[Bug binutils/25200] New: strip-new: SIGSEGV in _bfd_elf_validate_reloc and assertion fail reloc.c:8229

Sun, 17 Nov 2019 08:27:53 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=25200

            Bug ID: 25200
           Summary: strip-new: SIGSEGV in _bfd_elf_validate_reloc and
                    assertion fail reloc.c:8229
           Product: binutils
           Version: 2.33
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12081
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12081&action=edit
file that reproduces this problem

binutils Version : 2.33.1
(https://ftp.yzu.edu.tw/pub/gnu/binutils/binutils-2.33.1.tar.xz)

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0

Steps to Reproduce :
download the sample from attachment

strip-new -F elf32-little -N .text ./assert_sample_1


gdb backtrace :
gdb-peda$ backtrace
#0  0x00005555555d052c in _bfd_elf_validate_reloc
(abfd=abfd@entry=0x5555558fb630, areloc=areloc@entry=0x555555947170) at
elf.c:9165
#1  0x00005555555fe8c7 in bfd_elf32_write_relocs (abfd=0x5555558fb630,
sec=0x5555558fc810, data=0x7fffffffdcd4) at elfcode.h:966
#2  0x00005555555abcec in bfd_map_over_sections
(abfd=abfd@entry=0x5555558fb630, operation=0x5555555fe770
<bfd_elf32_write_relocs>, user_storage=user_storage@entry=0x7fffffffdcd4)
    at section.c:1374
#3  0x00005555555cbe4d in _bfd_elf_write_object_contents (abfd=0x5555558fb630)
at elf.c:6569
#4  0x00005555555aa71a in bfd_close (abfd=0x5555558fb630) at opncls.c:755
#5  0x000055555558e0a6 in copy_file (input_filename=0x7fffffffe38f
"./assert_sample_1", output_filename=0x5555558a9470 "./stY6hVic",
input_target=<optimized out>, 
    output_target=<optimized out>, input_arch=0x0) at objcopy.c:3639
#6  0x0000555555587a46 in strip_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:4598
#7  main (argc=<optimized out>, argc@entry=0x6, argv=<optimized out>,
argv@entry=0x7fffffffdfc8) at objcopy.c:5779
#8  0x00007ffff7801b97 in __libc_start_main (main=0x555555586230 <main>,
argc=0x6, argv=0x7fffffffdfc8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, 
    stack_end=0x7fffffffdfb8) at ../csu/libc-start.c:310
#9  0x0000555555588cca in _start ()

-------

gdb peda report:

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x555555947170 --> 0x5555558fef00 --> 0x555555918880 --> 0x5555558aa400
--> 0x5555558ac540 ("./assert_sample_1")
RCX: 0xb40 ('@\x0b')
RDX: 0x555555898ac0 --> 0xa80010200000004 
RSI: 0x7ffff7bcd8b0 --> 0x0 
RDI: 0x7ffff7bcc680 --> 0xfbad2887 
RBP: 0x5555558fb630 --> 0x5555558fd770 ("./stY6hVic")
RSP: 0x7fffffffdba0 --> 0x5555559a0b90 --> 0x55555599ff28 --> 0x0 
RIP: 0x5555555d052c (<_bfd_elf_validate_reloc+252>:     movzx  ecx,BYTE PTR
[rax+0x7])
R8 : 0x7ffff7bcd8b0 --> 0x0 
R9 : 0x7ffff7fdd740 (0x00007ffff7fdd740)
R10: 0xa ('\n')
R11: 0x246 
R12: 0x5555559bd5c8 --> 0x5555559bc910 --> 0xde840fdb85480000 
R13: 0x367 
R14: 0x555555947170 --> 0x5555558fef00 --> 0x555555918880 --> 0x5555558aa400
--> 0x5555558ac540 ("./assert_sample_1")
R15: 0x5555558fc810 --> 0x5555558ba757 ("__dynamic_cast")
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x5555555d0520 <_bfd_elf_validate_reloc+240>:        mov    rdi,rbp
   0x5555555d0523 <_bfd_elf_validate_reloc+243>:        call   0x55555562d610
<bfd_reloc_type_lookup>
   0x5555555d0528 <_bfd_elf_validate_reloc+248>:        mov    rdx,QWORD PTR
[rbx+0x18]
=> 0x5555555d052c <_bfd_elf_validate_reloc+252>:        movzx  ecx,BYTE PTR
[rax+0x7]
   0x5555555d0530 <_bfd_elf_validate_reloc+256>:        movzx  edi,BYTE PTR
[rdx+0x7]
   0x5555555d0534 <_bfd_elf_validate_reloc+260>:        xor    edi,ecx
   0x5555555d0536 <_bfd_elf_validate_reloc+262>:        mov    edx,edi
   0x5555555d0538 <_bfd_elf_validate_reloc+264>:        and    edx,0x8
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffdba0 --> 0x5555559a0b90 --> 0x55555599ff28 --> 0x0 
0008| 0x7fffffffdba8 --> 0x5555558fb630 --> 0x5555558fd770 ("./stY6hVic")
0016| 0x7fffffffdbb0 --> 0x0 
0024| 0x7fffffffdbb8 --> 0x5555555fe8c7 (<bfd_elf32_write_relocs+343>:  test  
eax,eax)
0032| 0x7fffffffdbc0 --> 0x555555918880 --> 0x5555558aa400 --> 0x5555558ac540
("./assert_sample_1")
0040| 0x7fffffffdbc8 --> 0x0 
0048| 0x7fffffffdbd0 --> 0x5555555fd3f0 (<bfd_elf32_swap_reloca_out>:   push  
r12)
0056| 0x7fffffffdbd8 --> 0xc ('\x0c')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00005555555d052c in _bfd_elf_validate_reloc (abfd=abfd@entry=0x5555558fb630,
areloc=areloc@entry=0x555555947170) at elf.c:9165
9165              if (areloc->howto->pcrel_offset != howto->pcrel_offset)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to