[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/20317] Segmentation fault in ld; invalid write in bfd_section_fr
|
From: |
dpovey at gmail dot com |
|
Subject: |
[Bug ld/20317] Segmentation fault in ld; invalid write in bfd_section_from_shdr |
|
Date: |
Thu, 30 Jun 2016 01:08:00 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=20317
--- Comment #1 from Dan Povey <dpovey at gmail dot com> ---
OK, I compiled binutils from source with debug, and I got it in a debugger.
The error occurs in bfd.c line 2084, in the statement
sections_being_created [shindex] = FALSE;
where shindex is 832, and it looks like the size of the
'sections_being_created' array is also 832.
I don't understand what the code is doing but I printed some variables that
seem to be relevant, please see below.
Dan
---------
address@hidden /usr/src/binutils/binutils-2.22 $ cd
~jtrmal/soft/openfst-1.5.3/src/script
address@hidden ~/soft/openfst-1.5.3/src/script $ valgrind --db-attach=yes
/usr/src/binutils/binutils-2.22/ld/ld-new --sysroot=/ --build-id
--no-add-needed --eh-frame-hdr -m elf_x86_64 --hash-style=both -shared -o
.libs/libfstscript.so.4.0.0 -L/usr/lib/gcc/x86_64-linux-gnu/4.7
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../..
-L/usr/lib/gcc/x86_64-linux-gnu/4.7
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../..
/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/4.7/crtbeginS.o .libs/arciterator-class.o
.libs/arcsort.o .libs/closure.o .libs/compile.o .libs/compose.o .libs/concat.o
.libs/connect.o .libs/convert.o .libs/decode.o .libs/determinize.o
.libs/difference.o .libs/disambiguate.o .libs/draw.o .libs/encode.o
.libs/encodemapper-class.o .libs/epsnormalize.o .libs/equal.o
.libs/equivalent.o .libs/fst-class.o .libs/info.o .libs/intersect.o
.libs/invert.o .libs/isomorphic.o .libs/map.o .libs/minimize.o .libs/print.o
.libs/project.o .libs/prune.o .libs/push.o .libs/randequivalent.o
.libs/randgen.o .libs/relabel.o .libs/replace.o .libs/reverse.o
.libs/reweight.o .libs/rmepsilon.o .libs/script-impl.o
.libs/shortest-distance.o .libs/shortest-path.o .libs/stateiterator-class.o
.libs/synchronize.o .libs/text-io.o .libs/topsort.o .libs/union.o
.libs/weight-class.o .libs/verify.o -rpath
/home/jtrmal/soft/openfst-1.5.3/src/lib/.libs ../lib/.libs/libfst.so -ldl
-lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/x86_64-linux-gnu/4.7/crtendS.o
/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crtn.o -soname
libfstscript.so.4
==17439== Memcheck, a memory error detector
==17439== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==17439== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==17439== Command: /usr/src/binutils/binutils-2.22/ld/ld-new --sysroot=/
--build-id --no-add-needed --eh-frame-hdr -m elf_x86_64 --hash-style=both
-shared -o .libs/libfstscript.so.4.0.0 -L/usr/lib/gcc/x86_64-linux-gnu/4.7
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../..
-L/usr/lib/gcc/x86_64-linux-gnu/4.7
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib -L/lib/x86_64-linux-gnu
-L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib
-L/usr/lib/gcc/x86_64-linux-gnu/4.7/../../..
