public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
* [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
@ 2023-07-15 6:36 sihan2021 at iscas dot ac.cn
2023-07-15 6:36 ` [Bug gdb/30641] " sihan2021 at iscas dot ac.cn
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: sihan2021 at iscas dot ac.cn @ 2023-07-15 6:36 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
Bug ID: 30641
Summary: AddressSanitizer: heap-buffer-overflow
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff
-pe-read.c:284:10 in pe_as16(void*)
Product: gdb
Version: 13.1
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdb
Assignee: unassigned at sourceware dot org
Reporter: sihan2021 at iscas dot ac.cn
Target Milestone: ---
Created attachment 14971
--> https://sourceware.org/bugzilla/attachment.cgi?id=14971&action=edit
crash seed
Hello GDB developers,
We recently conducted a fuzzing test on GDB and discovered a
heap-use-after-free bug. We would like to provide a detailed description of the
bug and seek your assistance in addressing it.
version:
gdb:GNU gdb (GDB) 13.0.50.20220805-git
gcc:gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)
ubuntu: 20.04
command to reproduce:
gdb -x command.gdb hbo
hbo is attached to this report.
command.gdb is attached to the first comment.
ASAN report:
=================================================================
==2662511==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x7fa83b269800 at pc 0x000000b13b4e bp 0x7ffdba8a9480 sp 0x7ffdba8a9478
READ of size 1 at 0x7fa83b269800 thread T0
#0 0xb13b4d in pe_as16(void*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10
#1 0xb11af1 in read_pe_exported_syms(minimal_symbol_reader&, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:513:31
#2 0xb1d543 in coff_read_minsyms(long, unsigned int, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coffread.c:548:7
#3 0xb1abd0 in coff_symfile_read(objfile*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coffread.c:702:3
#4 0x1bf6a0e in read_symbols(objfile*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:772:3
#5 0x1c19531 in syms_from_objfile_1(objfile*, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:968:3
#6 0x1c180fd in syms_from_objfile(objfile*, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:985:3
#7 0x1be663c in symbol_file_add_with_addrs(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1088:3
#8 0x1be70b3 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1168:10
#9 0x1be7459 in symbol_file_add(char const*, enum_flags<symfile_add_flag>,
std::vector<other_sections, std::allocator<other_sections> >*,
enum_flags<objfile_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1181:10
#10 0x1be873e in symbol_file_add_main_1(char const*,
enum_flags<symfile_add_flag>, enum_flags<objfile_flag>, unsigned long)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1205:29
#11 0x1be82ea in symbol_file_add_main(char const*,
enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1196:3
#12 0x15c8b73 in symbol_file_add_main_adapter(char const*, int)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:540:3
#13 0x15c6d2c in catch_command_errors(void (*)(char const*, int), char
const*, int, bool)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:513:7
#14 0x15c433a in captured_main_1(captured_main_args*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1212:8
#15 0x15be28d in captured_main(void*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1319:3
#16 0x15be058 in gdb_main(captured_main_args*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1344:7
#17 0x4e4f12 in main
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/gdb.c:32:10
#18 0x7fa86dd0f082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#19 0x433ebd in _start
(/home/root/sp/Fuzz/aflpp_fuzz/Binutils/document_group/batch_x/gdb_1/gdb+0x433ebd)
0x7fa83b269800 is located 0 bytes to the right of 262144-byte region
[0x7fa83b229800,0x7fa83b269800)
allocated by thread T0 here:
#0 0x4e242d in operator new(unsigned long)
(/home/root/sp/Fuzz/aflpp_fuzz/Binutils/document_group/batch_x/gdb_1/gdb+0x4e242d)
#1 0x627d92 in __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned
long, void const*)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:115:27
#2 0x627ca1 in std::allocator_traits<gdb::default_init_allocator<unsigned
char, std::allocator<unsigned char> >
>::allocate(gdb::default_init_allocator<unsigned char, std::allocator<unsigned
char> >&, unsigned long)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:314:20
#3 0x627661 in std::_Vector_base<unsigned char,
gdb::default_init_allocator<unsigned char, std::allocator<unsigned char> >
>::_M_allocate(unsigned long)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
#4 0x6b7121 in std::_Vector_base<unsigned char,
gdb::default_init_allocator<unsigned char, std::allocator<unsigned char> >
>::_M_create_storage(unsigned long)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:361:33
#5 0x6b6dd9 in std::_Vector_base<unsigned char,
gdb::default_init_allocator<unsigned char, std::allocator<unsigned char> >
