Created attachment 14274 [details] Crash input Hi, binutils developers Recently, I tested the binary strip instrumented with ASAN. Unfortunately, it incurred a crash with the following error information and Iām not sure of the cause. The crash can be triggered in the latest binutils-gdb version: https://github.com/bminor/binutils-gdb/commits/master commit: 901dd67d0d68ac5e0be145d137533f03de495272 Any help would be greatly appreciated from you :D Thanks & Best Regards # ./binutils/strip -o out_file strip_crash_input ================================================================= ==130497==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000f1 at pc 0x556dbdbf5de5 bp 0x7ffee7a158c0 sp 0x7ffee7a158b8 READ of size 1 at 0x6020000000f1 thread T0 #0 0x556dbdbf5de4 in bfd_getl32 (/workspace/test/binutils-gdb/binutils/strip-new+0x25fde4) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #1 0x556dbde98083 in coff_set_section_contents pe-x86_64.c #2 0x556dbdc01038 in bfd_set_section_contents (/workspace/test/binutils-gdb/binutils/strip-new+0x26b038) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #3 0x556dbdb7303c in copy_section objcopy.c #4 0x556dbdc00aaa in bfd_map_over_sections (/workspace/test/binutils-gdb/binutils/strip-new+0x26aaaa) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #5 0x556dbdb69abb in copy_object objcopy.c #6 0x556dbdb6400f in copy_file objcopy.c #7 0x556dbdb5e2d6 in strip_main objcopy.c #8 0x556dbdb5d661 in main (/workspace/test/binutils-gdb/binutils/strip-new+0x1c7661) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #9 0x7f515d81ed8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #10 0x7f515d81ee3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) #11 0x556dbda9f5b4 in _start (/workspace/test/binutils-gdb/binutils/strip-new+0x1095b4) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) 0x6020000000f1 is located 0 bytes to the right of 1-byte region [0x6020000000f0,0x6020000000f1) allocated by thread T0 here: #0 0x556dbdb223fe in __interceptor_malloc (/workspace/test/binutils-gdb/binutils/strip-new+0x18c3fe) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #1 0x556dbdbf4e22 in bfd_malloc (/workspace/test/binutils-gdb/binutils/strip-new+0x25ee22) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #2 0x556dbdbe4d40 in bfd_get_full_section_contents (/workspace/test/binutils-gdb/binutils/strip-new+0x24ed40) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #3 0x556dbdb727db in copy_section objcopy.c #4 0x556dbdc00aaa in bfd_map_over_sections (/workspace/test/binutils-gdb/binutils/strip-new+0x26aaaa) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #5 0x556dbdb69abb in copy_object objcopy.c #6 0x556dbdb6400f in copy_file objcopy.c #7 0x556dbdb5e2d6 in strip_main objcopy.c #8 0x556dbdb5d661 in main (/workspace/test/binutils-gdb/binutils/strip-new+0x1c7661) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) #9 0x7f515d81ed8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) SUMMARY: AddressSanitizer: heap-buffer-overflow (/workspace/test/binutils-gdb/binutils/strip-new+0x25fde4) (BuildId: 35a9c6af570fac13ead5254910cec2f0379f6e81) in bfd_getl32 Shadow bytes around the buggy address: 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff8000: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa =>0x0c047fff8010: fa fa 00 01 fa fa fd fa fa fa 00 fa fa fa[01]fa 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==130497==ABORTING
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 commit ef186fe54aa6d281a3ff8a9528417e5cc614c797 Author: Alan Modra <amodra@gmail.com> Date: Sat Aug 13 15:32:47 2022 +0930 PR29482 - strip: heap-buffer-overflow PR 29482 * coffcode.h (coff_set_section_contents): Sanity check _LIB.
Fixed for 2.40