[Bug ld/21988] New: [2.29 Regression] ld shows an assertion failure for missing symbols (powerpc64le-linux-gnu)
https://sourceware.org/bugzilla/show_bug.cgi?id=21988
Bug ID: 21988
Summary: [2.29 Regression] ld shows an assertion failure for
missing symbols (powerpc64le-linux-gnu)
Product: binutils
Version: 2.29
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: doko at debian dot org
Target Milestone: ---
on x86_64:
$ gcc -g -O2 foo.c
/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o: In function
`_start':
(.text+0x20): undefined reference to `main'
/tmp/ccXo3sVy.o: In function `fn1':
/home/packages/gcc/foo.c:18: undefined reference to `fn2'
collect2: error: ld returned 1 exit status
on powerpc64le-linux-gnu:
$ gcc -g -O2 foo.c
/usr/lib/gcc/powerpc64le-linux-gnu/7/../../../powerpc64le-linux-gnu/crt1.o:(.rodata+0x8):
undefined reference to `main'
/usr/bin/ld: BFD (GNU Binutils for Ubuntu) 2.29 assertion fail
../../bfd/elf64-ppc.c:14963
/tmp/ccWIgADI.o: In function `fn1':
/home/ubuntu/foo.c:18: undefined reference to `fn2'
collect2: error: ld returned 1 exit status
$ cat foo.c
typedef __uint128_t vint128_t __attribute__((vector_size(16)));
vint128_t z;
int x, y;
void fn2(void);
void fn1(void)
{
vint128_t c;
y = 1000;
for (; y; y--) {
c = c ^ x;
z -= c;
z ^= x;
c = c ^ x;
}
fn2();
}
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21988] [2.29 Regression] ld shows an assertion failure for missing symbols (powerpc64le-linux-gnu)
https://sourceware.org/bugzilla/show_bug.cgi?id=21988 Alan Modra changed: What|Removed |Added Status|NEW |ASSIGNED CC||amodra at gmail dot com Assignee|unassigned at sourceware dot org |amodra at gmail dot com --- Comment #1 from Alan Modra --- Seems like this needs -pie -fPIE to reproduce, or gcc built with --enable-default-pie. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils 2.29] Integer overflow in process_version_sections (readelf.c)
Gửi từ điện thoại thông minh Samsung Galaxy của tôi. Tin nhắn gốc Từ: Manh Nguyen Ngày: 19/08/2017 19:14 (GMT+07:00) Đến: bug-binutils@gnu.org Chủ đề: [Bug binutils 2.29] Integer overflow in process_version_sections (readelf.c) I found an integer overflow bug in process_version_sections (readelf.c), which would make a for loop iterate millions of times. Reproduce the bug root@manh-VirtualBox:~# readelf -a readefl_hang.elf ELF Header: Magic: 7f 45 4c 46 00 02 00 00 00 00 00 00 00 00 00 40 Class: none.=> The program will run for very long time.== Description==This description is for the version 2.29 (https://ftp.gnu.org/gnu/binutils/binutils-2.29.tar.gz)At readelf.c:10388, idx += ent.vn_next. This triggers integer overflow, with suitable value of ent.vn_next. With the craft readelf_hang.elf above, the for loop at readelf.c:10304 have iterations as following (set breakpoint at readelf.c:10327 and examine idx, ent.vn_next,...): + Loop 0: idx = 0; ent.vn_next = 64 + Loop 1: idx = 64; ent.vn_next = 64 + Loop 2: idx = 128; ent.vn_next = 4294967168 + Loop 3: idx = 0; ent.vn_next = 64 + Loop 4: idx = 64; ent.vn_next = 64 + Loop 5: idx = 128; ent.vn_next = 4294967168 + Loop 6: idx = 0; ent.vn_next = 64 + Loop 7: idx = 64; ent.vn_next = 64 + Loop 8: idx = 128; ent.vn_next = 4294967168When idx = 128, ent.vn_next = 4294967168, the expression idx + ent.vn_next gets 0 => idx += ent.vn_next gets overflow. So the loop would not break at line readelf.c:10312 if (idx > (size_t) (endbuf - (char *) eneed)) break;and it would iterate until cnt gets equals to section->sh_info. With readelf_hang.elf, section->sh_info = 1441792, so it iterates for 1441792 times.== Suggestion for Patching= Add the following line before line readelf.c:10388 if (idx + ent.vn_next < idx) break;== readefl_hang.elf Description: Binary data ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21964] Invalid entry point used for executables on Windows
