[Bug binutils/33075] New: Segmentation fault in elf_map_symbols

Wed, 11 Jun 2025 07:35:07 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=33075

            Bug ID: 33075
           Summary: Segmentation fault in elf_map_symbols
           Product: binutils
           Version: 2.44
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: jaehoon.jang at kaist dot ac.kr
  Target Milestone: ---

Created attachment 16131
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16131&action=edit
poc file

Hello, I found a crash in the elf_map_symbols function, objcopy. 

Environment: Ubuntu 22.04
Source code (GitHub): https://github.com/bminor/binutils-gdb
Commit version (latest):
```
$ git log
commit b1d7cab3e46062641a1a86ca1ed67d56f451c4fb (HEAD -> master, origin/master,
origin/HEAD)
Author: GDB Administrator <gdbad...@sourceware.org>
Date:   Wed Jun 11 00:01:26 2025 +0000

    Automatic date update in version.in

```

Reproduction (ASAN Build)
```sh
$ CONFIG_OPTIONS="--disable-shared --disable-gdb \
                 --disable-libdecnumber --disable-readline \
                 --disable-sim --disable-ld"
$ CC="clang -g -fsanitize=address" CXX="clang++ -g -fsanitize=address"
./configure $CONFIG_OPTIONS
$ CC="clang -g -fsanitize=address" CXX="clang++ -g -fsanitize=address" make
```


ASAN log
```
$ ./binutils/objcopy --version
GNU objcopy (GNU Binutils) 2.44.50.20250611
Copyright (C) 2025 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.


$ ./binutils/objcopy --compress-debug-sections /root/objcopy-poc
./binutils/objcopy: /root/objcopy-poc(OrcError.cpp.o): invalid entry
(0x22000000) in group [3]
./binutils/objcopy: /root/objcopy-poc(OrcError.cpp.o): invalid entry
(0x21000000) in group [3]
./binutils/objcopy:
/root/objcopy-poc(OrcError.cpp.o)(.text._ZNK12_GLOBAL__N_116OrcErrorCategory7messageB5cxx11Ei):
relocation 29 has invalid symbol index 1160982879
AddressSanitizer:DEADLYSIGNAL
=================================================================
==122155==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc
0x0000005b472d bp 0x7ffca5bb54b0 sp 0x7ffca5bb5260 T0)
==122155==The signal is caused by a READ memory access.
==122155==Hint: address points to the zero page.
    #0 0x5b472d in elf_map_symbols /root/binutils-gdb/bfd/elf.c:4507:19
    #1 0x5b472d in swap_out_syms /root/binutils-gdb/bfd/elf.c:8687:8
    #2 0x5ab73d in _bfd_elf_compute_section_file_positions
/root/binutils-gdb/bfd/elf.c:4662:13
    #3 0x5c6917 in _bfd_elf_set_section_contents
/root/binutils-gdb/bfd/elf.c:9992:12
    #4 0x53acf5 in bfd_set_section_contents
/root/binutils-gdb/bfd/section.c:1527:7
    #5 0x4dee14 in copy_section /root/binutils-gdb/binutils/./objcopy.c:4677:12
    #6 0x4d8493 in copy_object /root/binutils-gdb/binutils/./objcopy.c:3408:10
    #7 0x4d23a0 in copy_archive /root/binutils-gdb/binutils/./objcopy.c:3779:9
    #8 0x4d23a0 in copy_file /root/binutils-gdb/binutils/./objcopy.c:3986:12
    #9 0x4d23a0 in copy_main /root/binutils-gdb/binutils/./objcopy.c:6187:3
    #10 0x4ce4a4 in main /root/binutils-gdb/binutils/./objcopy.c:6291:5
    #11 0x7f474d7a9d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #12 0x7f474d7a9e3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #13 0x41f534 in _start (/root/binutils-gdb/binutils/objcopy+0x41f534)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/binutils-gdb/bfd/elf.c:4507:19 in
elf_map_symbols
==122155==ABORTING

```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to