[Bug binutils/4110] Broken object file crashes nm

2007-03-17 Thread sliedes at cc dot hut dot fi 

--- Additional Comments From sliedes at cc dot hut dot fi  2007-03-17 13:48 
---
Created an attachment (id=1626)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=1626&action=view)
One more test case

With patch.3 it's starting to look quite robust, I had to try a lot of things
to break it :) Here's one that breaks it only in some very obscure cases, so
I'll attach Valgrind output from a case where it does not crash and a backtrace
from a crash in case you are unable to reproduce. (It just happens that the
uninitialized idx->shr is usually NULL, and under some obscure conditions I got
it to be 0x100 in the backtrace).

-- Valgrind output --
$ valgrind ~/rec/binutils/binutils/nm-new broken.o
==9440== Memcheck, a memory error detector.
==9440== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9440== Using LibVEX rev 1732, a library for dynamic binary translation.
==9440== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9440== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation
framework.
==9440== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9440== For more details, rerun with: -v
==9440==
BFD: broken.o: invalid string offset 798 >= 8 for section `.group'
==9440== Conditional jump or move depends on uninitialised value(s)
==9440==at 0x42BC4A: bfd_section_from_shdr (elf.c:2171)
==9440==by 0x41EE4B: bfd_elf64_object_p (elfcode.h:850)
==9440==by 0x40CAEC: bfd_check_format_matches (format.c:240)
==9440==by 0x4039F4: display_file (nm.c:1179)
==9440==by 0x403F3A: main (nm.c:1622)
BFD: broken.o: invalid string offset 814 >= 8 for section `.group'
BFD: broken.o: invalid string offset 836 >= 8 for section `.group'
BFD: broken.o: invalid string offset 1068 >= 8 for section `.group'
BFD: broken.o: invalid string offset 2524 >= 8 for section `.group'
BFD: broken.o: invalid string offset 65838 >= 309 for section `.shstrtab'
BFD: broken.o: invalid string offset 2511 >= 8 for section `.group'
/home/sliedes/rec/binutils/binutils/nm-new: broken.o: File truncated
==9440==
==9440== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==9440== malloc/free: in use at exit: 0 bytes in 0 blocks.
==9440== malloc/free: 15 allocs, 15 frees, 52,954 bytes allocated.
==9440== For counts of detected errors, rerun with: -v
==9440== All heap blocks were freed -- no leaks are possible.
--

-- Backtrace --
(gdb) r
Starting program: /home/sliedes/rec/binutils/binutils/nm-new smodels.o
BFD: smodels.o: invalid string offset 798 >= 520 for section `*group'

Program received signal SIGSEGV, Segmentation fault.
0x0042bc4c in bfd_section_from_shdr (abfd=0x5ac400, shindex=1) at
elf.c:2171
2171  if (idx->shdr != NULL
(gdb) l
2166  idx += n_elt;
2167  while (--n_elt != 0)
2168{
2169  --idx;
2170
2171  if (idx->shdr != NULL
2172  && (s = idx->shdr->bfd_section) != NULL
2173  && elf_next_in_group (s) != NULL)
2174{
2175  elf_next_in_group (hdr->bfd_section) = s;
(gdb) print *idx
$2 = {shdr = 0x100, flags = 256}
(gdb) bt
#0  0x0042bc4c in bfd_section_from_shdr (abfd=0x5ac400, shindex=1) at
elf.c:2171
#1  0x0041ee4c in bfd_elf64_object_p (abfd=0x5ac400) at elfcode.h:850
#2  0x0040caed in bfd_check_format_matches (abfd=0x5ac400,
format=, matching=0x7fff07a2cac8) at format.c:240
#3  0x004039f5 in display_file (filename=0x7fff07a2d4bc "smodels.o") at
nm.c:1179
#4  0x00403f3b in main (argc=2, argv=0x7fff07a2cc08) at nm.c:1622
(gdb) bt full
#0  0x0042bc4c in bfd_section_from_shdr (abfd=0x5ac400, shindex=1) at
elf.c:2171
idx = (Elf_Internal_Group *) 0x5add50
n_elt = 104
s = (asection *) 0x0
hdr = (Elf_Internal_Shdr *) 0x5bce18
name = 
#1  0x0041ee4c in bfd_elf64_object_p (abfd=0x5ac400) at elfcode.h:850
num_sec = 34
x_ehdr = {e_ident =
"\177ELF\002\001\001\000\000\000\000\000\000\000\000", e_type = "\001",
e_machine = ">", e_version = "\001\000\000",
  e_entry = "\000\000\000\000\000\000\000", e_phoff =
"\000\000\000\000\000\000\000", e_shoff = "\220K\000\000\000\000\000", e_flags
= "\000\000\000",
  e_ehsize = "@", e_phentsize = "\000", e_phnum = "\000", e_shentsize = "@",
e_shnum = "\"", e_shstrndx = "\037"}
i_ehdrp = 
x_shdr = {sh_name = "\t\000\000", sh_type = "\003\000\000", sh_flags =
"\000\000\000\000\000\000\000", sh_addr = "\000\000\000\000\000\000\000",
  sh_offset = " `\000\000\000\000\000", sh_size = "\017\n\000\000\000\000\000",
sh_link = "\000\000\000", sh_info = "\000\000\000",
  sh_addralign = "\001\000\000\000\000\000\000", sh_entsize =
"\000\000\000\000\000\000\000"}
i_shdr = {sh_name = 0, sh_type = 0, sh_flags = 0, sh_addr = 0, sh_size
= 0, sh_entsize = 0, sh_link = 0, sh_info = 0, sh_offset = 0,

