[Bug binutils/18420] New: Segfault in readelf with --unwind option

[duretsimon73 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=18420

            Bug ID: 18420
           Summary: Segfault in readelf with --unwind option
           Product: binutils
           Version: 2.25
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: duretsimon73 at gmail dot com
  Target Milestone: ---

Created attachment 8318
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8318&action=edit
ELF 32-bit MSB executable, IA-64, version 1, dynamically linked, interpreter
/usr/lib/hpux32/uld.so:/usr/lib/hpux32/dld.so, stripped, too many notes (256)

Hello,

the attached file cause a segfault on readelf when used with --unwind option
(or --all)

Here are information about the crash :


GNU readelf (GNU Binutils) 2.25.51.20150516
Copyright (C) 2015 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.


Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x6ed001 
RBX: 0x6ed000 
RCX: 0x0 
RDX: 0x2d ('-')
RSI: 0x7ffff7bd3970 --> 0x0 
RDI: 0x7ffff7bd2740 --> 0xfbad2a84 
RBP: 0x0 
RSP: 0x7fffffffe400 --> 0xd ('\r')
RIP: 0x425b9f (<unw_decode_p2_p5+255>:  movzx  ebp,BYTE PTR [rbx])
R8 : 0x7ffff7bd3970 --> 0x0 
R9 : 0x7ffff7fc4700 (0x00007ffff7fc4700)
R10: 0x97 
R11: 0x246 
R12: 0xaaaaaaaaaaaaaaab 
R13: 0x117db4 
R14: 0x6a70b8 --> 0x100100d8de0300 
R15: 0x34 ('4')
EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x425b93 <unw_decode_p2_p5+243>:     nop    DWORD PTR [rax+rax*1+0x0]
   0x425b98 <unw_decode_p2_p5+248>:     lea    rax,[rbx+0x1]
   0x425b9c <unw_decode_p2_p5+252>:     test   r13,r13
=> 0x425b9f <unw_decode_p2_p5+255>:     movzx  ebp,BYTE PTR [rbx]
   0x425ba2 <unw_decode_p2_p5+258>:     mov    rbx,rax
   0x425ba5 <unw_decode_p2_p5+261>:     jne    0x425be0 <unw_decode_p2_p5+320>
   0x425ba7 <unw_decode_p2_p5+263>:     mov    ecx,r13d
   0x425baa <unw_decode_p2_p5+266>:     movzx  edx,bpl
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffe400 --> 0xd ('\r')
0008| 0x7fffffffe408 --> 0x7ffff7883139 (<printf+153>:  add    rsp,0xd8)
0016| 0x7fffffffe410 --> 0x7fffffffe4e0 --> 0x1 
0024| 0x7fffffffe418 --> 0x3000000018 
0032| 0x7fffffffe420 --> 0x7fffffffe4f0 --> 0x7ffff7003162 
0040| 0x7fffffffe428 --> 0x7fffffffe430 --> 0x43f859 --> 0x726f746f4d007270
('pr')
0048| 0x7fffffffe430 --> 0x43f859 --> 0x726f746f4d007270 ('pr')
0056| 0x7fffffffe438 --> 0x448ae3 --> 0x53444e5f52003150 ('P1')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x0000000000425b9f in unw_decode_p2_p5 (dp=<optimized out>, code=<optimized
out>, arg=<optimized out>) at unwind-ia64.c:780
780         UNW_DEC_SPILL_MASK ("P4", dp, arg);

gdb-peda$ bt
#0  0x0000000000425b9f in unw_decode_p2_p5 (dp=<optimized out>, code=<optimized
out>, arg=<optimized out>) at unwind-ia64.c:780
#1  0x00000000004118e9 in dump_ia64_unwind (aux=<optimized out>) at
readelf.c:6738
#2  ia64_process_unwind (file=0x7ffff7bd2740 <_IO_2_1_stdout_>) at
readelf.c:7019
#3  0x0000000000423e63 in process_unwind (file=0x67f010) at readelf.c:8435
#4  process_object (address@hidden "./pown/file",
address@hidden) at readelf.c:16015
#5  0x0000000000401d41 in process_file (file_name=0x7fffffffeb80 "./pown/file")
at readelf.c:16397
#6  main (argc=0x3, argv=0x7fffffffe898) at readelf.c:16468
#7  0x00007ffff7854800 in __libc_start_main () from /usr/lib/libc.so.6
#8  0x0000000000401f19 in _start ()

Best regards,
Tosh

-- 
You are receiving this mail because:
You are on the CC list for the bug.