Bug 24237 - size: Out of memory in objalloc.c
Summary: size: Out of memory in objalloc.c
Status: RESOLVED DUPLICATE of bug 24232
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.33
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-19 12:31 UTC by spinpx
Modified: 2019-02-19 22:37 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
OOM input (88 bytes, application/octet-stream)
2019-02-19 12:32 UTC, spinpx 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description spinpx 2019-02-19 12:31:15 UTC 
size also has the OOM issue described in https://sourceware.org/bugzilla/show_bug.cgi?id=24232

If the issue it in a library shared with nm and size and if other program use it,  it will cause DOS attacks.

- Intel Xeon Gold 5118 processors and 256 GB memory
- Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux
- clang version 4.0.0 (tags/RELEASE_400/final)
- version: commit c72e75a64030b0f6535a80481f37968ad55c333a (Feb 19 2019)
- run: size input_file


==1601289==ERROR: AddressSanitizer failed to allocate 0xfe01363000 (1090942021632) bytes of LargeMmapAllocator (error code: 12)
==1601289==Process memory map follows:
	0x000000400000-0x00000041d000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size
	0x00000041d000-0x0000008b3000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size
	0x0000008b3000-0x000000987000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size
	0x000000988000-0x000000989000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size
	0x000000989000-0x0000009e8000	/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size
	0x0000009e8000-0x000001654000	
	0x00007fff7000-0x00008fff7000	
	0x00008fff7000-0x02008fff7000	
	0x02008fff7000-0x10007fff8000	
	0x600000000000-0x602000000000	
	0x602000000000-0x602000010000	
	0x602000010000-0x602e00000000	
	0x602e00000000-0x602e00010000	
	0x602e00010000-0x603000000000	
	0x603000000000-0x603000010000	
	0x603000010000-0x603e00000000	
	0x603e00000000-0x603e00010000	
	0x603e00010000-0x604000000000	
	0x604000000000-0x604000010000	
	0x604000010000-0x604e00000000	
	0x604e00000000-0x604e00010000	
	0x604e00010000-0x606000000000	
	0x606000000000-0x606000010000	
	0x606000010000-0x606e00000000	
	0x606e00000000-0x606e00010000	
	0x606e00010000-0x607000000000	
	0x607000000000-0x607000010000	
	0x607000010000-0x607e00000000	
	0x607e00000000-0x607e00010000	
	0x607e00010000-0x608000000000	
	0x608000000000-0x608000010000	
	0x608000010000-0x608e00000000	
	0x608e00000000-0x608e00010000	
	0x608e00010000-0x60b000000000	
	0x60b000000000-0x60b000010000	
	0x60b000010000-0x60be00000000	
	0x60be00000000-0x60be00010000	
	0x60be00010000-0x60c000000000	
	0x60c000000000-0x60c000010000	
	0x60c000010000-0x60ce00000000	
	0x60ce00000000-0x60ce00010000	
	0x60ce00010000-0x60f000000000	
	0x60f000000000-0x60f000010000	
	0x60f000010000-0x60fe00000000	
	0x60fe00000000-0x60fe00010000	
	0x60fe00010000-0x610000000000	
	0x610000000000-0x610000010000	
	0x610000010000-0x610e00000000	
	0x610e00000000-0x610e00010000	
	0x610e00010000-0x611000000000	
	0x611000000000-0x611000010000	
	0x611000010000-0x611e00000000	
	0x611e00000000-0x611e00010000	
	0x611e00010000-0x612000000000	
	0x612000000000-0x612000010000	
	0x612000010000-0x612e00000000	
	0x612e00000000-0x612e00010000	
	0x612e00010000-0x614000000000	
	0x614000000000-0x614000010000	
	0x614000010000-0x614e00000000	
	0x614e00000000-0x614e00010000	
	0x614e00010000-0x616000000000	
	0x616000000000-0x616000010000	
	0x616000010000-0x616e00000000	
	0x616e00000000-0x616e00010000	
	0x616e00010000-0x618000000000	
	0x618000000000-0x618000010000	
	0x618000010000-0x618e00000000	
	0x618e00000000-0x618e00010000	
	0x618e00010000-0x619000000000	
	0x619000000000-0x619000010000	
	0x619000010000-0x619e00000000	
	0x619e00000000-0x619e00010000	
	0x619e00010000-0x61a000000000	
	0x61a000000000-0x61a000010000	
	0x61a000010000-0x61ae00000000	
	0x61ae00000000-0x61ae00010000	
	0x61ae00010000-0x61b000000000	
	0x61b000000000-0x61b000010000	
	0x61b000010000-0x61be00000000	
	0x61be00000000-0x61be00010000	
	0x61be00010000-0x61d000000000	
	0x61d000000000-0x61d000010000	
	0x61d000010000-0x61de00000000	
	0x61de00000000-0x61de00010000	
	0x61de00010000-0x61f000000000	
	0x61f000000000-0x61f000010000	
	0x61f000010000-0x61fe00000000	
	0x61fe00000000-0x61fe00010000	
	0x61fe00010000-0x621000000000	
	0x621000000000-0x621000010000	
	0x621000010000-0x621e00000000	
	0x621e00000000-0x621e00010000	
	0x621e00010000-0x624000000000	
	0x624000000000-0x624000010000	
	0x624000010000-0x624e00000000	
	0x624e00000000-0x624e00010000	
	0x624e00010000-0x640000000000	
	0x640000000000-0x640000003000	
	0x7f92d9266000-0x7f92d9ce0000	/usr/lib/locale/locale-archive
	0x7f92d9ce0000-0x7f92d9f00000	
	0x7f92da000000-0x7f92da100000	
	0x7f92da131000-0x7f92da145000	
	0x7f92da145000-0x7f92da14c000	/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
	0x7f92da14c000-0x7f92dc4f4000	
	0x7f92dc4f4000-0x7f92dc516000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc516000-0x7f92dc65e000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc65e000-0x7f92dc6aa000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc6aa000-0x7f92dc6ab000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc6ab000-0x7f92dc6af000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc6af000-0x7f92dc6b1000	/lib/x86_64-linux-gnu/libc-2.28.so
	0x7f92dc6b1000-0x7f92dc6b5000	
