Created attachment 12227 [details] file that reproduces this problem Corrupted file can trigger the Floating point exception. binutils Version : HEAD git clone git://sourceware.org/git/binutils-gdb.git OS : ubuntu 18.04.3 kernel : gnu/linux 5.0.0-32-generic processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz compiler : gcc 7.4.0 Steps to Reproduce : download the sample from attachment objcopy ./sample gdb backtrace : #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff7820801 in __GI_abort () at abort.c:79 #2 0x00007ffff7869897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7996b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff787090a in malloc_printerr (str=str@entry=0x7ffff7994d88 "free(): invalid pointer") at malloc.c:5350 #4 0x00007ffff7877e1c in _int_free (have_lock=0x0, p=0x5555558aed20, av=0x7ffff7bcbc40 <main_arena>) at malloc.c:4157 #5 __GI___libc_free (mem=0x5555558aed30) at malloc.c:3124 #6 0x00005555556142c5 in _bfd_coff_free_symbols (abfd=abfd@entry=0x5555558ab3c0) at coffgen.c:1782 #7 0x00005555556182ca in _bfd_coff_free_symbols (abfd=0x5555558ab3c0) at coffgen.c:3179 #8 _bfd_coff_close_and_cleanup (abfd=0x5555558ab3c0) at coffgen.c:3180 #9 0x00005555555aadcb in bfd_close_all_done (abfd=0x5555558ab3c0) at opncls.c:789 #10 0x000055555558e218 in copy_file (input_filename=0x7fffffff2a35 "./sample", output_filename=0x7fffffff2a3e "./gg", input_target=<optimized out>, output_target=<optimized out>, input_arch=0x0) at objcopy.c:3812 #11 0x0000555555588200 in copy_main (argv=<optimized out>, argc=<optimized out>) at objcopy.c:5848 #12 main (argc=<optimized out>, argc@entry=0x3, argv=<optimized out>, argv@entry=0x7fffffff2758) at objcopy.c:5974 #13 0x00007ffff7801b97 in __libc_start_main (main=0x5555555865b0 <main>, argc=0x3, argv=0x7fffffff2758, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffff2748) at ../csu/libc-start.c:310 #14 0x00005555555890aa in _start () -------- gdb peda report [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x7fffffff2250 --> 0x5555558ac680 --> 0x5555558ac6a0 --> 0x0 RCX: 0x7ffff781ee97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108]) RDX: 0x0 RSI: 0x7fffffff1fe0 --> 0x0 RDI: 0x2 RBP: 0x7fffffff2350 --> 0xffffffffffffffb0 RSP: 0x7fffffff1fe0 --> 0x0 RIP: 0x7ffff781ee97 (<__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108]) R8 : 0x0 R9 : 0x7fffffff1fe0 --> 0x0 R10: 0x8 R11: 0x246 R12: 0x7fffffff2250 --> 0x5555558ac680 --> 0x5555558ac6a0 --> 0x0 R13: 0x1000 R14: 0x0 R15: 0x30 ('0') EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff781ee8b <__GI_raise+187>: mov edi,0x2 0x7ffff781ee90 <__GI_raise+192>: mov eax,0xe 0x7ffff781ee95 <__GI_raise+197>: syscall => 0x7ffff781ee97 <__GI_raise+199>: mov rcx,QWORD PTR [rsp+0x108] 0x7ffff781ee9f <__GI_raise+207>: xor rcx,QWORD PTR fs:0x28 0x7ffff781eea8 <__GI_raise+216>: mov eax,r8d 0x7ffff781eeab <__GI_raise+219>: jne 0x7ffff781eecc <__GI_raise+252> 0x7ffff781eead <__GI_raise+221>: add rsp,0x118 [------------------------------------stack-------------------------------------] 0000| 0x7fffffff1fe0 --> 0x0 0008| 0x7fffffff1fe8 --> 0x290006b 0016| 0x7fffffff1ff0 --> 0x1 0024| 0x7fffffff1ff8 --> 0x3e8000081b4 0032| 0x7fffffff2000 --> 0x3e8 0040| 0x7fffffff2008 --> 0x0 0048| 0x7fffffff2010 --> 0x0 0056| 0x7fffffff2018 --> 0x1000 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=caa31cfad6c16ffbd5c396f74273fc9e413906f0 commit caa31cfad6c16ffbd5c396f74273fc9e413906f0 Author: Nick Clifton <nickc@redhat.com> Date: Fri Jan 24 13:19:48 2020 +0000 Fix an illegal call to free() when copying a PE format file. PR 25447 * coffgen.c (_bfd_coff_close_and_cleanup): Do not clear the keep syms and keep strings flags as these may have been set in order to prevent a bogus call to free.
Hi Chien, Thanks for reporting this bug. I have checked in a small patch to fix the problem. Cheers Nick
Sorry Nick, that was me chasing oss-fuzz memory leak bugs. Which proves once again that I ought to just ignore this sort of asan/ubsan report.
*** Bug 25529 has been marked as a duplicate of this bug. ***
*** Bug 25530 has been marked as a duplicate of this bug. ***
The binutils-2_34-branch branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82f439d028c65663a0baf0a17ef5c4a2ea5c84a7 commit 82f439d028c65663a0baf0a17ef5c4a2ea5c84a7 Author: Nick Clifton <nickc@redhat.com> Date: Tue Feb 11 15:55:25 2020 +0000 Import a fix from the mainline sources that prevents a potential illegal memory access when parsing PE binaries. PR 25447 * coffgen.c (_bfd_coff_close_and_cleanup): Do not clear the keep syms and keep strings flags as these may have been set in order to prevent a bogus call to free.
*** Bug 25624 has been marked as a duplicate of this bug. ***
*** Bug 25914 has been marked as a duplicate of this bug. ***
*** Bug 25958 has been marked as a duplicate of this bug. ***
*** Bug 26111 has been marked as a duplicate of this bug. ***
*** Bug 26154 has been marked as a duplicate of this bug. ***
*** Bug 26167 has been marked as a duplicate of this bug. ***
*** Bug 26230 has been marked as a duplicate of this bug. ***