[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25221] New: objcopy : SIGSEGV in bfd_convert_section_conte
From: |
fdgkhdkgh at gmail dot com |
Subject: |
[Bug binutils/25221] New: objcopy : SIGSEGV in bfd_convert_section_contents (bfd.c:2848) |
Date: |
Sat, 23 Nov 2019 14:32:16 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25221
Bug ID: 25221
Summary: objcopy : SIGSEGV in bfd_convert_section_contents
(bfd.c:2848)
Product: binutils
Version: 2.34 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: fdgkhdkgh at gmail dot com
Target Milestone: ---
Created attachment 12089
--> https://sourceware.org/bugzilla/attachment.cgi?id=12089&action=edit
file that reproduces this problem
binutils Version : 2.34(HEAD)
git clone git://sourceware.org/git/binutils-gdb.git
OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0
Steps to Reproduce :
download the sample from attachment
objcopy -I elf32-i386 -O elf64-little -B i386 ./fault_sample
./arbitrary_file_name
In function bfd_convert_section_contents, it will call memcpy with incredibly
big size, and trigger "SIGSEGV"
----
gdb backtrace :
#0 __memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:527
#1 0x00005555555a568a in memcpy (__len=0xfffffffffffffff8, __src=<optimized
out>, __dest=0x5555558b8ec8) at
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 bfd_convert_section_contents (ibfd=<optimized out>, isec=<optimized out>,
obfd=0x5555558b5d40, ptr=0x7fffffffdb10, ptr_size=0x7fffffffdb08) at bfd.c:2848
#3 0x000055555558a602 in copy_section (ibfd=0x5555558ab3c0,
isection=0x5555558ac930, obfdarg=0x5555558b5d40) at objcopy.c:4310
#4 0x00005555555ac27c in bfd_map_over_sections (abfd=0x5555558ab3c0,
operation=0x55555558a4b0 <copy_section>, user_storage=0x5555558b5d40) at
section.c:1357
#5 0x000055555558bf1c in copy_object (ibfd=<optimized out>, obfd=<optimized
out>, input_arch=<optimized out>) at objcopy.c:3222
#6 0x000055555558e029 in copy_file (input_filename=0x7fffffffe343
"./fault_sample", output_filename=0x7fffffffe352 "./abc",
input_target=<optimized out>, output_target=<optimized out>,
input_arch=0x55555589d460 <bfd_i386_arch>) at objcopy.c:3788
#7 0x0000555555588170 in copy_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:5838
#8 main (argc=<optimized out>, argc@entry=0x9, argv=<optimized out>,
argv@entry=0x7fffffffdf68) at objcopy.c:5964
#9 0x00007ffff7801b97 in __libc_start_main (main=0x555555586520 <main>,
argc=0x9, argv=0x7fffffffdf68, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>,
stack_end=0x7fffffffdf58) at ../csu/libc-start.c:310
#10 0x000055555558901a in _start ()
-------
gdb peda report:
[----------------------------------registers-----------------------------------]
RAX: 0x5555558b8ec8 --> 0x351
RBX: 0x10
RCX: 0x55555589dc94 --> 0xf796af8000007fff
RDX: 0xfffffffffffe50f8
RSI: 0x5555558b8bbc --> 0x140
RDI: 0x5555558b8ec8 --> 0x351
RBP: 0x5555558b5d40 --> 0x1ed000001ed00000
RSP: 0x7fffffffda88 --> 0x5555555a568a (<bfd_convert_section_contents+554>:
mov rdi,QWORD PTR [r13+0x0])
RIP: 0x7ffff796ee69 (<__memmove_avx_unaligned_erms+921>: vmovntdq
YMMWORD PTR [r9-0x40],ymm2)
R8 : 0x0
R9 : 0x55555589e020 --> 0xf785e25000007fff
R10: 0x5555558b8b8c --> 0x5555558b3e98 --> 0x558ad2b000000000
R11: 0x5555558b8ea0 --> 0x2b00000000 ('')
R12: 0x5555558b8eb0 --> 0x2100005555 ('UU')
R13: 0x7fffffffdb10 --> 0x5555558b8bb0 --> 0x558b448800005555
R14: 0x7fffffffdb08 --> 0x4
R15: 0xe40
EFLAGS: 0x10282 (carry parity adjust zero SIGN trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
0x7ffff796ee57 <__memmove_avx_unaligned_erms+903>: sub rdx,0x80
0x7ffff796ee5e <__memmove_avx_unaligned_erms+910>: vmovntdq YMMWORD PTR
[r9],ymm0
0x7ffff796ee63 <__memmove_avx_unaligned_erms+915>: vmovntdq YMMWORD PTR
[r9-0x20],ymm1
=> 0x7ffff796ee69 <__memmove_avx_unaligned_erms+921>: vmovntdq YMMWORD PTR
[r9-0x40],ymm2
0x7ffff796ee6f <__memmove_avx_unaligned_erms+927>: vmovntdq YMMWORD PTR
[r9-0x60],ymm3
0x7ffff796ee75 <__memmove_avx_unaligned_erms+933>: sub r9,0x80
0x7ffff796ee7c <__memmove_avx_unaligned_erms+940>: cmp rdx,0x80
0x7ffff796ee83 <__memmove_avx_unaligned_erms+947>: ja 0x7ffff796ee21
<__memmove_avx_unaligned_erms+849>
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffda88 --> 0x5555555a568a (<bfd_convert_section_contents+554>:
mov rdi,QWORD PTR [r13+0x0])
0008| 0x7fffffffda90 --> 0x4
0016| 0x7fffffffda98 --> 0xfffffffffffffff8
0024| 0x7fffffffdaa0 --> 0x0
0032| 0x7fffffffdaa8 --> 0x55555558a36c (<is_strip_section+12>: test eax,eax)
0040| 0x7fffffffdab0 --> 0x5555558ab3c0 --> 0x8100000000
0048| 0x7fffffffdab8 --> 0x5555558ac930 --> 0x0
0056| 0x7fffffffdac0 --> 0x5555558b5d40 --> 0x1ed000001ed00000
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
__memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:527
--
You are receiving this mail because:
You are on the CC list for the bug.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug binutils/25221] New: objcopy : SIGSEGV in bfd_convert_section_contents (bfd.c:2848),
fdgkhdkgh at gmail dot com <=