elflink.c:14031:11) with --gc-sections --no-print-gc-sections -w options

swj22 at mails dot tsinghua.edu.cn Wed, 05 Feb 2025 05:13:34 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=32643


            Bug ID: 32643
           Summary: ld SEGV (illegal read access) in _bfd_elf_gc_mark_rsec
                    (bfd/elflink.c:14031:11) with --gc-sections
                    --no-print-gc-sections -w options
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15918
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15918&action=edit
poc

**Description**
A segv can occur in ld (part of binutils 2.43) when using the  --gc-sections
--no-print-gc-sections -w  options with a specially crafted input file. This
issue leads to memory corruption (illegal memory read access) and crashes.

**Affected Version**
GNU ld (GNU Binutils) 2.43

**Steps to Reproduce**

Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address"
./configure && make -j).
Run the following command:
./binutils-2.43/bins/bin/ld --gc-sections --no-print-gc-sections -w /tmp/poc

./binutils-2.43/bins/bin/ld: /tmp/poc symbol number 45 references nonexistent
SHT_SYMTAB_SHNDX section
AddressSanitizer:DEADLYSIGNAL
=================================================================
==486332==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
0x55735179a445 bp 0x7ffdcb9d5190 sp 0x7ffdcb9d4fb0 T0)
==486332==The signal is caused by a READ memory access.
==486332==Hint: address points to the zero page.
    #0 0x55735179a445 in _bfd_elf_gc_mark_rsec
./binutils-2.43/bfd/elflink.c:14031:11
    #1 0x55735179ac90 in _bfd_elf_gc_mark_reloc
./binutils-2.43/bfd/elflink.c:14091:10
    #2 0x55735179b474 in _bfd_elf_gc_mark
./binutils-2.43/bfd/elflink.c:14143:11
    #3 0x55735179ae30 in _bfd_elf_gc_mark_reloc
./binutils-2.43/bfd/elflink.c:14099:14
    #4 0x55735179b474 in _bfd_elf_gc_mark
./binutils-2.43/bfd/elflink.c:14143:11
    #5 0x55735179ae30 in _bfd_elf_gc_mark_reloc
./binutils-2.43/bfd/elflink.c:14099:14
    #6 0x55735179b474 in _bfd_elf_gc_mark
./binutils-2.43/bfd/elflink.c:14143:11
    #7 0x5573517a08fc in bfd_elf_gc_sections
./binutils-2.43/bfd/elflink.c:14719:11
    #8 0x557351549b0d in lang_gc_sections ./binutils-2.43/ld/ldlang.c:7763:5
    #9 0x55735154378b in lang_process ./binutils-2.43/ld/ldlang.c:8378:3
    #10 0x55735156d34c in main ./binutils-2.43/ld/./ldmain.c:529:3
    #11 0x7fc0629db082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #12 0x5573514456bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd)
(BuildId: d9731e405748db264b62c84ded760ba4f068cb0a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/elflink.c:14031:11 in
_bfd_elf_gc_mark_rsec
==486332==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/32643] New: ld SEGV (illegal read access) in _bfd_elf_gc_mark_rsec (bfd/elflink.c:14031:11) with --gc-sections --no-print-gc-sections -w options

Reply via email to