[Bug binutils/4208] 'final link failed: Bad value' when building Linux MIPS kernels.

2007-03-17 Thread hjl at lucon dot org 

--- Additional Comments From hjl at lucon dot org  2007-03-17 16:58 ---
Please provide all input files needed to reproduce the problem with a
cross linker.

-- 
   What|Removed |Added

 CC||hjl at lucon dot org


http://sourceware.org/bugzilla/show_bug.cgi?id=4208

--- You are receiving this mail because: ---
You are on the CC list for the bug, or are watching someone who is.


___
bug-binutils mailing list
bug-binutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/4210] New: PE-COFF can't handle holes between sections

2007-03-17 Thread hjl at lucon dot org 
When a file is converted from ELF to PE-COFF, there may be holes between
sections due to different alignment. But _bfd_XXi_swap_aouthdr_out in
peXXigen.c doesn't take into this into account when computing size of
image. It just sums sizes of all sections.

bash-3.1$ cat image_size.s
.text
.global _start
_start:
.byte 1
.global data
.data
data:
.byte 2
bash-3.1$ cat image_size.t
SECTIONS
{
  . = SIZEOF_HEADERS;
  . = ALIGN(__section_alignment__);
  .text  __image_base__ + ( __section_alignment__ < 0x1000 ? . :
__section_alignment__ ) :
  {
*(.text)
  }
  . = . + 0x1000;
  .data BLOCK(__section_alignment__) :
  {
*(.data)
  }
  /DISCARD/ : { *(.*) }
}
bash-3.1$ make dump
./as   -o image_size.o image_size.s
./ld -T image_size.t -o image_size image_size.o
./objdump -ph image_size

image_size: file format pei-i386

Characteristics 0x307
relocations stripped
executable
line numbers stripped
32 bit words
debugging information removed

Time/Date   Sat Mar 17 14:35:34 2007

ImageBase   0040
SectionAlignment1000
FileAlignment   0200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion   1
MinorImageVersion   0
MajorSubsystemVersion   4
MinorSubsystemVersion   0
Win32Version
SizeOfImage 3000
SizeOfHeaders   0200
CheckSumb553
Subsystem   0003(Windows CUI)
DllCharacteristics  

...

Sections:
Idx Name  Size  VMA   LMA   File off  Algn
  0 .text 0010  00401000  00401000  0200  2**4
  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .data 0010  00403000  00403000  0400  2**4
  CONTENTS, ALLOC, LOAD, DATA

As it is shown, the size of image is > 3000. But SizeOfImage is set
to 3000.

-- 
   Summary: PE-COFF can't handle holes between sections
   Product: binutils
   Version: 2.18 (HEAD)
Status: NEW
  Severity: normal
  Priority: P2
 Component: ld
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: hjl at lucon dot org
CC: bug-binutils at gnu dot org
GCC target triplet: i386-pc-mingw32


http://sourceware.org/bugzilla/show_bug.cgi?id=4210

--- You are receiving this mail because: ---
You are on the CC list for the bug, or are watching someone who is.


___
bug-binutils mailing list
bug-binutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/4210] PE-COFF can't handle holes between sections

2007-03-17 Thread hjl at lucon dot org 

--- Additional Comments From hjl at lucon dot org  2007-03-17 21:51 ---
Created an attachment (id=1627)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=1627&action=view)
A patch

This patch works for testcase. I got

./objdump -ph image_size

image_size: file format pei-i386

Characteristics 0x307
relocations stripped
executable
line numbers stripped
32 bit words
debugging information removed

Time/Date   Sat Mar 17 14:45:01 2007

ImageBase   0040
SectionAlignment1000
FileAlignment   0200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion   1
MinorImageVersion   0
MajorSubsystemVersion   4
MinorSubsystemVersion   0
Win32Version
SizeOfImage 4000
SizeOfHeaders   0200

...

Sections:
Idx Name  Size  VMA   LMA   File off  Algn
  0 .text 0010  00401000  00401000  0200  2**4
  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .data 0010  00403000  00403000  0400  2**4
  CONTENTS, ALLOC, LOAD, DATA


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=4210

--- You are receiving this mail because: ---
You are on the CC list for the bug, or are watching someone who is.


___
bug-binutils mailing list
bug-binutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-binutils