This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/78630] New: Segfault in Libiberty
- From: "thuanpv at comp dot nus.edu.sg" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 01 Dec 2016 10:25:47 +0000
- Subject: [Bug c++/78630] New: Segfault in Libiberty
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78630
Bug ID: 78630
Summary: Segfault in Libiberty
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: thuanpv at comp dot nus.edu.sg
Target Milestone: ---
Dear all,
Using AFLFast (https://github.com/mboehme/aflfast), a fork of AFL, we found an
input causing nm (a binutils program which uses libiberty) to crash.
The bug was found on Ubuntu 14.04 & binutils was checked out from
https://github.com/bminor/binutils-gdb repository. Its commit is
268ebe95201d2ebdcf68cad9dc67ff6d1e25be9e (Fri Nov 18 14:15:12 2016)
To reproduce:
printf
"\x24\x24\x0a\x20\x5f\x5a\x6f\x6f\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4b\x4d\x41\x5f\x74\x74\x74\x74\x74\x74\x74\x74\x74\x74\x32\x4b\x30\x77\x62\x62\x0a\x0a"
> fd
nm-new -C fd
ASAN says:
==114157==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe80282e58 (pc
0x000000643cc7 bp 0x7ffe80283070 sp 0x7ffe80282dd0 T0)
#0 0x643cc6 in d_print_comp_inner ../../libiberty/cp-demangle.c:4568
#1 0x65463c in d_print_comp ../../libiberty/cp-demangle.c:5654
#2 0x6496d1 in d_print_comp_inner ../../libiberty/cp-demangle.c:5156
#3 0x6563f4 in d_print_comp ../../libiberty/cp-demangle.c:5654
#4 0x6563f4 in d_print_mod ../../libiberty/cp-demangle.c:5866
#5 0x659103 in d_print_mod_list ../../libiberty/cp-demangle.c:5787
#6 0x658d2b in d_print_mod_list ../../libiberty/cp-demangle.c:4180
#7 0x658d2b in d_print_array_type ../../libiberty/cp-demangle.c:6001
#8 0x65954f in d_print_mod_list ../../libiberty/cp-demangle.c:5744
...
Valgrind says:
==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f08
==47988==
==47988== Process terminating with default action of signal 11 (SIGSEGV)
==47988== Access not within mapped region at address 0xFFE801F08
==47988== at 0x804C34: d_print_comp_inner (cp-demangle.c:4580)
==47988== If you believe this happened as a result of a stack
==47988== overflow in your program's main thread (unlikely but
==47988== possible), you can try to increase the size of the
==47988== main thread stack using the --main-stacksize= flag.
==47988== The main thread stack size used in this run was 8388608.
==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f00
==47988==
==47988== Process terminating with default action of signal 11 (SIGSEGV)
==47988== Access not within mapped region at address 0xFFE801F00
==47988== at 0x4A256B0: _vgnU_freeres (in
/usr/lib/valgrind/vgpreload_core-amd64-linux.so)
Best regards,
Thuan