[Bug binutils/30507] New: NULL dereference in rust-demangle reachable via nm-new

Thu, 01 Jun 2023 16:14:51 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=30507

            Bug ID: 30507
           Summary: NULL dereference in rust-demangle reachable via nm-new
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: lukas.dresel at cs dot ucsb.edu
  Target Milestone: ---

Created attachment 14911
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14911&action=edit
Testcase reproducing the above issue

Our hybrid fuzzer found a testcase which causes `rust-demangle` to call memcpy
with a NULL source pointer.

The output of `nm-new` compiled with undefined-behavior-sanitizer is shown
below

```
$ /experiments/targets/nm-new-original -C /tmp/crash_nm_rust-demangle-1572 
         w __azb]axhaotqd;@RSXEE\7.1.9__cbme_hzdvh
0000201c B __bgo[ytdlv
00000506 R bgq
00000087 d __bp_spkccp]bpisq]fqr[blqj[arsbv]ariwu
0000200b D __cbme_hzdvh
0000200b W cbme_hzdvh
00000430 r cbxdvztzcw\wj^ckvqdy__ex_lzocax`dxiqo_ehj
000000f4 d _`crcif_cnljx_umih`fsjbs\byhxr
00002007 D _]esp`qatezf
000004c0 t __ex_lzocax`dxiqo_ehj
000005e8 T _fg[zz
00000593 t _fya
00002001 d _GLOBAL_WDDUFZ^VBCKF`
         w _GRW[cbpfwogufyKXCshmdGaclf__t58.sak_sd]litts.dp
0000039f T _hzdvh
00000568 T __ired[cnq_polk_fg[zz
0000050f r iso,bz
0000201c b j
0000201c D __NJD]AVA][
0000008b d __nkjo_cmufy`nrcqg__QJG\FU[BLDPE\YBU
         w _NPP[ofkpkvdjVOCjghfLabge
0000055f T __p98-reg[hb^wvytp.fk__NJD]AVA][
0000037d T _polk_fg[zz
000005f4 t __QJG\FU[BLDPE\YBU
00000087 d __qvix]cmjco_fya
         U @ROVFB`5.0_ZdaAT1_RYC0.vdj\lc[kniso,bz
rust-demangle.c:1572:32: runtime error: null pointer passed as argument 2,
which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior rust-demangle.c:1572:32
in```


The output of --version for `nm-new` is 
```
$ /experiments/targets/nm-new-original --version
GNU nm (GNU Binutils) 2.40.50.20230411
Copyright (C) 2023 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to