This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug gdb/18331] New: Segfault after reading symbols from a fuzzed (corrupted) binary

From: "jutaky at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Sun, 26 Apr 2015 11:19:50 +0000
Subject: [Bug gdb/18331] New: Segfault after reading symbols from a fuzzed (corrupted) binary
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=18331

            Bug ID: 18331
           Summary: Segfault after reading symbols from a fuzzed
                    (corrupted) binary
           Product: gdb
           Version: 7.9
            Status: NEW
          Severity: critical
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: jutaky at gmail dot com
  Target Milestone: ---

Version: GNU gdb (GDB) 7.9.50.20150426-cvs

My previous submission may or may not offer insight, it looked similar:
https://sourceware.org/bugzilla/show_bug.cgi?id=15827

Test case: http://jutaky.com/fuzzing/gdb_case_25080_20444.bin

Very long backtrace. Here's part of it:

Reading symbols from gdb_case_25080_20444.bin...done.

Program received signal SIGSEGV, Segmentation fault.
0x0000000000842863 in htab_find (htab=0x14c6fc0, element=0x7fffff7ff030) at
./hashtab.c:622
622       return htab_find_with_hash (htab, element, (*htab->hash_f)
(element));
(gdb) bt
#0  0x0000000000842863 in htab_find (htab=0x14c6fc0, element=0x7fffff7ff030) at
./hashtab.c:622
#1  0x0000000000653ef3 in get_die_type_at_offset (offset=..., per_cu=0x1090260)
at dwarf2read.c:22162
#2  0x000000000064d198 in lookup_die_type (die=0x14b2920, attr=0x14b2958,
cu=0x14a9a10) at dwarf2read.c:18806
#3  0x000000000064cd58 in die_type (die=0x14b2920, cu=0x14a9a10) at
dwarf2read.c:18688
#4  0x000000000064317f in read_tag_pointer_type (die=0x14b2920, cu=0x14a9a10)
at dwarf2read.c:14183
#5  0x000000000064d410 in read_type_die_1 (die=0x14b2920, cu=0x14a9a10) at
dwarf2read.c:18900
#6  0x000000000064d337 in read_type_die (die=0x14b2920, cu=0x14a9a10) at
dwarf2read.c:18866
#7  0x000000000064d2be in lookup_die_type (die=0x14b2920, attr=0x14b2958,
cu=0x14a9a10) at dwarf2read.c:18838
#8  0x000000000064cd58 in die_type (die=0x14b2920, cu=0x14a9a10) at
dwarf2read.c:18688
#9  0x000000000064317f in read_tag_pointer_type (die=0x14b2920, cu=0x14a9a10)
at dwarf2read.c:14183
#10 0x000000000064d410 in read_type_die_1 (die=0x14b2920, cu=0x14a9a10) at
dwarf2read.c:18900

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]