https://sourceware.org/bugzilla/show_bug.cgi?id=21964 Alan Modra changed: What|Removed |Added CC||amodra at gmail dot com --- Comment #3 from Alan Modra --- Comment #1 is about the original pr21964, lost when the bugzilla database needed to be restored from backup. See the thread starting at http://lists.gnu.org/archive/html/bug-binutils/2017-08/msg00195.html -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21990] New: Integer overflow in process_version_sections (readelf.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21990 Bug ID: 21990 Summary: Integer overflow in process_version_sections (readelf.c) Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: Imdb95 at gmail dot com Target Milestone: --- Created attachment 10358 --> https://sourceware.org/bugzilla/attachment.cgi?id=10358&action=edit Crafted elf file used to trigger the bug Hello, I found this bug when fuzzing readelf with afl-fuzz. ==Reproduce== manh@manh-VirtualBox:~/Fuzzing/afl/binutils/binutils-2.29$ sudo ./configure --prefix=`pwd`/../build-binutils-2.29-ggdb CC="gcc" CXX="g++" CFLAGS="-ldl -Wno-error -ggdb -O0" CXXFLAGS="-ldl -Wno-error -ggdb -O0" && sudo make && sudo make install Trigger the bug: manh@manh-VirtualBox:~/Fuzzing/afl/binutils$ ./build-binutils-2.29-ggdb/bin/readelf -a readefl_hang.elf ==Actual Result== The program readelf hangs for a very long time, printing repeated outputs. manh@manh-VirtualBox:~/Fuzzing/afl/binutils$ ./build-binutils-2.29-ggdb/bin/readelf -a readefl_hang.elf ELF Header: Magic: 7f 45 4c 46 00 02 00 00 00 00 00 00 00 00 00 40 Class: none .. 0x0080: Name index: 0 Flags: none Version: 0 readelf: Warning: Invalid vna_next field of ff80 0x0040: Version: 0 File: 0 Cnt: 0 0x0080: Version: 0 File: 0 Cnt: 0 00: Version: 32581 File: 2 Cnt: 19526 00: Name index: 0 Flags: WEAK Version: 0 0x0040: Name index: 0 Flags: none Version: 0 0x0080: Name index: 0 Flags: none Version: 0 readelf: Warning: Invalid vna_next field of ff80 .. ==Build Date & Hardware== Version: binutils 2.29 (https://ftp.gnu.org/gnu/binutils/binutils-2.29.tar.gz) Compilation on Ubuntu 16.04: manh@manh-VirtualBox:~/Fuzzing/afl/binutils/binutils-2.29$ uname -a Linux manh-VirtualBox 4.4.0-91-generic #114-Ubuntu SMP Tue Aug 8 11:56:56 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ==Additional Information== Detailed analysis of the bug: At readelf.c:10388, idx += ent.vn_next. This triggers integer overflow, with suitable value of ent.vn_next. With the crafted readelf_hang.elf above, the for loop at readelf.c:10304 iterates as following (set breakpoint at readelf.c:10327 and examine idx, ent.vn_next,...): + Loop 0: idx = 0; ent.vn_next = 64 + Loop 1: idx = 64; ent.vn_next = 64 + Loop 2: idx = 128; ent.vn_next = 4294967168 + Loop 3: idx = 0; ent.vn_next = 64 + Loop 4: idx = 64; ent.vn_next = 64 + Loop 5: idx = 128; ent.vn_next = 4294967168 + Loop 6: idx = 0; ent.vn_next = 64 + Loop 7: idx = 64; ent.vn_next = 64 + Loop 8: idx = 128; ent.vn_next = 4294967168 .. When idx = 128, ent.vn_next = 4294967168, the expression idx + ent.vn_next gets 0 => idx += ent.vn_next gets overflow. So the loop would not break at line readelf.c:10312 if (idx > (size_t) (endbuf - (char *) eneed)) break; and it would iterate until cnt gets equals to section->sh_info. With readelf_hang.elf, section->sh_info = 1441792, so it iterates for 1441792 times. ==Suggestion for Patching== Add the following line before line readelf.c:10388 if (idx + ent.vn_next < idx) break; Cheers, Manh -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21964] Invalid entry point used for executables on Windows
https://sourceware.org/bugzilla/show_bug.cgi?id=21964 --- Comment #4 from Frediano Ziglio --- (In reply to Alan Modra from comment #3) > Comment #1 is about the original pr21964, lost when the bugzilla database > needed to be restored from backup. See the thread starting at > http://lists.gnu.org/archive/html/bug-binutils/2017-08/msg00195.html Oh... so they have same id. Should I open a new bug to avoid these issues? -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21964] Invalid entry point used for executables on Windows
https://sourceware.org/bugzilla/show_bug.cgi?id=21964 --- Comment #5 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8dfb7cbf8401be97077f5919ac7473bdbfa8b692 commit 8dfb7cbf8401be97077f5919ac7473bdbfa8b692 Author: H.J. Lu Date: Tue Aug 22 09:41:21 2017 -0700 Update PR ld/21964 tests * testsuite/ld-elf/pr21964-1a.c (foo): Renamed to ... (foo1): This. * testsuite/ld-elf/pr21964-1b.c: Rewrite. * testsuite/ld-elf/pr21964-1c.c: New file. * testsuite/ld-elf/pr21964-2c.c: Likewise. * testsuite/ld-elf/pr21964-2a.c (foo): Renamed to ... (foo1): This. * testsuite/ld-elf/pr21964-2b.c: Rewrite. * testsuite/ld-elf/shared.exp: Update PR ld/21964 tests. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/21952] New: tst
https://sourceware.org/bugzilla/show_bug.cgi?id=21952 Bug ID: 21952 Summary: tst Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gold Assignee: ccoutant at gmail dot com Reporter: ddivano20 at gmail dot com CC: ian at airs dot com Target Milestone: --- tst -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/21953] New: tst
https://sourceware.org/bugzilla/show_bug.cgi?id=21953 Bug ID: 21953 Summary: tst Product: binutils Version: 2.28 Status: UNCONFIRMED Severity: normal Priority: P2 Component: gold Assignee: ccoutant at gmail dot com Reporter: ddivano20 at gmail dot com CC: ian at airs dot com Target Milestone: --- tst -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/21953] tst
https://sourceware.org/bugzilla/show_bug.cgi?id=21953 Cary Coutant changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from Cary Coutant --- Filed in error. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/21952] tst
https://sourceware.org/bugzilla/show_bug.cgi?id=21952 Cary Coutant changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from Cary Coutant --- Filed in error. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21988] [2.29 Regression] ld shows an assertion failure for missing symbols (powerpc64le-linux-gnu)
https://sourceware.org/bugzilla/show_bug.cgi?id=21988 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=46434633f9cee98afac1cf945ad00c9d4fdf5a4d commit 46434633f9cee98afac1cf945ad00c9d4fdf5a4d Author: Alan Modra Date: Wed Aug 23 08:58:08 2017 +0930 Make undefined symbols in allocate_dynrelocs dynamic ..if they have dynamic relocs. An undefined symbol in a PIC object that finds no definition ought to become dynamic in order to support --allow-shlib-undefined, but there is nothing in the generic ELF linker code to do this if the reference isn't via the GOT or PLT. (An initialized function pointer is an example.) So it falls to backend code to ensure the symbol is made dynamic. PR 21988 * elf64-ppc.c (ensure_undef_dynamic): Rename from ensure_undefweak_dynamic. Handle undefined too. * elf32-ppc.c (ensure_undef_dynamic): Likewise. * elf32-hppa.c (ensure_undef_dynamic): Likewise. (allocate_dynrelocs): Discard undefined non-default visibility relocs first. Make undefined syms dynamic. Tidy goto. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21884] [2.29/2.30 Regression] ld segfaulting building memtest86
https://sourceware.org/bugzilla/show_bug.cgi?id=21884 --- Comment #33 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7476906bc53665adfef4c4598774584eb34cc5af commit 7476906bc53665adfef4c4598774584eb34cc5af Author: Nick Clifton Date: Thu Aug 3 11:59:32 2017 +0100 Add more targets to the list of architectures not supporting format changing during linking. Fix seg-faults triggered when this is attempted. PR ld/21884 * testsuite/ld-elf/pr21884.d: Add AVR, HPPA, IA64, M68HC1x and SCORE to list of targets not supporting file format changes during linking. * testsuite/ld-unique/pr21529.d: Likewise. * emultempl/avrelf.em (_before_allocation): Skip for non-ELF output formats. (avr_elf_create_output_section_statements): Fail if the output format is not ELF. (avr_finish): Do not access the ELF header in non-ELF format output bfds. * emultempl/m68hc1xelf.em (_before_allocation): Skip for non-ELF output formats. (m68hc11elf_create_output_section_statements): Fail if the putput format is not ELF. (m68hc11elf_after_allocation): Skip for non-ELF output formats. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21910] Common symbol override test (comm-data.exp): Segmentation fault on x86_64-linux-musl
