[Bug ld/19516] New: microblaze: invalid symbol indices in GLOB_DAT relocs

[bugdal at aerifal dot cx]

https://sourceware.org/bugzilla/show_bug.cgi?id=19516

            Bug ID: 19516
           Summary: microblaze: invalid symbol indices in GLOB_DAT relocs
           Product: binutils
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: bugdal at aerifal dot cx
  Target Milestone: ---

Current git versions of musl libc (since commit ad1cd43a86) are producing a
libc.so that crashes during startup due to a bogus GLOB_DAT relocations with
symbol index 0xffffff in libc's dynamic symbol table. I don't have a minimal
test case to reproduce it yet, but the problem seems to be an interaction of
several features including --gc-sections, -Bsymbolic-functions, and possibly
hidden-visibility weak references.

I've identified the code that's producing these invalid relocations:

https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elf32-microblaze.c;h=b9c32a4b2e9e09988e2a9e8898ccd888207f8794;hb=HEAD#l3293

The 'if' code path has some exclusions so that the 'else' path can be taken
even when h->dynindx==-1, and in this case, it becomes 0xffffff when limited to
the 24-bit symbol index field of r_info.

IMO microblaze_elf_output_dynamic_relocation should have an assertion to check
for index -1 when producing a relocation that references a symbol, since this
is malformed. But I'm not sure whether fixing the above logic is sufficient to
fix the bug. It's possible that these GOT slots referencing symbol index -1
should have been removed much earlier in the linking process.

I'll try to follow up with a minimal test case or see if one of our users
affected by the issue can do so.

-- 
You are receiving this mail because:
You are on the CC list for the bug.