https://sourceware.org/bugzilla/show_bug.cgi?id=29006
Bug ID: 29006
Summary: alloc(): invalid size (unsorted) with
-fstack-protector -lssp
Product: binutils
Version: 2.38
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: manisandro at gmail dot com
Target Milestone: ---
I'm trying to build mingw-llvm-1.14.0 [1] with
mingw-binutils-2.38-1.fc37.x86_64, mingw-gcc-12.0.1-1.fc37.x86_64.
[1] https://smani.fedorapeople.org/mingw-llvm-14.0.0-1.fc37.src.rpm
Linking llvm-cvtres.exe fails with
malloc(): invalid size (unsorted)
collect2: fatal error: ld terminated with signal 6 [Aborted], core dumped
compilation terminated.
Reduced command line:
$ i686-w64-mingw32-g++ -fstack-protector -lssp -Wl,--whole-archive
CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive -o
../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
Note: Error only appears if both -fstack-protector and -lssp are present.
Appears to be a regression since mingw-binutils-2.37-5.fc37.
Valgrind says:
$ valgrind i686-w64-mingw32-g++ -fstack-protector -lssp -Wl,--whole-archive
CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive -o
../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
==794194== Memcheck, a memory error detector
==794194== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==794194== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==794194== Command: i686-w64-mingw32-g++ -fstack-protector -lssp
-Wl,--whole-archive CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive
-o ../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
==794194==
malloc(): invalid size (unsorted)
collect2: fatal error: ld terminated with signal 6 [Aborted], core dumped
compilation terminated.
[sandro@PC4 llvm-cvtres]$ valgrind --trace-children=yes i686-w64-mingw32-g++
-fstack-protector -lssp -Wl,--whole-archive
CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive -o
../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
==794496== Memcheck, a memory error detector
==794496== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==794496== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==794496== Command: i686-w64-mingw32-g++ -fstack-protector -lssp
-Wl,--whole-archive CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive
-o ../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
==794496==
==794496== Memcheck, a memory error detector
==794496== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==794496== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==794496== Command: /usr/bin/i686-w64-mingw32-g++ -fstack-protector -lssp
-Wl,--whole-archive CMakeFiles/llvm-cvtres.dir/objects.a -Wl,--no-whole-archive
-o ../../bin/llvm-cvtres.exe @CMakeFiles/llvm-cvtres.dir/linklibs.rsp
==794496==
==794497== Memcheck, a memory error detector
==794497== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==794497== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==794497== Command: /usr/libexec/gcc/i686-w64-mingw32/12.0.1/collect2 -plugin
/usr/libexec/gcc/i686-w64-mingw32/12.0.1/liblto_plugin.so
-plugin-opt=/usr/libexec/gcc/i686-w64-mingw32/12.0.1/lto-wrapper
-plugin-opt=-fresolution=/tmp/ccimcNFc.res -plugin-opt=-pass-through=-lmingw32
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lmoldname -plugin-opt=-pass-through=-lmingwex
-plugin-opt=-pass-through=-lmsvcrt -plugin-opt=-pass-through=-lkernel32
-plugin-opt=-pass-through=-lpthread -plugin-opt=-pass-through=-ladvapi32
-plugin-opt=-pass-through=-lshell32 -plugin-opt=-pass-through=-luser32
-plugin-opt=-pass-through=-lkernel32 -plugin-opt=-pass-through=-lmingw32
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lmoldname -plugin-opt=-pass-through=-lmingwex
-plugin-opt=-pass-through=-lmsvcrt -plugin-opt=-pass-through=-lkernel32
--sysroot=/usr/i686-w64-mingw32/sys-root -m i386pe -Bdynamic -u
___register_frame_info -u ___deregister_frame_info -o ../../bin/llvm-cvtres.exe
/usr/i686-w64-mingw32/sys-root/mingw/lib/../lib/crt2.o
/usr/lib/gcc/i686-w64-mingw32/12.0.1/crtbegin.o
-L/usr/lib/gcc/i686-w64-mingw32/12.0.1
-L/usr/lib/gcc/i686-w64-mingw32/12.0.1/../../../../i686-w64-mingw32/lib/../lib
-L/usr/i686-w64-mingw32/sys-root/mingw/lib/../lib
-L/usr/lib/gcc/i686-w64-mingw32/12.0.1/../../../../i686-w64-mingw32/lib
