[Bug gas/31752] gas: Support \+ in .rept/.irp/.irpc directives
https://sourceware.org/bugzilla/show_bug.cgi?id=31752 --- Comment #3 from Sourceware Commits --- The master branch has been updated by Jan Beulich : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1e3c814459d83247707f8c9840ac660726cfaae0 commit 1e3c814459d83247707f8c9840ac660726cfaae0 Author: Jan Beulich Date: Mon Jun 10 09:06:37 2024 +0200 gas: extend \+ support to .rept PR gas/31752 While not quite as macro-like as .irp / .irpc, this perhaps benefits from supporting \+ even more than those: It allows, where desired, to get away without maintaining an explicit count variable in source code. Keep .rep (and custom per-arch uses of s_rept() / do_repeat()) behavior unaltered. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/31752] gas: Support \+ in .rept/.irp/.irpc directives
https://sourceware.org/bugzilla/show_bug.cgi?id=31752 Jan Beulich changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #4 from Jan Beulich --- Should be all set now. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/31868] Provide diagnostic option for ISA marker notes
https://sourceware.org/bugzilla/show_bug.cgi?id=31868 Florian Weimer changed: What|Removed |Added CC||fweimer at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31872] New: Segfault in objdump (elf_slurp_reloc_table_from_section)
https://sourceware.org/bugzilla/show_bug.cgi?id=31872 Bug ID: 31872 Summary: Segfault in objdump (elf_slurp_reloc_table_from_section) Product: binutils Version: 2.42 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: g.priamo at diag dot uniroma1.it Target Milestone: --- Created attachment 15574 --> https://sourceware.org/bugzilla/attachment.cgi?id=15574&action=edit Testcase ### Describe the bug AddressSanitizer: SEGV on unknown address in objdump (`elf_slurp_reloc_table_from_section`). ### To Reproduce Cloned binutils from git://sourceware.org/git/binutils-gdb.git and built version 2.42.50.20240610 taking inspiration from the build script in [oss-fuzz](https://github.com/google/oss-fuzz/blob/master/projects/binutils/build.sh): ``` export CFLAGS="-O0 -g -fno-omit-frame-pointer -fno-function-sections -fno-unique-section-names -fsanitize=address" cd binutils sed -i 's/vfprintf (stderr/\/\//' elfcomm.c sed -i 's/fprintf (stderr/\/\//' elfcomm.c cd ../ ./configure --disable-gdb --disable-gdbserver --disable-gdbsupport \ --disable-libdecnumber --disable-readline --disable-sim \ --disable-libbacktrace --disable-gas --disable-ld --disable-werror \ --enable-targets=all make clean make MAKEINFO=true && true ``` The crash also reproduces with this simpler build configuration: ``` ./configure --enable-targets=all make ``` ### ASAN Output ``` ./objdump -S testcase ./target: warning: testcase has a section extending past end of file ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) ./target: testcase: attempt to load strings from a non-string section (number 21) AddressSanitizer:DEADLYSIGNAL = ==59106==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x bp 0x7ffd14f63c50 sp 0x7ffd14f639b8 T0) ==59106==Hint: pc points to the zero page. ==59106==The signal is caused by a READ memory access. ==59106==Hint: address points to the zero page. #0 0x0 () #1 0x7f3562d3341f (/lib/x86_64-linux-gnu/libpthread.so.0+0x1441f) AddressSanitizer can not provide additional info. SUMMARY:
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 Nick Clifton changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #18 from Nick Clifton --- (In reply to Rostislav Krasny from comment #17) > Reopened only to draw attention to the second patch. Oops - sorry - I meant to get to this last week, but ran out of time. I have now applied your patch, although I forgot to reference this PR in the commit message, which is why it does not show up in the message log. I will close the PR again, but do feel free to reopen it if there are more changes that you think are needed. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31873] New: Heap-buffer-overflow in objdump (`bfd_getl32`)
https://sourceware.org/bugzilla/show_bug.cgi?id=31873 Bug ID: 31873 Summary: Heap-buffer-overflow in objdump (`bfd_getl32`) Product: binutils Version: 2.42 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: g.priamo at diag dot uniroma1.it Target Milestone: --- Created attachment 15575 --> https://sourceware.org/bugzilla/attachment.cgi?id=15575&action=edit Testcase ### Describe the bug AddressSanitizer: heap-buffer-overflow in objdump (`bfd_getl32`). ### To Reproduce Cloned binutils from git://sourceware.org/git/binutils-gdb.git and built version 2.42.50.20240610 taking inspiration from the build script in [oss-fuzz](https://github.com/google/oss-fuzz/blob/master/projects/binutils/build.sh): ``` export CFLAGS="-O0 -g -fno-omit-frame-pointer -fno-function-sections -fno-unique-section-names -fsanitize=address" cd binutils sed -i 's/vfprintf (stderr/\/\//' elfcomm.c sed -i 's/fprintf (stderr/\/\//' elfcomm.c cd ../ ./configure --disable-gdb --disable-gdbserver --disable-gdbsupport \ --disable-libdecnumber --disable-readline --disable-sim \ --disable-libbacktrace --disable-gas --disable-ld --disable-werror \ --enable-targets=all make clean make MAKEINFO=true && true ``` The crash also reproduces with this simpler build configuration: ``` ./configure --enable-targets=all make ``` ### ASAN Output ``` ./objdump -x testcase testcase: file format vms-alpha testcase architecture: alpha, flags 0x004c: HAS_LINENO, HAS_DEBUG, DYNAMIC start address 0x EIHD: (size: 0, nbr blocks: 1848401005) majorid: 3, minorid: 0 image type: 16843047 (unknown), subtype: 1032716545 (unknown) offsets: isd: 0, activ: 0, symdbg: 16, imgid: 2, patch: 6 fixup info rva: f9000101, symbol vector rva: 01019d00 version array off: 0 img I/O count: 16777216, nbr channels: 16857857, req pri: 6f6d2d6f796d2d01 linker flags: 302c6f74: NOP0BUFS P0IMAGE DBGDMT INISHR BIND_CODE_SEC BIND_DATA_SEC MKTHREADS UPCALLS EXT_BIND_SECT ident: 0x33313831, sysver: 0x01010107, match ctrl: 60, symvect_size: 385941789 BPAGE: 17153, ext fixup offset: 17039360, no_opt psect off: 1685091941, alias: 257 Image identification: (major: 0, minor: 0) image name : link time: Thu Jan 1 01:00:00 1970 image ident : = linker ident : om\,nto,01813< image build ident: Image symbol & debug table: (major: 0, minor: 16) debug symbol table : vbn: 2, size: 6 (0x6) global symbol table: vbn: 0, records: 4177527041 debug module table : vbn: 0, size: 16882944 Debug symbol table: type: 171, len: 93 (at 0x): recbeg: name: vflags: 0x00, value: 0xff050100 (reg: 0, disp: 0, indir: 0, kind: literal) = ==796203==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000f9 at pc 0x00b722dd bp 0x7ffe506ed410 sp 0x7ffe506ed408 READ of size 1 at 0x608000f9 thread T0 #0 0xb722dc in bfd_getl32 bfd/libbfd.c:846:18 #1 0x1420527 in evax_bfd_print_dst bfd/vms-alpha.c:7734:18 #2 0x141d6eb in evax_bfd_print_image bfd/vms-alpha.c:8533:7 #3 0x13faef9 in vms_bfd_print_private_bfd_data bfd/vms-alpha.c:8751:5 #4 0x4d49ab in dump_bfd_private_header binutils/./objdump.c:5010:8 #5 0x4d368d in dump_bfd binutils/./objdump.c:5702:2 #6 0x4d2cdf in display_object_bfd binutils/./objdump.c:5852:7 #7 0x4d2be0 in