[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

Tue, 06 Dec 2016 22:06:07 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

--- Comment #5 from Marcel Böhme <boehme.marcel at gmail dot com> ---
Hi Alan,

Tried executing it from different working directories. Same outcome.
Tried executing it on Ubuntu 16.04 on Binutils revision 5cd1d8bc and I cannot
reproduce. Hmm...

This is what I get from GDB:

Reading symbols from
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new...done.
(gdb) set args -T a
(gdb) b make-relative-prefix.c:385
Breakpoint 1 at 0x977c44: file ../../libiberty/make-relative-prefix.c, line
385.
(gdb) r
Starting program:
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T a

Breakpoint 1, make_relative_prefix_1 (progname=<optimized out>,
bin_prefix=bin_prefix@entry=0x999a73 "/usr/local/bin", 
    prefix=prefix@entry=0x999b30 "/usr/local/x86_64-pc-linux-gnu/lib",
resolve_links=resolve_links@entry=1)
    at ../../libiberty/make-relative-prefix.c:385
385       ptr = ret + strlen(ret);
(gdb) p ret
$1 = 0xc9d970 "/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/"
(gdb) p strlen(ret)
$2 = 57


Here is some more info from Valgrind about where it is allocated:
valgrind /home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T
test100
==50130== Memcheck, a memory error detector
==50130== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==50130== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==50130== Command:
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T test100
==50130== 
==50130== Invalid read of size 4
==50130==    at 0x977CB8: make_relative_prefix_1 (make-relative-prefix.c:385)
==50130==    by 0x4C6B57: find_scripts_dir (ldfile.c:518)
==50130==    by 0x4C6B57: ldfile_find_command_file (ldfile.c:554)
==50130==    by 0x4C6B57: ldfile_open_command_file_1 (ldfile.c:594)
==50130==    by 0x42D304: parse_args (lexsup.c:1219)
==50130==    by 0x40D18D: main (ldmain.c:312)
==50130==  Address 0x5409ac8 is 56 bytes inside a block of size 58 alloc'd
==50130==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==50130==    by 0x97767B: make_relative_prefix_1 (make-relative-prefix.c:375)
==50130==    by 0x4C6B57: find_scripts_dir (ldfile.c:518)
==50130==    by 0x4C6B57: ldfile_find_command_file (ldfile.c:554)
==50130==    by 0x4C6B57: ldfile_open_command_file_1 (ldfile.c:594)
==50130==    by 0x42D304: parse_args (lexsup.c:1219)
==50130==    by 0x40D18D: main (ldmain.c:312)

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to