https://sourceware.org/bugzilla/show_bug.cgi?id=30324
Bug ID: 30324 Summary: gprof SEGV out-of-bound read bug Product: binutils Version: 2.39 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gprof Assignee: unassigned at sourceware dot org Reporter: mengda2020 at iscas dot ac.cn Target Milestone: --- Created attachment 14807 --> https://sourceware.org/bugzilla/attachment.cgi?id=14807&action=edit PoC file ### Test Environment Ubuntu 20.04, 64 bit binutils (version: v2.39) ### How to trigger Compile the program with AddressSanitizer Run command $ ./gprof -l -a -D $PoC ### Details ASAN report $./gprof -l -a -D $PoC ``` BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a section extending past end of file BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: unknown type [0x7f0007] section `-tag' BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: warning: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2 has a program header with invalid alignment BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 538976288 >= 537 for section `shstrtab' BFD: out/default/crashes/id:000004,sig:11,src:000815+000522,time:8516023,execs:4686038,op:splice,rep:2: invalid string offset 4640 >= 537 for section `shstrtab' AddressSanitizer:DEADLYSIGNAL ================================================================= ==2013900==ERROR: AddressSanitizer: SEGV on unknown address 0x612ffffffef0 (pc 0x0000005086d9 bp 0x7ffd5dcf7230 sp 0x7ffd5dcf6e30 T0) ==2013900==The signal is caused by a READ memory access. #0 0x5086d9 in symtab_finalize /home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/symtab.c:150:40 #1 0x4f2be0 in core_create_line_syms /home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/corefile.c:911:3 #2 0x4fcaef in main /home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/gprof.c:534:5 #3 0x7f4f90cd5082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #4 0x41d54d in _start (/home/cmd/randomFuzz/binutils/gprof/gprof_l_a_D/gprof+0x41d54d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/cmd/FuzzDateset/binutils/binutils-gdb-binutils-2_39/gprof/symtab.c:150:40 in symtab_finalize ==2013900==ABORTING ``` -- You are receiving this mail because: You are on the CC list for the bug.