bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gold/15070] New: gold crashes on ARMv5 due to unaligned memory acce

From: shawnlandden at gmail dot com
Subject: [Bug gold/15070] New: gold crashes on ARMv5 due to unaligned memory access
Date: Sat, 26 Jan 2013 18:56:51 +0000 
http://sourceware.org/bugzilla/show_bug.cgi?id=15070

             Bug #: 15070
           Summary: gold crashes on ARMv5 due to unaligned memory access
           Product: binutils
           Version: 2.23
            Status: NEW
          Severity: critical
          Priority: P2
         Component: gold
        AssignedTo: address@hidden
        ReportedBy: address@hidden
                CC: address@hidden
    Classification: Unclassified


Created attachment 6832
  --> http://sourceware.org/bugzilla/attachment.cgi?id=6832
proposed fix

Since f2494eee (integrate nacl into gold) gold does unaligned memory accesses
on armv5 and earlier when recognizing nacl files, due to unaligned allocation
of Ehdr.

(From Debian bug #696284):



ehdr here is only 16-bit aligned (0x405a7536 % 4 == 2), which comes from 
#1  0x0008ce74 in Elf_file (file=0xbe89bfc8, this=0xbe89bf68)
    at ../../gold/../elfcpp/elfcpp_file.h:397
whch is using an offset into the open file.

encountered building chromium, but I was unable to build anything without
turning on
unaligned fault fixup (echo 2 > /proc/cpu/alignment)
invocation:  gdb --args g++-4.6.real -pthread -Wl,-z,noexecstack -fPIC -Wl,-O1
-Wl,--as-needed -Wl,--gc-sections  -o out/Release/mksnapshot -Wl,--start-group
out/Release/obj.host/mksnapshot/v8/src/mksnapshot.o
out/Release/obj.host/v8/tools/gyp/libv8_base.a
out/Release/obj.host/v8/tools/gyp/libv8_nosnapshot.a -Wl,--end-group 
then: set follow-fork-mode child

Dump of assembler code for function elfcpp::Elf_file<32, false,
gold::Sniff_file>::construct(gold::Sniff_file*, elfcpp::Ehdr<32, false>
const&):
   0x0002f4a4 <+0>:     ldr     r3, [r2]
   0x0002f4a8 <+4>:     push    {r4, r5, r6, r7, r8, lr}
   0x0002f4ac <+8>:     ldrh    r7, [r3, #40]   ; 0x28
=> 0x0002f4b0 <+12>:    ldr     r6, [r3, #32]
   0x0002f4b4 <+16>:    ldrh    r12, [r3, #48]  ; 0x30
   0x0002f4b8 <+20>:    mov     r4, r2
   0x0002f4bc <+24>:    ldrh    r2, [r3, #50]   ; 0x32
   0x0002f4c0 <+28>:    mov     r8, #0
   0x0002f4c4 <+32>:    cmp     r7, #52 ; 0x34
   0x0002f4c8 <+36>:    mov     r5, r1
   0x0002f4cc <+40>:    str     r1, [r0]
   0x0002f4d0 <+44>:    str     r6, [r0, #8]
   0x0002f4d4 <+48>:    str     r8, [r0, #12]
   0x0002f4d8 <+52>:    str     r12, [r0, #16]
   0x0002f4dc <+56>:    str     r2, [r0, #20]
   0x0002f4e0 <+60>:    str     r8, [r0, #24]

(gdb) info registers
r0             0xbe89bf70       3196698480
r1             0xbe89bfd0       3196698576
r2             0xbe89bff8       3196698616
r3             0x405a7536       1079670070
r4             0x536    1334
r5             0x0      0
r6             0x20     32
r7             0x34     52
r8             0x27d0dc 2609372
r9             0x0      0
r10            0x536    1334
r11            0x0      0
r12            0x0      0
sp             0xbe89bf20       0xbe89bf20
lr             0x8ce74  577140
pc             0x2f4b0  0x2f4b0 <elfcpp::Elf_file<32, false,
gold::Sniff_file>::construct(gold::Sniff_file*, elfcpp::Ehdr<32, false>
const&)+12>
cpsr           0x60000010       1610612752

(gdb) bt full
#0  elfcpp::Elf_file<32, false, gold::Sniff_file>::construct (this=0xbe89bf70,
file=0xbe89bfd0, 
    ehdr=...) at ../../gold/../elfcpp/elfcpp_file.h:378
No locals.
#1  0x0008ce74 in Elf_file (file=0xbe89bfc8, this=0xbe89bf68)
    at ../../gold/../elfcpp/elfcpp_file.h:397
No locals.
#2  do_recognize_nacl_file<32, false> (offset=1334, input_file=<optimized out>,
this=0x27d0dc)
    at ../../gold/nacl.h:198
        file = {file_ = @0xd14a30, offset_ = 1334}
        elf_file = {static ehdr_size = <optimized out>, static phdr_size =
<optimized out>, 
          static shdr_size = <optimized out>, static sym_size = <optimized
out>, 
          static rel_size = <optimized out>, static rela_size = <optimized
out>, file_ = 0x0, 
          shoff_ = 3845902709115484, shnum_ = 13716016, shstrndx_ = 13712800, 
          large_shndx_offset_ = 13716016}
        shnum = <optimized out>
#3  recognize_nacl_file (offset=1334, input_file=<optimized out>,
this=0x27d0dc)
    at ../../gold/nacl.h:182
No locals.
#4  gold::Target_selector_nacl<{anonymous}::Target_selector_arm<false>,
{anonymous}::Target_arm_nacl<false> >::do_recognize(gold::Input_file *, off_t,
int, int, int) (this=0x27d0dc, 
    file=<optimized out>, offset=<optimized out>, machine=40, osabi=0,
abiversion=0)
    at ../../gold/nacl.h:116
No locals.
#5  0x001e9470 in recognize (abiversion=0, osabi=32, machine=2622660,
offset=1334, 
    input_file=0xd14a28, this=0x27d0dc) at ../../gold/target-select.h:83
No locals.
#6  gold::select_target (input_file=0xd14a28, offset=<optimized out>,
machine=40, size=32, 
    is_big_endian=false, osabi=0, abiversion=0) at
../../gold/target-select.cc:114
        ret = <optimized out>

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]