[Bug ld/29355] New: ld segfaults with -r/-q and custom-named section .rela*

Mon, 11 Jul 2022 14:03:34 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=29355

            Bug ID: 29355
           Summary: ld segfaults with -r/-q and custom-named section
                    .rela*
           Product: binutils
           Version: 2.38
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: samuel.hym+bugs at rustyne dot lautre.net
  Target Milestone: ---

ld segfaults when we combine:

- either -q or -r command-line option,
- a custom linker script creating a section named .rel, .rela or
  anything using the .rela prefix,
- a .o with relocations.

Here is a minimal (but boring) example to reproduce the bug.

bug.c:

--- >8 ---

void *ptr = &ptr;

--- 8< ---

bug.ld:

--- >8 ---

SECTIONS
{
        .rel : { *(.data*) }
}

--- 8< ---

Then we get:

$ ld --version
GNU ld (GNU Binutils for Debian) 2.38.50.20220707
Copyright (C) 2022 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.
$ gcc -c bug.c
$ ld -Tbug.ld bug.o -o bug

but

$ ld -Tbug.ld -q bug.o -o bug
Segmentation fault
$ ld -Tbug.ld -r bug.o -o bug
Segmentation fault

You can also see this example in the following repository [1], with a
CI log [2] running on alpine linux.

[1]: https://gitlab.univ-lille.fr/samuel.hym/ld-bug/
[2]: https://gitlab.univ-lille.fr/samuel.hym/ld-bug/-/jobs/40258

We get the same bug if the custom section is named something less
directly in conflict with names for internal uses, such as
`.relative`.

For the record, we stumbled upon this bug by trying to build RIOT OS [3]
adding the -q linker option to dynamically relocate some sections
during boot. RIOT’ linker script uses a section named `.relocate`
which makes ARM ld segfault (the `.rel` prefix makes arm-none-eabi-ld
segfault, the `.rela` prefix makes x86_64-linux-gnu-ld segfault).

[3]: https://www.riot-os.org/

We got the exact same bug with different versions of ld, in particular
with version 2.35.2-2 from debian stable.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to