https://sourceware.org/bugzilla/show_bug.cgi?id=26747
Bug ID: 26747
Summary: SEGV on convert_host(elfcpp_swap.h:194)
Product: binutils
Version: 2.35
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at gmail dot com
Reporter: 2060909445 at qq dot com
CC: ian at airs dot com
Target Milestone: ---
Created attachment 12905
--> https://sourceware.org/bugzilla/attachment.cgi?id=12905&action=edit
a file that makes crash
binutils 2.35 on centos linux 7.7.1908
It can be reproduced by:
dwp poc -o ./test_out
information below from valgrind:
==3833== Invalid read of size 4
==3833== at 0x4B356F: convert_host (elfcpp_swap.h:194)
==3833== by 0x4B356F: convert_host (elfcpp_swap.h:221)
==3833== by 0x4B356F: get_sh_type (elfcpp.h:1227)
==3833== by 0x4B356F: gold::Sized_relobj_dwo<64, true>::setup() (dwp.cc:791)
==3833== by 0x4B3E19: gold::Relobj* gold::Dwo_file::sized_make_object<64,
true>(unsigned char const*, gold::Input_file*, gold::Dwp_output_file*)
(dwp.cc:1106)
==3833== by 0x413AB0: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1079)
==3833== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==3833== by 0x40A62F: main (dwp.cc:2446)
==3833== Address 0xffffff0004023006 is not stack'd, malloc'd or (recently)
free'd
==3833==
==3833==
==3833== Process terminating with default action of signal 11 (SIGSEGV)
==3833== Access not within mapped region at address 0xFFFFFF0004023006
==3833== at 0x4B356F: convert_host (elfcpp_swap.h:194)
==3833== by 0x4B356F: convert_host (elfcpp_swap.h:221)
==3833== by 0x4B356F: get_sh_type (elfcpp.h:1227)
==3833== by 0x4B356F: gold::Sized_relobj_dwo<64, true>::setup() (dwp.cc:791)
==3833== by 0x4B3E19: gold::Relobj* gold::Dwo_file::sized_make_object<64,
true>(unsigned char const*, gold::Input_file*, gold::Dwp_output_file*)
(dwp.cc:1106)
==3833== by 0x413AB0: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1079)
==3833== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==3833== by 0x40A62F: main (dwp.cc:2446)
==3833== If you believe this happened as a result of a stack
==3833== overflow in your program's main thread (unlikely but
==3833== possible), you can try to increase the size of the
==3833== main thread stack using the --main-stacksize= flag.
==3833== The main thread stack size used in this run was 8388608.
==3833==
==3833== HEAP SUMMARY:
==3833== in use at exit: 556,525 bytes in 760 blocks
==3833== total heap usage: 825 allocs, 65 frees, 567,841 bytes allocated
==3833==
==3833== LEAK SUMMARY:
==3833== definitely lost: 0 bytes in 0 blocks
==3833== indirectly lost: 0 bytes in 0 blocks
==3833== possibly lost: 0 bytes in 0 blocks
==3833== still reachable: 556,525 bytes in 760 blocks
==3833== of which reachable via heuristic:
==3833== stdstring : 27,369 bytes in 717
blocks
==3833== suppressed: 0 bytes in 0 blocks
==3833== Rerun with --leak-check=full to see details of leaked memory
==3833==
==3833== For lists of detected and suppressed errors, rerun with: -s
==3833== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