https://sourceware.org/bugzilla/show_bug.cgi?id=21910 --- Comment #5 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ee24a27bb197787eb0935046a8ff1da9df34a502 commit ee24a27bb197787eb0935046a8ff1da9df34a502 Author: Alan Modra Date: Mon Aug 7 18:02:49 2017 +0930 PR21910, segfault in common symbol override test when hash-style=gnu PR 21910 * elflink.c (bfd_elf_final_link): Don't segfault when sections needed to define various dynamic tags have been discarded. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21964] Invalid entry point used for executables on Windows
https://sourceware.org/bugzilla/show_bug.cgi?id=21964 --- Comment #6 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f399679112df997c1416f7993eaac0f5fd76c144 commit f399679112df997c1416f7993eaac0f5fd76c144 Author: Alan Modra Date: Mon Aug 21 13:28:06 2017 +0930 Make __start/__stop symbols protected visibility They can't be hidden visibility since apparently people use dlsym to look them up. bfd/ PR ld/21964 * elf-bfd.h (SYMBOLIC_BIND): Return TRUE for __start/__stop symbols. * elflink.c (bfd_elf_define_start_stop): Rewrite. ld/ PR ld/21964 * testsuite/ld-elf/pr21562a.d: Update for changed start/stop symbols. * testsuite/ld-elf/pr21562b.d: Likewise. * testsuite/ld-elf/pr21562c.d: Likewise. * testsuite/ld-elf/pr21562d.d: Likewise. * testsuite/ld-elf/pr21562e.d: Likewise. * testsuite/ld-elf/pr21562f.d: Likewise. * testsuite/ld-elf/pr21562g.d: Likewise. * testsuite/ld-elf/pr21562h.d: Likewise. * testsuite/ld-elf/pr21562i.d: Likewise. * testsuite/ld-elf/pr21562j.d: Likewise. * testsuite/ld-elf/pr21562k.d: Likewise. * testsuite/ld-elf/pr21562l.d: Likewise. * testsuite/ld-elf/pr21562m.d: Likewise. * testsuite/ld-elf/pr21562n.d: Likewise. * testsuite/ld-elf/sizeofa.d: Likewise. * testsuite/ld-elf/sizeofb.d: Likewise. * testsuite/ld-elf/startofa.d: Likewise. * testsuite/ld-elf/startofb.d: Likewise. * testsuite/ld-gc/pr20022.d: Likewise. * testsuite/ld-gc/start.d: Likewise. * testsuite/ld-elf/pr21964-1a.c: New file. * testsuite/ld-elf/pr21964-1b.c: New file. * testsuite/ld-elf/pr21964-2a.c: New file. * testsuite/ld-elf/pr21964-2b.c: New file. * testsuite/ld-elf/shared.exp: Run PR ld/21964 tests. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21988] [2.29 Regression] ld shows an assertion failure for missing symbols (powerpc64le-linux-gnu)
https://sourceware.org/bugzilla/show_bug.cgi?id=21988 --- Comment #3 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3c08b8dcc22a1b7a7fcbce7a6d8f863ff1a3a83e commit 3c08b8dcc22a1b7a7fcbce7a6d8f863ff1a3a83e Author: Alan Modra Date: Wed Aug 23 08:58:08 2017 +0930 Make undefined symbols in allocate_dynrelocs dynamic ..if they have dynamic relocs. An undefined symbol in a PIC object that finds no definition ought to become dynamic in order to support --allow-shlib-undefined, but there is nothing in the generic ELF linker code to do this if the reference isn't via the GOT or PLT. (An initialized function pointer is an example.) So it falls to backend code to ensure the symbol is made dynamic. PR 21988 * elf64-ppc.c (ensure_undef_dynamic): Rename from ensure_undefweak_dynamic. Handle undefined too. * elf32-ppc.c (ensure_undef_dynamic): Likewise. * elf32-hppa.c (ensure_undef_dynamic): Likewise. (allocate_dynrelocs): Discard undefined non-default visibility relocs first. Make undefined syms dynamic. Tidy goto. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/21988] [2.29 Regression] ld shows an assertion failure for missing symbols (powerpc64le-linux-gnu)
https://sourceware.org/bugzilla/show_bug.cgi?id=21988 Alan Modra changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #4 from Alan Modra --- Fixed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21990] Integer overflow in process_version_sections (readelf.c)
https://sourceware.org/bugzilla/show_bug.cgi?id=21990 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-08-23 CC||amodra at gmail dot com Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
