https://sourceware.org/bugzilla/show_bug.cgi?id=20911
Bug ID: 20911
Summary: LD crashes when constructing sets after linker phase 1
Product: binutils
Version: 2.28 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: boehme.marcel at gmail dot com
Target Milestone: ---
Dear all,
The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.
The linker crashes with an invalid read of size 1 for the following execution
on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1
and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version
v2.24.
$ printf "\x0b\x01\x000#\x00\x00\x00\x1c\x00\x00\x000000
\x00\x00\x000000\x01\x00\x00\x00\x01\x00\x00\x00000000000000000000000000000000000\x00\x00\x00\x00\x14000000000000000000000000000
\x00\x00\x000000000000000000000000000000" > test
$ ld test
ld: i386 architecture of input file `test' is incompatible with i386:x86-64
output
Segmentation fault
UBSAN says:
../../ld/ldctor.c:294:8: runtime error: member access within null pointer of
type 'struct bfd'
VALGRIND says:
==10539== Invalid read of size 8
==10539== at 0x47AB18: ldctor_build_sets (ldctor.c:293)
==10539== by 0x46BB3C: lang_process (ldlang.c:6973)
==10539== by 0x4081AC: main (ldmain.c:428)
==10539== Address 0x8 is not stack'd, malloc'd or (recently) free'd
Best regards,
- Marcel
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
