[Bug ld/32644] New: ld SEGV (illegal read access) in bfd_elf_reloc_symbol_deleted_p (bfd/elflink.c:15103:19) --no-undefined --orphan-handling discard -w -r -d options

Wed, 05 Feb 2025 05:29:35 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=32644

            Bug ID: 32644
           Summary: ld SEGV (illegal read access) in
                    bfd_elf_reloc_symbol_deleted_p
                    (bfd/elflink.c:15103:19) --no-undefined
                    --orphan-handling discard -w -r -d options
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15919
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15919&action=edit
poc

**Description**
A segv can occur in ld (part of binutils 2.43) when using the  --no-undefined
--orphan-handling discard -w -r -d options with a specially crafted input file.
This issue leads to memory corruption (illegal memory read access) and crashes.

**Affected Version**
GNU ld (GNU Binutils) 2.43

**Steps to Reproduce**

Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address"
./configure && make -j).
Run the following command:
./binutils-2.43/bins/bin/ld  --no-undefined --orphan-handling discard -w -r -d
/tmp/poc
./binutils-2.43/bins/bin/ld: warning: /tmp/poc has a section extending past end
of file
./binutils-2.43/bins/bin/ld: /tmp/poc: invalid string offset 512 >= 414 for
section `.strtab'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==487477==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc
0x55f81815a1a9 bp 0x7fff4627a220 sp 0x7fff4627a030 T0)
==487477==The signal is caused by a READ memory access.
==487477==Hint: address points to the zero page.
    #0 0x55f81815a1a9 in bfd_elf_reloc_symbol_deleted_p
./binutils-2.43/bfd/elflink.c:15103:19
    #1 0x55f81818c270 in _bfd_elf_discard_section_eh_frame
./binutils-2.43/bfd/elf-eh-frame.c:1519:14
    #2 0x55f81815af15 in bfd_elf_discard_info
./binutils-2.43/bfd/elflink.c:15203:8
    #3 0x55f817f5189a in gldelf_x86_64_after_allocation
./binutils-2.43/ld/eelf_x86_64.c:146:21
    #4 0x55f817f37036 in ldemul_after_allocation
./binutils-2.43/ld/ldemul.c:90:3
    #5 0x55f817ef8dc0 in lang_process ./binutils-2.43/ld/ldlang.c:8473:3
    #6 0x55f817f2234c in main ./binutils-2.43/ld/./ldmain.c:529:3
    #7 0x7fbfc1ba4082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x55f817dfa6bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd)
(BuildId: d9731e405748db264b62c84ded760ba4f068cb0a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/elflink.c:15103:19 in
bfd_elf_reloc_symbol_deleted_p
==487477==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to