https://sourceware.org/bugzilla/show_bug.cgi?id=33075
Bug ID: 33075
Summary: Segmentation fault in elf_map_symbols
Product: binutils
Version: 2.44
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: jaehoon.jang at kaist dot ac.kr
Target Milestone: ---
Created attachment 16131
--> https://sourceware.org/bugzilla/attachment.cgi?id=16131&action=edit
poc file
Hello, I found a crash in the elf_map_symbols function, objcopy.
Environment: Ubuntu 22.04
Source code (GitHub): https://github.com/bminor/binutils-gdb
Commit version (latest):
```
$ git log
commit b1d7cab3e46062641a1a86ca1ed67d56f451c4fb (HEAD -> master, origin/master,
origin/HEAD)
Author: GDB Administrator <[email protected]>
Date: Wed Jun 11 00:01:26 2025 +0000
Automatic date update in version.in
```
Reproduction (ASAN Build)
```sh
$ CONFIG_OPTIONS="--disable-shared --disable-gdb \
--disable-libdecnumber --disable-readline \
--disable-sim --disable-ld"
$ CC="clang -g -fsanitize=address" CXX="clang++ -g -fsanitize=address"
./configure $CONFIG_OPTIONS
$ CC="clang -g -fsanitize=address" CXX="clang++ -g -fsanitize=address" make
```
ASAN log
```
$ ./binutils/objcopy --version
GNU objcopy (GNU Binutils) 2.44.50.20250611
Copyright (C) 2025 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.
$ ./binutils/objcopy --compress-debug-sections /root/objcopy-poc
./binutils/objcopy: /root/objcopy-poc(OrcError.cpp.o): invalid entry
(0x22000000) in group [3]
./binutils/objcopy: /root/objcopy-poc(OrcError.cpp.o): invalid entry
(0x21000000) in group [3]
./binutils/objcopy:
/root/objcopy-poc(OrcError.cpp.o)(.text._ZNK12_GLOBAL__N_116OrcErrorCategory7messageB5cxx11Ei):
relocation 29 has invalid symbol index 1160982879
AddressSanitizer:DEADLYSIGNAL
=================================================================
==122155==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc
0x0000005b472d bp 0x7ffca5bb54b0 sp 0x7ffca5bb5260 T0)
==122155==The signal is caused by a READ memory access.
==122155==Hint: address points to the zero page.
#0 0x5b472d in elf_map_symbols /root/binutils-gdb/bfd/elf.c:4507:19
#1 0x5b472d in swap_out_syms /root/binutils-gdb/bfd/elf.c:8687:8
#2 0x5ab73d in _bfd_elf_compute_section_file_positions
/root/binutils-gdb/bfd/elf.c:4662:13
#3 0x5c6917 in _bfd_elf_set_section_contents
/root/binutils-gdb/bfd/elf.c:9992:12
#4 0x53acf5 in bfd_set_section_contents
/root/binutils-gdb/bfd/section.c:1527:7
#5 0x4dee14 in copy_section /root/binutils-gdb/binutils/./objcopy.c:4677:12
#6 0x4d8493 in copy_object /root/binutils-gdb/binutils/./objcopy.c:3408:10
#7 0x4d23a0 in copy_archive /root/binutils-gdb/binutils/./objcopy.c:3779:9
#8 0x4d23a0 in copy_file /root/binutils-gdb/binutils/./objcopy.c:3986:12
#9 0x4d23a0 in copy_main /root/binutils-gdb/binutils/./objcopy.c:6187:3
#10 0x4ce4a4 in main /root/binutils-gdb/binutils/./objcopy.c:6291:5
#11 0x7f474d7a9d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#12 0x7f474d7a9e3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#13 0x41f534 in _start (/root/binutils-gdb/binutils/objcopy+0x41f534)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/binutils-gdb/bfd/elf.c:4507:19 in
elf_map_symbols
==122155==ABORTING
```
--
You are receiving this mail because:
You are on the CC list for the bug.