>::_Vector_base(unsigned long, gdb::default_init_allocator<unsigned char,
std::allocator<unsigned char> > const&)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:305:9
#6 0xa9ea40 in std::vector<unsigned char,
gdb::default_init_allocator<unsigned char, std::allocator<unsigned char> >
>::vector(unsigned long, gdb::default_init_allocator<unsigned char,
std::allocator<unsigned char> > const&)
/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:511:9
#7 0xb1106b in read_pe_exported_syms(minimal_symbol_reader&, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:469:34
#8 0xb1d543 in coff_read_minsyms(long, unsigned int, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coffread.c:548:7
#9 0xb1abd0 in coff_symfile_read(objfile*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coffread.c:702:3
#10 0x1bf6a0e in read_symbols(objfile*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:772:3
#11 0x1c19531 in syms_from_objfile_1(objfile*, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:968:3
#12 0x1c180fd in syms_from_objfile(objfile*, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:985:3
#13 0x1be663c in symbol_file_add_with_addrs(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1088:3
#14 0x1be70b3 in symbol_file_add_from_bfd(bfd*, char const*,
enum_flags<symfile_add_flag>, std::vector<other_sections,
std::allocator<other_sections> >*, enum_flags<objfile_flag>, objfile*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1168:10
#15 0x1be7459 in symbol_file_add(char const*, enum_flags<symfile_add_flag>,
std::vector<other_sections, std::allocator<other_sections> >*,
enum_flags<objfile_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1181:10
#16 0x1be873e in symbol_file_add_main_1(char const*,
enum_flags<symfile_add_flag>, enum_flags<objfile_flag>, unsigned long)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1205:29
#17 0x1be82ea in symbol_file_add_main(char const*,
enum_flags<symfile_add_flag>)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/symfile.c:1196:3
#18 0x15c8b73 in symbol_file_add_main_adapter(char const*, int)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:540:3
#19 0x15c6d2c in catch_command_errors(void (*)(char const*, int), char
const*, int, bool)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:513:7
#20 0x15c433a in captured_main_1(captured_main_args*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1212:8
#21 0x15be28d in captured_main(void*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1319:3
#22 0x15be058 in gdb_main(captured_main_args*)
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/main.c:1344:7
#23 0x4e4f12 in main
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/gdb.c:32:10
#24 0x7fa86dd0f082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in
pe_as16(void*)
Shadow bytes around the buggy address:
0x0ff5876452b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5876452c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5876452d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5876452e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff5876452f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff587645300:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff587645310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff587645320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff587645330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff587645340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff587645350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2662511==ABORTING
Thank you for your attention and support.
Best regards,
Michael Zhang.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
@ 2023-07-15 6:36 ` sihan2021 at iscas dot ac.cn
2023-07-26 19:48 ` keiths at redhat dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: sihan2021 at iscas dot ac.cn @ 2023-07-15 6:36 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
--- Comment #1 from 熊吉思汗 <sihan2021 at iscas dot ac.cn> ---
Created attachment 14972
--> https://sourceware.org/bugzilla/attachment.cgi?id=14972&action=edit
input file of -x option
input file of -x option
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
2023-07-15 6:36 ` [Bug gdb/30641] " sihan2021 at iscas dot ac.cn
@ 2023-07-26 19:48 ` keiths at redhat dot com
2023-07-29 7:44 ` sihan2021 at iscas dot ac.cn
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: keiths at redhat dot com @ 2023-07-26 19:48 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
Keith Seitz <keiths at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |keiths at redhat dot com
--- Comment #2 from Keith Seitz <keiths at redhat dot com> ---
Trying this on origin/master, we have a slightly different segfault
location:
$ ./gdb -nx -q --data-directory data-directory hbo
BFD: hbo: warning: claims to have 0xffff relocs, without overflow
hbo: warning: claims to have 0xffff relocs, without overflow
hbo: warning: claims to have 0xffff relocs, without overflow
hbo: warning: claims to have 0xffff relocs, without overflow
Reading symbols from /home/keiths/rhbz/CVE/2023/39130/hbo...
