https://sourceware.org/bugzilla/show_bug.cgi?id=27801
Bug ID: 27801 Summary: [size] heap-buffer-overflow on bfd/mach-o.c:5934 Product: binutils Version: 2.37 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dkcjd2000 at gmail dot com Target Milestone: --- Created attachment 13413 --> https://sourceware.org/bugzilla/attachment.cgi?id=13413&action=edit crash test case Hello, I report a double free detected by address sanitizer. I found this test input by fuzz testing. The stack traces are as follows: ==3915==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000071 at pc 0x000001442705 bp 0x7fffffffe3a0 sp 0x7fffffffe398READ of size 8 at 0x604000000071 thread T0' #0 0x1442704 in bfd_mach_o_core_fetch_environment ...//subjects/binutils-gdb/bfd/mach-o.c:5934:11' #1 0x1442dae in bfd_mach_o_core_file_failing_command ...//subjects/binutils-gdb/bfd/mach-o.c:5978:9' #2 0x4ed8e6 in bfd_core_file_failing_command ...//subjects/binutils-gdb/bfd/corefile.c:58:10' #3 0x4c6d42 in display_bfd ...//subjects/binutils-gdb/binutils/size.c:352:18' #4 0x4c6824 in display_file ...//subjects/binutils-gdb/binutils/size.c:432:5' #5 0x4c6412 in main ...//subjects/binutils-gdb/binutils/size.c:258:7' #6 0x7ffff6e22bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310' #7 0x41be59 in _start (...//subjects_asan/size/size.san+0x41be59)' You can reproduce the bug by executing ./size <test input> I tested the subject on the latest version uploaded on git, build with --disable-shared --disable-gdb --disable-libdecnumber --disable-ld --enable-targets=all configure options. Thanks -- You are receiving this mail because: You are on the CC list for the bug.