[Bug ld/20241] New: plugin lto + archive: invalid read access might cause SIGSEGV

Fri, 10 Jun 2016 22:09:06 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=20241

            Bug ID: 20241
           Summary: plugin lto + archive: invalid read access might cause
                    SIGSEGV
           Product: binutils
           Version: 2.27 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: frederic.germain at gmail dot com
  Target Milestone: ---

Hi,

I got that bug on ld.bfd on arm-none-eabi-binutils-cs toolchain on fedora when
using LTO on archive file : https://bugzilla.redhat.com/show_bug.cgi?id=1343670 

After further investigation and the help of valgrind, it seems some bad memory
access are made in add_archive_element, and can cause strange log (if --verbose
option is present) or SIGSEGV depending on which toolchain I tried.

It is still happening on HEAD, so opening a bug here.

    ==15446== Invalid read of size 8
    ==15446==    at 0x4175C8: add_archive_element (ldmain.c:866)
    ==15446==    by 0x46F070: elf_link_add_archive_symbols (elflink.c:5050)
    ==15446==    by 0x46F070: bfd_elf_link_add_symbols (elflink.c:5106)
    ==15446==    by 0x411203: load_symbols (ldlang.c:2863)
    ==15446==    by 0x411DB4: open_input_bfds (ldlang.c:3320)
    ==15446==    by 0x411C76: open_input_bfds (ldlang.c:3275)
    ==15446==    by 0x414219: lang_process (ldlang.c:6685)
    ==15446==    by 0x40374C: main (ldmain.c:418)
    ==15446==  Address 0x59712c0 is 192 bytes inside a block of size 256 free'd
    ==15446==    at 0x4C29CF0: free (vg_replace_malloc.c:530)
    ==15446==    by 0x42F53E: bfd_close (opncls.c:743)
    ==15446==    by 0x41F3C4: plugin_maybe_claim (plugin.c:890)
    ==15446==    by 0x4174EA: add_archive_element (ldmain.c:809)
    ==15446==    by 0x46F070: elf_link_add_archive_symbols (elflink.c:5050)
    ==15446==    by 0x46F070: bfd_elf_link_add_symbols (elflink.c:5106)
    ==15446==    by 0x411203: load_symbols (ldlang.c:2863)
    ==15446==    by 0x411DB4: open_input_bfds (ldlang.c:3320)
    ==15446==    by 0x411C76: open_input_bfds (ldlang.c:3275)
    ==15446==    by 0x414219: lang_process (ldlang.c:6685)
    ==15446==    by 0x40374C: main (ldmain.c:418)
    ==15446==  Block was alloc'd at
    ==15446==    at 0x4C2A988: calloc (vg_replace_malloc.c:711)
    ==15446==    by 0x42E142: bfd_zmalloc (libbfd.c:317)
    ==15446==    by 0x42EFCA: _bfd_new_bfd (opncls.c:61)
    ==15446==    by 0x42F197: bfd_fopen (opncls.c:197)
    ==15446==    by 0x423D96: _bfd_get_elt_at_filepos (archive.c:685)
    ==15446==    by 0x46F029: elf_link_add_archive_symbols (elflink.c:5041)
    ==15446==    by 0x46F029: bfd_elf_link_add_symbols (elflink.c:5106)
    ==15446==    by 0x411203: load_symbols (ldlang.c:2863)
    ==15446==    by 0x411DB4: open_input_bfds (ldlang.c:3320)
    ==15446==    by 0x411C76: open_input_bfds (ldlang.c:3275)
    ==15446==    by 0x414219: lang_process (ldlang.c:6685)
    ==15446==    by 0x40374C: main (ldmain.c:418)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to