Created attachment 13689 [details] poc and full stack trace Hello, We are currently working on fuzz testing feature, and we found a **failed to allocate** error on `objdump`. The stack traces are as follow: ==29506==ERROR: AddressSanitizer failed to allocate 0x8c9b9e000 (37744140288) bytes of LargeMmapAllocator (error code: 12) ==29506==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_common.cc:118 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) #0 0x7f2253019bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2) #1 0x7f2253038575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575) #2 0x7f2253023482 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xf3482) #3 0x7f225302f895 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xff895) #4 0x7f2252f587fd (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x287fd) #5 0x7f225300eb0a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb0a) #6 0x563b480a1792 in _objalloc_alloc objalloc.c:143 #7 0x563b473d1794 in bfd_alloc .../binutils-git/bfd/opncls.c:1032 #8 0x563b47677b8e in coff_slurp_line_table .../binutils-git/bfd/coffcode.h:4374 #9 0x563b4767a917 in coff_slurp_symbol_table .../binutils-git/bfd/coffcode.h:4915 #10 0x563b4767ae4d in coff_slurp_reloc_table .../binutils-git/bfd/coffcode.h:5090 #11 0x563b4767be5c in coff_canonicalize_reloc .../binutils-git/bfd/coffcode.h:5238 #12 0x563b473b99f2 in bfd_canonicalize_reloc .../binutils-git/bfd/bfd.c:1579 #13 0x563b46f08bef in disassemble_section objdump.c:3202 #14 0x563b473d53c0 in bfd_map_over_sections .../binutils-git/bfd/section.c:1383 #15 0x563b46f0b293 in disassemble_data objdump.c:3599 #16 0x563b46f126cc in dump_bfd objdump.c:5006 #17 0x563b46f12994 in display_object_bfd objdump.c:5068 #18 0x563b46f12d2f in display_any_bfd objdump.c:5158 #19 0x563b46f12da6 in display_file objdump.c:5179 #20 0x563b46f1415a in main objdump.c:5529 The full stack trace is attached. **Step to reproduce** We configured `objdump` using ``` CFLAGS="-g -O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --disable-shared --enable-targets=all ``` and built it using `make -j 10`, and run it with: ``` ./objdump <attached file> --no-show-raw-insn --show-raw-insn i8086 --file-offsets -S booke --debugging --disassembler-options=addr16 -r --demangle ``` The input file is attached. **Environment** - OS: Ubuntu 18.04.5 LTS - GCC version: gcc 7.5.0 - binutils version: commit (98ca73a) of master branch on sourceware git ([link](https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=98ca73afe51e1e921915c37f242c88d4d445841c)) Thank you.
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1808483c2f3f323d8e0398282251a85cd956321b commit 1808483c2f3f323d8e0398282251a85cd956321b Author: Alan Modra <amodra@gmail.com> Date: Wed Oct 6 13:38:42 2021 +1030 PR28402, fail to allocate line number array This fixes a situation where the COFF code allocated memory for internal representaion arrays before reading the external file data. That meant the allocation didn't have any sanity check against file size. PR 28402 * coffcode.h (buy_and_read): Malloc rather than alloc memory. (coff_slurp_line_table): Read native line number info before allocating memory for internal line number array. Adjust error paths to suit. Remove now unnecessary line number count check. (coff_slurp_reloc_table): Adjust to suit buy_and_read change.
Fixed