-L/usr/i686-w64-mingw32/sys-root/mingw/lib @/tmp/ccqLXUyr -lssp_nonshared -lssp
-lmingw32 -lgcc_s -lgcc -lmoldname -lmingwex -lmsvcrt -lkernel32 -lpthread
-ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 -lgcc_s -lgcc -lmoldname
-lmingwex -lmsvcrt -lkernel32 /usr/lib/gcc/i686-w64-mingw32/12.0.1/crtend.o
==794497==
==794498== Memcheck, a memory error detector
==794498== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==794498== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==794498== Command:
/usr/lib/gcc/i686-w64-mingw32/12.0.1/../../../../i686-w64-mingw32/bin/ld
@/tmp/cc0mZqz8
==794498==
==794498== Invalid read of size 1
==794498== at 0x484A5F6: strlen (vg_replace_strmem.c:494)
==794498== by 0x48E8AA7: __vfprintf_internal (vfprintf-internal.c:1517)
==794498== by 0x48F2A1A: __vsprintf_internal (iovsprintf.c:96)
==794498== by 0x49961C0: __sprintf_chk (sprintf_chk.c:40)
==794498== by 0x14DB2B: UnknownInlinedFun (stdio2.h:38)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2644)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2810)
==794498== by 0x14DB2B: make_import_fixup.lto_priv.0 (ei386pe.c:1123)
==794498== by 0x1FD524: pe_walk_relocs.constprop.0 (pe-dll.c:1349)
==794498== by 0x15563E: UnknownInlinedFun (pe-dll.c:1497)
==794498== by 0x15563E: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1400)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Address 0x6b606a0 is 0 bytes inside a block of size 13 free'd
==794498== at 0x48470E4: free (vg_replace_malloc.c:872)
==794498== by 0x153EF5: UnknownInlinedFun (pe-dll.c:3296)
==794498== by 0x153EF5: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Block was alloc'd at
==794498== at 0x484486F: malloc (vg_replace_malloc.c:381)
==794498== by 0x1F7E7D: UnknownInlinedFun (xmalloc.c:149)
==794498== by 0x1F7E7D: xstrdup (xstrdup.c:34)
==794498== by 0x153B5B: UnknownInlinedFun (pe-dll.c:3206)
==794498== by 0x153B5B: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498==
==794498== Invalid read of size 1
==794498== at 0x484A604: strlen (vg_replace_strmem.c:494)
==794498== by 0x48E8AA7: __vfprintf_internal (vfprintf-internal.c:1517)
==794498== by 0x48F2A1A: __vsprintf_internal (iovsprintf.c:96)
==794498== by 0x49961C0: __sprintf_chk (sprintf_chk.c:40)
==794498== by 0x14DB2B: UnknownInlinedFun (stdio2.h:38)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2644)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2810)
==794498== by 0x14DB2B: make_import_fixup.lto_priv.0 (ei386pe.c:1123)
==794498== by 0x1FD524: pe_walk_relocs.constprop.0 (pe-dll.c:1349)
==794498== by 0x15563E: UnknownInlinedFun (pe-dll.c:1497)
==794498== by 0x15563E: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1400)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Address 0x6b606a1 is 1 bytes inside a block of size 13 free'd
==794498== at 0x48470E4: free (vg_replace_malloc.c:872)
==794498== by 0x153EF5: UnknownInlinedFun (pe-dll.c:3296)
==794498== by 0x153EF5: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Block was alloc'd at
==794498== at 0x484486F: malloc (vg_replace_malloc.c:381)
==794498== by 0x1F7E7D: UnknownInlinedFun (xmalloc.c:149)
==794498== by 0x1F7E7D: xstrdup (xstrdup.c:34)
==794498== by 0x153B5B: UnknownInlinedFun (pe-dll.c:3206)
==794498== by 0x153B5B: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498==
==794498== Invalid read of size 1
==794498== at 0x48FDC80: _IO_default_xsputn (genops.c:394)
==794498== by 0x48FDC80: _IO_default_xsputn (genops.c:370)
==794498== by 0x48E894E: outstring_func (vfprintf-internal.c:239)
==794498== by 0x48E894E: __vfprintf_internal (vfprintf-internal.c:1517)
==794498== by 0x48F2A1A: __vsprintf_internal (iovsprintf.c:96)
==794498== by 0x49961C0: __sprintf_chk (sprintf_chk.c:40)
==794498== by 0x14DB2B: UnknownInlinedFun (stdio2.h:38)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2644)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2810)
==794498== by 0x14DB2B: make_import_fixup.lto_priv.0 (ei386pe.c:1123)
==794498== by 0x1FD524: pe_walk_relocs.constprop.0 (pe-dll.c:1349)
==794498== by 0x15563E: UnknownInlinedFun (pe-dll.c:1497)
==794498== by 0x15563E: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1400)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Address 0x6b606a0 is 0 bytes inside a block of size 13 free'd
