[Bug binutils/33448] New: [BUG] Aborted in tg_tag_type at prdbg.c:2452

Thu, 18 Sep 2025 06:56:03 -0700 

https://sourceware.org/bugzilla/show_bug.cgi?id=33448

            Bug ID: 33448
           Summary: [BUG] Aborted in tg_tag_type at prdbg.c:2452
           Product: binutils
           Version: 2.45
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: yfzhang23 at stu dot pku.edu.cn
  Target Milestone: ---

Created attachment 16344
  --> https://sourceware.org/bugzilla/attachment.cgi?id=16344&action=edit
POC

## Description

- Version: Binutils 2.45
- Environment: Ubuntu 20.04.6 LTS, GCC 9.4.0

## Steps to reproduce

export CFLAGS="-g3"
./configure
make -j
./binutils/objdump -S -D -x -s -Z -g -e -G -T -t -L -R --disassemble-zeroes
--insn-width=32 --disassembler-color=extended $POC


## Output

root@7328863e3119:/benchmark/bin/binutils-2.45/binutils# ./objdump -S -D -x -s
-Z -g -e -G -T -t -L -R --disassemble-zeroes --insn-width=32
--disassembler-color=extended objdump_crash_2.in 
objdump_crash_2.in
architecture: i386:x86-64, flags 0x0000013e:
EXEC_P, HAS_LINENO, HAS_DEBUG, HAS_SYMS, HAS_LOCALS, D_PAGED
start address 0x7f06160493280000

Characteristics 0x3
        relocations stripped
        executable

Time/Date               Wed Jul  2 17:50:28 2104
Magic                   0000
MajorLinkerVersion      0
MinorLinkerVersion      0
SizeOfCode              0000000000000000
SizeOfInitializedData   0000000000000000
SizeOfUninitializedData 0000000000000000
AddressOfEntryPoint     0000000000000000
BaseOfCode              0000000000000000
ImageBase               0000000000000000
SectionAlignment        00000000
FileAlignment           00000000
MajorOSystemVersion     0
MinorOSystemVersion     0
MajorImageVersion       0
MinorImageVersion       0
MajorSubsystemVersion   0
MinorSubsystemVersion   0
Win32Version            00000000
SizeOfImage             00000000
SizeOfHeaders           00000000
CheckSum                00000000
Subsystem               00000000        (unspecified)
DllCharacteristics      00000000
SizeOfStackReserve      0000000000000000
SizeOfStackCommit       0000000000000000
SizeOfHeapReserve       0000000000000000
SizeOfHeapCommit        0000000000000000
LoaderFlags             00000000
NumberOfRvaAndSizes     00000000

The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we
found it)]
Entry 1 0000000000000000 00000000 Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000000000 00000000 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved
Sections:
Idx Name          Size      VMA               LMA               File off  Algn
./objdump: objdump_crash_2.in: not a dynamic object
SYMBOL TABLE:
[  0](sec -1)(fl 0x00)(ty  5ff)(scl   3) (nx 2) 0x0000000000000000 ���

