[Bug binutils/25637] New: objcopy : SIGSEGV in copy_object ( objcopy.c:3219 )

fdgkhdkgh at gmail dot com Thu, 05 Mar 2020 09:11:25 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=25637


            Bug ID: 25637
           Summary: objcopy : SIGSEGV in copy_object ( objcopy.c:3219 )
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12350
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12350&action=edit
file that reproduces this problem

binutils Version : HEAD
git clone git://sourceware.org/git/binutils-gdb.git

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy -O  pei-i386  --change-leading-char ./sample 

Try to mov a byte to .text section, and trigger SIGSEGV.
Probably the similar bug in
https://sourceware.org/bugzilla/show_bug.cgi?id=25629


gdb backtrace : 

#0  copy_object (ibfd=0x5555558ac3c0, obfd=<optimized out>,
input_arch=<optimized out>) at objcopy.c:3219
#1  0x000055555558e159 in copy_file (input_filename=0x7fffffff2a40 "./sample", 
    output_filename=0x7fffffff2a49 "./objoutput", input_target=<optimized out>,
output_target=<optimized out>, 
    input_arch=0x0) at objcopy.c:3810
#2  0x0000555555588210 in copy_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:5860
#3  main (argc=<optimized out>, argc@entry=0x6, argv=<optimized out>,
argv@entry=0x7fffffff2718) at objcopy.c:5986
#4  0x00007ffff7801b97 in __libc_start_main (main=0x5555555865c0 <main>,
argc=0x6, argv=0x7fffffff2718, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffff2708)
    at ../csu/libc-start.c:310
#5  0x00005555555890ba in _start ()

----------------

gdb peda report : 


Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x5f ('_')
RBX: 0x5555558c1e40 --> 0x5555558ac3c0 --> 0x5555558ae740 ("./sample")
RCX: 0x5555558c7e90 --> 0x5555558c0ee0 --> 0x5555558ac3c0 --> 0x5555558ae740
("./sample")
RDX: 0x1 
RSI: 0x1f 
RDI: 0x5555558ac0c0 --> 0x555555589320 (<htab_hash_redefnode>:  mov   
rdi,QWORD PTR [rdi])
RBP: 0x0 
RSP: 0x7fffffff2340 --> 0x5555558b68e8 --> 0x5555558c1e40 --> 0x5555558ac3c0
--> 0x5555558ae740 ("./sample")
RIP: 0x55555558c1b1 (<copy_object+5249>:        mov    BYTE PTR [r12],al)
R8 : 0x5555558abcc0 --> 0x0 
R9 : 0x555555673dc0 --> 0x2492492500000007 
R10: 0x6652751a 
R11: 0x2 
R12: 0x55555565cfb0 --> 0x64697374756f2800 ('')
R13: 0xf 
R14: 0x0 
R15: 0x5555558b74d0 --> 0x5555558b7600 ("./objoutput")
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x55555558c1a5 <copy_object+5237>:   xor    eax,eax
   0x55555558c1a7 <copy_object+5239>:   call   0x55555559f150
<bfd_nonfatal_message>
   0x55555558c1ac <copy_object+5244>:   jmp    0x55555558c122
<copy_object+5106>
=> 0x55555558c1b1 <copy_object+5249>:   mov    BYTE PTR [r12],al
   0x55555558c1b5 <copy_object+5253>:   mov    rbp,r12
   0x55555558c1b8 <copy_object+5256>:   mov    QWORD PTR [rbx+0x8],r12
   0x55555558c1bc <copy_object+5260>:   jmp    0x55555558bb37
<copy_object+3591>
   0x55555558c1c1 <copy_object+5265>:   mov    r13,QWORD PTR [r14+0x90]
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff2340 --> 0x5555558b68e8 --> 0x5555558c1e40 --> 0x5555558ac3c0
--> 0x5555558ae740 ("./sample")
0008| 0x7fffffff2348 --> 0x3b62f6a500004005 
0016| 0x7fffffff2350 --> 0x29 (')')
0024| 0x7fffffff2358 --> 0x5555558a0360 --> 0x555555654c7a -->
0x432a002a5342412a ('*ABS*')
0032| 0x7fffffff2360 --> 0x5555558ac3c0 --> 0x5555558ae740 ("./sample")
0040| 0x7fffffff2368 --> 0x5555558b74d0 --> 0x5555558b7600 ("./objoutput")
0048| 0x7fffffff2370 --> 0x5555558b6a10 --> 0x0 
0056| 0x7fffffff2378 --> 0x5555558c7e90 --> 0x5555558c0ee0 --> 0x5555558ac3c0
--> 0x5555558ae740 ("./sample")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
copy_object (ibfd=0x5555558ac3c0, obfd=<optimized out>, input_arch=<optimized
out>) at objcopy.c:3219

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/25637] New: objcopy : SIGSEGV in copy_object ( objcopy.c:3219 )

Reply via email to