[Bug binutils/28523] ld.bfd created undefined symbols on ppc64
https://sourceware.org/bugzilla/show_bug.cgi?id=28523 --- Comment #9 from Martin Liska --- Great, thank you very much! -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/28509] ld riscv: R_RISCV_JAL referencing a preemptible symbol should be rejected
https://sourceware.org/bugzilla/show_bug.cgi?id=28509 Nelson Chu changed: What|Removed |Added Assignee|unassigned at sourceware dot org |nelson.chu at sifive dot com CC||nelsonc1225 at sourceware dot org -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28530] New: Hang in objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=28530 Bug ID: 28530 Summary: Hang in objdump Product: binutils Version: 2.38 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: shaohua.li at inf dot ethz.ch Target Milestone: --- Created attachment 13752 --> https://sourceware.org/bugzilla/attachment.cgi?id=13752&action=edit hang.o Hi there, For the provided test case, `objdump -D` would hang forever. - Compiler: clang13 - Platform: Ubuntu 20.04.3 LTS x86_64 - Reproduce: run `objdump -D hang.o` -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28530] Hang in objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=28530 H.J. Lu changed: What|Removed |Added Resolution|--- |WORKSFORME Status|UNCONFIRMED |RESOLVED --- Comment #1 from H.J. Lu --- Works for me on master branch: [hjl@gnu-cfl-2 pr28530]$ ./objdump -D x.obj Can't get contents for section '.debug_info'. x.obj: file format elf64-x86-64 Disassembly of section .text: : 0: f3 c3 repz ret 2: 66 66 2e 0f 1f 84 00data16 cs nopw 0x0(%rax,%rax,1) 9: 00 00 00 00 d: 0f 1f 00nopl (%rax) 0010 : 10: e9 00 00 00 00 jmp15 Disassembly of section .debug_abbrev: <.debug_abbrev>: 0: 00 01 add%al,(%rcx) 2: 11 01 adc%eax,(%rcx) 4: 25 0e 13 0b 03 and$0x30b130e,%eax 9: 0e (bad) a: 1b 0e sbb(%rsi),%ecx c: 11 01 adc%eax,(%rcx) e: 12 01 adc(%rcx),%al 10: 10 06 adc%al,(%rsi) 12: 00 00 add%al,(%rax) 14: 02 2e add(%rsi),%ch 16: 00 3f add%bh,(%rdi) 18: 0c 03 or $0x3,%al 1a: 0e (bad) 1b: 3a 0b cmp(%rbx),%cl 1d: 3b 0b cmp(%rbx),%ecx 1f: 11 01 adc%eax,(%rcx) 21: 12 01 adc(%rcx),%al 23: 40 0a 00rex or (%rax),%al ... ./objdump: Reading section .debug_info failed because: bad value Disassembly of section .debug_line: <.debug_line>: 0: 43 00 00rex.XB add %al,(%r8) 3: 00 03 add%al,(%rbx) 5: 00 25 00 00 00 01 add%ah,0x100(%rip)# 10b b: 01 fb add%edi,%ebx d: 0e (bad) e: 0d 00 01 01 01 or $0x1010100,%eax 13: 01 00 add%eax,(%rax) 15: 00 00 add%al,(%rax) 17: 01 00 add%eax,(%rax) 19: 00 01 add%al,(%rcx) 1b: 00 63 6fadd%ah,0x6f(%rbx) 1e: 6d insl (%dx),%es:(%rdi) 1f: 70 72 jo 93 21: 65 73 73gs jae 97 24: 65 64 2d 31 2e 63 00gs fs sub $0x632e31,%eax 2b: 00 00 add%al,(%rax) 2d: 00 00 add%al,(%rax) 2f: 00 09 add%cl,(%rcx) 31: 02 00 add(%rax),%al 33: 00 00 add%al,(%rax) 35: 00 00 add%al,(%rax) 37: 00 00 add%al,(%rax) 39: 00 03 add%al,(%rbx) 3b: 0a 01 or (%rcx),%al 3d: 13 03 adc(%rbx),%eax 3f: 79 f2 jns33 <.debug_line+0x33> 41: 13 02 adc(%rdx),%eax 43: 05 .byte 0x5 44: 00 01 add%al,(%rcx) 46: 01 .byte 0x1 Disassembly of section .debug_pubnames: <.debug_pubnames>: 0: 20 00 and%al,(%rax) 2: 00 00 add%al,(%rax) 4: 02 00 add(%rax),%al 6: 00 00 add%al,(%rax) 8: 00 00 add%al,(%rax) a: 62 (bad) b: 00 00 add%al,(%rax) d: 00 2d 00 00 00 66 add%ch,0x6600(%rip)# 6613 13: 6f outsl %ds:(%rsi),(%dx) 14: 6f outsl %ds:(%rsi),(%dx) 15: 32 00 xor(%rax),%al 17: 47 00 00rex.RXB add %r8b,(%r8) 1a: 00 66 6fadd%ah,0x6f(%rsi) 1d: 6f outsl %ds:(%rsi),(%dx) 1e: 31 00 xor%eax,(%rax) 20: 00 00 add%al,(%rax) ... Disassembly of section .debug_aranges: <.debug_aranges>: 0: 2c 00 sub$0x0,%al 2: 00 00 add%al,(%rax) 4: 02 00 add(%rax),%al 6: 00 00 add%al,(%rax) 8: 00 00 add%al,(%rax) a: 08 00 or %al,(%rax) ... 18: 15 00 00 00 00 adc$0x0,%eax ... Disassembly of section .debug_str: <.debug_str>: 0: 47 rex.RXB 1: 4e 55 rex.WRX push %rbp 3: 20 43 2
[Bug binutils/28530] Hang in objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=28530 --- Comment #2 from Shaohua Li --- Well, for the default configuration, it indeed ended if given a long enough time. But it seems to take a much longer time than expected. I found this issue with a "-O0" compiled binary. If you compile with "-O0", at least on my machine, it couldn't end in 10min+. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28530] Hang in objdump
