https://sourceware.org/bugzilla/show_bug.cgi?id=20910
Bug ID: 20910
Summary: LD crashes when setting linker script and image base
Product: binutils
Version: 2.28 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: boehme.marcel at gmail dot com
Target Milestone: ---
Dear all,
The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.
The linker crashes with an invalid read of size 1 for the following execution
on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1
and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version
v2.24.
$ printf "K&=0%D," > test
$ ./ld -dll -T test
Segmentation fault
ASAN says:
==10282==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61600000fc50 at pc 0x00000051ba31 bp 0x7ffd20fc3a00 sp 0x7ffd20fc39f8
READ of size 8 at 0x61600000fc50 thread T0
#0 0x51ba30 in bfd_generic_link_read_symbols ../../bfd/linker.c:803
#1 0x47e903 in vfinfo ../../ld/ldmisc.c:301
#2 0x47fa9a in info_msg ../../ld/ldmisc.c:455
#3 0x4657d7 in main ../../ld/ldmain.c:371
#4 0x7fd7ea3d2f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#5 0x403968
(/home/ubuntu/subjects/binutils-gdb/obj-asan/ld/ld-new+0x403968)
0x61600000fc50 is located 152 bytes to the right of 568-byte region
[0x61600000f980,0x61600000fbb8)
allocated by thread T0 here:
#0 0x7fd7eb7533a8 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
#1 0x7fd7ea41f37c (/lib/x86_64-linux-gnu/libc.so.6+0x6e37c)
Best regards,
- Marcel
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
