Bug 24232 - objdump: Out of memory in objalloc.c
Summary: objdump: Out of memory in objalloc.c
Status: RESOLVED WONTFIX
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.33 (HEAD)
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
: 24237 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-02-19 09:45 UTC by spinpx
Modified: 2019-02-19 22:37 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description spinpx 2019-02-19 09:45:51 UTC
- Intel Xeon Gold 5118 processors and 256 GB memory
- Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux
- clang version 4.0.0 (tags/RELEASE_400/final)
- version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019)
- run objdump -x input_file

- asan report
==1221228==ERROR: AddressSanitizer failed to allocate 0xc0e4e83000 (828474142720) bytes of LargeMmapAllocator (error code: 12)
==1221228==Process memory map follows:
	0x000000400000-0x00000041d000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump
	0x00000041d000-0x000000996000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump
	0x000000996000-0x000000bc9000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump
	0x000000bca000-0x000000bcb000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump
	0x000000bcb000-0x000000c78000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump
	0x000000c78000-0x0000018e9000	
	0x00007fff7000-0x00008fff7000	
	0x00008fff7000-0x02008fff7000	
	0x02008fff7000-0x10007fff8000	
	0x600000000000-0x602000000000	
	0x602000000000-0x602000010000	
	0x602000010000-0x602e00000000	
	0x602e00000000-0x602e00010000	
	0x602e00010000-0x603000000000	
	0x603000000000-0x603000010000	
	0x603000010000-0x603e00000000	
	0x603e00000000-0x603e00010000	
	0x603e00010000-0x604000000000	
	0x604000000000-0x604000010000	
	0x604000010000-0x604e00000000	
	0x604e00000000-0x604e00010000	
	0x604e00010000-0x606000000000	
	0x606000000000-0x606000010000	
	0x606000010000-0x606e00000000	
	0x606e00000000-0x606e00010000	
	0x606e00010000-0x607000000000	
	0x607000000000-0x607000010000	
	0x607000010000-0x607e00000000	
	0x607e00000000-0x607e00010000	
	0x607e00010000-0x608000000000	
	0x608000000000-0x608000010000	
	0x608000010000-0x608e00000000	
	0x608e00000000-0x608e00010000	
	0x608e00010000-0x60b000000000	
	0x60b000000000-0x60b000010000	
	0x60b000010000-0x60be00000000	
	0x60be00000000-0x60be00010000	
	0x60be00010000-0x60c000000000	
	0x60c000000000-0x60c000010000	
	0x60c000010000-0x60ce00000000	
	0x60ce00000000-0x60ce00010000	
	0x60ce00010000-0x60f000000000	
	0x60f000000000-0x60f000010000	
	0x60f000010000-0x60fe00000000	
	0x60fe00000000-0x60fe00010000	
	0x60fe00010000-0x610000000000	
	0x610000000000-0x610000010000	
	0x610000010000-0x610e00000000	
	0x610e00000000-0x610e00010000	
	0x610e00010000-0x611000000000	
	0x611000000000-0x611000010000	
	0x611000010000-0x611e00000000	
	0x611e00000000-0x611e00010000	
	0x611e00010000-0x612000000000	
	0x612000000000-0x612000010000	
	0x612000010000-0x612e00000000	
	0x612e00000000-0x612e00010000	
	0x612e00010000-0x614000000000	
	0x614000000000-0x614000010000	
	0x614000010000-0x614e00000000	
	0x614e00000000-0x614e00010000	
	0x614e00010000-0x616000000000	
	0x616000000000-0x616000010000	
	0x616000010000-0x616e00000000	
	0x616e00000000-0x616e00010000	
	0x616e00010000-0x618000000000	
	0x618000000000-0x618000010000	
	0x618000010000-0x618e00000000	
	0x618e00000000-0x618e00010000	
	0x618e00010000-0x619000000000	
	0x619000000000-0x619000010000	
	0x619000010000-0x619e00000000	
	0x619e00000000-0x619e00010000	
	0x619e00010000-0x61a000000000	
	0x61a000000000-0x61a000010000	
	0x61a000010000-0x61ae00000000	
	0x61ae00000000-0x61ae00010000	
	0x61ae00010000-0x61b000000000	
	0x61b000000000-0x61b000010000	
	0x61b000010000-0x61be00000000	
	0x61be00000000-0x61be00010000	
	0x61be00010000-0x61d000000000	
	0x61d000000000-0x61d000010000	
	0x61d000010000-0x61de00000000	
	0x61de00000000-0x61de00010000	
	0x61de00010000-0x61f000000000	
	0x61f000000000-0x61f000010000	
	0x61f000010000-0x61fe00000000	
	0x61fe00000000-0x61fe00010000	
	0x61fe00010000-0x621000000000	
	0x621000000000-0x621000010000	
	0x621000010000-0x621e00000000	
	0x621e00000000-0x621e00010000	
	0x621e00010000-0x624000000000	
	0x624000000000-0x624000010000	
	0x624000010000-0x624e00000000	
	0x624e00000000-0x624e00010000	
	0x624e00010000-0x640000000000	
	0x640000000000-0x640000003000	
	0x7f1aead66000-0x7f1aeb7e0000	/usr/lib/locale/locale-archive
	0x7f1aeb7e0000-0x7f1aeba00000	
	0x7f1aebb00000-0x7f1aebc00000	
	0x7f1aebc88000-0x7f1aebc9c000	
	0x7f1aebc9c000-0x7f1aebca3000	/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
	0x7f1aebca3000-0x7f1aee05d000	
	0x7f1aee05d000-0x7f1aee07f000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee07f000-0x7f1aee1c7000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee1c7000-0x7f1aee213000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee213000-0x7f1aee214000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee214000-0x7f1aee218000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee218000-0x7f1aee21a000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f1aee21a000-0x7f1aee21e000	
