[Bug binutils/25072] New: malloc(): memory corruption in function print_symbol

Mon, 07 Oct 2019 09:50:15 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=25072

            Bug ID: 25072
           Summary: malloc(): memory corruption in function print_symbol
           Product: binutils
           Version: 2.34 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: bugzilla.sourceware at qiushi dot ac.cn
  Target Milestone: ---

Created attachment 12027
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12027&action=edit
poc3

```
# gdb ./binutils-gdb/binutils/nm-new -ex 'r -A -a -l -S -s --special-syms
--synthetic --with-symbol-versions -D
poc3_malloc-memory-corruption_print_symbol' -ex bt -ex quit

malloc(): memory corruption

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff7603801 in __GI_abort () at abort.c:79
#2  0x00007ffff764c897 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff7779b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff765390a in malloc_printerr (str=str@entry=0x7ffff7777e0e
"malloc(): memory corruption") at malloc.c:5350
#4  0x00007ffff7657994 in _int_malloc (av=av@entry=0x7ffff79aec40 <main_arena>,
bytes=bytes@entry=280) at malloc.c:3738
#5  0x00007ffff765a0fc in __GI___libc_malloc (bytes=280) at malloc.c:3057
#6  0x00000000007b608d in xmalloc (size=<optimized out>) at ./xmalloc.c:147
#7  0x0000000000408f5b in print_symbol (abfd=abfd@entry=0xa0d6b0, sym=0xa1d4a0,
ssize=ssize@entry=0, archive_bfd=archive_bfd@entry=0x0) at nm.c:965
#8  0x000000000040a59d in print_symbols (archive_bfd=0x0, size=8,
symcount=<optimized out>, minisyms=<optimized out>, is_dynamic=1,
abfd=0xa0d6b0) at nm.c:1088
#9  display_rel_file (abfd=abfd@entry=0xa0d6b0,
archive_bfd=archive_bfd@entry=0x0) at nm.c:1210
#10 0x000000000040d6de in display_file (filename=0x7fffffffe738
"poc3_malloc-memory-corruption_print_symbol") at nm.c:1377
#11 0x0000000000405882 in main (argc=11, argv=0x7fffffffe448) at nm.c:1858
```

Reproducible docker image has been pushed to
`zjuchenyuan/dockerized_poc:binutils-pocs`, but ASAN build seems cannot giving
backtrace information.

Dockerfile: (I would suggest removing AFL_USE_ASAN environment)

```
FROM zjuchenyuan/afl
ENV AFL_USE_ASAN=1
RUN git clone git://sourceware.org/git/binutils-gdb.git --depth 50 &&\
    cd binutils-gdb &&\
    git checkout 816228ed09dc867fa16dc5458277d649885d98fe &&\
    ./configure --disable-shared &&\
    for i in bfd libiberty opcodes libctf; do cd $i; ./configure
--disable-shared && make -j; cd ..; done  &&\
    cd binutils  &&\
    ./configure --disable-shared &&\
    make objdump nm-new size readelf cxxfilt

RUN apt install -y gdb &&\
    echo -e "set pagination off\nset confirm off" > /root/.gdbinit

ADD . /

# we may need to compile again without ASAN to use gdb

RUN gdb ./binutils-gdb/binutils/nm-new -ex 'r -A -a -l -S -s --special-syms
--synthetic --with-symbol-versions -D
poc3_malloc-memory-corruption_print_symbol' -ex bt -ex quit

```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to