[Bug binutils/29946] New: Memroy leak in objdump

[pdeng21 at m dot fudan.edu.cn]

https://sourceware.org/bugzilla/show_bug.cgi?id=29946

Bug ID: 29946
   Summary: Memroy leak in objdump
   Product: binutils
   Version: 2.40 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: pdeng21 at m dot fudan.edu.cn
  Target Milestone: ---

Created attachment 14540
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14540=edit
PoC to replay the vulnerability

#Summary
There is a memory leak vulnerability in objdump, which can be triggered by a
craft elf file.

#Verification
git clone git://sourceware.org/git/binutils-gdb.git
CC="clang -fsanitize=address" CXX="clang++ -fsanitize=address" ./configure
--disable-shared && make -j$(nproc)
./binutils/objdump -S poc

#ASAN
./objdump: poc: no group info for section '.got.plt'

Section '.debug_info' has an invalid size: 0.
./objdump: Warning: .note.gnu.build-id data size is too big

poc: file format elf64-little

./objdump: poc: attempt to load strings from a non-string section (number 19)
./objdump: poc: .gnu.version_r invalid entry
./objdump: poc: bad value

=
==20184==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x4942ed in malloc (/binutils-gdb/binutils/objdump+0x4942ed)
#1 0x841388 in xmalloc /binutils-gdb/libiberty/./xmalloc.c:149:12
#2 0x4c6ec0 in display_object_bfd /binutils-gdb/binutils/./objdump.c
#3 0x4c6ec0 in display_any_bfd /binutils-gdb/binutils/./objdump.c:5825:5
#4 0x4c5664 in display_file /binutils-gdb/binutils/./objdump.c:5846:3
#5 0x4c5664 in main /binutils-gdb/binutils/./objdump.c:6254:6
#6 0x7ff5e6aa5c86 in __libc_start_main
/build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: 112 byte(s) leaked in 1 allocation(s).

#Envieonment
Ubuntu 18.04
clang 10.0.0

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/29939] -z pack-relative-relocs --no-keep-memory -pie tries to write a yet-to-be-loaded section content

[arsen at aarsen dot me]

https://sourceware.org/bugzilla/show_bug.cgi?id=29939

--- Comment #2 from Arsen Arsenović  ---
Builds the original reproducer (webkitgtk), thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/29939] -z pack-relative-relocs --no-keep-memory -pie tries to write a yet-to-be-loaded section content

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29939

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by H.J. Lu :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9eb71a53bf36a370e21a6fbbb21e2726f64b0fd0

commit 9eb71a53bf36a370e21a6fbbb21e2726f64b0fd0
Author: H.J. Lu 
Date:   Tue Dec 27 11:41:11 2022 -0800

x86-64: Allocate input section memory if needed

When --no-keep-memory is used, the input section memory may not be cached.
Allocate input section memory for -z pack-relative-relocs if needed.

bfd/

PR ld/29939
* elfxx-x86.c (elf_x86_size_or_finish_relative_reloc): Allocate
input section memory if needed.

ld/

PR ld/29939
* testsuite/ld-elf/dt-relr-2i.d: New test.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/29939] -z pack-relative-relocs --no-keep-memory -pie tries to write a yet-to-be-loaded section content

[hjl.tools at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=29939

H.J. Lu  changed:

   What|Removed |Added

 CC||hjl.tools at gmail dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.