https://sourceware.org/bugzilla/show_bug.cgi?id=28530 --- Comment #3 from H.J. Lu --- (In reply to Shaohua Li from comment #2) > Well, for the default configuration, it indeed ended if given a long enough > time. But it seems to take a much longer time than expected. > > I found this issue with a "-O0" compiled binary. If you compile with "-O0", > at least on my machine, it couldn't end in 10min+. Compiled with -O0, I got $ time ./objdump -D x.obj ... real0m0.011s user0m0.004s sys 0m0.007s -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28540] New: Buffer Overflow on Dwarf.c
https://sourceware.org/bugzilla/show_bug.cgi?id=28540 Bug ID: 28540 Summary: Buffer Overflow on Dwarf.c Product: binutils Version: 2.37 Status: UNCONFIRMED Severity: critical Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: petryx78 at gmail dot com Target Milestone: --- Created attachment 13755 --> https://sourceware.org/bugzilla/attachment.cgi?id=13755&action=edit Crash File Hi binutils Team, I was recently doing security tests with AFL-Fuzz, and I ended up discovering a buffer overflow in the binutils-2.37 package, more specifically in the objdump binary. I already requested a CVE ID, but have not received it yet. Reproduce: $ binutils-2.37/binutils/objdump -D -T -x crash_2.37 [1]8585 segmentation fault (core dumped) binutils-2.37/binutils/objdump -D -T -x crash_2.37 Backtrace #0 0x in ?? () #1 0x0044c263 in parse_gnu_debuglink (section=section@entry=0xf65ac0 , data=data@entry=0x7fffdef0) at dwarf.c:10874 #2 0x004517fa in load_separate_debug_info (main_filename=main_filename@entry=0x6211cd10 "crash_2.37", xlink=xlink@entry=0xf65ac0 , parse_func=parse_func@entry=0x44c130 , check_func=check_func@entry=0x44c4f0 , func_data=func_data@entry=0x7fffdef0, file=0x6120bec0) at dwarf.c:11022 #3 0x00452654 in check_for_and_load_links (file=file@entry=0x6120bec0, filename=filename@entry=0x6211cd10 "crash_2.37") at dwarf.c:11346 #4 0x004c84d3 in load_separate_debug_files (file=file@entry=0x6120bec0, filename=0x6211cd10 "crash_2.37") at dwarf.c:11462 #5 0x00430a0d in dump_bfd (abfd=abfd@entry=0x6120bec0, is_mainfile=is_mainfile@entry=0x1) at ./objdump.c:4874 #6 0x0043361d in display_object_bfd (abfd=0x6120bec0) at ./objdump.c:5060 #7 display_any_bfd (file=file@entry=0x6120bec0, level=level@entry=0x0) at ./objdump.c:5150 #8 0x00411c24 in display_file (last_file=0x1, target=, filename=0x7fffe727 "crash_2.37") at ./objdump.c:5171 #9 main (argc=0x5, argv=0x7fffe488) at ./objdump.c:5521 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28540] segmentation fault on NULL byte_get
https://sourceware.org/bugzilla/show_bug.cgi?id=28540 Alan Modra changed: What|Removed |Added Summary|Buffer Overflow on Dwarf.c |segmentation fault on NULL ||byte_get Severity|critical|normal Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Last reconfirmed||2021-11-04 --- Comment #1 from Alan Modra --- Not a buffer overflow. byte_get is being called to read a possible separate debug info file crc, but byte_get is NULL for tekhex files. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28540] segmentation fault on NULL byte_get
https://sourceware.org/bugzilla/show_bug.cgi?id=28540 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f105f518413ea3e4c212f89585f9a8a5dddcdd commit f2f105f518413ea3e4c212f89585f9a8a5dddcdd Author: Alan Modra Date: Thu Nov 4 14:11:02 2021 +1030 PR28540, segmentation fault on NULL byte_get PR 28540 * objdump.c (dump_bfd): Don't attempt load_separate_debug_files when byte_get is NULL. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28540] segmentation fault on NULL byte_get
https://sourceware.org/bugzilla/show_bug.cgi?id=28540 Alan Modra changed: What|Removed |Added Assignee|unassigned at sourceware dot org |amodra at gmail dot com Status|NEW |RESOLVED Target Milestone|--- |2.38 Resolution|--- |FIXED --- Comment #3 from Alan Modra --- Fixed. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/28540] segmentation fault on NULL byte_get
https://sourceware.org/bugzilla/show_bug.cgi?id=28540 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The binutils-2_37-branch branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=96eb21265ebffbc28f767bed9a2b7650ecb9818d commit 96eb21265ebffbc28f767bed9a2b7650ecb9818d Author: Alan Modra Date: Thu Nov 4 14:11:02 2021 +1030 PR28540, segmentation fault on NULL byte_get PR 28540 * objdump.c (dump_bfd): Don't attempt load_separate_debug_files when byte_get is NULL. (cherry picked from commit f2f105f518413ea3e4c212f89585f9a8a5dddcdd) -- You are receiving this mail because: You are on the CC list for the bug.