==794498== at 0x48470E4: free (vg_replace_malloc.c:872)
==794498== by 0x153EF5: UnknownInlinedFun (pe-dll.c:3296)
==794498== by 0x153EF5: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Block was alloc'd at
==794498== at 0x484486F: malloc (vg_replace_malloc.c:381)
==794498== by 0x1F7E7D: UnknownInlinedFun (xmalloc.c:149)
==794498== by 0x1F7E7D: xstrdup (xstrdup.c:34)
==794498== by 0x153B5B: UnknownInlinedFun (pe-dll.c:3206)
==794498== by 0x153B5B: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498==
==794498== Invalid read of size 1
==794498== at 0x48FDC8F: _IO_default_xsputn (genops.c:393)
==794498== by 0x48FDC8F: _IO_default_xsputn (genops.c:370)
==794498== by 0x48E894E: outstring_func (vfprintf-internal.c:239)
==794498== by 0x48E894E: __vfprintf_internal (vfprintf-internal.c:1517)
==794498== by 0x48F2A1A: __vsprintf_internal (iovsprintf.c:96)
==794498== by 0x49961C0: __sprintf_chk (sprintf_chk.c:40)
==794498== by 0x14DB2B: UnknownInlinedFun (stdio2.h:38)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2644)
==794498== by 0x14DB2B: UnknownInlinedFun (pe-dll.c:2810)
==794498== by 0x14DB2B: make_import_fixup.lto_priv.0 (ei386pe.c:1123)
==794498== by 0x1FD524: pe_walk_relocs.constprop.0 (pe-dll.c:1349)
==794498== by 0x15563E: UnknownInlinedFun (pe-dll.c:1497)
==794498== by 0x15563E: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1400)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Address 0x6b606a2 is 2 bytes inside a block of size 13 free'd
==794498== at 0x48470E4: free (vg_replace_malloc.c:872)
==794498== by 0x153EF5: UnknownInlinedFun (pe-dll.c:3296)
==794498== by 0x153EF5: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498== Block was alloc'd at
==794498== at 0x484486F: malloc (vg_replace_malloc.c:381)
==794498== by 0x1F7E7D: UnknownInlinedFun (xmalloc.c:149)
==794498== by 0x1F7E7D: xstrdup (xstrdup.c:34)
==794498== by 0x153B5B: UnknownInlinedFun (pe-dll.c:3206)
==794498== by 0x153B5B: gld_i386pe_after_open.lto_priv.0 (ei386pe.c:1397)
==794498== by 0x13F3E5: UnknownInlinedFun (ldemul.c:65)
==794498== by 0x13F3E5: lang_process (ldlang.c:8205)
==794498== by 0x12F480: main (ldmain.c:497)
==794498==
==794498==
==794498== HEAP SUMMARY:
==794498== in use at exit: 26,268,866 bytes in 3,907 blocks
==794498== total heap usage: 12,645 allocs, 8,738 frees, 35,292,332 bytes
allocated
==794498==
==794498== LEAK SUMMARY:
==794498== definitely lost: 63,621 bytes in 460 blocks
==794498== indirectly lost: 4,548 bytes in 27 blocks
==794498== possibly lost: 320 bytes in 1 blocks
==794498== still reachable: 26,200,377 bytes in 3,419 blocks
==794498== suppressed: 0 bytes in 0 blocks
==794498== Rerun with --leak-check=full to see details of leaked memory
==794498==
==794498== For lists of detected and suppressed errors, rerun with: -s
==794498== ERROR SUMMARY: 325 errors from 4 contexts (suppressed: 0 from 0)
==794497==
==794497== HEAP SUMMARY:
==794497== in use at exit: 19,244 bytes in 142 blocks
==794497== total heap usage: 172 allocs, 30 frees, 104,420 bytes allocated
==794497==
==794497== LEAK SUMMARY:
==794497== definitely lost: 3,680 bytes in 16 blocks
==794497== indirectly lost: 1,987 bytes in 82 blocks
==794497== possibly lost: 0 bytes in 0 blocks
==794497== still reachable: 13,577 bytes in 44 blocks
==794497== suppressed: 0 bytes in 0 blocks
==794497== Rerun with --leak-check=full to see details of leaked memory
==794497==
==794497== For lists of detected and suppressed errors, rerun with: -s
==794497== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==794496==
==794496== HEAP SUMMARY:
==794496== in use at exit: 102,866 bytes in 108 blocks
==794496== total heap usage: 334 allocs, 226 frees, 228,758 bytes allocated
==794496==
==794496== LEAK SUMMARY:
==794496== definitely lost: 8,730 bytes in 24 blocks
==794496== indirectly lost: 158 bytes in 15 blocks
==794496== possibly lost: 43 bytes in 2 blocks
==794496== still reachable: 93,935 bytes in 67 blocks
==794496== suppressed: 0 bytes in 0 blocks
==794496== Rerun with --leak-check=full to see details of leaked memory
==794496==
==794496== For lists of detected and suppressed errors, rerun with: -s
==794496== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
