[Bug ld/32640] New: ld SEGV in bfd_putl64 (bfd/libbfd.c:989:11) with -w option

Wed, 05 Feb 2025 04:25:09 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=32640

            Bug ID: 32640
           Summary: ld SEGV in bfd_putl64 (bfd/libbfd.c:989:11) with -w
                    option
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15915
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15915&action=edit
poc

**Description**
A segv can occur in ld (part of binutils 2.43) when using the -w option with a
specially crafted input file. This issue leads to memory corruption (illegal
memory access)and crashes.

**Affected Version**
GNU ld (GNU Binutils) 2.43

**Steps to Reproduce**

Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address"
./configure && make -j).
Run the following command:
./binutils-2.43/bins/bin/ld -w  $poc
Observe the AddressSanitizer error indicating a segv.

$ ./binutils-2.43/bins/bin/ld -w /tmp/poc
./binutils-2.43/bins/bin/ld: warning: /tmp/poc has a section extending past end
of file
AddressSanitizer:DEADLYSIGNAL
=================================================================
==484973==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000007 (pc
0x557c2d205250 bp 0x7ffc11e6c490 sp 0x7ffc11e6c3f0 T0)
==484973==The signal is caused by a WRITE memory access.
==484973==Hint: address points to the zero page.
    #0 0x557c2d205250 in bfd_putl64 ./binutils-2.43/bfd/libbfd.c:989:11
    #1 0x557c2d25d6f3 in elf_x86_64_relocate_section
./binutils-2.43/bfd/elf64-x86-64.c:4101:8
    #2 0x557c2d38714e in elf_link_input_bfd
./binutils-2.43/bfd/elflink.c:11848:10
    #3 0x557c2d378f0d in bfd_elf_final_link
./binutils-2.43/bfd/elflink.c:13107:11
    #4 0x557c2d171d0e in ldwrite ./binutils-2.43/ld/ldwrite.c:550:8
    #5 0x557c2d16c4e9 in main ./binutils-2.43/ld/./ldmain.c:556:3
    #6 0x7f6584b14082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x557c2d0446bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd)
(BuildId: d9731e405748db264b62c84ded760ba4f068cb0a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/libbfd.c:989:11 in
bfd_putl64
==484973==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to