Bug 186147

Summary: feeding as garbage caused buffer overflow.
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: binutilsAssignee: Jakub Jelinek <jakub>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-21 21:35:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
garbage. none

Description Dave Jones 2006-03-21 21:25:53 UTC 
$ as < t2
{standard input}: Assembler messages:
{standard input}:0: Warning: end of file in comment; newline inserted
*** buffer overflow detected ***: as terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x3b966dee3f]
/lib64/libc.so.6[0x3b966de3f9]
/lib64/libc.so.6(_IO_default_xsputn+0x89)[0x3b96669ed9]
/lib64/libc.so.6(_IO_vfprintf+0x1638)[0x3b96642af8]
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x3b966de49d]
/lib64/libc.so.6(__sprintf_chk+0x80)[0x3b966de3e0]
as[0x424c88]
as[0x424e45]
as[0x428875]
as[0x41914b]
as[0x40547f]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3b9661d084]
as(free+0x129)[0x402949]
======= Memory map: ========
00400000-0044d000 r-xp 00000000 fd:00 4731925                            /usr/bin/as
0054d000-0054f000 rw-p 0004d000 fd:00 4731925                            /usr/bin/as
0054f000-0059a000 rw-p 0054f000 00:00 0                                  [heap]
3b96400000-3b96419000 r-xp 00000000 fd:00 3047430                       
/lib64/ld-2.4.so
3b96519000-3b9651a000 r--p 00019000 fd:00 3047430                       
/lib64/ld-2.4.so
3b9651a000-3b9651b000 rw-p 0001a000 fd:00 3047430                       
/lib64/ld-2.4.so
3b96600000-3b9673f000 r-xp 00000000 fd:00 3047432                       
/lib64/libc-2.4.so
3b9673f000-3b9683f000 ---p 0013f000 fd:00 3047432                       
/lib64/libc-2.4.so
3b9683f000-3b96843000 r--p 0013f000 fd:00 3047432                       
/lib64/libc-2.4.so
3b96843000-3b96844000 rw-p 00143000 fd:00 3047432                       
/lib64/libc-2.4.so
3b96844000-3b96849000 rw-p 3b96844000 00:00 0
3e1b700000-3e1b798000 r-xp 00000000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b798000-3e1b897000 ---p 00098000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b897000-3e1b8a4000 rw-p 00097000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b8a4000-3e1b8a8000 rw-p 3e1b8a4000 00:00 0
3e1c800000-3e1c80d000 r-xp 00000000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
3e1c80d000-3e1c90d000 ---p 0000d000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
3e1c90d000-3e1c90e000 rw-p 0000d000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
2b1716b91000-2b1716b92000 rw-p 2b1716b91000 00:00 0
2b1716ba7000-2b1716ba9000 rw-p 2b1716ba7000 00:00 0
2b1716ba9000-2b1719f3a000 r--p 00000000 fd:00 4737577                   
/usr/lib/locale/locale-archive
2b1719f3a000-2b171a241000 rw-p 2b1719f3a000 00:00 0
7fffffb7e000-7fffffb93000 rw-p 7fffffb7e000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
Aborted (core dumped)
Comment 1 Dave Jones 2006-03-21 21:25:53 UTC 
Created attachment 126433 [details]
garbage.
Comment 2 Jakub Jelinek 2006-03-21 21:35:01 UTC 
Don't do that then.  Only objdump/readelf/elflint/strings/etc. are supposed to
be garbage proof, even ther eit took many weeks to make them garbage proof to
some extent.  as/ld/gcc being totally garbage proof is many men-years of work,
it was decided both by us and upstream that's not worth it.