[Bug binutils/25688] New: objcopy : SIGSEGV in _bfd_elf_copy_special_section_fields ( elf.c:12599)

[fdgkhdkgh at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25688

            Bug ID: 25688
           Summary: objcopy : SIGSEGV in
                    _bfd_elf_copy_special_section_fields ( elf.c:12599)
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12382
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12382&action=edit
file that reproduces this problem

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy  ./sample


gdb backtrace :

gdb-peda$ bt
#0  0x0000555555743f68 in _bfd_elf_copy_special_section_fields
(ibfd=0x555555c473e0, obfd=0x555555c48540, isection=0x555555c4a8f0, 
    osection=0x555555c5cce0) at elf.c:12599
#1  0x00005555556d3bb0 in copy_special_section_fields
(ibfd=ibfd@entry=0x555555c473e0, obfd=obfd@entry=0x555555c48540,
iheader=0x555555c4ab20, 
    oheader=oheader@entry=0x555555c5cce0, secnum=secnum@entry=0x7) at
elf.c:1428
#2  0x00005555556de77e in _bfd_elf_copy_private_bfd_data (ibfd=0x555555c473e0,
obfd=0x555555c48540) at elf.c:1570
#3  0x00005555555ab258 in copy_object (ibfd=<optimized out>, obfd=<optimized
out>, input_arch=<optimized out>) at objcopy.c:3431
#4  0x00005555555b0b3e in copy_object (input_arch=0x0, obfd=0x555555c48540,
ibfd=0x555555c473e0) at objcopy.c:2611
#5  copy_file (input_filename=0x7fffffff2699 "./sample",
output_filename=0x555555c473c0 "./stjdAL68", input_target=<optimized out>, 
    output_target=<optimized out>, input_arch=0x0) at objcopy.c:3830
#6  0x00005555555895c9 in copy_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:5889
#7  main (argc=<optimized out>, argc@entry=0x2, argv=<optimized out>,
argv@entry=0x7fffffff22b8) at objcopy.c:6015
#8  0x00007ffff7801b97 in __libc_start_main (main=0x5555555888d0 <main>,
argc=0x2, argv=0x7fffffff22b8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffff22a8) at
../csu/libc-start.c:310
#9  0x0000555555594dea in _start ()

------

gdb report:

Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x555555c4ab20 --> 0x6000000400000064 
RCX: 0xb40 ('@\x0b')
RDX: 0x0 
RSI: 0x7ffff7bcd8b0 --> 0x0 
RDI: 0x7ffff7bcc680 --> 0xfbad2887 
RBP: 0x555555c5cce0 --> 0x40000000a 
RSP: 0x7fffffff1e00 --> 0x5 
RIP: 0x555555743f68 (<_bfd_elf_copy_special_section_fields+1160>:       mov   
rbx,QWORD PTR [r11+0x70])
R8 : 0x7ffff7bcd8b0 --> 0x0 
R9 : 0x7ffff7fd2740 (0x00007ffff7fd2740)
R10: 0xa ('\n')
R11: 0x0 
R12: 0x555555c48540 --> 0x555555c48690 ("./stjdAL68")
R13: 0x555555c473e0 --> 0x555555c49760 ("./sample")
R14: 0x555555c4a8f0 --> 0x0 
R15: 0x555555c4f9c0 --> 0x555555c4b234 --> 0x662e00747865742e ('.text')
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x555555743f57 <_bfd_elf_copy_special_section_fields+1143>:  mov   
rcx,QWORD PTR [rsp+0x8]
   0x555555743f5c <_bfd_elf_copy_special_section_fields+1148>:  mov   
rdx,QWORD PTR [rsp]
   0x555555743f60 <_bfd_elf_copy_special_section_fields+1152>:  lea   
rsp,[rsp+0x98]
=> 0x555555743f68 <_bfd_elf_copy_special_section_fields+1160>:  mov   
rbx,QWORD PTR [r11+0x70]
   0x555555743f6c <_bfd_elf_copy_special_section_fields+1164>:  test   rbx,rbx
   0x555555743f6f <_bfd_elf_copy_special_section_fields+1167>:  je    
0x5555557440b8 <_bfd_elf_copy_special_section_fields+1496>
   0x555555743f75 <_bfd_elf_copy_special_section_fields+1173>:  nop    DWORD
PTR [rax]
   0x555555743f78 <_bfd_elf_copy_special_section_fields+1176>:  lea   
rsp,[rsp-0x98]
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff1e00 --> 0x5 
0008| 0x7fffffff1e08 --> 0x555555c4ab20 --> 0x6000000400000064 
0016| 0x7fffffff1e10 --> 0x555555c473e0 --> 0x555555c49760 ("./sample")
0024| 0x7fffffff1e18 --> 0x555555c5cce0 --> 0x40000000a 
0032| 0x7fffffff1e20 --> 0x7 
0040| 0x7fffffff1e28 --> 0x555555c481f8 --> 0x555555c4a8f0 --> 0x0 
0048| 0x7fffffff1e30 --> 0x555555c48540 --> 0x555555c48690 ("./stjdAL68")
0056| 0x7fffffff1e38 --> 0x5555556d3bb0 (<copy_special_section_fields+256>:    
test   eax,eax)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x0000555555743f68 in _bfd_elf_copy_special_section_fields
(ibfd=0x555555c473e0, obfd=0x555555c48540, isection=0x555555c4a8f0, 
    osection=0x555555c5cce0) at elf.c:12599
12599     BFD_ASSERT (isection->bfd_section->output_section != NULL);

-- 
You are receiving this mail because:
You are on the CC list for the bug.