https://sourceware.org/bugzilla/show_bug.cgi?id=20059
Bug ID: 20059 Summary: _bfd_elf_copy_link_hash_symbol_type used when !elf_backend_relocate_section, segfault, access past allocated size Product: binutils Version: 2.27 (HEAD) Status: NEW Severity: minor Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: pipcet at gmail dot com Target Milestone: --- Created attachment 9240 --> https://sourceware.org/bugzilla/attachment.cgi?id=9240&action=edit proposed patch I'm working on an experimental target which currently does not define elf_backend_relocate_section. Inconsistent macro definitions in elfxx-target.h are causing segfaults. The problem I am hitting is that elfxx-target.h contains the following code: ---- #else /* ! defined (elf_backend_relocate_section) */ /* If no backend relocate_section routine, use the generic linker. Note - this will prevent the port from being able to use some of the other features of the ELF linker, because the generic hash structure does not have the fields needed by the ELF linker. In particular it means that linking directly to S-records will not work. */ #ifndef bfd_elfNN_bfd_link_hash_table_create #define bfd_elfNN_bfd_link_hash_table_create \ _bfd_generic_link_hash_table_create #endif ... #ifndef bfd_elfNN_bfd_copy_link_hash_symbol_type #define bfd_elfNN_bfd_copy_link_hash_symbol_type \ _bfd_elf_copy_link_hash_symbol_type #endif ---- which means that link hash table entries will be allocated with type (and size of) struct bfd_link_hash_entry, but _bfd_elf_copy_link_hash_symbol_type will cast pointers to such entries to struct elf_link_hash_entry and access structure elements past the allocated size, resulting in hard-to-reproduce segfaults due to data corruption when another structure is in memory at that address. I don't think we should segfault in that case, and I think the comment I quoted above is misleading as it stands--the ELF features will appear to work, but randomly corrupt memory. I'm not sure whether it is possible to fix this bug without requiring all ELF backends to define elf_backend_relocate_section, and I'd appreciate advice on whether I have to do that. (I'm testing the attached trivial patch, which appears to avoid the segfault but still results in runnable code.) -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils