Summary: | [nm] memory allocation failed | ||
---|---|---|---|
Product: | binutils | Reporter: | Hao Wang <hao-wang20> |
Component: | binutils | Assignee: | Nick Clifton <nickc> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nickc |
Priority: | P2 | ||
Version: | 2.35 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2020-11-26 00:00:00 | |
Attachments: | asan-memory-allocation-failed |
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 commit 647cebce12a6b0a26960220caff96ff38978cf24 Author: Nick Clifton <nickc@redhat.com> Date: Thu Nov 26 17:08:33 2020 +0000 Prevent a memory allocation failure when parsing corrupt DWARF debug sections. PR 26946 * dwarf2.c (read_section): Check for debug sections with excessive sizes. Hi Hao, Thanks for reporting this problem. I have now checked in a patch to fix the BFD library, so that it will now issue this warning: nm: DWARF error: section .debug_abbrev is larger than its filesize! (0xff0000040b vs 0xaf58) Cheers Nick The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f7502dfe3f99d09fba2fc49f806ccc6b0a18c06d commit f7502dfe3f99d09fba2fc49f806ccc6b0a18c06d Author: Alan Modra <amodra@gmail.com> Date: Fri Nov 11 13:43:42 2022 +1030 PR28834, PR26946 sanity checking section size This patch provides a new function to sanity check section sizes. It's mostly extracted from what we had in bfd_get_full_section_contents but also handles compressed debug sections. Improvements are: - section file offset is taken into account, - added checks that a compressed section can be read from file. The function is then used when handling multiple .debug_* sections that need to be read into a single buffer, to sanity check sizes before allocating the buffer. PR 26946, PR 28834 * Makefile.am (LIBBFD_H_FILES): Add section.c. * compress.c (bfd_get_full_section_contents): Move section size sanity checks.. * section.c (_bfd_section_size_insane): ..to here. New function. * dwarf2.c (read_section): Use _bfd_section_size_insane. (_bfd_dwarf2_slurp_debug_info): Likewise. * Makefile.in: Regenerate. * libbfd.h: Regenerate. |
Created attachment 12997 [details] asan-memory-allocation-failed Hello, I found a crash in nm-new when doing fuzzing experiments. And it can be reproduced in the master branch. I downloaded source code from git, and I built it with Ubuntu 18.04 with gcc 7.5.0 with ASAN, and the following command to build nm-new from the source: CFLAGS="-O1 -fsanitize=address -g" ./configure; make clean all; You can reproduce the crash with the following command: nm-new -l <attached file> The AddressSanitizer message of the crash is: ==48823==ERROR: AddressSanitizer failed to allocate 0xff00003000 (1095216672768) bytes of LargeMmapAllocator (error code: 12) ==48823==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #0 0x7f78c8f8abf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2) #1 0x7f78c8fa9575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575) #2 0x7f78c8f94482 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482) #3 0x7f78c8fa0895 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895) #4 0x7f78c8ec97fd (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x287fd) #5 0x7f78c8f7fb0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a) #6 0x55fe62a75ec7 in bfd_malloc /home/vul337/programs/psrc/binutils_bk/bfd/libbfd.c:275 #7 0x55fe62cbddeb in read_section dwarf2.c:566 #8 0x55fe62ccfae8 in decode_line_info dwarf2.c:2129 #9 0x55fe62ceb516 in comp_unit_maybe_decode_line_info dwarf2.c:3938 #10 0x55fe62ceb516 in comp_unit_find_line dwarf2.c:3972 #11 0x55fe62cf19bf in _bfd_dwarf2_find_nearest_line dwarf2.c:5100 #12 0x55fe62bb81f2 in _bfd_elf_find_line /home/vul337/programs/psrc/binutils_bk/bfd/elf.c:9212 #13 0x55fe62a1fcfe in print_symbol /home/vul337/programs/psrc/binutils_bk/binutils/nm.c:1031 #14 0x55fe62a23640 in print_symbols /home/vul337/programs/psrc/binutils_bk/binutils/nm.c:1112 #15 0x55fe62a23640 in display_rel_file /home/vul337/programs/psrc/binutils_bk/binutils/nm.c:1236 #16 0x55fe62a261d3 in display_file /home/vul337/programs/psrc/binutils_bk/binutils/nm.c:1403 #17 0x55fe62a1b237 in main /home/vul337/programs/psrc/binutils_bk/binutils/nm.c:1891 #18 0x7f78c88cdbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #19 0x55fe62a1d3c9 in _start (/home/vul337/programs/nm_master/nm-new+0xad3c9)