Fatal signal: Segmentation fault
----- Backtrace -----
0x599064 gdb_internal_backtrace_1
../../src/gdb/bt-utils.c:122
0x599107 _Z22gdb_internal_backtracev
../../src/gdb/bt-utils.c:168
0x782fd4 handle_fatal_signal
../../src/gdb/event-top.c:889
0x783140 handle_sigsegv
../../src/gdb/event-top.c:962
0x7fea92e5fb6f ???
0x60ace0 add_pe_exported_sym
../../src/gdb/coff-pe-read.c:138
0x60c3b9 _Z21read_pe_exported_symsR21minimal_symbol_readerP7objfile
../../src/gdb/coff-pe-read.c:557
0x60e0bb coff_read_minsyms
../../src/gdb/coffread.c:543
0x60e629 coff_symfile_read
../../src/gdb/coffread.c:698
0xbd975e read_symbols
../../src/gdb/symfile.c:772
0xbd9e0b syms_from_objfile_1
../../src/gdb/symfile.c:966
0xbd9ecf syms_from_objfile
../../src/gdb/symfile.c:983
0xbda3aa symbol_file_add_with_addrs
../../src/gdb/symfile.c:1086
0xbda6eb
_Z24symbol_file_add_from_bfdRKN3gdb7ref_ptrI3bfd18gdb_bfd_ref_policyEEPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaISC_EES8_I12objfile_flagEP7objfile
../../src/gdb/symfile.c:1166
0xbda73a
_Z15symbol_file_addPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaIS5_EES1_I12objfile_flagE
../../src/gdb/symfile.c:1179
0xbda7ff symbol_file_add_main_1
../../src/gdb/symfile.c:1203
0xbda7a6 _Z20symbol_file_add_mainPKc10enum_flagsI16symfile_add_flagE
../../src/gdb/symfile.c:1194
0x90b1d7 symbol_file_add_main_adapter
../../src/gdb/main.c:549
0x90b0ed catch_command_errors
../../src/gdb/main.c:518
0x90c20e captured_main_1
../../src/gdb/main.c:1203
0x90c820 captured_main
../../src/gdb/main.c:1310
0x90c8bf _Z8gdb_mainP18captured_main_args
../../src/gdb/main.c:1339
0x418c3c main
../../src/gdb/gdb.c:32
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible. GDB will now terminate.
This is a bug, please report it. For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.
Segmentation fault (core dumped)
Can you confirm this is the correct segfault location for the supplied binary
(in origin/master)? Is the binary attached to this bug the one for 30640?
It appears that none of the binaries you supplied for 30639, 30640, or 30641
are correct for their respective bugs.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
2023-07-15 6:36 ` [Bug gdb/30641] " sihan2021 at iscas dot ac.cn
2023-07-26 19:48 ` keiths at redhat dot com
@ 2023-07-29 7:44 ` sihan2021 at iscas dot ac.cn
2023-09-28 8:10 ` abdul.basitijaz at gmail dot com
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: sihan2021 at iscas dot ac.cn @ 2023-07-29 7:44 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
--- Comment #3 from 熊吉思汗 <sihan2021 at iscas dot ac.cn> ---
(In reply to Keith Seitz from comment #2)
> Trying this on origin/master, we have a slightly different segfault
> location:
>
> $ ./gdb -nx -q --data-directory data-directory hbo
> BFD: hbo: warning: claims to have 0xffff relocs, without overflow
> hbo: warning: claims to have 0xffff relocs, without overflow
> hbo: warning: claims to have 0xffff relocs, without overflow
> hbo: warning: claims to have 0xffff relocs, without overflow
> Reading symbols from /home/keiths/rhbz/CVE/2023/39130/hbo...
