https://sourceware.org/bugzilla/show_bug.cgi?id=26748
Bug ID: 26748
Summary: SEGV on initialize_shnum(dwp.cc:806)
Product: binutils
Version: 2.35
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at gmail dot com
Reporter: 2060909445 at qq dot com
CC: ian at airs dot com
Target Milestone: ---
Created attachment 12906
--> https://sourceware.org/bugzilla/attachment.cgi?id=12906&action=edit
a file that makes crash
binutils 2.35 on centos linux 7.7.1908
It can be reproduced by:
dwp poc -o ./test_out
information below from valgrind:
==4157== Invalid read of size 8
==4157== at 0x40C088: elfcpp::Elf_file<64, false,
gold::Object>::initialize_shnum() [clone .part.452] (elfcpp_file.h:443)
==4157== by 0x4B4787: initialize_shnum (dwp.cc:806)
==4157== by 0x4B4787: shnum (elfcpp_file.h:143)
==4157== by 0x4B4787: gold::Sized_relobj_dwo<64, false>::setup()
(dwp.cc:778)
==4157== by 0x41438F: sized_make_object<64, false> (dwp.cc:1106)
==4157== by 0x41438F: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1086)
==4157== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==4157== by 0x40A62F: main (dwp.cc:2446)
==4157== Address 0x96969611036b2309 is not stack'd, malloc'd or (recently)
free'd
==4157==
==4157==
==4157== Process terminating with default action of signal 11 (SIGSEGV)
==4157== General Protection Fault
==4157== at 0x40C088: elfcpp::Elf_file<64, false,
gold::Object>::initialize_shnum() [clone .part.452] (elfcpp_file.h:443)
==4157== by 0x4B4787: initialize_shnum (dwp.cc:806)
==4157== by 0x4B4787: shnum (elfcpp_file.h:143)
==4157== by 0x4B4787: gold::Sized_relobj_dwo<64, false>::setup()
(dwp.cc:778)
==4157== by 0x41438F: sized_make_object<64, false> (dwp.cc:1106)
==4157== by 0x41438F: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1086)
==4157== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==4157== by 0x40A62F: main (dwp.cc:2446)
==4157==
==4157== HEAP SUMMARY:
==4157== in use at exit: 32,377 bytes in 759 blocks
==4157== total heap usage: 824 allocs, 65 frees, 43,697 bytes allocated
==4157==
==4157== LEAK SUMMARY:
==4157== definitely lost: 0 bytes in 0 blocks
==4157== indirectly lost: 0 bytes in 0 blocks
==4157== possibly lost: 0 bytes in 0 blocks
==4157== still reachable: 32,377 bytes in 759 blocks
==4157== of which reachable via heuristic:
==4157== stdstring : 27,229 bytes in 717
blocks
==4157== suppressed: 0 bytes in 0 blocks
==4157== Rerun with --leak-check=full to see details of leaked memory
==4157==
==4157== For lists of detected and suppressed errors, rerun with: -s
==4157== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
