https://sourceware.org/bugzilla/show_bug.cgi?id=29983
Nick Alcock <nick.alcock at oracle dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |nick.alcock at oracle
dot com
Status|NEW |ASSIGNED
--- Comment #1 from Nick Alcock <nick.alcock at oracle dot com> ---
Fix under test.
The root cause of this is a bug in the code which checks for outdated object
file inputs from old compilers that emitted a func info section format that has
never been supported by libctf: it mistakenly uses the wrong type for the value
of the ctf_link_inputs hashtable and treats it as a much larger structure than
it is: if unlucky and the controlling test fails, it tries to add stuff to a
list of errors and warnings located far beyond the *actual* end of the
structure in ctf_link_inputs.
It rarely bites in practice because it is relatively unlikely to happen on
systems with 64-bit pointers: we dereference the second pointer element of
(what we think is a) ctf_dict and then dig out its fourth byte (the header
flags word), but the corresponding element in the real structure is part of the
ctfa_magic in a ctf_archive (always allocated in a normal ld link), and it just
so happens that on a platform with 64-bit pointers the relevant bit of the
magic appears to have the relevant flags turned off. But on 32-bit this can
really bite, though it is very unlikely to cause anything but a crash and would
require near-total control of the process and careful preparation of the heap
to cause it to produce anything more than a crash.
Nonetheless, will backport the fix to all applicable branches.
--
You are receiving this mail because:
You are on the CC list for the bug.
