Created attachment 14282 [details]
testcases for strip-new
I detected some new memory leak and dead loop problems through fuzz testing, which I think may be a vulnerability.
The configuration of binutils is:
$ ./configure --disable-shared && make -j
and compiled with gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0
I use the program strip-new in "~/binutils-gdb/binutils/strip-new" in master branch[https://github.com/bminor/binutils-gdb/tree/master] with parameter "-o tmp ./testcase", and after waiting 20 minutes, the program neither giving any outputs nor terminating. What is more, the program strip-new occupied all the memory.
The testcase that trigger such results are in the attachment. If there is anything I am unclear about or need to discuss further, please feel free to contact me~
Looking forward to your reply!
Thanks & Best Regards
The master branch has been updated by Alan Modra <firstname.lastname@example.org>:
Author: Alan Modra <email@example.com>
Date: Tue Aug 16 17:02:24 2022 +0930
PR29495, rewrite_elf_program_header looping
This patch, in order of significance:
1) Replaces some macros with inline functions.
2) Those inline functions catch and avoid arithmetic overflows when
3) When assigning sections to segments (IS_SECTION_IN_INPUT_SEGMENT)
use bed->want_p_paddr_set_to_zero to decide whether lma vs p_paddr
or vma vs p_vaddr should be tested. When remapping, use the same
test, and use is_note rather than the more restrictive
It's important that the later tests not be more restrictive. If they
are it can lead to the situation triggered by the testcases, where a
section seemingly didn't fit and thus needed a new mapping. It didn't
fit the new mapping either, and this repeated until memory exhausted.
* elf.c (SEGMENT_END, SECTION_SIZE, IS_CONTAINED_BY_VMA): Delete.
(IS_CONTAINED_BY_LMA, IS_NOTE, IS_COREFILE_NOTE): Delete.
(segment_size, segment_end, section_size): New inline function.
(is_contained_by, is_note): Likewise.
(rewrite_elf_program_header): Use new functions.
Fixed for 2.40