[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/20096] New: strip-new crash when strip a specified file
|
From: |
ecular at 163 dot com |
|
Subject: |
[Bug binutils/20096] New: strip-new crash when strip a specified file |
|
Date: |
Sat, 14 May 2016 03:10:21 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=20096
Bug ID: 20096
Summary: strip-new crash when strip a specified file
Product: binutils
Version: 2.26
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: ecular at 163 dot com
Target Milestone: ---
Hi there,
I crashed strip-new with flag -s when strip the attached file.
It is a NULL pointer dereference at line 3225 in objcopy.c
copy_relocations_in_section (bfd *ibfd, sec_ptr isection, void *obfdarg):
3221 for (i = 0; i < relcount; i++)
3222 {
3223 /* PR 17512: file: 9e907e0c. */
3224 if (relpp[i]->sym_ptr_ptr)
3225 if (is_specified_symbol (bfd_asymbol_name
(*relpp[i]->sym_ptr_ptr),
3226 keep_specific_htab))
3227 temp_relpp [temp_relcount++] = relpp [i];
3228 }
3229 relcount = temp_relcount;
3230 free (relpp);
3231 relpp = temp_relpp;
3232 }
There has a NULL pointer check for relpp[i]->sym_ptr_ptr at line 3224, but has
no check for *relpp[i]->sym_ptr_ptr. So it will crash at line 3225:
bfd_asymbol_name (*relpp[i]->sym_ptr_ptr) when *relpp[i]->sym_ptr_ptr = NULL.
Which bfd_asymbol_name is a micro :
#define bfd_asymbol_name(x) ((x)->name)
the gdb output likes this:
Program received signal SIGSEGV, Segmentation fault.
0x000000000040868f in copy_relocations_in_section (ibfd=0x79ac70,
isection=0x79be30,
obfdarg=0x79e020) at objcopy.c:3225
3225 if (is_specified_symbol (bfd_asymbol_name
(*relpp[i]->sym_ptr_ptr),
(gdb) bt
#0 0x000000000040868f in copy_relocations_in_section (ibfd=0x79ac70,
isection=0x79be30,
obfdarg=0x79e020) at objcopy.c:3225
#1 0x0000000000441c9a in bfd_map_over_sections (abfd=0x79ac70,
operation=0x4084a7 <copy_relocations_in_section>, user_storage=0x79e020) at
section.c:1392
#2 0x00000000004069fa in copy_object (ibfd=0x79ac70, obfd=0x79e020,
input_arch=0x0)
at objcopy.c:2368
#3 0x0000000000407b06 in copy_file (
input_filename=0x7fffffffe730
"output/crashes/id:000007,sig:11,src:001990,op:ext_AO,pos:12",
output_filename=0x79ac40 "output/crashes/stfxaeQ4", input_target=0x0,
output_target=0x54e4b0 "a.out-i386-linux", input_arch=0x0) at
objcopy.c:2817
#4 0x0000000000409666 in strip_main (argc=3, argv=0x7fffffffe498) at
objcopy.c:3680
#5 0x000000000040bac9 in main (argc=3, argv=0x7fffffffe498) at objcopy.c:4766
(gdb) print *relpp[i]->sym_ptr_ptr
$6 = (struct bfd_symbol *) 0x0
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/20096] New: strip-new crash when strip a specified file,
ecular at 163 dot com <=
- [Bug binutils/20096] strip-new crash when strip a specified file, address@hidden, 2016/05/14
- [Bug binutils/20096] strip-new crash when strip a specified file, ecular at 163 dot com, 2016/05/14
- [Bug binutils/20096] strip-new crash when strip a specified file, cvs-commit at gcc dot gnu.org, 2016/05/18
- [Bug binutils/20096] strip-new crash when strip a specified file, nickc at redhat dot com, 2016/05/18
- [Bug binutils/20096] strip-new crash when strip a specified file, ecular at 163 dot com, 2016/05/18