Dear binutils developers, How is going with analyzing and fixing these bugs? Any feedback?
Best, Jingxuan On 30 Jun 2021, at 19:51, He Jingxuan <jingxuan...@inf.ethz.ch<mailto:jingxuan...@inf.ethz.ch>> wrote: Dear binutils developers, We tested objcopy and readelf with automatic tools (based on the symbolic execution engine KLEE and the fuzzer AFL). A number of test cases triggering UBSan integer overflow errors were generated. We manually checked those test cases and filtered out benign cases. Finally, we identified and report 34 cases (29 for objcopy and 5 for readelf) that could trigger bugs. Below is the information for reproducing the bugs. - binutils version: 2.36 - operating system: Ubuntu 16.04.7 - compiler: clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final) - compilation commands: mkdir obj cd obj CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES -D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow -fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds -fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls --disable-largefile --disable-gdb --disable-sim --disable-readline --disable-libdecnumber --disable-libquadmath --disable-libstdcxx --disable-ld --disable-gprof --disable-gas --disable-intl --disable-etc make The bugs are listed in the attached compressed file. For each bug, we provide the bug triggering inputs (*.input) and the relevant error messages (*.err, with error location and reason). For bug objcopy01, the command is "objcopy objcopy01.input @objcopy01.input” (stored in the file objcopy01.cmd). For other objcopy bugs, the command is “objcopy {}.input”. For all readelf bugs, the command is “readelf {}.input”. We note that we have tried our best to rule out non-bugs during our manual inspection. However, we are not super familiar with binutils codebase and the bug classification policy. We are sorry if we report non-bugs or any other irrelevant stuffs. Best, Jingxuan <binutils_integer_errors.tar.gz>
