https://sourceware.org/bugzilla/show_bug.cgi?id=26764
Bug ID: 26764
Summary: unknown-crash on map(object.cc:732)
Product: binutils
Version: 2.35
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at gmail dot com
Reporter: 2060909445 at qq dot com
CC: ian at airs dot com
Target Milestone: ---
Created attachment 12914
--> https://sourceware.org/bugzilla/attachment.cgi?id=12914&action=edit
a file that makes crash
binutils 2.35 on centos linux 7.7.1908
It can be reproduced by:
dwp poc -o ./test_out
=================================================================
==26923== ERROR: AddressSanitizer: unknown-crash on address 0x7f5bee99e027 at
pc 0x8d0d84 bp 0x7fff13c87b80 sp 0x7fff13c87b70
READ of size 4 at 0x7f5bee99e027 thread T0
#0 0x8d0d83 (/root/bug_finder/target_program/asan_program/dwp+0x8d0d83)
#1 0x50d8e1 (/root/bug_finder/target_program/asan_program/dwp+0x50d8e1)
#2 0x420b0b (/root/bug_finder/target_program/asan_program/dwp+0x420b0b)
#3 0x42ec3a (/root/bug_finder/target_program/asan_program/dwp+0x42ec3a)
#4 0x40cb53 (/root/bug_finder/target_program/asan_program/dwp+0x40cb53)
#5 0x7f5bea81b554 (/usr/lib64/libc-2.17.so+0x22554)
#6 0x4107ac (/root/bug_finder/target_program/asan_program/dwp+0x4107ac)
Shadow bytes around the buggy address:
0x0febfdd2bbb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0febfdd2bbc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0febfdd2bbd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0febfdd2bbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0febfdd2bbf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0febfdd2bc00: fe fe fe fe[fe]fe fe fe fe fe fe fe fe fe fe fe
0x0febfdd2bc10: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
0x0febfdd2bc20: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
0x0febfdd2bc30: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
0x0febfdd2bc40: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
0x0febfdd2bc50: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==26923== ABORTING
information below from valgrind:
==3100== Invalid read of size 4
==3100== at 0x766AA0: std::map<unsigned int, gold::Compressed_section_info,
std::less<unsigned int>, std::allocator<std::pair<unsigned int const,
gold::Compressed_section_info> > >* gold::build_compressed_section_map<32,
false>(unsigned char const*, unsigned int, char const*, unsigned long,
gold::Object*, bool) (object.cc:732)
==3100== by 0x49BDA3: gold::Sized_relobj_dwo<32, false>::setup()
(dwp.cc:803)
==3100== by 0x414D5F: sized_make_object<32, false> (dwp.cc:1106)
==3100== by 0x414D5F: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1069)
==3100== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==3100== by 0x40A62F: main (dwp.cc:2446)
==3100== Address 0x402401f is not stack'd, malloc'd or (recently) free'd
==3100==
==3100==
==3100== Process terminating with default action of signal 11 (SIGSEGV)
==3100== Access not within mapped region at address 0x402401F
==3100== at 0x766AA0: std::map<unsigned int, gold::Compressed_section_info,
std::less<unsigned int>, std::allocator<std::pair<unsigned int const,
gold::Compressed_section_info> > >* gold::build_compressed_section_map<32,
false>(unsigned char const*, unsigned int, char const*, unsigned long,
gold::Object*, bool) (object.cc:732)
==3100== by 0x49BDA3: gold::Sized_relobj_dwo<32, false>::setup()
(dwp.cc:803)
==3100== by 0x414D5F: sized_make_object<32, false> (dwp.cc:1106)
==3100== by 0x414D5F: gold::Dwo_file::make_object(gold::Dwp_output_file*)
(dwp.cc:1069)
==3100== by 0x41AD03: gold::Dwo_file::read(gold::Dwp_output_file*)
(dwp.cc:888)
==3100== by 0x40A62F: main (dwp.cc:2446)
==3100== If you believe this happened as a result of a stack
==3100== overflow in your program's main thread (unlikely but
==3100== possible), you can try to increase the size of the
==3100== main thread stack using the --main-stacksize= flag.
==3100== The main thread stack size used in this run was 8388608.
==3100==
==3100== HEAP SUMMARY:
==3100== in use at exit: 2,147,516,073 bytes in 761 blocks
==3100== total heap usage: 826 allocs, 65 frees, 2,147,527,400 bytes
allocated
==3100==
==3100== LEAK SUMMARY:
==3100== definitely lost: 0 bytes in 0 blocks
==3100== indirectly lost: 0 bytes in 0 blocks
==3100== possibly lost: 0 bytes in 0 blocks
==3100== still reachable: 2,147,516,073 bytes in 761 blocks
==3100== of which reachable via heuristic:
==3100== stdstring : 27,229 bytes in 717
blocks
==3100== suppressed: 0 bytes in 0 blocks
==3100== Rerun with --leak-check=full to see details of leaked memory
==3100==
==3100== For lists of detected and suppressed errors, rerun with: -s
==3100== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