AUX lnno 2056 size 0x808 tagndx 16
AUX lnno 0 size 0xc00 tagndx 201654285
[  3](sec 2056)(fl 0x00)(ty   25)(scl   6) (nx 0) 0x0000000008080820 
[  4](sec 250)(fl 0x00)(ty fa00)(scl 255) (nx 0) 0x000000000dbb0000 
[  5](sec 35)(fl 0x00)(ty e567)(scl   4) (nx 8) 0x0000000000000000 
AUX lnno 65535 size 0x16 tagndx 4293722240
AUX lnno 1024 size 0x0 tagndx 1677721344
AUX lnno 2279 size 0xff7f tagndx 4279238689
AUX lnno 221 size 0x11 tagndx 4278190208
AUX lnno 64768 size 0x0 tagndx 1048576
AUX lnno 257 size 0x101 tagndx 16843009
AUX lnno 258 size 0x101 tagndx 16843009
AUX lnno 5381 size 0x0 tagndx 184549631
[ 14](sec  8)(fl 0x00)(ty   20)(scl   6) (nx 1) 0x0000000008080820 
AUX lnno 42423 size 0xc00 tagndx 4292804635
[ 16](sec 2056)(fl 0x00)(ty   17)(scl  12) (nx 1) 0x0000000080080820 w��
AUX lnno 42424 size 0x1 tagndx 0
[ 18](sec 35)(fl 0x00)(ty  168)(scl  18) (nx 8) 0x0000000000000000 
AUX lnno 65535 size 0x96 tagndx 4293722112
AUX lnno 1024 size 0x0 tagndx 1677721344
AUX lnno 2279 size 0xff7f tagndx 4279238689
AUX lnno 0 size 0x11 tagndx 113
AUX lnno 64768 size 0x0 tagndx 1048576
AUX lnno 65284 size 0x7f7f tagndx 32512
AUX lnno 257 size 0x101 tagndx 16842981
AUX lnno 5 size 0x0 tagndx 184549631
[ 27](sec -1528)(fl 0x00)(ty   26)(scl   6) (nx 0) 0x0000000008080820 


DYNAMIC SYMBOL TABLE:
no symbols


!_TAG_FILE_FORMAT       2       /extended format/
!_TAG_FILE_SORTED       0       /0=unsorted, 1=sorted/
!_TAG_PROGRAM_AUTHOR    Ian Lance Taylor, Salvador E. Tropea and others //
!_TAG_PROGRAM_NAME      objdump /From GNU binutils/
int     objdump_crash_2.in      0;"     kind:t  type:int32
int     objdump_crash_2.in      0;"     kind:t  type:int32
Aborted (core dumped)

## GDB Output

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f7575e02859 in __GI_abort () at abort.c:79
#2  0x0000560b8745b786 in tg_tag_type (p=0x7ffcc3d2ed80, 
    name=0x560b88ba4dd8 "w\005\377\377\005\b\b\b", id=0,
kind=DEBUG_KIND_POINTER) at prdbg.c:2452
#3  0x0000560b87460055 in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba8218, name=0x0) at debug.c:2466
#4  0x0000560b87460181 in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba4f88, name=0x0) at debug.c:2496
#5  0x0000560b874604da in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba4fb8, name=0x0) at debug.c:2560
#6  0x0000560b874604da in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba4fd8, name=0x0) at debug.c:2560
#7  0x0000560b874606c7 in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba5110, name=0x0) at debug.c:2593
#8  0x0000560b874606c7 in debug_write_type (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, type=0x560b88ba51d0, name=0x0) at debug.c:2593
#9  0x0000560b8745fd35 in debug_write_name (info=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80, n=0x560b88ba5218) at debug.c:2384
#10 0x0000560b8745fb88 in debug_write (handle=0x560b88ba4e60,
fns=0x560b8765f1a0 <tg_fns>, 
    fhandle=0x7ffcc3d2ed80) at debug.c:2352
#11 0x0000560b87456a68 in print_debugging_info (f=0x7f7575fcd6a0
<_IO_2_1_stdout_>, 
    dhandle=0x560b88ba4e60, abfd=0x560b88ba4310, syms=0x560b88ba5d90, 
    demangler=0x560b874b278c <bfd_demangle>, as_tags=true) at prdbg.c:296
#12 0x0000560b87424cde in dump_bfd (abfd=0x560b88ba4310, is_mainfile=true) at
./objdump.c:5860
#13 0x0000560b87424e42 in display_object_bfd (abfd=0x560b88ba4310) at
./objdump.c:5911
#14 0x0000560b874250a7 in display_any_bfd (file=0x560b88ba4310, level=0) at
./objdump.c:5990
#15 0x0000560b8742511c in display_file (filename=0x7ffcc3d2f81d
"objdump_crash_2.in", target=0x0)
    at ./objdump.c:6011
#16 0x0000560b8742604d in main (argc=17, argv=0x7ffcc3d2f048) at
./objdump.c:6438

## Credit

Reported by Yifan Zhang, [PLL](https://pl.cs.pku.edu.cn/en/)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to