[Bug binutils/22009] New: Excessive memory allocation resulting from memory leakge due to incorrect handling of input file

[me at adhokshajmishraonline dot in]

https://sourceware.org/bugzilla/show_bug.cgi?id=22009

            Bug ID: 22009
           Summary: Excessive memory allocation resulting from memory
                    leakge due to incorrect handling of input file
           Product: binutils
           Version: 2.29
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: me at adhokshajmishraonline dot in
  Target Milestone: ---

Created attachment 10367
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10367&action=edit
Payload file which was passed to objdump

When objdump is invoked with a specially crafted file, it goes on memeory
allocation spree until it cannot allocate it anymore, and then it crashes.

Command

./objdump -x -C ./payload

Backtrace (soon after issue starts)

#0  0x00007f929418a015 in __strstr_sse2_unaligned () from /usr/lib/libc.so.6
#1  0x000055555570a1b1 in arm_pt (work=0x7fffffffdae0, mangled=0x555555ae32a5
"A______", 'w' <repeats 193 times>..., n=0x15558, anchor=0x7fffffffd5a8,
args=0x7fffffffd5b0)
    at ./cplus-dem.c:2392
#2  0x000055555570a623 in demangle_arm_hp_template (work=0x7fffffffdae0,
mangled=0x7fffffffd828, n=0x15558, declp=0x7fffffffd6a0) at ./cplus-dem.c:2507
#3  0x000055555570aa00 in demangle_class_name (work=0x7fffffffdae0,
mangled=0x7fffffffd828, declp=0x7fffffffd6a0) at ./cplus-dem.c:2614
#4  0x000055555570dc4b in demangle_fund_type (work=0x7fffffffdae0,
mangled=0x7fffffffd828, result=0x555555a67240) at ./cplus-dem.c:4118
#5  0x000055555570d240 in do_type (work=0x7fffffffdae0, mangled=0x7fffffffd828,
result=0x555555a67240) at ./cplus-dem.c:3907
#6  0x000055555570e2db in do_arg (work=0x7fffffffdae0, mangled=0x7fffffffd828,
result=0x7fffffffd830) at ./cplus-dem.c:4332
#7  0x000055555570ebd4 in demangle_args (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:4641
#8  0x0000555555708a7c in demangle_signature (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:1732
#9  0x000055555570adb2 in iterate_demangle_function (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90, 
    scan=0x555555a8bc21 "__87384A______", 'w' <repeats 186 times>...) at
./cplus-dem.c:2743
#10 0x000055555570b619 in demangle_prefix (work=0x7fffffffdae0,
mangled=0x7fffffffda60, declp=0x7fffffffda90) at ./cplus-dem.c:2971
#11 0x000055555570793b in internal_cplus_demangle (work=0x7fffffffdae0,
mangled=0x555555aa11a7 "20A__K\377\060\060\060#\344\300") at ./cplus-dem.c:1253
#12 0x0000555555706ea7 in cplus_demangle (mangled=0x555555a8bc20
"\236__87384A______", 'w' <repeats 185 times>..., options=0x3) at
./cplus-dem.c:918
#13 0x0000555555617a6c in bfd_demangle (abfd=0x555555a67000,
name=0x555555a8bc20 "\236__87384A______", 'w' <repeats 185 times>...,
options=0x3) at bfd.c:1961
#14 0x00005555555b9355 in dump_symbols (abfd=0x555555a67000, dynamic=0x0) at
./objdump.c:3163
#15 0x00005555555ba0df in dump_bfd (abfd=0x555555a67000) at ./objdump.c:3532
#16 0x00005555555ba342 in display_object_bfd (abfd=0x555555a67000) at
./objdump.c:3603
#17 0x00005555555ba596 in display_any_bfd (file=0x555555a67000, level=0x0) at
./objdump.c:3692
#18 0x00005555555ba60b in display_file (filename=0x7fffffffe248
"../../test/payload", target=0x0, last_file=0x1) at ./objdump.c:3713
#19 0x00005555555baf36 in main (argc=0x4, argv=0x7fffffffde88) at
./objdump.c:4015
#20 0x00007f929410f4ca in __libc_start_main () from /usr/lib/libc.so.6
#21 0x00005555555b24da in _start ()

Input file: attached herewith

NOTE: I am still investigating it in depth, and will share more details as soon
as I get something.

-- 
You are receiving this mail because:
You are on the CC list for the bug.