https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78630
Bug ID: 78630 Summary: Segfault in Libiberty Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: thuanpv at comp dot nus.edu.sg Target Milestone: --- Dear all, Using AFLFast (https://github.com/mboehme/aflfast), a fork of AFL, we found an input causing nm (a binutils program which uses libiberty) to crash. The bug was found on Ubuntu 14.04 & binutils was checked out from https://github.com/bminor/binutils-gdb repository. Its commit is 268ebe95201d2ebdcf68cad9dc67ff6d1e25be9e (Fri Nov 18 14:15:12 2016) To reproduce: printf "\x24\x24\x0a\x20\x5f\x5a\x6f\x6f\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4b\x4d\x41\x5f\x74\x74\x74\x74\x74\x74\x74\x74\x74\x74\x32\x4b\x30\x77\x62\x62\x0a\x0a" > fd nm-new -C fd ASAN says: ==114157==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe80282e58 (pc 0x000000643cc7 bp 0x7ffe80283070 sp 0x7ffe80282dd0 T0) #0 0x643cc6 in d_print_comp_inner ../../libiberty/cp-demangle.c:4568 #1 0x65463c in d_print_comp ../../libiberty/cp-demangle.c:5654 #2 0x6496d1 in d_print_comp_inner ../../libiberty/cp-demangle.c:5156 #3 0x6563f4 in d_print_comp ../../libiberty/cp-demangle.c:5654 #4 0x6563f4 in d_print_mod ../../libiberty/cp-demangle.c:5866 #5 0x659103 in d_print_mod_list ../../libiberty/cp-demangle.c:5787 #6 0x658d2b in d_print_mod_list ../../libiberty/cp-demangle.c:4180 #7 0x658d2b in d_print_array_type ../../libiberty/cp-demangle.c:6001 #8 0x65954f in d_print_mod_list ../../libiberty/cp-demangle.c:5744 ... Valgrind says: ==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f08 ==47988== ==47988== Process terminating with default action of signal 11 (SIGSEGV) ==47988== Access not within mapped region at address 0xFFE801F08 ==47988== at 0x804C34: d_print_comp_inner (cp-demangle.c:4580) ==47988== If you believe this happened as a result of a stack ==47988== overflow in your program's main thread (unlikely but ==47988== possible), you can try to increase the size of the ==47988== main thread stack using the --main-stacksize= flag. ==47988== The main thread stack size used in this run was 8388608. ==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f00 ==47988== ==47988== Process terminating with default action of signal 11 (SIGSEGV) ==47988== Access not within mapped region at address 0xFFE801F00 ==47988== at 0x4A256B0: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so) Best regards, Thuan