[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

[Kamlesh Kumar]

It is fixed in binutils 2.32.
should we backport it in 2.30?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1763101

Title:
  OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

Status in binutils package in Ubuntu:
  Confirmed

Bug description:
  Dear all,
  The following binutils cxxfilt OOM bug was found by a modified version of the 
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and 
an ASAN report.

  Steps to reproduce:

  Build current verison of binutils:

  ```
  pull-lp-source binutils
  cd binutils-2.30
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" 
LDFLAGS="-fsanitize=address" ./configure
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address
  -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
  ```

  Run inputs under ASAN:

  ```
  ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
  ```

  We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu
  16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R)
  Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM.

  Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
  Universität Bochum)

  Best regards,
  Sergej Schumilo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

[Kamlesh Kumar]

Here is the changelog which fix this.

2018-12-22  Jason Merrill  

Remove support for demangling GCC 2.x era mangling schemes.
* cplus-dem.c: Remove cplus_mangle_opname, cplus_demangle_opname,
internal_cplus_demangle, and all subroutines.
(libiberty_demanglers): Remove entries for ancient GNU (pre-3.0),
Lucid, ARM, HP, and EDG demangling styles.
(cplus_demangle): Remove 'work' variable.  Don't call
internal_cplus_demangle.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1763101

Title:
  OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

Status in binutils package in Ubuntu:
  Confirmed

Bug description:
  Dear all,
  The following binutils cxxfilt OOM bug was found by a modified version of the 
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and 
an ASAN report.

  Steps to reproduce:

  Build current verison of binutils:

  ```
  pull-lp-source binutils
  cd binutils-2.30
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" 
LDFLAGS="-fsanitize=address" ./configure
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address
  -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
  ```

  Run inputs under ASAN:

  ```
  ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
  ```

  We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu
  16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R)
  Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM.

  Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
  Universität Bochum)

  Best regards,
  Sergej Schumilo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

[Simon Wörner]

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12934

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1763101

Title:
  OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

Status in binutils package in Ubuntu:
  Confirmed

Bug description:
  Dear all,
  The following binutils cxxfilt OOM bug was found by a modified version of the 
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and 
an ASAN report.

  Steps to reproduce:

  Build current verison of binutils:

  ```
  pull-lp-source binutils
  cd binutils-2.30
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" 
LDFLAGS="-fsanitize=address" ./configure
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address
  -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
  ```

  Run inputs under ASAN:

  ```
  ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
  ```

  We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu
  16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R)
  Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM.

  Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
  Universität Bochum)

  Best regards,
  Sergej Schumilo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

[Marc Deslauriers]

** Changed in: binutils (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1763101

Title:
  OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

Status in binutils package in Ubuntu:
  Confirmed

Bug description:
  Dear all,
  The following binutils cxxfilt OOM bug was found by a modified version of the 
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and 
an ASAN report.

  Steps to reproduce:

  Build current verison of binutils:

  ```
  pull-lp-source binutils
  cd binutils-2.30
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" 
LDFLAGS="-fsanitize=address" ./configure
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address
  -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
  ```

  Run inputs under ASAN:

  ```
  ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
  ```

  We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu
  16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R)
  Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM.

  Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
  Universität Bochum)

  Best regards,
  Sergej Schumilo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

[Seth Arnold]

Reported to libiberty developers:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453

** Bug watch added: GCC Bugzilla #85453
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1763101

Title:
  OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)

Status in binutils package in Ubuntu:
  New

Bug description:
  Dear all,
  The following binutils cxxfilt OOM bug was found by a modified version of the 
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and 
an ASAN report.

  Steps to reproduce:

  Build current verison of binutils:

  ```
  pull-lp-source binutils
  cd binutils-2.30
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" 
LDFLAGS="-fsanitize=address" ./configure
  CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address 
-ggdb" CXXFLAGS="-fsanitize=address
  -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make
  ```

  Run inputs under ASAN:

  ```
  ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom
  ```

  We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu
  16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R)
  Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM.

  Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
  Universität Bochum)

  Best regards,
  Sergej Schumilo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp