[Bug binutils/22058] New: Heap out of bounds read in _bfd_elf_attr_strdup()
https://sourceware.org/bugzilla/show_bug.cgi?id=22058 Bug ID: 22058 Summary: Heap out of bounds read in _bfd_elf_attr_strdup() Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10383 --> https://sourceware.org/bugzilla/attachment.cgi?id=10383&action=edit POC to trigger heap out of bounds read (objdump) After some fuzz testing I found a crashing test case. Version: 2.29 Command: objdump -x -Wl -R -SD objdump_hoobr_bfd_elf_attr_strdup ASAN: ==29788==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61904090 at pc 0x00424b5f bp 0x7fff480b0c50 sp 0x7fff480b03f8 READ of size 1 at 0x61904090 thread T0 #0 0x424b5e in __interceptor_strlen /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227:5 #1 0x794012 in _bfd_elf_attr_strdup XYZ/binutils-2.29/bfd/elf-attrs.c:310:9 #2 0x794012 in bfd_elf_add_obj_attr_string XYZ/binutils-2.29/bfd/elf-attrs.c:323 #3 0x796201 in _bfd_elf_parse_attributes XYZ/binutils-2.29/bfd/elf-attrs.c:533:6 #4 0x6e3766 in bfd_section_from_shdr XYZ/binutils-2.29/bfd/elf.c:2448:4 #5 0x803733 in bfd_elf32_object_p XYZ/binutils-2.29/bfd/./elfcode.h:805:7 #6 0x65bf6c in bfd_check_format_matches XYZ/binutils-2.29/bfd/format.c:311:14 #7 0x4e8bb5 in display_object_bfd XYZ/binutils-2.29/binutils/./objdump.c:3601:7 #8 0x4e8bb5 in display_any_bfd XYZ/binutils-2.29/binutils/./objdump.c:3692 #9 0x4e7d5a in display_file XYZ/binutils-2.29/binutils/./objdump.c:3713:3 #10 0x4e7d5a in main XYZ/binutils-2.29/binutils/./objdump.c:4015 #11 0x7ff780a6f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x419d98 in _start (XYZ/binutils-2.29/binutils/objdump+0x419d98) 0x61904090 is located 0 bytes to the right of 1040-byte region [0x61903c80,0x61904090) allocated by thread T0 here: #0 0x4b85ac in malloc /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64:3 #1 0x6618b3 in bfd_malloc XYZ/binutils-2.29/bfd/libbfd.c:193:9 #2 0x6e3766 in bfd_section_from_shdr XYZ/binutils-2.29/bfd/elf.c:2448:4 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227:5 in __interceptor_strlen Shadow bytes around the buggy address: 0x0c327fff87c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff87d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff87e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff87f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c327fff8810: 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff8820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff8830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff8840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff8850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff8860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==29788==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22059] New: Heap out of bounds read in read_1_byte()
https://sourceware.org/bugzilla/show_bug.cgi?id=22059 Bug ID: 22059 Summary: Heap out of bounds read in read_1_byte() Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10384 --> https://sourceware.org/bugzilla/attachment.cgi?id=10384&action=edit POC to trigger heap out of bounds read (objdump) After some fuzz testing I found a crashing test case. Version: 2.29 Command: objdump -x -Wl -R -SD objdump_hoobr_read_1_byte ASAN: ==3698==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6120bb49 at pc 0x007c0edd bp 0x7ffc76683070 sp 0x7ffc76683068 READ of size 1 at 0x6120bb49 thread T0 #0 0x7c0edc in read_1_byte XYZ/binutils-2.29/bfd/./dwarf2.c:593:10 #1 0x7c0edc in decode_line_info XYZ/binutils-2.29/bfd/./dwarf2.c:2178 #2 0x7cafca in comp_unit_find_nearest_line XYZ/binutils-2.29/bfd/./dwarf2.c:3538:26 #3 0x7c7c69 in _bfd_dwarf2_find_nearest_line XYZ/binutils-2.29/bfd/./dwarf2.c:4738:11 #4 0x7148fb in _bfd_elf_find_nearest_line XYZ/binutils-2.29/bfd/elf.c:8636:7 #5 0x4f6709 in show_line XYZ/binutils-2.29/binutils/./objdump.c:1486:9 #6 0x4f6709 in disassemble_bytes XYZ/binutils-2.29/binutils/./objdump.c:1791 #7 0x4f6709 in disassemble_section XYZ/binutils-2.29/binutils/./objdump.c:2313 #8 0x66e1d9 in bfd_map_over_sections XYZ/binutils-2.29/bfd/section.c:1395:5 #9 0x4ebd50 in disassemble_data XYZ/binutils-2.29/binutils/./objdump.c:2449:3 #10 0x4ebd50 in dump_bfd XYZ/binutils-2.29/binutils/./objdump.c:3546 #11 0x4e8be1 in display_object_bfd XYZ/binutils-2.29/binutils/./objdump.c:3603:7 #12 0x4e8be1 in display_any_bfd XYZ/binutils-2.29/binutils/./objdump.c:3692 #13 0x4e7d5a in display_file XYZ/binutils-2.29/binutils/./objdump.c:3713:3 #14 0x4e7d5a in main XYZ/binutils-2.29/binutils/./objdump.c:4015 #15 0x7f5b4937a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #16 0x419d98 in _start (XYZ/binutils-2.29/binutils/objdump+0x419d98) 0x6120bb49 is located 0 bytes to the right of 265-byte region [0x6120ba40,0x6120bb49) allocated by thread T0 here: #0 0x4b85ac in malloc /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64:3 #1 0x6618b3 in bfd_malloc XYZ/binutils-2.29/bfd/libbfd.c:193:9 #2 0x66f01b in bfd_simple_get_relocated_section_contents XYZ/binutils-2.29/bfd/simple.c:193:12 #3 0x7bba33 in read_section XYZ/binutils-2.29/bfd/./dwarf2.c:556:8 SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.29/bfd/./dwarf2.c:593:10 in read_1_byte Shadow bytes around the buggy address: 0x0c247fff9710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c247fff9720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c247fff9730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c247fff9740: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c247fff9750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c247fff9760: 00 00 00 00 00 00 00 00 00[01]fa fa fa fa fa fa 0x0c247fff9770: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c247fff9780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c247fff9790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c247fff97a0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c247fff97b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==3698==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22060] New: Heap buffer overflow in elf_read_notes()
https://sourceware.org/bugzilla/show_bug.cgi?id=22060 Bug ID: 22060 Summary: Heap buffer overflow in elf_read_notes() Product: binutils Version: 2.29 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: fumfi.255 at gmail dot com Target Milestone: --- Created attachment 10385 --> https://sourceware.org/bugzilla/attachment.cgi?id=10385&action=edit POC to trigger heap buffer overflow (objdump) After some fuzz testing I found a crashing test case. Version: 2.29 Command: objdump -x -Wl -R -SD objdump_hbo_elf_read_notes ASAN: ==10130==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020ef4f at pc 0x006e843d bp 0x7ffcd41d0ad0 sp 0x7ffcd41d0ac8 WRITE of size 1 at 0x6020ef4f thread T0 #0 0x6e843c in elf_read_notes XYZ/binutils-2.29/bfd/elf.c:10991:13 #1 0x6e843c in bfd_section_from_phdr XYZ/binutils-2.29/bfd/elf.c:2983 #2 0x6cf1ea in bfd_elf64_core_file_p XYZ/binutils-2.29/bfd/./elfcore.h:277:11 #3 0x65bf6c in bfd_check_format_matches XYZ/binutils-2.29/bfd/format.c:311:14 #4 0x4e8f3a in display_object_bfd XYZ/binutils-2.29/binutils/./objdump.c:3621:7 #5 0x4e8f3a in display_any_bfd XYZ/binutils-2.29/binutils/./objdump.c:3692 #6 0x4e7d5a in display_file XYZ/binutils-2.29/binutils/./objdump.c:3713:3 #7 0x4e7d5a in main