[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25624] New: attempting free on address which was not mallo
From: |
natalierice at yeah dot net |
Subject: |
[Bug binutils/25624] New: attempting free on address which was not malloc()-ed |
Date: |
Tue, 03 Mar 2020 14:18:31 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25624
Bug ID: 25624
Summary: attempting free on address which was not malloc()-ed
Product: binutils
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: natalierice at yeah dot net
Target Milestone: ---
Created attachment 12337
--> https://sourceware.org/bugzilla/attachment.cgi?id=12337&action=edit
The crash which will trigger the bug.
natalie@mars:~/Research/Bug$ ./objdump --dwarf-check -C -g -f -dwarf -x
'/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16'
/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16:
file format pei-i386
/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16
architecture: i386, flags 0x00000018:
HAS_DEBUG, HAS_SYMS
start address 0x00000000
Characteristics 0x104
line numbers stripped
32 bit words
Time/Date Thu Jan 1 08:00:00 1970
Magic 0000
MajorLinkerVersion 0
MinorLinkerVersion 0
SizeOfCode 00000000
SizeOfInitializedData 00000000
SizeOfUninitializedData 00000000
AddressOfEntryPoint 00000000
BaseOfCode 00000000
BaseOfData 00000000
ImageBase 00000000
SectionAlignment 00000000
FileAlignment 00000000
MajorOSystemVersion 0
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 0
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 00000000
SizeOfHeaders 00000000
CheckSum 00000000
Subsystem 00000000 (unspecified)
DllCharacteristics 00000000
SizeOfStackReserve 00000000
SizeOfStackCommit 00000000
SizeOfHeapReserve 00000000
SizeOfHeapCommit 00000000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000000
The Data Directory
Entry 0 00000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 00000000 00000000 Import Directory [parts of .idata]
Entry 2 00000000 00000000 Resource Directory [.rsrc]
Entry 3 00000000 00000000 Exception Directory [.pdata]
Entry 4 00000000 00000000 Security Directory
Entry 5 00000000 00000000 Base Relocation Directory [.reloc]
Entry 6 00000000 00000000 Debug Directory
Entry 7 00000000 00000000 Description Directory
Entry 8 00000000 00000000 Special Directory
Entry 9 00000000 00000000 Thread Storage Directory [.tls]
Entry a 00000000 00000000 Load Configuration Directory
Entry b 00000000 00000000 Bound Import Directory
Entry c 00000000 00000000 Import Address Table Directory
Entry d 00000000 00000000 Delay Import Directory
Entry e 00000000 00000000 CLR Runtime Header
Entry f 00000000 00000000 Reserved
Sections:
Idx Name Size VMA LMA File off Algn Flags
0 .idata$4 00000004 00000000 00000000 00000000 2**2 CONTENTS,
ALLOC, LOAD, RELOC
1 .idata$5 00000004 00000000 00000000 00000000 2**2 CONTENTS,
ALLOC, LOAD, RELOC
2 .idata$6 00000004 00000000 00000000 00000000 2**2 CONTENTS,
ALLOC, LOAD
3 .text 00000008 00000000 00000000 00000000 2**2 CONTENTS,
ALLOC, LOAD, RELOC, CODE
SYMBOL TABLE:
[ 0](sec 0)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$4
[ 1](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$5
[ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$6
[ 3](sec 1)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _imp_
[ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .text
[ 5](sec 3)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000
[ 6](sec 0)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _IMPORT_DESCRIPTOR_
Disassembly of section .text:
00000000 <.text>:
0: ff 25 00 00 00 00 jmp *0x0 2: dir32 _imp_
6: 90 nop
7: 90 nop
debug_name_type: no current file
=================================================================
==28956==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x61e0000004e0 in thread T0
#0 0x4f2b58 in __interceptor_free
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
#1 0x930929 in _bfd_coff_free_symbols
(/home/natalie/Research/Bug/objdump+0x930929)
#2 0x94784c in _bfd_coff_close_and_cleanup
(/home/natalie/Research/Bug/objdump+0x94784c)
#3 0x6b3960 in bfd_close_all_done
(/home/natalie/Research/Bug/objdump+0x6b3960)
#4 0x53450c in display_file (/home/natalie/Research/Bug/objdump+0x53450c)
#5 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
#6 0x7fe6d16ba1e2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
#7 0x41f60d in _start (/home/natalie/Research/Bug/objdump+0x41f60d)
0x61e0000004e0 is located 1120 bytes inside of 2505-byte region
[0x61e000000080,0x61e000000a49)
allocated by thread T0 here:
#0 0x4f2f37 in malloc
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
#1 0x6adebc in bfd_malloc (/home/natalie/Research/Bug/objdump+0x6adebc)
#2 0x6ae174 in bfd_zmalloc (/home/natalie/Research/Bug/objdump+0x6ae174)
#3 0x8cb5e8 in pe_ILF_build_a_bfd
(/home/natalie/Research/Bug/objdump+0x8cb5e8)
#4 0x8ca374 in pe_ILF_object_p
(/home/natalie/Research/Bug/objdump+0x8ca374)
#5 0x8c23ea in pe_bfd_object_p
(/home/natalie/Research/Bug/objdump+0x8c23ea)
#6 0x6a7d7d in bfd_check_format_matches
(/home/natalie/Research/Bug/objdump+0x6a7d7d)
#7 0x534aa9 in display_object_bfd
(/home/natalie/Research/Bug/objdump+0x534aa9)
#8 0x5349b9 in display_any_bfd
(/home/natalie/Research/Bug/objdump+0x5349b9)
#9 0x5344e8 in display_file (/home/natalie/Research/Bug/objdump+0x5344e8)
#10 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
#11 0x7fe6d16ba1e2 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
SUMMARY: AddressSanitizer: bad-free
/home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
in __interceptor_free
==28956==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/25624] New: attempting free on address which was not malloc()-ed,
natalierice at yeah dot net <=