https://sourceware.org/bugzilla/show_bug.cgi?id=16682
Bug ID: 16682
Summary: segmentation fault in bfd/elf.c
Product: binutils
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: antiagainst at gmail dot com
Created attachment 7460
--> https://sourceware.org/bugzilla/attachment.cgi?id=7460&action=edit
32-bit ELF containing a SHT_GNU_verdef section
The following is based on objdump 2.24. I built it on Ubuntu 13.10 with GCC
4.8.1.
There is a segmentation fault problem when processing SHT_GNU_verdef sections.
A small problem is attached to help reproduce the bug. The command is `objdump
-p A`. The program will exit with segmentation fault.
For the attached program, I tried to analyze it using gdb, but I cannot figure
it out clearly. What I currently have is the following:
gdb output:
Program received signal SIGSEGV, Segmentation fault.
0x00002aaaaaf35f90 in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, ap=ap@entry=0x7fffffffcfa8) at vfprintf.c:1655
1655 vfprintf.c: No such file or directory.
#0 0x00002aaaaaf35f90 in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, ap=ap@entry=0x7fffffffcfa8) at vfprintf.c:1655
#1 0x00002aaaaaf3cf57 in __fprintf (stream=<optimized out>, format=<optimized
out>) at fprintf.c:32
#2 0x00000000004e5f06 in _bfd_elf_print_private_bfd_data (abfd=0x96a1c0,
farg=0x2aaaab2ab280 <_IO_2_1_stdout_>) at ../../bfd/elf.c:1351
#3 0x000000000040b604 in dump_bfd_private_header (abfd=0x96a1c0) at
../../binutils/objdump.c:2643
#4 0x000000000040d96c in dump_bfd (abfd=0x96a1c0) at
../../binutils/objdump.c:3214
#5 0x000000000040e0fd in display_object_bfd (abfd=0x96a1c0) at
../../binutils/objdump.c:3313
#6 0x000000000040e563 in display_any_bfd (file=0x96a1c0, level=0) at
../../binutils/objdump.c:3387
#7 0x000000000040e656 in display_file (filename=0x7fffffffd90d
"objdump-3-244-A", target=0x0) at ../../binutils/objdump.c:3408
#8 0x000000000040f635 in main (argc=3, argv=0x7fffffffd3a8) at
../../binutils/objdump.c:3690
In _bfd_elf_slurp_version_tables() of bfd/elf.c, starting from line 7253,
contents_end_def and is smaller than contents, and contents_end_aux is the same
as contents. This seems not correct. Besides, It seems after
`abfd->tdata.elf_obj_data->verdef` gets its memory from bfd_zalloc2() at line
7286, `verdef[0].vd_nodename` is just `0x34 <Address 0x34 out of bounds>` and
never get changed until hitting fprintf() at line 1351 which tries to access it
and segfault. I don't know whether this is because the memory allocated for
`->verdef` is not enough (`maxidx` passed in to bfd_zalloc2() is 0) because the
logic behind the macros at line 87 of include/objalloc.h is not clear to me.
I would greatly appreciate it if you guys can also explain the reason while
fixing the problem. Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