XYZ/binutils-2.29/binutils/./objdump.c:4015 #8 0x7fd0529a982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #9 0x419d98 in _start (XYZ/binutils-2.29/binutils/objdump+0x419d98) 0x6020ef4f is located 1 bytes to the left of 1-byte region [0x6020ef50,0x6020ef51) allocated by thread T0 here: #0 0x4b85ac in malloc /home/llvm/clang-3.9/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64:3 #1 0x6618b3 in bfd_malloc XYZ/binutils-2.29/bfd/libbfd.c:193:9 SUMMARY: AddressSanitizer: heap-buffer-overflow XYZ/binutils-2.29/bfd/elf.c:10991:13 in elf_read_notes Shadow bytes around the buggy address: 0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c047fff9de0: fa fa fa fa fa fa fa fa fa[fa]01 fa fa fa 00 01 0x0c047fff9df0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa fd fa 0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb ==10130==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22058] Heap out of bounds read in _bfd_elf_attr_strdup()
https://sourceware.org/bugzilla/show_bug.cgi?id=22058 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 commit 2a143b99fc4a5094a9cf128f3184d8e6818c8229 Author: Nick Clifton Date: Fri Sep 1 09:57:44 2017 +0100 Fix buffer overrun when parsing an ELF attribute string that is not NUL terminated. PR 22058 * elf-attrs.c (_bfd_elf_parse_attributes): Ensure that the attribute buffer is NUL terminated. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22058] Heap out of bounds read in _bfd_elf_attr_strdup()
https://sourceware.org/bugzilla/show_bug.cgi?id=22058 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aceaeff8140af6ba50469e8b63d664cc91e5485b commit aceaeff8140af6ba50469e8b63d664cc91e5485b Author: Nick Clifton Date: Fri Sep 1 09:59:17 2017 +0100 Fix buffer overrun when parsing an ELF attribute string that is not NUL terminated. PR 22058 * elf-attrs.c (_bfd_elf_parse_attributes): Ensure that the attribute buffer is NUL terminated. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22058] Heap out of bounds read in _bfd_elf_attr_strdup()
https://sourceware.org/bugzilla/show_bug.cgi?id=22058 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #3 from Nick Clifton --- Hi Kamil, Thanks for reporting this bug. This was another case of buffer overrun due to an unterminated string. I have checked in a small patch to the mainline and 2.29 branch in order to fix the problem. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21933] heap buffer overflow in elf_read_notes
https://sourceware.org/bugzilla/show_bug.cgi?id=21933 --- Comment #6 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30326b094b8fc2594c76cf4beab70965afa7a111 commit 30326b094b8fc2594c76cf4beab70965afa7a111 Author: Nick Clifton Date: Fri Sep 1 10:17:00 2017 +0100 Check for an invalid note size when parsing ELF notes. PR 21933 PR 22060 * elf.c (elf_read_notes): Check for a note size of -1. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22060] Heap buffer overflow in elf_read_notes()
https://sourceware.org/bugzilla/show_bug.cgi?id=22060 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30326b094b8fc2594c76cf4beab70965afa7a111 commit 30326b094b8fc2594c76cf4beab70965afa7a111 Author: Nick Clifton Date: Fri Sep 1 10:17:00 2017 +0100 Check for an invalid note size when parsing ELF notes. PR 21933 PR 22060 * elf.c (elf_read_notes): Check for a note size of -1. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22060] Heap buffer overflow in elf_read_notes()
https://sourceware.org/bugzilla/show_bug.cgi?id=22060 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Kamil, Thanks for reporting this bug. The problem had already been reported and fixed in PR 21933, but the patch had not been backported to the 2.29 branch. I have now taken care of this. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22059] Heap out of bounds read in read_1_byte()
https://sourceware.org/bugzilla/show_bug.cgi?id=22059 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 commit 7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 Author: Nick Clifton Date: Fri Sep 1 11:20:51 2017 +0100 Prevent an address violation parsing corrupt DWARF information by fixing the test for an overlong debug line info structure. PR 22059 * dwarf2.c (decode_line_info): Fix test for an overlong line info structure. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22059] Heap out of bounds read in read_1_byte()
https://sourceware.org/bugzilla/show_bug.cgi?id=22059 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6bdd6269844b3dd73dd57f9d361c0bebe7f2778a commit 6bdd6269844b3dd73dd57f9d361c0bebe7f2778a Author: Nick Clifton Date: Fri Sep 1 11:22:43 2017 +0100 Prevent an address violation parsing corrupt DWARF information by fixing the test for an overlong debug line info structure. PR 22059 * dwarf2.c (decode_line_info): Fix test for an overlong line info structure. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22059] Heap out of bounds read in read_1_byte()
https://sourceware.org/bugzilla/show_bug.cgi?id=22059 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #3 from Nick Clifton --- Hi Kamil, Thanks for reporting this bug. There actually was code in the BFD library that was supposed to catch this particular kind of fuzzed object, but the test was wrong. So I have fixed it, and applied the patch to the mainline and 2.29 branch sources. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22009] Excessive memory allocation resulting from memory leakge due to incorrect handling of input file
https://sourceware.org/bugzilla/show_bug.cgi?id=22009 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |WONTFIX --- Comment #3 from Nick Clifton --- Hi Adhokshaj, This is a bug in the C++ demangler, which is part of the libiberty sources. These sources are managed by the GCC project, so please could you refile this bug report with the GCC bugzilla system ? Thanks. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22061] New: Missing unwind info for IBT PLT
https://sourceware.org/bugzilla/show_bug.cgi?id=22061 Bug ID: 22061 Summary: Missing unwind info for IBT PLT Product: binutils Version: 2.29 Status: NEW Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: hjl.tools at gmail dot com Target Milestone: --- Target: i386 [hjl@gnu-6 ld]$ cat /export/gnu/import/git/sources/binutils-gdb/ld/testsuite/ld-i386/ibt-plt-1.s .text .p2align 4,,15 .globl foo .type foo, @function foo: .LFB0: .cfi_startproc pushl %ebx .cfi_def_cfa_offset 8 .cfi_offset 3, -8 call__x86.get_pc_thunk.bx addl$_GLOBAL_OFFSET_TABLE_, %ebx subl$8, %esp .cfi_def_cfa_offset 16 callbar2@PLT callbar1@PLT addl$8, %esp .cfi_def_cfa_offset 8 popl%ebx .cfi_restore 3 .cfi_def_cfa_offset 4 ret .cfi_endproc .LFE0: .size foo, .-foo .section.note.GNU-stack,"",@progbits .section .text.__x86.get_pc_thunk.bx,"axG",@progbits,__x86.get_pc_thunk.bx,comdat .globl __x86.get_pc_thunk.bx .hidden __x86.get_pc_thunk.bx .type __x86.get_pc_thunk.bx, @function __x86.get_pc_thunk.bx: .LFB1: .cfi_startproc movl(%esp), %ebx ret .cfi_endproc .LFE1: .section ".note.gnu.property", "a" .p2align 2 .long 1f - 0f /* name length */ .long 5f - 2f /* data length */ .long 5 /* note type */ 0: .asciz "GNU"/* vendor name */ 1: .p2align 2 2: .long 0xc002/* pr_type. */ .long 4f - 3f /* pr_datasz. */ 3: .long 0x1 4: .p2align 2 5: /export/build/gnu/binutils/build-x86_64-linux/ld/../gas/as-new --32 -o tmpdir/ibt-plt-1.o /export/gnu/import/git/sources/binutils-gdb/ld/testsuite/ld-i386/ibt-plt-1.s ld -z norelro -L/export/gnu/import/git/sources/binutils-gdb/ld/testsuite/ld-i386 -shared -m elf_i386 --hash-style=sysv -o tmpdir/dump tmpdir/ibt-plt-1.o objdump -dw tmpdir/dump readelf -wf tmpdir/dump tmpdir/dump: file format elf32-i386 Disassembly of section .plt: 01b0 <.plt>: 1b0: ff b3 04 00 00 00 pushl 0x4(%ebx) 1b6: ff a3 08 00 00 00 jmp*0x8(%ebx) 1bc: 0f 1f 40 00 nopl 0x0(%eax) 1c0: f3 0f 1e fb endbr32 1c4: 68 00 00 00 00 push $0x0 1c9: e9 e2 ff ff ff jmp1b0 <.plt> 1ce: 66 90 xchg %ax,%ax 1d0: f3 0f 1e fb endbr32 1d4: 68 08 00 00 00 push $0x8 1d9: e9 d2 ff ff ff jmp1b0 <.plt> 1de: 66 90 xchg %ax,%ax Disassembly of section .plt.sec: 01e0 : 1e0: f3 0f 1e fb endbr32 1e4: ff a3 0c 00 00 00 jmp*0xc(%ebx) 1ea: 66 0f 1f 44 00 00 nopw 0x0(%eax,%eax,1) 01f0 : 1f0: f3 0f 1e fb endbr32 1f4: ff a3 10 00 00 00 jmp*0x10(%ebx) 1fa: 66 0f 1f 44 00 00 nopw 0x0(%eax,%eax,1) Disassembly of section .text: 0200 : 200: 53 push %ebx 201: e8 18 00 00 00 call 21e <__x86.get_pc_thunk.bx> 206: 81 c3 22 11 00 00 add$0x1122,%ebx 20c: 83 ec 08sub$0x8,%esp 20f: e8 dc ff ff ff call 1f0 214: e8 c7 ff ff ff call 1e0 219: 83 c4 08add$0x8,%esp 21c: 5b pop%ebx 21d: c3 ret 021e <__x86.get_pc_thunk.bx>: 21e: 8b 1c 24mov(%esp),%ebx 221: c3 ret Contents of the .eh_frame section: 0014 CIE Version: 1 Augmentation: "zR" Code alignment factor: 1 Data alignment factor: -4 Return address column: 8 Augmentation data: 1b DW_CFA_def_cfa: r4 (esp) ofs 4 DW_CFA_offset: r8 (eip) at cfa-4 DW_CFA_nop DW_CFA_nop 0018 001c 001c FDE cie= pc=0200..021e DW_CFA_advance_loc: 1 to 0201 DW_CFA_def_cfa_offset: 8 DW_CFA_offset: r3 (ebx) at cfa-8 DW_CFA_advance_loc: 14 to 020f DW_CFA_def_cfa_offset: 16 DW_CFA_advance_loc: 13 to 021c DW_CFA_def_cfa_offset: 8 DW_CFA_advance_loc: 1 to 021d DW_CFA_restore: r3 (ebx) DW_CFA_def_cfa_offset: 4 0038 0010 003c FDE cie= pc=021e..0222 DW_CFA_nop DW_CFA_nop DW_CFA_nop 004c 0020 0050 FDE cie= pc=01b0..01e0 DW_CFA_def_cfa_offset: 8 DW_CFA_advance_loc: 6 to 01b6 DW_CFA_def_cfa_offset: 12 DW_CFA_advance_loc: 10 to 01c0 DW_CFA_def_cfa_expression (DW_OP_breg4 (esp): 4; DW_OP_breg8 (eip): 0; DW_OP_lit15; DW_OP_and; DW_OP_lit9; DW_
[Bug ld/22061] Missing unwind info for IBT PLT
https://sourceware.org/bugzilla/show_bug.cgi?id=22061 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e10c9c620c3335731bb0052987affdc40942fd71 commit e10c9c620c3335731bb0052987affdc40942fd71 Author: H.J. Lu Date: Fri Sep 1 06:11:54 2017 -0700 x86: Correct unwind information for the second PLT For i386, generate unwind information for the second PLT. For x32, correct alignment of .eh_frame section for the second PLT. bfd/ PR ld/22061 * elf32-i386.c (elf_i386_link_setup_gnu_properties): Create .eh_frame section for the second PLT. * elf64-x86-64.c (elf_x86_64_link_setup_gnu_properties): Correct alignment of .eh_frame section for the second PLT. ld/ PR ld/22061 * testsuite/ld-i386/ibt-plt-1.d: Updated. * testsuite/ld-i386/ibt-plt-2a.d: Likewise. * testsuite/ld-i386/ibt-plt-2c.d: Likewise. * testsuite/ld-i386/ibt-plt-3a.d: Likewise. * testsuite/ld-i386/ibt-plt-3c.d: Likewise. * testsuite/ld-x86-64/ibt-plt-1-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2a-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2c-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3a-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3c-x32.d: Likewise. * testsuite/ld-i386/ibt-plt-2b.d: Pass --hash-style=sysv to ld and dump unwind information. * testsuite/ld-i386/ibt-plt-2d.d: Likewise. * testsuite/ld-i386/ibt-plt-3b.d: Likewise. * testsuite/ld-i386/ibt-plt-3d.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2b-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2b.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2d-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2d.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3b-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3b.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3d-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3d.d: Likewise. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22061] Missing unwind info for IBT PLT
https://sourceware.org/bugzilla/show_bug.cgi?id=22061 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6d76f0cef2ca8043aeabc49bc5c19a885499e8c commit e6d76f0cef2ca8043aeabc49bc5c19a885499e8c Author: H.J. Lu Date: Fri Sep 1 06:11:54 2017 -0700 x86: Correct unwind information for the second PLT For i386, generate unwind information for the second PLT. For x32, correct alignment of .eh_frame section for the second PLT. bfd/ PR ld/22061 * elf32-i386.c (elf_i386_link_setup_gnu_properties): Create .eh_frame section for the second PLT. * elf64-x86-64.c (elf_x86_64_link_setup_gnu_properties): Correct alignment of .eh_frame section for the second PLT. ld/ PR ld/22061 * testsuite/ld-i386/ibt-plt-1.d: Pass --hash-style=sysv to ld. Updated. * testsuite/ld-i386/ibt-plt-2a.d: Likewise. * testsuite/ld-i386/ibt-plt-2c.d: Likewise. * testsuite/ld-i386/ibt-plt-3a.d: Likewise. * testsuite/ld-i386/ibt-plt-3c.d: Likewise. * testsuite/ld-x86-64/ibt-plt-1-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2a-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2c-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3a-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3c-x32.d: Likewise. * testsuite/ld-i386/ibt-plt-2b.d: Pass --hash-style=sysv to ld and dump unwind information. * testsuite/ld-i386/ibt-plt-2d.d: Likewise. * testsuite/ld-i386/ibt-plt-3b.d: Likewise. * testsuite/ld-i386/ibt-plt-3d.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2b-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2b.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2d-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2d.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3b-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3b.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3d-x32.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3d.d: Likewise. * testsuite/ld-x86-64/ibt-plt-1.d: Pass --hash-style=sysv to ld. * testsuite/ld-x86-64/ibt-plt-2a.d: Likewise. * testsuite/ld-x86-64/ibt-plt-2c.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3a.d: Likewise. * testsuite/ld-x86-64/ibt-plt-3c.d: Likewise. (cherry picked from commit e10c9c620c3335731bb0052987affdc40942fd71) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22061] Missing unwind info for IBT PLT
https://sourceware.org/bugzilla/show_bug.cgi?id=22061 H.J. Lu changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.30 --- Comment #3 from H.J. Lu --- Fixed for 2.30 and 2.29 branch. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] New: x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064
Bug ID: 22064
Summary: x86_64-linux fails pr19579 test
Product: binutils
Version: 2.30 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: amodra at gmail dot com
Target Milestone: ---
Seen when configuring binutils with CFLAGS="-g -Og" using gcc (Ubuntu
4.9.4-2ubuntu1~16.04) 4.9.4 on x86_64-linux.
FAIL: Run pr19579
FAIL: Run pr19579 (-z now)
This code in elf_x86_64_finish_dynamic_symbol
else if (bfd_link_pic (info)
&& SYMBOL_REFERENCES_LOCAL (info, h))
{
if (!h->def_regular)
return FALSE;
is returning false when processing "foo".
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064 H.J. Lu changed: What|Removed |Added CC||hjl.tools at gmail dot com --- Comment #1 from H.J. Lu --- It doesn't happen with CFLAGS="-O2 -g". -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064
--- Comment #2 from H.J. Lu ---
I am testing this:
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 63aff4630f..26ab715daf 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -5330,7 +5330,7 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
else if (bfd_link_pic (info)
&& SYMBOL_REFERENCES_LOCAL (info, h))
{
-if (!h->def_regular)
+if (!(h->def_regular || ELF_COMMON_DEF_P (h)))
return FALSE;
BFD_ASSERT((h->got.offset & 1) != 0);
rela.r_info = htab->r_info (0, R_X86_64_RELATIVE);
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/22065] New: unique_segment_for_sections holds on to passed-in segment name
https://sourceware.org/bugzilla/show_bug.cgi?id=22065 Bug ID: 22065 Summary: unique_segment_for_sections holds on to passed-in segment name Product: binutils Version: 2.30 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gold Assignee: ccoutant at gmail dot com Reporter: julian.lettner at gmail dot com CC: ian at airs dot com Target Milestone: --- Created attachment 10386 --> https://sourceware.org/bugzilla/attachment.cgi?id=10386&action=edit Patch The function unique_segment_for_section (which is part of the public plugin API) stores the passed in segment name pointer without creating a copy of the string. This requires callers to make sure that the passed-in name has a sufficiently long life time. This is not the expected behavior and puts more burden on the caller (who needs to be aware this fact). The attached patch (2 modified lines) changes the type of `Unique_segment_info::name` from `const char*` to `std::string` to fix this issue. ``` static enum ld_plugin_status unique_segment_for_sections(const char* segment_name, uint64_t flags, uint64_t align, const struct ld_plugin_section* section_list, unsigned int num_sections) ``` -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064 --- Comment #3 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad71ce8de7dba823f5fc478e6d5eba03f1a2e822 commit ad71ce8de7dba823f5fc478e6d5eba03f1a2e822 Author: H.J. Lu Date: Fri Sep 1 18:53:26 2017 -0700 x86-64: Check ELF_COMMON_DEF_P for common symbols bfd/ PR ld/22064 * elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check ELF_COMMON_DEF_P for common symbols. ld/ PR ld/22064 * testsuite/ld-x86-64/pr22064a.S: New file. * testsuite/ld-x86-64/pr22064b.c: Likewise. * testsuite/ld-x86-64/x86-64.exp: Run PR ld/22064 test. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The binutils-2_29-branch branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=78a6a9c3a3a37868fd7014a67606281aea1c2c84 commit 78a6a9c3a3a37868fd7014a67606281aea1c2c84 Author: H.J. Lu Date: Fri Sep 1 18:53:26 2017 -0700 x86-64: Check ELF_COMMON_DEF_P for common symbols bfd/ PR ld/22064 * elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check ELF_COMMON_DEF_P for common symbols. ld/ PR ld/22064 * testsuite/ld-x86-64/pr22064a.S: New file. * testsuite/ld-x86-64/pr22064b.c: Likewise. * testsuite/ld-x86-64/x86-64.exp: Run PR ld/22064 test. (cherry picked from commit ad71ce8de7dba823f5fc478e6d5eba03f1a2e822) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22064] x86_64-linux fails pr19579 test
https://sourceware.org/bugzilla/show_bug.cgi?id=22064 H.J. Lu changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.30 --- Comment #5 from H.J. Lu --- Fixed on master and 2.29 branch. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
Bug 22065 - unique_segment_for_sections holds on to passed-in segment name
The function unique_segment_for_section (which is part of the public
plugin API) stores the passed in segment name pointer without creating
a copy of the string. This requires callers to make sure that the
passed-in name has a sufficiently long life time. This is not the
expected behavior and puts more burden on the caller (who needs to be
aware this fact).
The attached patch (2 modified lines) changes the type of
`Unique_segment_info::name` from `const char*` to `std::string` to fix
this issue.
```
static enum ld_plugin_status
unique_segment_for_sections(const char* segment_name,
uint64_t flags,
uint64_t align,
const struct ld_plugin_section* section_list,
unsigned int num_sections)
```
https://sourceware.org/bugzilla/show_bug.cgi?id=22065
diff --git a/gold/layout.cc b/gold/layout.cc
index 5f25faea55..22f5ffbe53 100644
--- a/gold/layout.cc
+++ b/gold/layout.cc
@@ -1198,7 +1198,7 @@ Layout::layout(Sized_relobj_file* object, unsigned int shndx,
elfcpp::Elf_Xword flags
= this->get_output_section_flags(shdr.get_sh_flags());
- const char* os_name = it->second->name;
+ const char* os_name = it->second->name.c_str();
Stringpool::Key name_key;
os_name = this->namepool_.add(os_name, true, &name_key);
os = this->get_output_section(os_name, name_key, sh_type, flags,
diff --git a/gold/layout.h b/gold/layout.h
index 15ee924678..a5e331b942 100644
--- a/gold/layout.h
+++ b/gold/layout.h
@@ -541,7 +541,7 @@ class Layout
{
// Identifier for the segment. ELF segments don't have names. This
// is used as the name of the output section mapped to the segment.
-const char* name;
+std::string name;
// Additional segment flags.
uint64_t flags;
// Segment alignment.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
