[Bug binutils/24927] Conditional jump or move depends on uninitialized values trigger in dump
https://sourceware.org/bugzilla/show_bug.cgi?id=24927 --- Comment #3 from Bowen Wang --- (In reply to Nick Clifton from comment #1) > (In reply to Bowen Wang from comment #0) > Hi Bowen, > > > CC=clang \ > > Is it possible that this is a clang compilation bug ? > > I tried to reproduce the problem using a toolchain built with gcc > rather than clang, and nothing went wrong. > > Looking at the code it is hard to see where the uninitialised value > might occur. The fnmatch function is being called with two pointers, > match->triplet, which has already been tested in the for() loop header > and which has static initialisation anyway, and name, which should > have been set in set_default_bfd_target(). > > Cheers > Nick It seems that it is not related to the compiler. When run objdump with glibc version <= 2.28, this problem will happen, what glibc version are you using? Bowen -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24927] Conditional jump or move depends on uninitialized values trigger in dump
https://sourceware.org/bugzilla/show_bug.cgi?id=24927 --- Comment #2 from Bowen Wang --- What is the glibc version you are using? I found this bug in glibc 2.28. I tried to reproduce this bug using glibc 2.29, I can't catch this bug either. This seems to be a bug in glibc. Bowen -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24829] readelf: multi interger overflow in readelf.c and dwarf.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24829 --- Comment #13 from tfx --- (In reply to Nick Clifton from comment #12) > Created attachment 11961 [details] > Another patch > > OK, in which case please could you try out this patch and let me know if it > fixes the bug ? > > Cheers > Nick I tested this patch and it successfully fixed these problems. Thanks for your work. Cheers -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24829] readelf: multi interger overflow in readelf.c and dwarf.c
https://sourceware.org/bugzilla/show_bug.cgi?id=24829 --- Comment #12 from Nick Clifton --- Created attachment 11961 --> https://sourceware.org/bugzilla/attachment.cgi?id=11961=edit Another patch OK, in which case please could you try out this patch and let me know if it fixes the bug ? Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24922] An out-of-bounds read in pex64_xdata_print_uwd_codes
https://sourceware.org/bugzilla/show_bug.cgi?id=24922 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Mingi, Thanks for reporting this problem. I have checked in a patch to add extra checks to catch this kind of buffer overflow. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24922] An out-of-bounds read in pex64_xdata_print_uwd_codes
https://sourceware.org/bugzilla/show_bug.cgi?id=24922 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03da31c6764c1bca9b0b0529344a8ea933c825ea commit 03da31c6764c1bca9b0b0529344a8ea933c825ea Author: Nick Clifton Date: Thu Aug 22 14:37:03 2019 +0100 Fix an illegal memory access when dumping corrupt x86_64 PE unwind data. PR 24922 * pei-x86_64.c (pex64_xdata_print_uwd_codes): Add checks before reading data from extra records. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24931] New: objdump: print source code as comments
https://sourceware.org/bugzilla/show_bug.cgi?id=24931 Bug ID: 24931 Summary: objdump: print source code as comments Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: trass3r at gmail dot com Target Milestone: --- When using objdump -dS it's really hard to distinguish between assembly code and printed source lines. Printing them as comments helps a lot and also reduces confusion for editor parsers. PoC: --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -1596,7 +1596,7 @@ print_line (struct print_file_list *p, unsigned int linenum) l = p->linemap [linenum]; /* Test fwrite return value to quiet glibc warning. */ len = strcspn (l, "\n\r"); - if (len == 0 || fwrite (l, len, 1, stdout) == 1) + if (len == 0 || (fwrite ("# ", 2, 1, stdout), fwrite (l, len, 1, stdout) == 1)) putchar ('\n'); } -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24921] A floating point exception in process_cu_tu_index
https://sourceware.org/bugzilla/show_bug.cgi?id=24921 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Mingi, Thanks for reporting this problem. I have checked in a small patch to add a test for ncols being 0 before the other checks are run. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24921] A floating point exception in process_cu_tu_index
https://sourceware.org/bugzilla/show_bug.cgi?id=24921 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4ac948a0447f1abc9bc3b2c38363e883b1b06634 commit 4ac948a0447f1abc9bc3b2c38363e883b1b06634 Author: Nick Clifton Date: Thu Aug 22 13:11:18 2019 +0100 Prevent a floating point exception in the dwarf parser when a CU or TU table does not have any columns. PR 24921 * dwarf.c (process_cu_tu_index): Handle the case where a table does not have any columns. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24927] Conditional jump or move depends on uninitialized values trigger in dump
https://sourceware.org/bugzilla/show_bug.cgi?id=24927 Nick Clifton changed: What|Removed |Added CC||nickc at redhat dot com --- Comment #1 from Nick Clifton --- (In reply to Bowen Wang from comment #0) Hi Bowen, > CC=clang \ Is it possible that this is a clang compilation bug ? I tried to reproduce the problem using a toolchain built with gcc rather than clang, and nothing went wrong. Looking at the code it is hard to see where the uninitialised value might occur. The fnmatch function is being called with two pointers, match->triplet, which has already been tested in the for() loop header and which has static initialisation anyway, and name, which should have been set in set_default_bfd_target(). Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/24601] aarch64: local-exec TPREL relocations to weak undefined symbols -> assertion fail
