==10933== by 0x46E56D: ldlang_place_orphan (ldlang.c:6258)
==10933== by 0x46E56D: lang_place_orphans (ldlang.c:6315)
==10933== by 0x46E56D: lang_process (ldlang.c:7002)
==10933== by 0x4081AC: main (ldmain.c:428)
==10933== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Best regards,
- Marcel
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
