Dear all, according to the bintutils maintainers the following stack-overflow bug is in the C++ name demangler (instead of the binutils application nm-new), which is part of the libiberty library. This is the original binutils bug report (https://sourceware.org/bugzilla/show_bug.cgi?id=23058): ----------------------------------------------------------------------------- Dear all, after reporting the following bugs to the Ubuntu security team (https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099), we were asked to report them directly to the binutils developers: ---------------------------------------------------- Dear all, The following binutils nm-new Stack-Overflow was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the crashing input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=true:allow_addr2line=true ./nm-new a -C -l --synthetic $file ``` We can verify this issue for nm-new binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils"). Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität Bochum) Best regards, Sergej Schumilo
Fixed with commit 266886