bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/21914] New: [x86_64] SEGV during link

From: dhowells at redhat dot com
Subject: [Bug ld/21914] New: [x86_64] SEGV during link
Date: Mon, 07 Aug 2017 14:55:16 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=21914

            Bug ID: 21914
           Summary: [x86_64] SEGV during link
           Product: binutils
           Version: 2.29
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: dhowells at redhat dot com
  Target Milestone: ---

Created attachment 10322
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10322&action=edit
Test data

ld from binutils-2.29 can be made to crash when attempting to link the attached
test data.  The test data needs to be decompressed and then ld commanded as
follows:

x86_64-linux-gnu-ld  -m elf_i386 -N --no-check-sections
--section-start=.prefix=0 --gc-sections -static -o usbdisk.bin --oformat binary
-e 0 usbdisk.o

Note that the ld being used here is an x86_64-on-x86_64 cross.

Poking around in the crashed ld process with gdb shows:

Program received signal SIGSEGV, Segmentation fault.
0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
(gdb) bt
#0  0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
#1  0x0000000000412bfa in lang_place_orphans ()
    at ../../binutils-2.29/ld/ldlang.c:6396
#2  0x0000000000416f21 in lang_process ()
    at ../../binutils-2.29/ld/ldlang.c:7198
#3  0x0000000000403ee0 in main (argc=<optimized out>, argv=<optimized out>)
    at ../../binutils-2.29/ld/ldmain.c:413

The fault apparently occurs on line 1978 in the following:

1977            if (os->bfd_section != NULL
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
1979                    == elf_section_data (s)->this_hdr.sh_info)
1980                && (os->bfd_section->flags == 0
1981                    || ((!bfd_link_relocatable (&link_info)
1982                         || (iself && (((elf_section_flags (s)
1983                                         ^ elf_section_flags
(os->bfd_section))
1984                                        & SHF_EXCLUDE) == 0)))

(gdb) p os
$1 = (lang_output_section_statement_type *) 0x81e168
(gdb) p os->bfd_section
$2 = (asection *) 0x820720
(gdb) p s
$3 = (asection *) 0x82cea0

Looking at the disassembly, line 1977 starts here:

   0x000000000042e386 <+822>:   mov    0x38(%rbx),%rsi
   0x000000000042e38a <+826>:   test   %rsi,%rsi
   0x000000000042e38d <+829>:   je     0x42e448 <gldelf_i386_place_orphan+1016>
   0x000000000042e393 <+835>:   mov    0xe0(%rsi),%rax
   0x000000000042e39a <+842>:   mov    0xe0(%rbp),%rdx
   0x000000000042e3a1 <+849>:   mov    0x2c(%rdx),%ecx
=> 0x000000000042e3a4 <+852>:   cmp    %ecx,0x2c(%rax)

So %rbx holds 'os', %rsi holds 'os->bfd_section' and %rbp holds 's'.

(gdb) p/x *(long*)($rsi+0xe0)
$13 = 0x0
(gdb) p/x *(long*)($rbp+0xe0)
$14 = 0x82f170

So elf_section_data (os->bfd_section) returns NULL and a SEGV occurs when we
try and dereference it.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]