[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21669] New: strip from binutils-2.28 SIGSEGVs when strips
From: |
slyfox at inbox dot ru |
Subject: |
[Bug binutils/21669] New: strip from binutils-2.28 SIGSEGVs when strips ia64 files |
Date: |
Sat, 24 Jun 2017 14:52:24 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21669
Bug ID: 21669
Summary: strip from binutils-2.28 SIGSEGVs when strips ia64
files
Product: binutils
Version: 2.29 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: slyfox at inbox dot ru
Target Milestone: ---
Noticed when built gcc-6.3.0 and gcc-5.4.0 with bintils-2.28
(original report https://bugs.gentoo.org/show_bug.cgi?id=622500 )
In the build process of gcc the following object file is generated
that can crash 'strip':
http://dev.gentoo.org/~slyfox/bugs/622500-ia64-strip/dwarf2out.o
Reproducible both on native ia64 box and when running cross-binutils on x85_64.
-fsanitize=address detects out-of-bouds access as:
==17093==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61a000000598 ...
READ of size 8 at 0x61a000000598 thread T0
#0 0x7feeb6dd4333 in find_link binutils-gdb/bfd/elf.c:1295
#1 0x7feeb6dd48a1 in copy_special_section_fields
binutils-gdb/bfd/elf.c:1379
#2 0x7feeb6dd5391 in _bfd_elf_copy_private_bfd_data
binutils-gdb/bfd/elf.c:1501
#3 0x5623789a0952 in copy_object binutils-gdb/binutils/objcopy.c:2974
#4 0x5623789a25d4 in copy_file binutils-gdb/binutils/objcopy.c:3336
#5 0x5623789a6856 in strip_main binutils-gdb/binutils/objcopy.c:4261
#6 0x5623789ab0f9 in main binutils-gdb/binutils/objcopy.c:5368
#7 0x7feeb650f3f9 in __libc_start_main (/lib64/libc.so.6+0x39648203f9)
#8 0x562378996259 in _start (binutils-gdb/binutils/.libs/strip-new+0x16259)
The failure is easy to workaround but i'm not sure if comething breaks hint
invariant:
diff --git a/bfd/elf.c b/bfd/elf.c
index 5f37e7f79c..abb1499893 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1291,7 +1291,8 @@ find_link (const bfd * obfd, const Elf_Internal_Shdr *
iheader, const unsigned i
BFD_ASSERT (iheader != NULL);
/* See PR 20922 for a reproducer of the NULL test. */
- if (oheaders[hint] != NULL
+ if (hint < elf_numsections (obfd)
+ && oheaders[hint] != NULL
&& section_match (oheaders[hint], iheader))
return hint;
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21669] New: strip from binutils-2.28 SIGSEGVs when strips ia64 files,
slyfox at inbox dot ru <=
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, slyfox at inbox dot ru, 2017/06/24
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, slyfox at inbox dot ru, 2017/06/24
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, slyfox at inbox dot ru, 2017/06/24
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, slyfox at inbox dot ru, 2017/06/24
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, amodra at gmail dot com, 2017/06/24
- [Bug binutils/21669] strip from binutils-2.28 SIGSEGVs when strips ia64 files, amodra at gmail dot com, 2017/06/25