display_any_bfd binutils/./objdump.c:5939:5 #8 0x4d19dc in display_file binutils/./objdump.c:5960:3 #9 0x4d0006 in main binutils/./objdump.c:6377:6 #10 0x7f188f38c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #11 0x41d6ad in _start (target+0x41d6ad) 0x608000f9 is located 0 bytes to the right of 89-byte region [0x608000a0,0x608000f9) allocated by thread T0 here: #0 0x49834d in malloc /tmp/llvm/utils/release/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0xb71032 in bfd_malloc bfd/libbfd.c:291:9 #2 0x13ffb4c in _bfd_malloc_and_read bfd/./libbfd.h:927:9 #3 0x141f0f9 in evax_bfd_print_dst bfd/vms-alpha.c:7526:10 #4 0x141d6eb in evax_bfd_print_image bfd/vms-alpha.c:8533:7 #5 0x13faef9 in vms_bfd_print_private_bfd_data bfd/vms-alpha.c:8751:5 #6 0x4d49ab in dump_bfd_private_header binutils/./objdump.c:5010:8 #7 0x4d368d in dump_bfd binutils/./objdump.c:5702:2 #8 0x4d2cdf in display_object_bfd binutils/./objdump.c:5852:7 #9 0x4d2be0 in display_any_bfd binutils/./objdump.c:5939:5 #10 0x4d19dc in display_file binutils/./objdump.c:5960:3 #11 0x4d0006 in main binutils/./objdump.c:6377:6 #12 0x7f188f38c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) SUMMARY: AddressSanitizer: heap-buffer-overflow bfd/libbfd.c:846:18 in bfd_getl32 Shadow bytes around the buggy
[Bug binutils/31873] Heap-buffer-overflow in objdump (bfd_getl32)
https://sourceware.org/bugzilla/show_bug.cgi?id=31873 Giacomo Priamo changed: What|Removed |Added Summary|Heap-buffer-overflow in |Heap-buffer-overflow in |objdump (`bfd_getl32`) |objdump (bfd_getl32) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31873] Heap-buffer-overflow in objdump (bfd_getl32)
https://sourceware.org/bugzilla/show_bug.cgi?id=31873 Alan Modra changed: What|Removed |Added Last reconfirmed||2024-06-10 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 Status|UNCONFIRMED |ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31873] Heap-buffer-overflow in objdump (bfd_getl32)
https://sourceware.org/bugzilla/show_bug.cgi?id=31873 --- Comment #1 from Sourceware Commits --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=539c3962fa08cfe46f71555f6b6d47326f3d9cda commit 539c3962fa08cfe46f71555f6b6d47326f3d9cda Author: Alan Modra Date: Mon Jun 10 22:50:26 2024 +0930 PR31873, buffer overflow in evax_bfd_print_dst PR 31873 * vms-alpha.c (evax_bfd_print_dst): Sanity check len against dst_size. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31873] Heap-buffer-overflow in objdump (bfd_getl32)
https://sourceware.org/bugzilla/show_bug.cgi?id=31873 Alan Modra changed: What|Removed |Added Resolution|--- |FIXED Version|2.42|2.43 (HEAD) Target Milestone|--- |2.43 Status|ASSIGNED|RESOLVED --- Comment #2 from Alan Modra --- Fix applied -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 --- Comment #19 from Rostislav Krasny --- Thank you Nick! -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31872] Segfault in objdump (elf_slurp_reloc_table_from_section)
https://sourceware.org/bugzilla/show_bug.cgi?id=31872 --- Comment #1 from Sourceware Commits --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b20ab53f81db7eefa0db00d14f06c04527ac324c commit b20ab53f81db7eefa0db00d14f06c04527ac324c Author: Alan Modra Date: Tue Jun 11 09:22:49 2024 +0930 PR31872, Segfault in objdump (elf_slurp_reloc_table_from_section) This one was triggered by trying to dump an AMDGPU object. elf64-amdgcn.c lacks support for objdump relocation handling. PR 31872 * elfcode.h (elf_slurp_reloc_table_from_section): Don't segfault on NULL elf_info_to_howto_rel. -- You are receiving this mail because: You are on the CC list for the bug.
