[Bug binutils/16638] New: AR - Segmentation fault due to call stack overflow

Wed, 26 Feb 2014 08:26:45 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=16638

            Bug ID: 16638
           Summary: AR - Segmentation fault due to call stack overflow
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: razvan.ghitulete at gmail dot com

AR seems to have some issues when run with a plugin and the -r flag. More
specifically:

ar rcsD arch.a elf_obj bitcode_obj -> Segmentation fault
ar csD arch.a elf_obj bitcode_obj -> OK

It seems that the issue occurs specifically when resolving the -r flag on a
callchain invoked from replace_members() in ar.c.

...
#2 bfd_check_format (abfd=0x732e40, format=bfd_object) at bfd/format.c:95
#3 bfd_plugin_get_symbols_in_object_only (abfd=0x6e75b0) at bfd/plugin.c:157
#4 add_symbols (handle=0x6e75b0, nsyms=2, syms=<>) at bfd/plugin.c:280          
#5 claim_file_hook() from bfd-plugins/LLVMgold.so
#6 bfd_plugin_object_p (abfd=0x6e75b0) at bfd/plugin.c:451
#7 bfd_check_format_matches (abfd=0x6e75b0, format=bfd_object, matching=0x0)
    at bfd/format.c:336
#8 bfd_check_format (abfd=0x6e75b0, format=bfd_object) at bfd/format.c:95
#9 _bfd_write_archive_contents (arch=0x715be0) at bfd/archive.c:2149
#0 bfd_close (abfd=0x715be0) at bfd/opncls.c:703
#1 write_archive (iarch=0x6e5210) at binutils/ar.c:1161
#2 replace_members
(arch=0x6e5210,files_to_move=0x6e51e0,files_to_move=0x6e51d8, quick=0)

As far as I can tell when invoked from replace_members the abfd->my_archive
never gets filled in, and bfd_plugin_object_p passes it like this to
claim_file_hook in the plugin, which obviously cannot fill it in since the
plugin API exposes the abfd as a (void*). Nonetheless in
bfd_plugin_get_symbols_in_object_only() due to the abfd->my_archive being NULL
there is a new bfd object created 0x732e40 from scratch as opposed to the
initial 0x6e75b0. This basically seems to be the loop that overflows the stack.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to