	0x7f92dc6b5000-0x7f92dc6b8000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6b8000-0x7f92dc6c9000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6c9000-0x7f92dc6cc000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6cc000-0x7f92dc6cd000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6cd000-0x7f92dc6ce000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6ce000-0x7f92dc6cf000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f92dc6cf000-0x7f92dc6d0000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f92dc6d0000-0x7f92dc6d1000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f92dc6d1000-0x7f92dc6d2000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f92dc6d2000-0x7f92dc6d3000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f92dc6d3000-0x7f92dc6d4000	/lib/x86_64-linux-gnu/libdl-2.28.so
	0x7f92dc6d4000-0x7f92dc6e1000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f92dc6e1000-0x7f92dc780000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f92dc780000-0x7f92dc855000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f92dc855000-0x7f92dc856000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f92dc856000-0x7f92dc857000	/lib/x86_64-linux-gnu/libm-2.28.so
	0x7f92dc857000-0x7f92dc859000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f92dc859000-0x7f92dc85d000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f92dc85d000-0x7f92dc85f000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f92dc85f000-0x7f92dc860000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f92dc860000-0x7f92dc861000	/lib/x86_64-linux-gnu/librt-2.28.so
	0x7f92dc861000-0x7f92dc867000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f92dc867000-0x7f92dc876000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f92dc876000-0x7f92dc87c000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f92dc87c000-0x7f92dc87d000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f92dc87d000-0x7f92dc87e000	/lib/x86_64-linux-gnu/libpthread-2.28.so
	0x7f92dc87e000-0x7f92dc882000	
	0x7f92dc882000-0x7f92dc891000	
	0x7f92dc891000-0x7f92dc892000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f92dc892000-0x7f92dc8b0000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f92dc8b0000-0x7f92dc8b8000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f92dc8b8000-0x7f92dc8b9000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f92dc8b9000-0x7f92dc8ba000	/lib/x86_64-linux-gnu/ld-2.28.so
	0x7f92dc8ba000-0x7f92dc8bb000	
	0x7ffced2e9000-0x7ffced30a000	[stack]
	0x7ffced35a000-0x7ffced35d000	[vvar]
	0x7ffced35d000-0x7ffced35f000	[vdso]
==1601289==End of process memory map.
==1601289==AddressSanitizer CHECK failed: /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x4cbc9f in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_rtl.cc:69:3
    #1 0x4df5ff in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_termination.cc:79:5
    #2 0x4d0c0e in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:120:3
    #3 0x4d962b in __sanitizer::MmapOrDie(unsigned long, char const*, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:132:5
    #4 0x421e04 in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate(__sanitizer::AllocatorStats*, unsigned long, unsigned long) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_secondary.h:41:9
    #5 0x421bb8 in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__asan::AP64>, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >, __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::Allocate(__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator64<__asan::AP64> >*, unsigned long, unsigned long, bool, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_allocator_combined.h:70:24
    #6 0x41f06f in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_allocator.cc:407:21
    #7 0x4c43a0 in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:67:10
    #8 0x8affb0 in _objalloc_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/objalloc.c:143:22
    #9 0x52e450 in bfd_alloc /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:949:9
    #10 0x52e51f in bfd_alloc2 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/opncls.c:978:10
    #11 0x5b7e8c in setup_group /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:658:9
    #12 0x5b4472 in _bfd_elf_make_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:1053:10
    #13 0x5c9f9b in bfd_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:2452:13
    #14 0x5c7f32 in bfd_section_from_shdr /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elf.c:2311:11
    #15 0x5a111f in bfd_elf64_object_p /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/elfcode.h:818:7
    #16 0x5207e5 in bfd_check_format_matches /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/bfd/format.c:315:14
    #17 0x4f22d5 in display_bfd /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:331:7
    #18 0x4f1ed5 in display_file /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:434:5
    #19 0x4f1aa5 in main /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/binutils/size.c:260:7
    #20 0x7f92dc51809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #21 0x41d5e9 in _start (/mnt/raid/user/chenpeng/FuzzingBench/build/asan/install/bin/size+0x41d5e9)
Comment 1 spinpx 2019-02-19 12:32:02 UTC 
Created attachment 11619 [details]
OOM input
Comment 2 Alan Modra 2019-02-19 22:37:51 UTC 
This is exactly the same "bug" as 24232 but with a slightly different testcase.

*** This bug has been marked as a duplicate of bug 24232 ***