[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)
It is fixed in binutils 2.32. should we backport it in 2.30? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1763101 Title: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1) Status in binutils package in Ubuntu: Confirmed Bug description: Dear all, The following binutils cxxfilt OOM bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom ``` We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)
Here is the changelog which fix this. 2018-12-22 Jason Merrill Remove support for demangling GCC 2.x era mangling schemes. * cplus-dem.c: Remove cplus_mangle_opname, cplus_demangle_opname, internal_cplus_demangle, and all subroutines. (libiberty_demanglers): Remove entries for ancient GNU (pre-3.0), Lucid, ARM, HP, and EDG demangling styles. (cplus_demangle): Remove 'work' variable. Don't call internal_cplus_demangle. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1763101 Title: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1) Status in binutils package in Ubuntu: Confirmed Bug description: Dear all, The following binutils cxxfilt OOM bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom ``` We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12934 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1763101 Title: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1) Status in binutils package in Ubuntu: Confirmed Bug description: Dear all, The following binutils cxxfilt OOM bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom ``` We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)
** Changed in: binutils (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1763101 Title: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1) Status in binutils package in Ubuntu: Confirmed Bug description: Dear all, The following binutils cxxfilt OOM bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom ``` We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1763101] Re: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1)
Reported to libiberty developers: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 ** Bug watch added: GCC Bugzilla #85453 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1763101 Title: OOM-Bug in cxxfilt (binuitils-2.30-15ubuntu1) Status in binutils package in Ubuntu: New Bug description: Dear all, The following binutils cxxfilt OOM bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=false:allow_addr2line=true ./cxxfilt -t < oom ``` We can verify this issue for cxxfilt binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils") on an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz server machine with 32GB RAM. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp