[Bug ld/20908] New: LD crashes when writing linked file
https://sourceware.org/bugzilla/show_bug.cgi?id=20908 Bug ID: 20908 Summary: LD crashes when writing linked file Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 8 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk. It works fine for Binutils v2.24. $ printf "\x00\x00\xff\xff\x00\x00L\x01\x18\x00\x00\x\x04\x0\x00" > test $ ./ld -qN test /home/ubuntu/subjects/binutils-gdb/ld/ld-new: i386 architecture of input file `test2' is incompatible with i386:x86-64 output /home/ubuntu/subjects/binutils-gdb/ld/ld-new: warning: cannot find entry symbol _start; defaulting to 00400078 Segmentation fault VALGRIND says: ==8561== Invalid read of size 8 ==8561==at 0x6DE6D0: bfd_elf_final_link (elflink.c:11427) ==8561==by 0x484B7C: ldwrite (ldwrite.c:577) ==8561==by 0x408334: main (ldmain.c:444) ==8561== Address 0x3030303030303068 is not stack'd, malloc'd or (recently) free'd UBSAN complains: ../../bfd/peicode.h:658:42: runtime error: member access within misaligned address 0x61e0f8c7 for type 'struct coff_section_tdata', which requires 8 byte alignment 0x61e0f8c7: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20909] New: LD crashes when loading symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=20909 Bug ID: 20909 Summary: LD crashes when loading symbols Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 1 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version v2.24. $ printf "\x08\x01\x000\x08\x00\x00\x00\x04\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x14\x00\x00\x00" > test $ ./ld test obj-norm/ld/ld-new: i386 architecture of input file `test' is incompatible with i386:x86-64 output Segmentation fault ASAN says: ==10024==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060d791 at pc 0x00512db1 bp 0x7fff34f46310 sp 0x7fff34f46308 READ of size 1 at 0x6060d791 thread T0 #0 0x512db0 in bfd_hash_hash ../../bfd/hash.c:441 #1 0x512f2e in bfd_hash_lookup ../../bfd/hash.c:467 #2 0x519f34 in bfd_link_hash_lookup ../../bfd/linker.c:507 #3 0x51f4a7 in _bfd_generic_link_add_one_symbol ../../bfd/linker.c:1494 #4 0x74339d in linux_add_one_symbol ../../bfd/i386linux.c:357 #5 0x768a0f in aout_link_add_symbols ../../bfd/aoutx.h:3149 #6 0x769334 in aout_link_add_object_symbols ../../bfd/aoutx.h:3214 #7 0x76a682 in aout_32_link_add_symbols ../../bfd/aoutx.h:3475 #8 0x438d89 in load_symbols ../../ld/ldlang.c:2897 #9 0x43c299 in open_input_bfds ../../ld/ldlang.c:3346 #10 0x4568f7 in lang_process ../../ld/ldlang.c:6871 #11 0x465a39 in main ../../ld/ldmain.c:428 #12 0x7fc6d8cddf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #13 0x403968 (/home/ubuntu/subjects/binutils-gdb/obj-asan/ld/ld-new+0x403968) 0x6060d791 is located 0 bytes to the right of 49-byte region [0x6060d760,0x6060d791) allocated by thread T0 here: #0 0x7fc6da05e3a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8) #1 0x51643f in bfd_malloc ../../bfd/libbfd.c:184 #2 0x7594f3 in aout_get_external_symbols ../../bfd/aoutx.h:1359 #3 0x769313 in aout_link_add_object_symbols ../../bfd/aoutx.h:3212 #4 0x76a682 in aout_32_link_add_symbols ../../bfd/aoutx.h:3475 #5 0x438d89 in load_symbols ../../ld/ldlang.c:2897 #6 0x43c299 in open_input_bfds ../../ld/ldlang.c:3346 #7 0x4568f7 in lang_process ../../ld/ldlang.c:6871 #8 0x465a39 in main ../../ld/ldmain.c:428 #9 0x7fc6d8cddf44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: heap-buffer-overflow ../../bfd/hash.c:441 in bfd_hash_hash Valgrind also complains about an invalid read of size 8 and a conditional jump depending on an unitialized value: ==10045== Conditional jump or move depends on uninitialised value(s) ==10045==at 0x5681CC: bfd_hash_hash (hash.c:441) ==10045==by 0x5681CC: bfd_hash_lookup (hash.c:467) ==10045==by 0x580D20: bfd_link_hash_lookup (linker.c:507) ==10045==by 0x580D20: _bfd_generic_link_add_one_symbol (linker.c:1494) ==10045==by 0x78EA3A: linux_add_one_symbol (i386linux.c:357) ==10045==by 0x79147B: aout_link_add_symbols (aoutx.h:3149) ==10045==by 0x7A965E: aout_link_add_object_symbols (aoutx.h:3214) ==10045==by 0x7A965E: aout_32_link_add_symbols (aoutx.h:3475) ==10045==by 0x45271A: load_symbols.part.43 (ldlang.c:2897) ==10045==by 0x45D0AA: load_symbols (ldlang.c:3327) ==10045==by 0x45D0AA: open_input_bfds (ldlang.c:3346) ==10045==by 0x46A227: lang_process (ldlang.c:6871) ==10045==by 0x4081AC: main (ldmain.c:428) ==10045== /home/ubuntu/subjects/binutils-gdb/ld/ld-new: i386 architecture of input file `test' is incompatible with i386:x86-64 output ==10045== Invalid read of size 8 ==10045==at 0x47AB18: ldctor_build_sets (ldctor.c:293) ==10045==by 0x46BB3C: lang_process (ldlang.c:6973) ==10045==by 0x4081AC: main (ldmain.c:428) ==10045== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==10045== ==10045== ==10045== Process terminating with default action of signal 11 (SIGSEGV) ==10045== Access not within mapped region at address 0x8 ==10045==at 0x47AB18: ldctor_build_sets (ldctor.c:293) ==10045==by 0x46BB3C: lang_process (ldlang.c:6973) ==10045==by 0x4081AC: main (ldmain.c:428) Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing l
[Bug ld/20910] New: LD crashes when setting linker script and image base
https://sourceware.org/bugzilla/show_bug.cgi?id=20910 Bug ID: 20910 Summary: LD crashes when setting linker script and image base Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 1 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version v2.24. $ printf "K&=0%D," > test $ ./ld -dll -T test Segmentation fault ASAN says: ==10282==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6160fc50 at pc 0x0051ba31 bp 0x7ffd20fc3a00 sp 0x7ffd20fc39f8 READ of size 8 at 0x6160fc50 thread T0 #0 0x51ba30 in bfd_generic_link_read_symbols ../../bfd/linker.c:803 #1 0x47e903 in vfinfo ../../ld/ldmisc.c:301 #2 0x47fa9a in info_msg ../../ld/ldmisc.c:455 #3 0x4657d7 in main ../../ld/ldmain.c:371 #4 0x7fd7ea3d2f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #5 0x403968 (/home/ubuntu/subjects/binutils-gdb/obj-asan/ld/ld-new+0x403968) 0x6160fc50 is located 152 bytes to the right of 568-byte region [0x6160f980,0x6160fbb8) allocated by thread T0 here: #0 0x7fd7eb7533a8 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8) #1 0x7fd7ea41f37c (/lib/x86_64-linux-gnu/libc.so.6+0x6e37c) Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20911] New: LD crashes when constructing sets after linker phase 1
https://sourceware.org/bugzilla/show_bug.cgi?id=20911 Bug ID: 20911 Summary: LD crashes when constructing sets after linker phase 1 Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 1 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version v2.24. $ printf "\x0b\x01\x000#\x00\x00\x00\x1c\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x000\x00\x00\x00\x00\x14000 \x00\x00\x00" > test $ ld test ld: i386 architecture of input file `test' is incompatible with i386:x86-64 output Segmentation fault UBSAN says: ../../ld/ldctor.c:294:8: runtime error: member access within null pointer of type 'struct bfd' VALGRIND says: ==10539== Invalid read of size 8 ==10539==at 0x47AB18: ldctor_build_sets (ldctor.c:293) ==10539==by 0x46BB3C: lang_process (ldlang.c:6973) ==10539==by 0x4081AC: main (ldmain.c:428) ==10539== Address 0x8 is not stack'd, malloc'd or (recently) free'd Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20912] New: LD crashes when building global constructor tables
https://sourceware.org/bugzilla/show_bug.cgi?id=20912 Bug ID: 20912 Summary: LD crashes when building global constructor tables Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 8 for the following execution on Binutils in trunk for Ubuntu 16.04 x86_64 and 14.04 x86_64. However, it does *not* crash on preinstalled versions v2.24 and v2.26.1 on 14.04 and 16.04, respectively. $ printf "%%5030003E008888\x000" > test $ ld -Ur test Segmentation fault UBSAN says: eelf_x86_64.c:1899:14: runtime error: member access within null pointer of type 'struct bfd_elf_section_data' VALGRIND says: ==10933== Invalid read of size 8 ==10933==at 0x4E0E7E: gldelf_x86_64_place_orphan (eelf_x86_64.c:1900) ==10933==by 0x46E56D: ldlang_place_orphan (ldlang.c:6258) ==10933==by 0x46E56D: lang_place_orphans (ldlang.c:6315) ==10933==by 0x46E56D: lang_process (ldlang.c:7002) ==10933==by 0x4081AC: main (ldmain.c:428) ==10933== Address 0x8 is not stack'd, malloc'd or (recently) free'd Best regards, - Marcel -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19254] "too many sections" when linking COFF executables
https://sourceware.org/bugzilla/show_bug.cgi?id=19254 awson changed: What|Removed |Added CC||kyrab at mail dot ru --- Comment #1 from awson --- Created attachment 9683 --> https://sourceware.org/bugzilla/attachment.cgi?id=9683&action=edit Fix (?) 32-bit handling Pure technical (and not essential for this ticket) patch, which simply synchronizes 32-bit (pei-i386) scripts with 64-bit (pei-x86-64) ones. I suspect (but am not sure) that 32-bit scripts are currently broken if "gc-sections" is used. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19254] "too many sections" when linking COFF executables
https://sourceware.org/bugzilla/show_bug.cgi?id=19254 --- Comment #2 from awson --- Created attachment 9684 --> https://sourceware.org/bugzilla/attachment.cgi?id=9684&action=edit Section merging for GHC This patch solves the problem for me. It adds sections merging for the sections generated by GHC. I consider this patch as mostly non-intrusive except the one notable case: we no more guard .text.* sections merging case with RELOCATING macro because we need it also for `ld -r` invocation. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/20649] [MIPS] Can't find matching LO16 reloc
https://sourceware.org/bugzilla/show_bug.cgi?id=20649 --- Comment #8 from Aurelien Jarno --- (In reply to Maciej W. Rozycki from comment #7) > I yet need to integrate the test case with the test suite, > but please be assured this fix will make it to 2.28. Thanks! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19254] "too many sections" when linking COFF executables
https://sourceware.org/bugzilla/show_bug.cgi?id=19254 --- Comment #3 from Simon Brenner --- Looked a bit at the pe.sc script in git[1] earlier and there is actually section merging being done there, but for sections named like ".data$*" rather than the ELF convention of ".data.*" - so this could actually be a bug on the GHC side failing to use the platform convention for subsection names. [1] https://sourceware.org/git/?p=binutils.git;a=blob;f=ld/scripttempl/pe.sc;h=59ce0420d58803b6b7154f6c31b0b016448c4d11;hb=master It also seems to be intentional on ld's side to not do any section merging for `ld -r` invocations. If the linker is supposed to do that, I think it should be added for ELF too. (GHC currently has to use a custom linker script to get ld -r with section merging.) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19254] "too many sections" when linking COFF executables
https://sourceware.org/bugzilla/show_bug.cgi?id=19254 --- Comment #4 from awson --- Good catch of ".data$*" thing, indeed `gcc` on Windows generates `$` instead of `.`, and this, perhaps, would be correct to make GHC do the same thing, but we already have separate handling of `.text.*` sections on Windows. I suspect that this is because there exist another tools from GNU/Unix land, ported to Windows which also use `.` for namespace hierarchy handling. Regarding `ln -r` I don't think `ELF` case is indicative because `PE-COFF` linking is *very* different. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/19254] "too many sections" when linking COFF executables
https://sourceware.org/bugzilla/show_bug.cgi?id=19254 --- Comment #5 from awson --- I looked further into it. Sections with '$' separator also not only should be merged into the prefix section, but also should be sorted according to their suffix names. I'm not sure if we need this for GHC-generated case. Moreover, in `ELF` case we have *no* sorting for such sections. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20913] New: LD crashes when exporting dynamic symbols and generating relocatable output
https://sourceware.org/bugzilla/show_bug.cgi?id=20913 Bug ID: 20913 Summary: LD crashes when exporting dynamic symbols and generating relocatable output Product: binutils Version: 2.28 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: boehme.marcel at gmail dot com Target Milestone: --- Dear all, The following bug was found with AFLFast, a fork of AFL, in a 24 hour fuzzing session on Binutils. Thanks also to Van-Thuan Pham. The linker crashes with an invalid read of size 8 for the following execution on Ubuntu 16.04 x86_64 in Binutils trunk and for preinstalled version v2.26.1 and on Ubuntu 14.04 x86_64 for Binutils in trunk and preinstalled version v2.24. $ printf "\x08\x01\x000\x08\x00\x00\x00\x04\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0d \x00\x00\x00" > test $ ld -E -r test ld: i386 architecture of input file `test' is incompatible with i386:x86-64 output Segmentation fault It actually crashes here: elf_x86_64_common_section_index (elf64-x86-64.c:6621). GDB says: Program received signal SIGSEGV, Segmentation fault. 0x005caf53 in elf_x86_64_common_section_index (sec=0xcc0d30) at elf64-x86-64.c:6621 6621 if ((elf_section_flags (sec) & SHF_X86_64_LARGE) == 0) (gdb) bt #0 0x005caf53 in elf_x86_64_common_section_index (sec=0xcc0d30) at elf64-x86-64.c:6621 #1 0x0069a527 in elf_link_output_extsym (bh=, data=0x7fffe120) at elflink.c:9462 #2 0x005697b5 in bfd_hash_traverse (table=0xcb0120, func=func@entry=0x699a10 , info=info@entry=0x7fffe120) at hash.c:656 #3 0x006e3706 in bfd_elf_final_link (abfd=, info=) at elflink.c:11896 #4 0x00484b7d in ldwrite () at ldwrite.c:577 #5 0x00408335 in main (argc=, argv=) at ./ldmain.c:444 VALGRIND says: ==21262== Memcheck, a memory error detector ==21262== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==21262== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==21262== Command: /binutils-gdb/obj-norm/ld/ld-new -E -r test ==21262== ==21262== Conditional jump or move depends on uninitialised value(s) ==21262==at 0x43D7E6: bfd_hash_hash (hash.c:441) ==21262==by 0x43D7E6: bfd_hash_lookup (hash.c:467) ==21262==by 0x43EF28: bfd_link_hash_lookup (linker.c:507) ==21262==by 0x44027E: _bfd_generic_link_add_one_symbol (linker.c:1494) ==21262==by 0x495F6F: linux_add_one_symbol (i386linux.c:357) ==21262==by 0x49672F: aout_link_add_symbols (aoutx.h:3163) ==21262==by 0x49B7DB: aout_link_add_object_symbols (aoutx.h:3228) ==21262==by 0x49B7DB: aout_32_link_add_symbols (aoutx.h:3489) ==21262==by 0x411CCF: load_symbols (ldlang.c:2897) ==21262==by 0x41287E: open_input_bfds (ldlang.c:3346) ==21262==by 0x414E79: lang_process (ldlang.c:6871) ==21262==by 0x403B73: main (ldmain.c:428) ==21262== /binutils-gdb/obj-norm/ld/ld-new: i386 architecture of input file `test' is incompatible with i386:x86-64 output ==21262== Conditional jump or move depends on uninitialised value(s) ==21262==at 0x43D7E6: bfd_hash_hash (hash.c:441) ==21262==by 0x43D7E6: bfd_hash_lookup (hash.c:467) ==21262==by 0x43EF28: bfd_link_hash_lookup (linker.c:507) ==21262==by 0x43F44D: default_indirect_link_order (linker.c:2662) ==21262==by 0x4797DC: bfd_elf_final_link (elflink.c:11728) ==21262==by 0x419766: ldwrite (ldwrite.c:577) ==21262==by 0x403BCE: main (ldmain.c:444) ==21262== ==21262== Conditional jump or move depends on uninitialised value(s) ==21262==at 0x4C31FEC: __GI_strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21262==by 0x43D869: bfd_hash_lookup (hash.c:474) ==21262==by 0x43EF28: bfd_link_hash_lookup (linker.c:507) ==21262==by 0x43F44D: default_indirect_link_order (linker.c:2662) ==21262==by 0x4797DC: bfd_elf_final_link (elflink.c:11728) ==21262==by 0x419766: ldwrite (ldwrite.c:577) ==21262==by 0x403BCE: main (ldmain.c:444) ==21262== ==21262== Conditional jump or move depends on uninitialised value(s) ==21262==at 0x4C31FF0: __GI_strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21262==by 0x43D869: bfd_hash_lookup (hash.c:474) ==21262==by 0x43EF28: bfd_link_hash_lookup (linker.c:507) ==21262==by 0x43F44D: default_indirect_link_order (linker.c:2662) ==21262==by 0x4797DC: bfd_elf_final_link (elflink.c:11728) ==21262==by 0x419766: ldwrite (ldwrite.c:577) ==21262==by 0x403BCE: main (ldmain.c:444) ==21262== ==21262== Invalid read of size 8 ==21262==at 0x44B407: elf_x86_64_common_section_index (elf64-x86-64.c:6621) ==21262==by 0x46C81D: elf_link_output_extsym (elflink.c:9462) ==21262==by 0x43DBB0: bfd_hash_traverse (hash.c:656) ==21262==by 0x479F3C: bfd_elf_fin
[Bug ld/20912] LD crashes when building global constructor tables
https://sourceware.org/bugzilla/show_bug.cgi?id=20912 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Marcel, Thanks for reporting this bug. I have checked in a patch to add a check for the input being an ELF format binary, before attempting to check the flags in the ELF header. This fixes the bug. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20912] LD crashes when building global constructor tables
https://sourceware.org/bugzilla/show_bug.cgi?id=20912 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=68c638d6e655a937a48770a5df765e6ebbc5b890 commit 68c638d6e655a937a48770a5df765e6ebbc5b890 Author: Nick Clifton Date: Fri Dec 2 14:40:46 2016 + Fix seg-fault linking corrupt binary. PR ld/20912 * emultempl/elf32.em (_place_orphan): Test for ELF format of the orphan before looking for the SHF_EXCLUDE flag. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/20905] Heap buffer overflow in bfd/peicode.h
https://sourceware.org/bugzilla/show_bug.cgi?id=20905 Marcel Böhme changed: What|Removed |Added CC||boehme.marcel at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/20907] Internal error in peicode.h causes program to abort
https://sourceware.org/bugzilla/show_bug.cgi?id=20907 Marcel Böhme changed: What|Removed |Added CC||boehme.marcel at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20911] LD crashes when constructing sets after linker phase 1
https://sourceware.org/bugzilla/show_bug.cgi?id=20911 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fe6fae079099c0eeb3186086d6b150800c0e8770 commit fe6fae079099c0eeb3186086d6b150800c0e8770 Author: Nick Clifton Date: Fri Dec 2 15:03:05 2016 + Fix seg-fault in linker when applying relocs to a corrupt binary. PR ld/20911 * ldctor.c (ldctor_build_sets): Produce alternative error message if the reloc was being applied to a special section. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20911] LD crashes when constructing sets after linker phase 1
https://sourceware.org/bugzilla/show_bug.cgi?id=20911 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Marcel, Thanks for reporting this bug. I have checked in a patch to fix the problem - an error message was assuming that the section involved was attached to the output file. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20910] LD crashes when setting linker script and image base
https://sourceware.org/bugzilla/show_bug.cgi?id=20910 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f5ac6ab387ef0974f6348ac7febc691fbb6c0eb4 commit f5ac6ab387ef0974f6348ac7febc691fbb6c0eb4 Author: Nick Clifton Date: Fri Dec 2 15:43:53 2016 + Fix seg-fault in the linker when attempting to print out a malicious linker script. PR ld/20910 * ldmain.c (main): Prevent evaluation of % sequences when printing out a linker script. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20910] LD crashes when setting linker script and image base
https://sourceware.org/bugzilla/show_bug.cgi?id=20910 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Marcel, Thanks for reporting this bug. I have checked in a small patch to stop the linker from trying to interpret % sequences when printing out a linker script. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20909] LD crashes when loading symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=20909 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da commit 531336e3a0b79ed60cfc36ad2d6579b6a71175da Author: Nick Clifton Date: Fri Dec 2 16:41:14 2016 + Fix seg-fault in the linker when examining a corrupt binary. PR ld/20909 * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check for an illegal string offset. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20909] LD crashes when loading symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=20909 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Marcel, Thanks for reporting this bug. The problem was an off-by-one error in code that was meant to catch exactly this kind of corrupt binary - how ironic. Oh well, I have checked in a patch to fix the problem. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20908] LD crashes when writing linked file
https://sourceware.org/bugzilla/show_bug.cgi?id=20908 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d7f399a8de4c55eb841db6493597a587fac002de commit d7f399a8de4c55eb841db6493597a587fac002de Author: Nick Clifton Date: Fri Dec 2 17:46:26 2016 + Fix seg-fault in linker when passed a corrupt binary input file. PR lf/20908 * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries when following indirect links. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/20908] LD crashes when writing linked file
https://sourceware.org/bugzilla/show_bug.cgi?id=20908 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Marcel, Thanks for reporting this bug. The problem was that the code to emit relocs was not checking the format of the input file before trying to read the ELF reloc section header... Patch applied, bug fixed. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/3494] sh4ld is showing a error
https://sourceware.org/bugzilla/show_bug.cgi?id=3494 JHON DAVID changed: What|Removed |Added CC||sanjay.adits at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/20920] New: cannot handle branch to local 6 in a merged section .rodata.cst16
https://sourceware.org/bugzilla/show_bug.cgi?id=20920 Bug ID: 20920 Summary: cannot handle branch to local 6 in a merged section .rodata.cst16 Product: binutils Version: 2.28 (HEAD) Status: NEW Severity: enhancement Priority: P2 Component: gold Assignee: ccoutant at gmail dot com Reporter: roland at gnu dot org CC: ian at airs dot com Target Milestone: --- See 20807 for the test case. BFD ld handles it fine. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/20807] gold assertion failure on aarch64 branch target in SHF_MERGE rodata section: internal error in set_merged_symbol_value, at ../../binutils-2.27/gold/object.h:1718
https://sourceware.org/bugzilla/show_bug.cgi?id=20807 Roland McGrath changed: What|Removed |Added Blocks||20920 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=20920 [Bug 20920] cannot handle branch to local 6 in a merged section .rodata.cst16 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/20807] gold assertion failure on aarch64 branch target in SHF_MERGE rodata section: internal error in set_merged_symbol_value, at ../../binutils-2.27/gold/object.h:1718
https://sourceware.org/bugzilla/show_bug.cgi?id=20807 --- Comment #4 from Roland McGrath --- Filed https://sourceware.org/bugzilla/show_bug.cgi?id=20920 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/20920] cannot handle branch to local 6 in a merged section .rodata.cst16
https://sourceware.org/bugzilla/show_bug.cgi?id=20920 Roland McGrath changed: What|Removed |Added Depends on||20807 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=20807 [Bug 20807] gold assertion failure on aarch64 branch target in SHF_MERGE rodata section: internal error in set_merged_symbol_value, at ../../binutils-2.27/gold/object.h:1718 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/20920] cannot handle branch to local 6 in a merged section .rodata.cst16
https://sourceware.org/bugzilla/show_bug.cgi?id=20920 --- Comment #1 from Cary Coutant --- Is this an academic exercise, or is there real-world code out there that does this? I've been trying to imagine a case where branching into a merge section could be useful, but every scenario I can think of is pretty nonsensical. Please enlighten. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
