[Bug binutils/30654] New: segment fault in as at line 1520 in symbols.c

Wed, 19 Jul 2023 07:47:55 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=30654

            Bug ID: 30654
           Summary: segment fault in as at line 1520 in symbols.c
           Product: binutils
           Version: 2.39
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: mengda2020 at iscas dot ac.cn
  Target Milestone: ---

Created attachment 14987
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14987&action=edit
POC file

as segment fault at line 1520 in symbols.c

Hello, Binutils developers!
I found another segment fault in as.
It caused the "resolve_symbol_value" function to keep recursing at line 1520 in
symbols.c, exhausting the stack resources
Please confirm.
Thanks!



Test Environment
Ubuntu 20.04, 64 bit binutils (version: v2.39 

How to trigger
Compile the program 
Run command $ ./as --alternate --gdwarf-5 --gstabs --gstabs+
--traditional-format -a -g $POC 
Details
'''
GDB report
$.(gdb) set args --alternate --gdwarf-5 --gstabs --gstabs+ --traditional-format
-a -g $POC
(gdb) r
...
out/default/crashes/id:000000,sig:11,src:004216+003578,time:70426992,execs:7097863,op:splice,rep:2:3:
Error: found '
', expected: ')'
out/default/crashes/id:000000,sig:11,src:004216+003578,time:70426992,execs:7097863,op:splice,rep:2:3:
Error: bad or irreducible absolute expression
out/default/crashes/id:000000,sig:11,src:004216+003578,time:70426992,execs:7097863,op:splice,rep:2:
Error: symbol definition loop encountered at `B'
out/default/crashes/id:000000,sig:11,src:004216+003578,time:70426992,execs:7097863,op:splice,rep:2:2:
Error: invalid operands (*UND* and *GAS `expr' section* sections) for `-'

Program received signal SIGSEGV, Segmentation fault.
'''
backtrace:
'''
#3584 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3585 0x0000000000526334 in operand (expressionP=0x7fffffffc900,
mode=expr_normal) at expr.c:1049
#3586 0x000000000051efac in expr (rankarg=5, resultP=0x7fffffffc900,
mode=expr_normal) at expr.c:1800
#3587 0x000000000051f24d in expr (rankarg=0, resultP=0x7fffffffd180,
mode=expr_normal) at expr.c:1814
#3588 0x0000000000591b2d in get_segmented_expression (expP=0x7fffffffd180) at
read.c:5616
#3589 0x000000000057afa6 in get_known_segmented_expression
(expP=0x7fffffffd180) at read.c:5632
#3590 0x000000000057d083 in assign_symbol (name=0x63100000084e ".", mode=0) at
read.c:3126
#3591 0x000000000056a977 in equals (sym_name=0x63100000084e ".", reassign=1) at
read.c:5753
#3592 0x0000000000567720 in read_a_source_file (
    name=0x7fffffffe2db
"out/default/crashes/id:000001,sig:11,src:001595+001814,time:73187270,execs:7351020,op:splice,rep:4")
    at read.c:1075
#3593 0x00000000004dc118 in perform_an_assembly_pass (argc=0,
argv=0x607000000108) at as.c:1256
#3594 0x00000000004d6d05 in main (argc=2, argv=0x607000000100) at as.c:1418
'''

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to