https://sourceware.org/bugzilla/show_bug.cgi?id=24601 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Tamar Christina : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=652afeef247770b22c44ca292d1f4c65be40a696 commit 652afeef247770b22c44ca292d1f4c65be40a696 Author: Tamar Christina Date: Thu Aug 22 11:35:35 2019 +0100 AArch64: Fix LD crash on weak and undefined TLS symbols. (PR/24602). This patch fixes a few linker crashes due to TLS code reaching an assert when it shouldn't. The first scenario is with weak TLS symbols that remain weak during linking. In this case the mid-end would not have seen a TLS symbol and so wouldn't have allocated the TLS section. We currently assert here and the linker crashes with a not very useful message. This patch changes this to return the value 0 for the TLS symbol in question emulating what lld and gold and other BFD targets do. However because weak TLS is implementation defined and we don't define any behavior for it I also emit a warning to the user to inform them of such. Secondly when a strong TLS reference is undefined. The linker crashes even after it correctly reported that there is an undefined reference. This changes it so that it gracefully exits and reports a useful error. bfd/ChangeLog: PR ld/24601 * elfnn-aarch64.c (aarch64_relocate): Handle weak TLS and undefined TLS. Also Pass input_bfd to _bfd_aarch64_elf_resolve_relocation. * elfxx-aarch64.c (_bfd_aarch64_elf_resolve_relocation): Use it. * elfxx-aarch64.h (_bfd_aarch64_elf_resolve_relocation): Emit warning for weak TLS. ld/ChangeLog: PR ld/24601 * testsuite/ld-aarch64/aarch64-elf.exp (undef-tls, weak-tls): New. * testsuite/ld-aarch64/undef-tls.d: New test. * testsuite/ld-aarch64/undef-tls.s: New test. * testsuite/ld-aarch64/weak-tls.d: New test. * testsuite/ld-aarch64/weak-tls.s: New test. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
Re: Information leakage in nm-2.32
Hi Natalie, > I found a crash with AFL and used valgrind to run it. Looks like it is > information leakage problem. When you say "crash" do you mean that the nm program generated a segmentation fault or some kind of illegal memory access ? That certainly does not appear to be the case here. > Could you possibly fix this issue? Not if it is just a case of allocated memory not being freed by the time the program exits. The memory will be returned to the system, so there is no real problem with it not being freed. Plus since nm always exits, there is no potential for it to hog memory and prevent normal system operation. Sorry, but we are just not interested in resource leak problems at the moment. If you do find other issues however, for example memory corruption, or illegal memory accesses, then please feel free to report a bug using the binutils bugzilla system: https://sourceware.org/bugzilla/enter_bug.cgi?product=binutils Cheers Nick ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24927] Conditional jump or move depends on uninitialized values trigger in dump
https://sourceware.org/bugzilla/show_bug.cgi?id=24927 Bowen Wang changed: What|Removed |Added CC||wang8330 at umn dot edu -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24927] New: Conditional jump or move depends on uninitialized values trigger in dump
https://sourceware.org/bugzilla/show_bug.cgi?id=24927 Bug ID: 24927 Summary: Conditional jump or move depends on uninitialized values trigger in dump Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wang8330 at umn dot edu Target Milestone: --- Created attachment 11959 --> https://sourceware.org/bugzilla/attachment.cgi?id=11959=edit PoC input This bug is found in git commit: baf46cd78048e1b959462567556e1de1ef6b9039. To compile the binutils-gdb repo: CC=clang \ CFLAGS="-DFORTIFY_SOURCE=2 -fno-omit-frame-pointer -g -Wno-error" \ ./configure \ --disable-shared --disable-gdb --disable-libdecnumber --disable-readline \ --disable-sim make To trigger the bug: valgrind ./objdump -D test-input The output of Valgrind: ==27253== Memcheck, a memory error detector ==27253== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==27253== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==27253== Command: ./objdump -D /home/bwang/Bowen/gitrepo/diffuzz-3/monitor/monitor_out/input.6812 ==27253== Parent PID: 6226 ==27253== ==27253== Conditional jump or move depends on uninitialised value(s) ==27253==at 0x4A01F47: __wmemchr_avx2 (memchr-avx2.S:260) ==27253==by 0x49614C2: internal_fnwmatch (fnmatch_loop.c:168) ==27253==by 0x4964868: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434) ==27253==by 0x48D395: find_target (targets.c:1410) ==27253==by 0x48D2BC: bfd_set_default_target (targets.c:1444) ==27253==by 0x450F1E: set_default_bfd_target (bucomm.c:163) ==27253==by 0x404032: main (objdump.c:4286) ==27253== ==27253== ==27253== HEAP SUMMARY: ==27253== in use at exit: 0 bytes in 0 blocks ==27253== total heap usage: 871 allocs, 871 frees, 433,025 bytes allocated ==27253== ==27253== All heap blocks were freed -- no leaks are possible ==27253== ==27253== For counts of detected and suppressed errors, rerun with: -v ==27253== Use --track-origins=yes to see where uninitialised values come from ==27253== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils