[Bug ld/20910] New: LD crashes when setting linker script and image base

[boehme.marcel at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20910

            Bug ID: 20910
           Summary: LD crashes when setting linker script and image base
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: boehme.marcel at gmail dot com
  Target Milestone: ---

Dear all,

The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing
session on Binutils. Thanks also to Van-Thuan Pham.

The linker crashes with an invalid read of size 1 for the following execution
on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1
and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version
v2.24.

$ printf "K&=0%D," > test
$ ./ld -dll -T test
Segmentation fault

ASAN says:
==10282==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61600000fc50 at pc 0x00000051ba31 bp 0x7ffd20fc3a00 sp 0x7ffd20fc39f8
READ of size 8 at 0x61600000fc50 thread T0
    #0 0x51ba30 in bfd_generic_link_read_symbols ../../bfd/linker.c:803
    #1 0x47e903 in vfinfo ../../ld/ldmisc.c:301
    #2 0x47fa9a in info_msg ../../ld/ldmisc.c:455
    #3 0x4657d7 in main ../../ld/ldmain.c:371
    #4 0x7fd7ea3d2f44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #5 0x403968 
(/home/ubuntu/subjects/binutils-gdb/obj-asan/ld/ld-new+0x403968)

0x61600000fc50 is located 152 bytes to the right of 568-byte region
[0x61600000f980,0x61600000fbb8)
allocated by thread T0 here:
    #0 0x7fd7eb7533a8 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8)
    #1 0x7fd7ea41f37c  (/lib/x86_64-linux-gnu/libc.so.6+0x6e37c)

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.