	0x7f1aee21e000-0x7f1aee221000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee221000-0x7f1aee232000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee232000-0x7f1aee235000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee235000-0x7f1aee236000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee236000-0x7f1aee237000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee237000-0x7f1aee238000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f1aee238000-0x7f1aee239000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f1aee239000-0x7f1aee23a000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f1aee23a000-0x7f1aee23b000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f1aee23b000-0x7f1aee23c000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f1aee23c000-0x7f1aee23d000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f1aee23d000-0x7f1aee24a000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f1aee24a000-0x7f1aee2e9000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f1aee2e9000-0x7f1aee3be000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f1aee3be000-0x7f1aee3bf000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f1aee3bf000-0x7f1aee3c0000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f1aee3c0000-0x7f1aee3c2000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f1aee3c2000-0x7f1aee3c6000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f1aee3c6000-0x7f1aee3c8000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f1aee3c8000-0x7f1aee3c9000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f1aee3c9000-0x7f1aee3ca000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f1aee3ca000-0x7f1aee3d0000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f1aee3d0000-0x7f1aee3df000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f1aee3df000-0x7f1aee3e5000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f1aee3e5000-0x7f1aee3e6000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f1aee3e6000-0x7f1aee3e7000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f1aee3e7000-0x7f1aee3eb000	
	0x7f1aee3eb000-0x7f1aee3fa000	
	0x7f1aee3fa000-0x7f1aee3fb000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f1aee3fb000-0x7f1aee419000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f1aee419000-0x7f1aee421000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f1aee421000-0x7f1aee422000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f1aee422000-0x7f1aee423000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f1aee423000-0x7f1aee424000	
	0x7ffe9be34000-0x7ffe9be55000	[stack]
	0x7ffe9bec2000-0x7ffe9bec5000	[vvar]
	0x7ffe9bec5000-0x7ffe9bec7000	[vdso]
==1221228==End of process memory map.
==1221228==AddressSanitizer CHECK failed: /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x4cbcef in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_rtl.cc:69:3
    #1 0x4df64f in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:79:5
    #2 0x4d0c5e in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120:3
    #3 0x4d967b in __sanitizer::MmapOrDie(unsigned long, char const*, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:132:5
    #4 0x421e54 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_secondary.h:41:9
    #5 0x421c08 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::Allocate(__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >*, unsigned long, unsigned long, bool, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:70:24
    #6 0x41f0bf in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_allocator.cc:407:21
    #7 0x4c43f0 in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:10
    #8 0x9929a0 in _objalloc_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/objalloc.c:143:22
    #9 0x60d790 in bfd_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:949:9
    #10 0x60d85f in bfd_alloc2 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:978:10
    #11 0x69faac in setup_group /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:658:9
    #12 0x69c092 in _bfd_elf_make_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:1053:10
    #13 0x6acbfd in bfd_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:2066:13
    #14 0x6afb52 in bfd_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:2311:11
    #15 0x688d3f in bfd_elf64_object_p /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elfcode.h:818:7
    #16 0x5ffb25 in bfd_check_format_matches /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/format.c:315:14
    #17 0x4f4c5f in display_object_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3881:7
    #18 0x4f4b67 in display_any_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3973:5
    #19 0x4f424a in display_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:3994:3
    #20 0x4f3ab0 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/objdump.c:4304:6
    #21 0x7f1aee08109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #22 0x41d639 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/objdump+0x41d639)
Comment 1 spinpx 2019-02-19 09:49:06 UTC
Also report on https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396
Comment 2 Alan Modra 2019-02-19 11:32:24 UTC
This doesn't reproduce for me, at least not on objdump built by gcc and without the address sanitizer (which increases memory use).  Incidentally, hitting an out of memory failure in objalloc_alloc is not a libiberty failure and so should not be reported to the gcc project.

Also, out of memory failures triggered by user input are not that interesting.  It is perfectly reasonable for objdump to return with "out of memory" on objects with silly sizes.
Comment 3 Alan Modra 2019-02-19 12:02:27 UTC
Also, the out-of-memory failure results in a further series of error messages starting with "corrupt size field in group section header: 0x6072740080".
Comment 4 spinpx 2019-02-19 12:33:05 UTC
Related issue: https://sourceware.org/bugzilla/show_bug.cgi?id=24237
Comment 5 Alan Modra 2019-02-19 22:37:51 UTC
*** Bug 24237 has been marked as a duplicate of this bug. ***