[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23114] New: objcopy segmentation fault

From: donald.zgd at gmail dot com
Subject: [Bug binutils/23114] New: objcopy segmentation fault
Date: Tue, 24 Apr 2018 09:15:31 +0000


            Bug ID: 23114
           Summary: objcopy segmentation fault
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: donald.zgd at gmail dot com
  Target Milestone: ---

Created attachment 10978
  --> https://sourceware.org/bugzilla/attachment.cgi?id=10978&action=edit
the malformed crash input

When calling "ignore_section_sym()" in function "elf_map_symbols()", objcopy
fails to check the value of sym->section->output_section. The value of
output_section can be 0x0.

# ------------
# Cmdline:
$ objcopy /tmp/objcopy_crash.input /dev/null

# ------------
# gdb output
Program received signal SIGSEGV, Segmentation fault.
0x000000000045f66c in ignore_section_sym (abfd=0x7882a0, sym=0x78ea80) at
4033                   || (sym->section->output_section->owner == abfd
(gdb) bt
#0  0x000000000045f66c in ignore_section_sym (abfd=0x7882a0, sym=0x78ea80) at
#1  0x000000000045f8df in elf_map_symbols (abfd=0x7882a0,
pnum_locals=0x7fffffffdcc8) at ../../bfd/elf.c:4099
#2  0x0000000000468d91 in swap_out_syms (abfd=0x7882a0, sttp=0x7fffffffddd8,
relocatable_p=1) at ../../bfd/elf.c:7760
#3  0x000000000045fdac in _bfd_elf_compute_section_file_positions
(abfd=0x7882a0, link_info=0x0) at ../../bfd/elf.c:4236
#4  0x0000000000465380 in _bfd_elf_write_object_contents (abfd=0x7882a0) at
#5  0x00000000004331ce in bfd_close (abfd=0x7882a0) at ../../bfd/opncls.c:731
#6  0x0000000000409021 in copy_file (
    input_filename=0x7fffffffe52e "/tmp/objcopy_crash.input",
    output_filename=0x7fffffffe578 "/dev/null", input_target=0x0,
output_target=0x532953 "elf32-i386", input_arch=0x0)
    at ../../binutils/objcopy.c:3539
#7  0x000000000040d048 in copy_main (argc=3, argv=0x7fffffffe248) at
#8  0x000000000040d384 in main (argc=3, argv=0x7fffffffe248) at
(gdb) info registers
rax            0x0      0
rbx            0x0      0
rcx            0x1      1
rdx            0x7860a0 7889056
rsi            0x78ea80 7924352
rdi            0x7882a0 7897760
rbp            0x7fffffffdc00   0x7fffffffdc00
rsp            0x7fffffffdc00   0x7fffffffdc00
r8             0x7ffff7bce188   140737349738888
r9             0x1      1
r10            0x1      1
r11            0x246    582
r12            0x4025c0 4203968
r13            0x7fffffffe240   140737488347712
r14            0x0      0
r15            0x0      0
rip            0x45f66c 0x45f66c <ignore_section_sym+181>
eflags         0x10283  [ CF SF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) info proc mappings
process 12323
Mapped address spaces:

          Start Addr           End Addr       Size     Offset objfile
            0x400000           0x566000   0x166000        0x0 /tmp/objcopy
            0x765000           0x777000    0x12000   0x165000 /tmp/objcopy
            0x777000           0x77e000     0x7000   0x177000 /tmp/objcopy
            0x77e000           0x7a4000    0x26000        0x0 [heap]
      0x7ffff7809000     0x7ffff79c9000   0x1c0000        0x0
      0x7ffff79c9000     0x7ffff7bc9000   0x200000   0x1c0000
      0x7ffff7bc9000     0x7ffff7bcd000     0x4000   0x1c0000
      0x7ffff7bcd000     0x7ffff7bcf000     0x2000   0x1c4000
      0x7ffff7bcf000     0x7ffff7bd3000     0x4000        0x0
      0x7ffff7bd3000     0x7ffff7bd6000     0x3000        0x0
      0x7ffff7bd6000     0x7ffff7dd5000   0x1ff000     0x3000
      0x7ffff7dd5000     0x7ffff7dd6000     0x1000     0x2000
      0x7ffff7dd6000     0x7ffff7dd7000     0x1000     0x3000
      0x7ffff7dd7000     0x7ffff7dfd000    0x26000        0x0
      0x7ffff7e49000     0x7ffff7fe1000   0x198000        0x0
      0x7ffff7fe1000     0x7ffff7fe5000     0x4000        0x0
      0x7ffff7ff0000     0x7ffff7ff7000     0x7000        0x0
      0x7ffff7ff7000     0x7ffff7ffa000     0x3000        0x0 [vvar]
      0x7ffff7ffa000     0x7ffff7ffc000     0x2000        0x0 [vdso]
      0x7ffff7ffc000     0x7ffff7ffd000     0x1000    0x25000
      0x7ffff7ffd000     0x7ffff7ffe000     0x1000    0x26000
      0x7ffff7ffe000     0x7ffff7fff000     0x1000        0x0
      0x7ffffffde000     0x7ffffffff000    0x21000        0x0 [stack]
  0xffffffffff600000 0xffffffffff601000     0x1000        0x0 [vsyscall]

# ------------
# Environment
$ uname -a
Linux 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64
x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

# ------------------------------
# Tested on the following two objcopy versions
# 1.
$ git rev-parse HEAD
# 2.
$ /usr/bin/objcopy --version
GNU objcopy (GNU Binutils for Ubuntu) 2.26.1
Copyright (C) 2015 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.

# ------------------------------
This bug was found by Guodong Zhu and Kang Li with Team Seri0us at 360.

You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]