Bug 186147 - feeding as garbage caused buffer overflow.
feeding as garbage caused buffer overflow.
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: binutils (Show other bugs)
rawhide
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-21 16:25 EST by Dave Jones
Modified: 2015-01-04 17:26 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-21 16:35:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
garbage. (9.77 KB, text/plain)
2006-03-21 16:25 EST, Dave Jones
no flags Details

  None (edit)
Description Dave Jones 2006-03-21 16:25:53 EST
$ as < t2
{standard input}: Assembler messages:
{standard input}:0: Warning: end of file in comment; newline inserted
*** buffer overflow detected ***: as terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x3b966dee3f]
/lib64/libc.so.6[0x3b966de3f9]
/lib64/libc.so.6(_IO_default_xsputn+0x89)[0x3b96669ed9]
/lib64/libc.so.6(_IO_vfprintf+0x1638)[0x3b96642af8]
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x3b966de49d]
/lib64/libc.so.6(__sprintf_chk+0x80)[0x3b966de3e0]
as[0x424c88]
as[0x424e45]
as[0x428875]
as[0x41914b]
as[0x40547f]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3b9661d084]
as(free+0x129)[0x402949]
======= Memory map: ========
00400000-0044d000 r-xp 00000000 fd:00 4731925                            /usr/bin/as
0054d000-0054f000 rw-p 0004d000 fd:00 4731925                            /usr/bin/as
0054f000-0059a000 rw-p 0054f000 00:00 0                                  [heap]
3b96400000-3b96419000 r-xp 00000000 fd:00 3047430                       
/lib64/ld-2.4.so
3b96519000-3b9651a000 r--p 00019000 fd:00 3047430                       
/lib64/ld-2.4.so
3b9651a000-3b9651b000 rw-p 0001a000 fd:00 3047430                       
/lib64/ld-2.4.so
3b96600000-3b9673f000 r-xp 00000000 fd:00 3047432                       
/lib64/libc-2.4.so
3b9673f000-3b9683f000 ---p 0013f000 fd:00 3047432                       
/lib64/libc-2.4.so
3b9683f000-3b96843000 r--p 0013f000 fd:00 3047432                       
/lib64/libc-2.4.so
3b96843000-3b96844000 rw-p 00143000 fd:00 3047432                       
/lib64/libc-2.4.so
3b96844000-3b96849000 rw-p 3b96844000 00:00 0
3e1b700000-3e1b798000 r-xp 00000000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b798000-3e1b897000 ---p 00098000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b897000-3e1b8a4000 rw-p 00097000 fd:00 4731131                       
/usr/lib64/libbfd-2.16.91.0.6.so
3e1b8a4000-3e1b8a8000 rw-p 3e1b8a4000 00:00 0
3e1c800000-3e1c80d000 r-xp 00000000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
3e1c80d000-3e1c90d000 ---p 0000d000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
3e1c90d000-3e1c90e000 rw-p 0000d000 fd:00 3047660                       
/lib64/libgcc_s-4.1.0-20060304.so.1
2b1716b91000-2b1716b92000 rw-p 2b1716b91000 00:00 0
2b1716ba7000-2b1716ba9000 rw-p 2b1716ba7000 00:00 0
2b1716ba9000-2b1719f3a000 r--p 00000000 fd:00 4737577                   
/usr/lib/locale/locale-archive
2b1719f3a000-2b171a241000 rw-p 2b1719f3a000 00:00 0
7fffffb7e000-7fffffb93000 rw-p 7fffffb7e000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
Aborted (core dumped)
Comment 1 Dave Jones 2006-03-21 16:25:53 EST
Created attachment 126433 [details]
garbage.
Comment 2 Jakub Jelinek 2006-03-21 16:35:01 EST
Don't do that then.  Only objdump/readelf/elflint/strings/etc. are supposed to
be garbage proof, even ther eit took many weeks to make them garbage proof to
some extent.  as/ld/gcc being totally garbage proof is many men-years of work,
it was decided both by us and upstream that's not worth it.

Note You need to log in before you can comment on or make changes to this bug.