https://sourceware.org/bugzilla/show_bug.cgi?id=20941
Bug ID: 20941
Summary: AS crashes when resolving an expression
Product: binutils
Version: 2.28
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gas
Assignee: unassigned at sourceware dot org
Reporter: boehme.marcel at gmail dot com
Target Milestone: ---
Dear all,
The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.
The assembler crashes with an invalid read of size 8 for the following
execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version
v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled
version v2.24.
$ printf "\n#0\"\"0\x210+\x2e\x2e>\x2e\x2e+\x2e&" > test
$ as test
test: Assembler messages:
test: Warning: end of file not at end of a line; newline inserted
test:2: Warning: missing operand; zero assumed
Segmentation fault
VALGRIND says:
==43098== Invalid read of size 8
==43098== at 0x45517C: frag_offset_fixed_p (frags.c:420)
==43098== by 0x4459CF: resolve_expression (expr.c:2195)
==43098== by 0x446A87: expr (expr.c:2063)
==43098== by 0x4D79E5: get_absolute_expr (read.c:488)
==43098== by 0x4D79E5: get_absolute_expression (read.c:504)
==43098== by 0x4D79E5: get_linefile_number (read.c:1990)
==43098== by 0x4D79E5: s_app_line (read.c:2045)
==43098== by 0x4BB6FF: read_a_source_file (read.c:1146)
==43098== by 0x40D471: perform_an_assembly_pass (as.c:1172)
==43098== by 0x40D471: main (as.c:1296)
==43098== Address 0x20 is not stack'd, malloc'd or (recently) free'd
Best regards,
- Marcel
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
