[Bug binutils/26010] New: [size] crash with ASAN check failed

Mon, 18 May 2020 06:24:14 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=26010

            Bug ID: 26010
           Summary: [size] crash with ASAN check failed
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: dkcjd2000 at gmail dot com
  Target Milestone: ---

Created attachment 12556
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12556&action=edit
crash test case

Hello,
I'm currently developing a new fuzzing feature, and I found a crash in size.

I downloaded from git master, and I built it with Ubuntu 16.04 with gcc 5.4.0
with ASAN, and the following command to build size from the source:
CFLAGS="-O1 -fsanitize=address -U_FORTIFY_SOURCE" ./configure; make clean all;

You can reproduce the crash with the following command:
./size <attached file>

The AddressSanitizer message of the crash is:
==11471==WARNING: AddressSanitizer failed to allocate 0x002000000169 bytes
==11471==AddressSanitizer's allocator is terminating the process instead of
returning 0
==11471==If you don't like this behavior set allocator_may_return_null=1
==11471==AddressSanitizer CHECK failed:
../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0))
!= (0)" (0x0, 0x0)
    #0 0x7f6e07037631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f6e0703c5e3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f6e06fb4425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7f6e0703a865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7f6e06fb9b4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7f6e0702f5d2 in malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
    #6 0x4266fb in bfd_malloc
(/home/cheong/results/crashes/size_crash/size.asan+0x4266fb)
    #7 0x4cf2af in elf_read_notes
(/home/cheong/results/crashes/size_crash/size.asan+0x4cf2af)
    #8 0x499646 in bfd_section_from_phdr
(/home/cheong/results/crashes/size_crash/size.asan+0x499646)
    #9 0x4836d2 in bfd_elf64_core_file_p
(/home/cheong/results/crashes/size_crash/size.asan+0x4836d2)
    #10 0x422dcc in bfd_check_format_matches
(/home/cheong/results/crashes/size_crash/size.asan+0x422dcc)
    #11 0x403d8e in display_bfd
(/home/cheong/results/crashes/size_crash/size.asan+0x403d8e)
    #12 0x404026 in display_file
(/home/cheong/results/crashes/size_crash/size.asan+0x404026)
    #13 0x403800 in main
(/home/cheong/results/crashes/size_crash/size.asan+0x403800)
    #14 0x7f6e069e982f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #15 0x402dd8 in _start
(/home/cheong/results/crashes/size_crash/size.asan+0x402dd8)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to