[Bug binutils/30507] New: NULL dereference in rust-demangle reachable vi

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/30507] New: NULL dereference in rust-demangle reachable vi

From:	lukas.dresel at cs dot ucsb.edu
Subject:	[Bug binutils/30507] New: NULL dereference in rust-demangle reachable via nm-new
Date:	Thu, 01 Jun 2023 23:13:48 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=30507

            Bug ID: 30507
           Summary: NULL dereference in rust-demangle reachable via nm-new
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: lukas.dresel at cs dot ucsb.edu
  Target Milestone: ---

Created attachment 14911
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14911&action=edit
Testcase reproducing the above issue

Our hybrid fuzzer found a testcase which causes `rust-demangle` to call memcpy
with a NULL source pointer.

The output of `nm-new` compiled with undefined-behavior-sanitizer is shown
below

```
$ /experiments/targets/nm-new-original -C /tmp/crash_nm_rust-demangle-1572 
         w __azb]axhaotqd;@RSXEE\7.1.9__cbme_hzdvh
0000201c B __bgo[ytdlv
00000506 R bgq
00000087 d __bp_spkccp]bpisq]fqr[blqj[arsbv]ariwu
0000200b D __cbme_hzdvh
0000200b W cbme_hzdvh
00000430 r cbxdvztzcw\wj^ckvqdy__ex_lzocax`dxiqo_ehj
000000f4 d _`crcif_cnljx_umih`fsjbs\byhxr
00002007 D _]esp`qatezf
000004c0 t __ex_lzocax`dxiqo_ehj
000005e8 T _fg[zz
00000593 t _fya
00002001 d _GLOBAL_WDDUFZ^VBCKF`
         w _GRW[cbpfwogufyKXCshmdGaclf__t58.sak_sd]litts.dp
0000039f T _hzdvh
00000568 T __ired[cnq_polk_fg[zz
0000050f r iso,bz
0000201c b j
0000201c D __NJD]AVA][
0000008b d __nkjo_cmufy`nrcqg__QJG\FU[BLDPE\YBU
         w _NPP[ofkpkvdjVOCjghfLabge
0000055f T __p98-reg[hb^wvytp.fk__NJD]AVA][
0000037d T _polk_fg[zz
000005f4 t __QJG\FU[BLDPE\YBU
00000087 d __qvix]cmjco_fya
         U @ROVFB`5.0_ZdaAT1_RYC0.vdj\lc[kniso,bz
rust-demangle.c:1572:32: runtime error: null pointer passed as argument 2,
which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior rust-demangle.c:1572:32
in```


The output of --version for `nm-new` is 
```
$ /experiments/targets/nm-new-original --version
GNU nm (GNU Binutils) 2.40.50.20230411
Copyright (C) 2023 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/30507] New: NULL dereference in rust-demangle reachable via nm-new, lukas.dresel at cs dot ucsb.edu <=
- [Bug binutils/30507] NULL dereference in rust-demangle reachable via nm-new, lukas.dresel at cs dot ucsb.edu, 2023/06/01
- [Bug binutils/30507] NULL pointer passed to memcpy in rust-demangle reachable via nm-new, lukas.dresel at cs dot ucsb.edu, 2023/06/01
- [Bug binutils/30507] NULL pointer passed to memcpy in rust-demangle reachable via nm-new, lukas.dresel at cs dot ucsb.edu, 2023/06/01
- [Bug binutils/30507] NULL pointer passed to memcpy in rust-demangle reachable via nm-new, amodra at gmail dot com, 2023/06/01
- [Bug binutils/30507] NULL pointer passed to memcpy in rust-demangle reachable via nm-new, lukas.dresel at cs dot ucsb.edu, 2023/06/16

Prev by Date: [Bug gas/30449] gas riscv: support pseudo-instruction "lga"
Next by Date: [Bug binutils/30507] NULL dereference in rust-demangle reachable via nm-new
Previous by thread: [Bug gas/30449] gas riscv: support pseudo-instruction "lga"
Next by thread: [Bug binutils/30507] NULL dereference in rust-demangle reachable via nm-new
Index(es):
- Date
- Thread