[Bug ld/13031] Building CodeBlocks on Windows using mingw gcc 4.6.1 "-flto -fuse-linker-plugin" results in many linker stage errors
https://sourceware.org/bugzilla/show_bug.cgi?id=13031 Andrew Pinski changed: What|Removed |Added See Also||http://gcc.gnu.org/bugzilla ||/show_bug.cgi?id=49844 CC||pinskia at gcc dot gnu.org -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28754] New: stack-overflow in printf_common
https://sourceware.org/bugzilla/show_bug.cgi?id=28754 Bug ID: 28754 Summary: stack-overflow in printf_common Product: binutils Version: 2.37 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wyxaidai at gmail dot com Target Milestone: --- Created attachment 13896 --> https://sourceware.org/bugzilla/attachment.cgi?id=13896&action=edit poc objdump -g poc SUMMARY: AddressSanitizer: stack-overflow (/home/aidai/fuzzing/binutils/fuzz/bin/objdump+0x43a551) in printf_common(void*, char const*, __va_list_tag*) ==49097==ABORTING -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/27923] ld: Support DT_RELR relative relocation format
https://sourceware.org/bugzilla/show_bug.cgi?id=27923 H.J. Lu changed: What|Removed |Added Target Milestone|--- |2.38 Status|WAITING |NEW Version|unspecified |2.38 (HEAD) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28753] New: Heap-based Buffer Overflow in bfd_getl32
https://sourceware.org/bugzilla/show_bug.cgi?id=28753 Bug ID: 28753 Summary: Heap-based Buffer Overflow in bfd_getl32 Product: binutils Version: 2.38 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wyxaidai at gmail dot com Target Milestone: --- Created attachment 13895 --> https://sourceware.org/bugzilla/attachment.cgi?id=13895&action=edit poc ``` ./objdump -g poc poc: file format elf64-x86-64 ./objdump: poc: invalid string offset 16711680 >= 6 for section `.strtab' = ==3170153==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030011a at pc 0x006b2bba bp 0x7ffca4f16920 sp 0x7ffca4f16918 READ of size 1 at 0x6030011a thread T0 #0 0x6b2bb9 in bfd_getl32 /home/aidai/fuzzing/binutils/binutils-gdb/bfd/libbfd.c:729:24 #1 0x5862c0 in read_section_stabs_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:220:25 #2 0x5862c0 in read_debugging_info /home/aidai/fuzzing/binutils/binutils-gdb/binutils/rddbg.c:56:9 #3 0x4cef17 in dump_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5153:17 #4 0x4ca155 in display_object_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c #5 0x4ca155 in display_any_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5299:5 #6 0x4c9ce5 in display_file /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5320:3 #7 0x4c74af in main /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5688:6 #8 0x7f5ea20030b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #9 0x41c5ed in _start (/home/aidai/fuzzing/binutils/results/out-objdump-0102/objdump-fuzzer/crashes/objdump+0x41c5ed) 0x6030011a is located 0 bytes to the right of 26-byte region [0x60300100,0x6030011a) allocated by thread T0 here: #0 0x494d2d in malloc (/home/aidai/fuzzing/binutils/results/out-objdump-0102/objdump-fuzzer/crashes/objdump+0x494d2d) #1 0xa2008a in xmalloc /home/aidai/fuzzing/binutils/binutils-gdb/libiberty/./xmalloc.c:147:12 #2 0x4cef17 in dump_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5153:17 #3 0x4ca155 in display_object_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c #4 0x4ca155 in display_any_bfd /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5299:5 #5 0x4c9ce5 in display_file /home/aidai/fuzzing/binutils/binutils-gdb/binutils/./objdump.c:5320:3 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/aidai/fuzzing/binutils/binutils-gdb/bfd/libbfd.c:729:24 in bfd_getl32 Shadow bytes around the buggy address: 0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff8000: fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa fd fd 0x0c067fff8010: fd fa fa fa fd fd fd fa fa fa 00 00 00 fa fa fa =>0x0c067fff8020: 00 00 00[02]fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==3170153==ABORTING -- You are receiving this mail because: You are on the CC list for the bug.
