[Bug ld/32647] New: ld SEGV in elf_orphan_compatible (ld/ldelf.c:2089:40) with --task-link option

Wed, 05 Feb 2025 19:20:13 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=32647

            Bug ID: 32647
           Summary: ld SEGV in elf_orphan_compatible (ld/ldelf.c:2089:40)
                    with --task-link option
           Product: binutils
           Version: 2.43
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15922
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15922&action=edit
poc

**Description**
A segv can occur in ld  when using the  --task-link  options with a specially
crafted input file. This issue leads to memory corruption (illegal memory read
access) and crashes.

**Affected Version**
GNU ld (GNU Binutils) 2.43

**Steps to Reproduce**

Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address"
./configure && make -j).
Run the following command:
./binutils-2.43/bins/bin/ld --task-link symbol_name /tmp/poc
./binutils-2.43/bins/bin/ld: warning: /tmp/poc has a section extending past end
of file
AddressSanitizer:DEADLYSIGNAL
=================================================================
==770777==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc
0x5572c709d7c6 bp 0x7ffe9f22ba00 sp 0x7ffe9f22b900 T0)
==770777==The signal is caused by a READ memory access.
==770777==Hint: address points to the zero page.
    #0 0x5572c709d7c6 in elf_orphan_compatible
./binutils-2.43/ld/ldelf.c:2089:40
    #1 0x5572c709c57f in ldelf_place_orphan ./binutils-2.43/ld/ldelf.c:2253:7
    #2 0x5572c705938a in ldemul_place_orphan ./binutils-2.43/ld/ldemul.c:144:12
    #3 0x5572c703cd0d in ldlang_place_orphan
./binutils-2.43/ld/ldlang.c:7424:12
    #4 0x5572c7023ff9 in lang_place_orphans ./binutils-2.43/ld/ldlang.c:7480:3
    #5 0x5572c701a7e8 in lang_process ./binutils-2.43/ld/ldlang.c:8410:3
    #6 0x5572c704434c in main ./binutils-2.43/ld/./ldmain.c:529:3
    #7 0x7f35a7c88082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x5572c6f1c6bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd)
(BuildId: d9731e405748db264b62c84ded760ba4f068cb0a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/ld/ldelf.c:2089:40 in
elf_orphan_compatible
==770777==ABORTING


**Env**
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to