[Bug gas/33745] New: gas: Segmentation fault in symbol versioning handling with malformed input

Wed, 24 Dec 2025 23:08:10 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=33745

            Bug ID: 33745
           Summary: gas: Segmentation fault in symbol versioning handling
                    with malformed input
           Product: binutils
           Version: 2.45.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: xkittener at gmail dot com
  Target Milestone: ---

Created attachment 16537
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16537&action=edit
Poc

The GNU assembler (gas) crashes with a segmentation fault when processing a
file that contains conflicting or malformed symbol versioning definitions. The
crash occurs after reporting "multiple versions for symbol".

Reproduce:
# export CFLAGS="-g -O0 -fsanitize=address"
# ./configure
# make -j

# gas/as-new -W -Z Poc

Description:
../../Downloads/as_fuzz/1/crashes/id:000000: Assembler messages:
../../Downloads/as_fuzz/1/crashes/id:000000: Error: junk at end of line, first
unrecognized character valued 0x10
../../Downloads/as_fuzz/1/crashes/id:000000: Error: no such instruction:
`foo5ed res:'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: unrecognized reloc type
../../Downloads/as_fuzz/1/crashes/id:000000: Error: invalid character '^' in
mnemonic
../../Downloads/as_fuzz/1/crashes/id:000000: Error: missing reloc type
../../Downloads/as_fuzz/1/crashes/id:000000: Error: unknown pseudo-op:
`.ir555ed'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: no such instruction: `corg'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: unknown pseudo-op:
`.glob.file'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: junk at end of line, first
unrecognized character is `,'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: junk at end of line, first
unrecognized character is `!'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: junk at end of line, first
unrecognized character valued 0x4
../../Downloads/as_fuzz/1/crashes/id:000000: Error: unknown pseudo-op:
`.nopnobits'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: unknown pseudo-op: `.e'
../../Downloads/as_fuzz/1/crashes/id:000000: Error: multiple versions
[`yoo@����������p'|`yoo@@@'] for symbol `foo'
../../Downloads/as_fuzz/1/crashes/id:000000: Internal error (Segmentation
fault).
Please report this bug.
Segmentation fault (core dumped)

Credit:
Kaiyu Xie(UCAS)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to