[Bug ld/30984] New: assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 Bug ID: 30984 Summary: assertion fail ../../bfd/elf.c:8485 Product: binutils Version: 2.41 Status: UNCONFIRMED Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: stsp at users dot sourceforge.net Target Milestone: --- Created attachment 15182 --> https://sourceware.org/bugzilla/attachment.cgi?id=15182&action=edit test case Please unpack the attached test-case and run "make". Results: ld: BFD (GNU Binutils for Ubuntu) 2.41 assertion fail ../../bfd/elf.c:8485 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libctf/30985] New: ctf_add_member_encoded of a type on a parent dumps core
https://sourceware.org/bugzilla/show_bug.cgi?id=30985
Bug ID: 30985
Summary: ctf_add_member_encoded of a type on a parent dumps
core
Product: binutils
Version: 2.41
Status: NEW
Severity: normal
Priority: P2
Component: libctf
Assignee: unassigned at sourceware dot org
Reporter: nick.alcock at oracle dot com
Target Milestone: ---
This dumps core:
ctf_dict_t *fp;
ctf_encoding_t e = { CTF_INT_SIGNED, 0, sizeof (long) };
ctf_id_t type;
int err;
if ((fp = ctf_create (&err)) == NULL)
/* error handling */
if ((type = ctf_add_struct (fp, CTF_ADD_ROOT, "foo")) == CTF_ERR)
/* error handling */
if (ctf_add_member_encoded (fp, type, "member", 666, 5, e) == CTF_ERR)
/* error handling */
Now this is obviously invalid code (emitting a member of a nonexistent garbage
type ID). But this also dumps core for the same reason:
ctf_dict_t *pfp, *cfp;
ctf_encoding_t e = { CTF_INT_SIGNED, 0, sizeof (long) };
ctf_id_t ptype;
int err;
if ((pfp = ctf_create (&err)) == NULL)
/* error handling */
if ((cfp = ctf_create (&err)) == NULL)
/* error handling */
if (ctf_import (cfp, pfp) < 0)
/* error handling */
if ((ptype = ctf_add_integer (pfp, CTF_ADD_NONROOT, "int", &e)) == CTF_ERR)
/* error handling */
if ((stype = ctf_add_struct (cfp, CTF_ADD_ROOT, "foo")) == CTF_ERR)
/* error handling */
if (ctf_add_member_encoded (cfp, stype, "cmember", ptype, 5, e) == CTF_ERR)
/* error handling */
The underlying problem is that ctf_add_member_encoded operation looks up the
DTD of 'ptype' to try to figure out its type kind (for error handling), but
does not allow for the possibility that the DTD lookup might fail. Firstly, of
course, it might fail because you provided an invalid ptype; but secondly, DTD
lookup doesn't recurse to parents if nothing is found in a child dict, but
ctf_add_member_encoded() assumes that it does.
An audit while fixing this revealed other, related problems with ctf_set_array,
ctf_add_enumerator, ctf_add_member and ctf_add_member_offset, all of which
produce ECTF_BADID errors if asked to modify a type in an imported parent dict
via a child dict.
Fixing. Thanks to Kris Van Hees for identifying the first of these problems and
tracking it down.
--
You are receiving this mail because:
You are on the CC list for the bug.
[Bug libctf/30985] ctf_add_member_encoded of a type on a parent dumps core
https://sourceware.org/bugzilla/show_bug.cgi?id=30985 Nick Alcock changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|unassigned at sourceware dot org |nick.alcock at oracle dot com --- Comment #1 from Nick Alcock --- There are no uses of any of these functions in crash-inducing or error-inducing ways in the linker or CTF deduplicator; the deduplicator never calls ctf_add_member_encoded at all, and when it adds types to the parent dict it always does so directly, never via the child. So this only affects other client uses (but it can indeed affect those, and has). -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 --- Comment #1 from Stas Sergeev --- The test-case basically just creates the absolute section: .intel_syntax noprefix .section .text .code32 .global main ;.extern printf main: mov eax, 0xDEADBEEF push eax push message ; call printf add esp, 8 ret .section *ABS* message: .asciz "Register = %08X" -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/27565] ld: Support input section description keyword: REVERSE
https://sourceware.org/bugzilla/show_bug.cgi?id=27565 --- Comment #9 from Alexey --- That is what I found. Issue 1: Can not pass multiple sections to REVERSE, e.g: *(REVERSE(.init_array .ctors)) Can only with combining: *(REVERSE(.init_array)) *(REVERSE(.ctors)) Issue 2: Reverse does not apply for: *(REVERSE(EXCLUDE_FILE (*crtend.* *crtbegin.*) .ctors)) ? Issue 3: The first element is 0x for: *(REVERSE(.ctors)) I would like to not change the place of terminating 0x ctors. Could not check how it works with clang linker, because getting this: ld.lld: error: script.ld:112: expected filename pattern >>> KEEP (*(REVERSE(.ctors))) >>> ^ -- You are receiving this mail because: You are on the CC list for the bug.
Issue 60774 in oss-fuzz: binutils:fuzz_dwarf: Out-of-memory in fuzz_dwarf
Updates: Labels: -deadline-approaching -restrict-view-commit Deadline-Exceeded Comment #3 on issue 60774 by sheriffbot: binutils:fuzz_dwarf: Out-of-memory in fuzz_dwarf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60774#c3 This bug has exceeded our disclosure deadline. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 Alan Modra changed: What|Removed |Added Last reconfirmed||2023-10-19 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Status|UNCONFIRMED |ASSIGNED Ever confirmed|0 |1 --- Comment #2 from Alan Modra --- (In reply to Stas Sergeev from comment #1) > .section *ABS* With something as horrible as that you deserve to have the linker format your hard drive for you! :-) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 --- Comment #3 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b1b9bc05f8f6cde3956fb4d08f734de438f02a7 commit 1b1b9bc05f8f6cde3956fb4d08f734de438f02a7 Author: Alan Modra Date: Fri Oct 20 08:51:20 2023 +1030 PR30984, assertion fail elf.c:8485 PR 30984 * ldelf.c (ldelf_place_orphan): Don't allow bfd_abs_section as a potential output section. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 Alan Modra changed: What|Removed |Added Status|ASSIGNED|RESOLVED Target Milestone|--- |2.42 Resolution|--- |FIXED --- Comment #4 from Alan Modra --- Fixed mainline. I won't be committing this to 2.41 as I don't believe that linker bugs tickled by fuzzed object files or deliberately crafted testcases are important enough to warrant backporting. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 --- Comment #5 from Stas Sergeev --- Thank you. Could you please hint me how to create an absolute symbol? I already know that if I do symbol = ABSOLUTE(.); in a linker script, then there will be no dynamic relocs against this symbol. I wanted to experiment with this further, and create it from assembler. How can I do that? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/30984] assertion fail ../../bfd/elf.c:8485
https://sourceware.org/bugzilla/show_bug.cgi?id=30984 --- Comment #6 from Alan Modra --- Use .set, or something like the following. .globl x x = 42 -- You are receiving this mail because: You are on the CC list for the bug.
