This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c++/78630] New: Segfault in Libiberty

From: "thuanpv at comp dot nus.edu.sg" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Thu, 01 Dec 2016 10:25:47 +0000
Subject: [Bug c++/78630] New: Segfault in Libiberty
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78630

            Bug ID: 78630
           Summary: Segfault in Libiberty
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: thuanpv at comp dot nus.edu.sg
  Target Milestone: ---

Dear all,
Using AFLFast (https://github.com/mboehme/aflfast), a fork of AFL, we found an
input causing nm (a binutils program which uses libiberty) to crash. 

The bug was found on Ubuntu 14.04 & binutils was checked out from
https://github.com/bminor/binutils-gdb repository. Its commit is 
268ebe95201d2ebdcf68cad9dc67ff6d1e25be9e (Fri Nov 18 14:15:12 2016)

To reproduce:
printf
"\x24\x24\x0a\x20\x5f\x5a\x6f\x6f\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4d\x4b\x4d\x41\x5f\x74\x74\x74\x74\x74\x74\x74\x74\x74\x74\x32\x4b\x30\x77\x62\x62\x0a\x0a"
> fd

nm-new -C fd



ASAN says:
==114157==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe80282e58 (pc
0x000000643cc7 bp 0x7ffe80283070 sp 0x7ffe80282dd0 T0)
    #0 0x643cc6 in d_print_comp_inner ../../libiberty/cp-demangle.c:4568
    #1 0x65463c in d_print_comp ../../libiberty/cp-demangle.c:5654
    #2 0x6496d1 in d_print_comp_inner ../../libiberty/cp-demangle.c:5156
    #3 0x6563f4 in d_print_comp ../../libiberty/cp-demangle.c:5654
    #4 0x6563f4 in d_print_mod ../../libiberty/cp-demangle.c:5866
    #5 0x659103 in d_print_mod_list ../../libiberty/cp-demangle.c:5787
    #6 0x658d2b in d_print_mod_list ../../libiberty/cp-demangle.c:4180
    #7 0x658d2b in d_print_array_type ../../libiberty/cp-demangle.c:6001
    #8 0x65954f in d_print_mod_list ../../libiberty/cp-demangle.c:5744
    ...

Valgrind says:
==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f08
==47988== 
==47988== Process terminating with default action of signal 11 (SIGSEGV)
==47988==  Access not within mapped region at address 0xFFE801F08
==47988==    at 0x804C34: d_print_comp_inner (cp-demangle.c:4580)
==47988==  If you believe this happened as a result of a stack
==47988==  overflow in your program's main thread (unlikely but
==47988==  possible), you can try to increase the size of the
==47988==  main thread stack using the --main-stacksize= flag.
==47988==  The main thread stack size used in this run was 8388608.
==47988== Stack overflow in thread 1: can't grow stack to 0xffe801f00
==47988== 
==47988== Process terminating with default action of signal 11 (SIGSEGV)
==47988==  Access not within mapped region at address 0xFFE801F00
==47988==    at 0x4A256B0: _vgnU_freeres (in
/usr/lib/valgrind/vgpreload_core-amd64-linux.so)

Best regards,
Thuan

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]