Created attachment 10946 [details] nm-new ASAN executable, ASAN report and crashing input Dear all, after reporting the following bugs to the Ubuntu security team (https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099), we were ask to report them directly to the binutils developers: ---------------------------------------------------- Dear all, The following binutils nm-new Stack-Overflow was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the crashing input and an ASAN report. Steps to reproduce: Build current verison of binutils: ``` pull-lp-source binutils cd binutils-2.30 CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" ./configure CC=clang CXX=clang++ CFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" CXXFLAGS="-fsanitize=address -fsanitize-recover=address -ggdb" LDFLAGS="-fsanitize=address" make ``` Run inputs under ASAN: ``` ASAN_OPTIONS=halt_on_error=true:allow_addr2line=true ./nm-new a -C -l --synthetic $file ``` We can verify this issue for nm-new binuitils-2.30-15ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source bintuils"). Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität Bochum) Best regards, Sergej Schumilo
Hi Sergej, Thanks for reporting this bug. The problem however is in the C++ name demangler, which is part of the libiberty library. This library is maintained by the gcc project, not the binutils project. (It is used by the binutils, but now owned by them). Therefore, please could you refile this bug report on the gcc bugzilla system: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc Thanks very much. Cheers Nick