[Bug binutils/26578] New: A memory leak in parse_gnu_debugaltlink

Mon, 07 Sep 2020 06:41:02 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=26578

            Bug ID: 26578
           Summary: A memory leak in parse_gnu_debugaltlink
           Product: binutils
           Version: 2.35
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: 15664243668 at 163 dot com
  Target Milestone: ---

Created attachment 12817
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12817&action=edit
PoC

I have found a memory leak in bfd_getl_signed_32(bfd/libbfd.c:669) by fuzzing.
The bug is triggered by
$readelf -agteSdcWw --dyn-syms -D PoC
And the PoC file is in the attachment. I compile Binuitls 2.35 with
AddressSanitizer into x86-64 version on Ubuntu 16.04 and print the debug
information as:

readelf: Error: File
./Output/binutils-2.35/objdump/3/queue/id:016146,src:016137,op:havoc,rep:32 is
not an archive so its index cannot be displayed.
readelf: Warning: The e_shentsize field in the ELF header is larger than the
size of an ELF section header
readelf: Warning: Section 0 has an out of range sh_link value of 27648
readelf: Warning: Section 0 has an out of range sh_info value of 131072
readelf: Warning: [ 0]: Expected link to another section in info fieldreadelf:
Warning: section 0: sh_link value of 27648 is larger than the number of
sections
readelf: Warning: [ 1]: Unexpected value (16777088) in info field.
readelf: Warning: [ 2]: Unexpected value (2147483392) in info field.
readelf: Warning: Size of section 3 is larger than the entire file!
readelf: Warning: [ 4]: Expected link to another section in info fieldreadelf:
Warning: Size of section 6 is larger than the entire file!
readelf: Warning: could not find separate debug file 'ELF'
readelf: Warning: tried: /lib/debug/ELF
readelf: Warning: tried: /usr/lib/debug/usr/ELF
readelf: Warning: tried:
/usr/lib/debug//home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue//ELF
readelf: Warning: tried: /usr/lib/debug/ELF
readelf: Warning: tried:
/home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue/.debug/ELF
readelf: Warning: tried:
/home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue/ELF
readelf: Warning: tried: .debug/ELF
readelf: Warning: tried: ELF
readelf: Warning: could not find separate debug file 'ELF'
readelf: Warning: tried: /lib/debug/ELF
readelf: Warning: tried: /usr/lib/debug/usr/ELF
readelf: Warning: tried:
/usr/lib/debug//home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue//ELF
readelf: Warning: tried: /usr/lib/debug/ELF
readelf: Warning: tried:
/home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue/.debug/ELF
readelf: Warning: tried:
/home/ubuntu/yuetai/Output/binutils-2.35/objdump/3/queue/ELF
readelf: Warning: tried: .debug/ELF
readelf: Warning: tried: ELF

=================================================================
==22576==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x7ff84c0cb79a in __interceptor_calloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x4cd52a in parse_gnu_debugaltlink ../../binutils/dwarf.c:10305

SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to