>
>
> Fatal signal: Segmentation fault
> ----- Backtrace -----
> 0x599064 gdb_internal_backtrace_1
> ../../src/gdb/bt-utils.c:122
> 0x599107 _Z22gdb_internal_backtracev
> ../../src/gdb/bt-utils.c:168
> 0x782fd4 handle_fatal_signal
> ../../src/gdb/event-top.c:889
> 0x783140 handle_sigsegv
> ../../src/gdb/event-top.c:962
> 0x7fea92e5fb6f ???
> 0x60ace0 add_pe_exported_sym
> ../../src/gdb/coff-pe-read.c:138
> 0x60c3b9 _Z21read_pe_exported_symsR21minimal_symbol_readerP7objfile
> ../../src/gdb/coff-pe-read.c:557
> 0x60e0bb coff_read_minsyms
> ../../src/gdb/coffread.c:543
> 0x60e629 coff_symfile_read
> ../../src/gdb/coffread.c:698
> 0xbd975e read_symbols
> ../../src/gdb/symfile.c:772
> 0xbd9e0b syms_from_objfile_1
> ../../src/gdb/symfile.c:966
> 0xbd9ecf syms_from_objfile
> ../../src/gdb/symfile.c:983
> 0xbda3aa symbol_file_add_with_addrs
> ../../src/gdb/symfile.c:1086
> 0xbda6eb
> _Z24symbol_file_add_from_bfdRKN3gdb7ref_ptrI3bfd18gdb_bfd_ref_policyEEPKc10en
> um_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaISC_EES8_I12objfile_
> flagEP7objfile
> ../../src/gdb/symfile.c:1166
> 0xbda73a
> _Z15symbol_file_addPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sect
> ionsSaIS5_EES1_I12objfile_flagE
> ../../src/gdb/symfile.c:1179
> 0xbda7ff symbol_file_add_main_1
> ../../src/gdb/symfile.c:1203
> 0xbda7a6 _Z20symbol_file_add_mainPKc10enum_flagsI16symfile_add_flagE
> ../../src/gdb/symfile.c:1194
> 0x90b1d7 symbol_file_add_main_adapter
> ../../src/gdb/main.c:549
> 0x90b0ed catch_command_errors
> ../../src/gdb/main.c:518
> 0x90c20e captured_main_1
> ../../src/gdb/main.c:1203
> 0x90c820 captured_main
> ../../src/gdb/main.c:1310
> 0x90c8bf _Z8gdb_mainP18captured_main_args
> ../../src/gdb/main.c:1339
> 0x418c3c main
> ../../src/gdb/gdb.c:32
> ---------------------
> A fatal error internal to GDB has been detected, further
> debugging is not possible. GDB will now terminate.
>
> This is a bug, please report it. For instructions, see:
> <https://www.gnu.org/software/gdb/bugs/>.
>
> Segmentation fault (core dumped)
>
> Can you confirm this is the correct segfault location for the supplied binary
> (in origin/master)? Is the binary attached to this bug the one for 30640?
>
> It appears that none of the binaries you supplied for 30639, 30640, or 30641
> are correct for their respective bugs.
Please ignore 30639, 30640, and 30641 bug report. I will use the latest
origin/master gdb with asan to check these bug again. If these bug are still
valid, I will submit new bug report. I am sorry for my mistake.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
` (2 preceding siblings ...)
2023-07-29 7:44 ` sihan2021 at iscas dot ac.cn
@ 2023-09-28 8:10 ` abdul.basitijaz at gmail dot com
2023-09-28 14:32 ` simon.marchi at polymtl dot ca
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: abdul.basitijaz at gmail dot com @ 2023-09-28 8:10 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
Abdul Basit <abdul.basitijaz at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abdul.basitijaz at gmail dot com
--- Comment #4 from Abdul Basit <abdul.basitijaz at gmail dot com> ---
Regarding this issue and Bug 30640 there are CVEs linked to both issues.
https://nvd.nist.gov/vuln/detail/CVE-2023-39129
https://nvd.nist.gov/vuln/detail/CVE-2023-39130
@sihan2021 last comment on the ticket is following and afterwards there is no
update:
> Please ignore 30639, 30640, and 30641 bug report. I will use the latest origin/master gdb with asan to check these bug again.
