Bug 26167

Summary: execess free on non malloc memory, nm
Product: binutils Reporter: Harvey <featherrain26>
Component: binutilsAssignee: Not yet assigned to anyone <unassigned>
Severity: normal    
Priority: P2    
Version: 2.35   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: POC input

Description Harvey 2020-06-24 15:59:57 UTC
Created attachment 12658 [details]
POC input


There is a memeory corruption problem which attempt to free the non malloc memory.

This is my environment:

Here is the trace reported by ASAN:
==42616==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x61e00000f4e0 in thread T0
    #0 0x7f82d981a32a in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9832a)
    #1 0x789095 in _bfd_coff_free_symbols ../../bfd/coffgen.c:1782
    #2 0x789095 in _bfd_coff_close_and_cleanup ../../bfd/coffgen.c:3180
    #3 0x466df8 in bfd_close_all_done ../../bfd/opncls.c:789
    #4 0x466df8 in bfd_close ../../bfd/opncls.c:759
    #5 0x4129fa in display_file ../../binutils/nm.c:1392
    #6 0x4081a7 in main ../../binutils/nm.c:1860
    #7 0x7f82d91d482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x40a248 in _start (/mnt/data/playground/binutils-2.34-a/build/binutils/nm-new+0x40a248)

0x61e00000f4e0 is located 1120 bytes inside of 2505-byte region [0x61e00000f080,0x61e00000fa49)
allocated by thread T0 here:
    #0 0x7f82d981a7fa in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x987fa)
    #1 0x45a82a in bfd_malloc ../../bfd/libbfd.c:275
    #2 0x45a82a in bfd_zmalloc ../../bfd/libbfd.c:360

SUMMARY: AddressSanitizer: bad-free ??:0 __interceptor_free

To reproduce, compile the program with address sanitizer, then run 

nm -C -a -l --synthetic input
Comment 1 Alan Modra 2020-06-25 04:47:02 UTC
Already fixed

*** This bug has been marked as a duplicate of bug 25447 ***