Created attachment 11680 [details] POC Hi, there. An Invalid Memory Address Dereference problem was discovered in function set_symbol_value in elflink.c in bfd of binutils 2.32 the latest code base. A crafted ELF input can cause segment faults and I have confirmed them with address sanitizer too. Please use the "./ld -E $POC" to reproduce the bug. The ASAN dumps the stack trace as follows: > ================================================================= > ==32343==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x000000874318 bp 0x7ffd1cad2df0 sp 0x7ffd1cad2600 T0) > #0 0x874317 in set_symbol_value /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:8238:18 > #1 0x874317 in elf_link_input_bfd /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:10795 > #2 0x874317 in bfd_elf_final_link /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:12183 > #3 0x59a4dc in ldwrite /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/ld/ldwrite.c:581:8 > #4 0x58fe8c in main /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/ld/./ldmain.c:456:3 > #5 0x7f2f38dc482f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291 > #6 0x4195f8 in _start (/home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/build/bin/ld+0x4195f8) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV /home/hjwang/Fuzzing_Objects/binutils_2.32_ASAN/bfd/elflink.c:8238:18 in set_symbol_value > ==32343==ABORTING > Aborted
Fixed by the patch applied for pr24339 *** This bug has been marked as a duplicate of bug 24339 ***