Can you please confirm is there any update regarding this as CVEs are still
open for all these issues and there is no update on these two issues. I do
not see any new issue link to these CVEs. So if these are not valid issues
then it would be helpful to update the related CVEs otherwise if they are valid
issues then to update them with right info about security issue in gdb 13.1
Thanks
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
` (3 preceding siblings ...)
2023-09-28 8:10 ` abdul.basitijaz at gmail dot com
@ 2023-09-28 14:32 ` simon.marchi at polymtl dot ca
2023-09-28 14:44 ` keiths at redhat dot com
2023-09-28 19:09 ` keiths at redhat dot com
6 siblings, 0 replies; 8+ messages in thread
From: simon.marchi at polymtl dot ca @ 2023-09-28 14:32 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
Simon Marchi <simon.marchi at polymtl dot ca> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |simon.marchi at polymtl dot ca
--- Comment #5 from Simon Marchi <simon.marchi at polymtl dot ca> ---
(In reply to Abdul Basit from comment #4)
> Regarding this issue and Bug 30640 there are CVEs linked to both issues.
> https://nvd.nist.gov/vuln/detail/CVE-2023-39129
> https://nvd.nist.gov/vuln/detail/CVE-2023-39130
>
> @sihan2021 last comment on the ticket is following and afterwards there is
> no update:
> > Please ignore 30639, 30640, and 30641 bug report. I will use the latest origin/master gdb with asan to check these bug again.
>
> Can you please confirm is there any update regarding this as CVEs are still
> open for all these issues and there is no update on these two issues. I do
> not see any new issue link to these CVEs. So if these are not valid issues
> then it would be helpful to update the related CVEs otherwise if they are
> valid issues then to update them with right info about security issue in gdb
> 13.1
>
> Thanks
They are likely valid issues. If there is no update, it probably means nobody
has looked into fixing them.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
` (4 preceding siblings ...)
2023-09-28 14:32 ` simon.marchi at polymtl dot ca
@ 2023-09-28 14:44 ` keiths at redhat dot com
2023-09-28 19:09 ` keiths at redhat dot com
6 siblings, 0 replies; 8+ messages in thread
From: keiths at redhat dot com @ 2023-09-28 14:44 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
--- Comment #6 from Keith Seitz <keiths at redhat dot com> ---
(In reply to Simon Marchi from comment #5)
> They are likely valid issues. If there is no update, it probably means
> nobody has looked into fixing them.
I think this fixes it:
https://inbox.sourceware.org/gdb-patches/ZNRbSREoB52gfDWx@squeak.grove.modra.org/
It may be that this requires the fixes for 30640 and 30639, too. I don't
remember. I tested all three COFF bugs on a branch containing all the patches.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug gdb/30641] AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*)
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
` (5 preceding siblings ...)
2023-09-28 14:44 ` keiths at redhat dot com
@ 2023-09-28 19:09 ` keiths at redhat dot com
6 siblings, 0 replies; 8+ messages in thread
From: keiths at redhat dot com @ 2023-09-28 19:09 UTC (permalink / raw)
To: gdb-prs
https://sourceware.org/bugzilla/show_bug.cgi?id=30641
Keith Seitz <keiths at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #7 from Keith Seitz <keiths at redhat dot com> ---
Fixed by:
commit 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80
Author: Alan Modra <amodra@gmail.com>
Date: Wed Aug 9 09:58:36 2023 +0930
gdb: warn unused result for bfd IO functions
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-28 19:09 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-15 6:36 [Bug gdb/30641] New: AddressSanitizer: heap-buffer-overflow /home/root/sp/Dataset/Binutils/binutils_aflpp/gdb/coff-pe-read.c:284:10 in pe_as16(void*) sihan2021 at iscas dot ac.cn
2023-07-15 6:36 ` [Bug gdb/30641] " sihan2021 at iscas dot ac.cn
2023-07-26 19:48 ` keiths at redhat dot com
2023-07-29 7:44 ` sihan2021 at iscas dot ac.cn
2023-09-28 8:10 ` abdul.basitijaz at gmail dot com
2023-09-28 14:32 ` simon.marchi at polymtl dot ca
2023-09-28 14:44 ` keiths at redhat dot com
2023-09-28 19:09 ` keiths at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).