/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crti.o
/usr/lib/gcc/x86_64-linux-gnu/4.7/crtbeginS.o .libs/arciterator-class.o
.libs/arcsort.o .libs/closure.o .libs/compile.o .libs/compose.o .libs/concat.o
.libs/connect.o .libs/convert.o .libs/decode.o .libs/determinize.o
.libs/difference.o .libs/disambiguate.o .libs/draw.o .libs/encode.o
.libs/encodemapper-class.o .libs/epsnormalize.o .libs/equal.o
.libs/equivalent.o .libs/fst-class.o .libs/info.o .libs/intersect.o
.libs/invert.o .libs/isomorphic.o .libs/map.o .libs/minimize.o .libs/print.o
.libs/project.o .libs/prune.o .libs/push.o .libs/randequivalent.o
.libs/randgen.o .libs/relabel.o .libs/replace.o .libs/reverse.o
.libs/reweight.o .libs/rmepsilon.o .libs/script-impl.o
.libs/shortest-distance.o .libs/shortest-path.o .libs/stateiterator-class.o
.libs/synchronize.o .libs/text-io.o .libs/topsort.o .libs/union.o
.libs/weight-class.o .libs/verify.o -rpath
/home/jtrmal/soft/openfst-1.5.3/src/lib/.libs ../lib/.libs/libfst.so -ldl
-lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/x86_64-linux-gnu/4.7/crtendS.o
/usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crtn.o -soname
libfstscript.so.4
==17439==
==17439== Invalid write of size 4
==17439== at 0x460B24: bfd_section_from_shdr (elf.c:2084)
==17439== by 0x4536BD: bfd_elf64_object_p (elfcode.h:807)
==17439== by 0x4385EF: bfd_check_format_matches (format.c:172)
==17439== by 0x41C2D1: ldfile_try_open_bfd (ldfile.c:316)
==17439== by 0x41C95B: ldfile_open_file (ldfile.c:428)
==17439== by 0x410EA7: load_symbols (ldlang.c:2703)
==17439== by 0x411BC2: open_input_bfds (ldlang.c:3296)
==17439== by 0x413FD9: lang_process (ldlang.c:6570)
==17439== by 0x403746: main (ldmain.c:405)
==17439== Address 0x114d1130 is 0 bytes after a block of size 3,344 alloc'd
==17439== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==17439== by 0x4B9FF4: _objalloc_alloc (objalloc.c:143)
==17439== by 0x43A0A8: bfd_alloc (opncls.c:931)
==17439== by 0x43A165: bfd_zalloc (opncls.c:980)
==17439== by 0x4608DE: bfd_section_from_shdr (elf.c:1614)
==17439== by 0x461667: bfd_section_from_shdr (elf.c:1904)
==17439== by 0x4536BD: bfd_elf64_object_p (elfcode.h:807)
==17439== by 0x4385EF: bfd_check_format_matches (format.c:172)
==17439== by 0x41C2D1: ldfile_try_open_bfd (ldfile.c:316)
==17439== by 0x41C95B: ldfile_open_file (ldfile.c:428)
==17439== by 0x410EA7: load_symbols (ldlang.c:2703)
==17439== by 0x411BC2: open_input_bfds (ldlang.c:3296)
==17439==
==17439==
==17439== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==17439== starting debugger with cmd: /usr/bin/gdb -nw /proc/19907/fd/1024
19907
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /proc/19907/fd/1024...done.
Attaching to program: /proc/19907/fd/1024, process 19907
Reading symbols from /usr/lib/valgrind/vgpreload_core-amd64-linux.so...Reading
symbols from
/usr/lib/debug/usr/lib/valgrind/vgpreload_core-amd64-linux.so...done.
done.
Loaded symbols for /usr/lib/valgrind/vgpreload_core-amd64-linux.so
Reading symbols from
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so...Reading symbols from
/usr/lib/debug/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so...done.
done.
Loaded symbols for /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
Reading symbols from /lib/x86_64-linux-gnu/libz.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libz.so.1
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...Reading symbols from
/usr/lib/debug/lib/x86_64-linux-gnu/libdl-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libdl.so.2
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...Reading symbols from
/usr/lib/debug/lib/x86_64-linux-gnu/libc-2.13.so...done.
done.
Loaded symbols for /lib/x86_64-linux-gnu/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Failed to read a valid object file image from memory.
bfd_section_from_shdr (address@hidden, address@hidden)
at elf.c:2084
2084 sections_being_created [shindex] = FALSE;
(gdb) p shindex
$1 = 832
(gdb) p num_sec
No symbol "num_sec" in current context.
(gdb) p abfd->tdata.elf_obj_data->num_elf_sections
$2 = 3434
(gdb) p nesting
$3 = 3
(gdb) p sections_being_created_abfd
$4 = (bfd *) 0x113c6f90
(gdb) p abfd
$5 = (bfd *) 0x1153aa90
(gdb) p sections_being_created_abfd->tdata.elf_obj_data->num_elf_sections
$6 = 832
(gdb)
(gdb) p *(abfd->tdata.elf_obj_data)
$9 = {
elf_header = {{
e_ident = "\177ELF\002\001\001\003\000\000\000\000\000\000\000",
e_entry = 0,
e_phoff = 0,
e_shoff = 335600,
e_version = 1,
e_flags = 0,
e_type = 1,
e_machine = 62,
e_ehsize = 64,
e_phentsize = 0,
e_phnum = 0,
e_shentsize = 64,
e_shnum = 3434,
e_shstrndx = 3431
}},
elf_sect_ptr = 0x11589070,
phdr = 0x0,
segment_map = 0x0,
strtab_ptr = 0x0,
num_locals = 0,
num_globals = 0,
num_elf_sections = 3434,
num_section_syms = 0,
section_syms = 0x0,
symtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
---Type <return> to continue, or q <return> to quit---
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
shstrtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
strtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynsymtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
---Type <return> to continue, or q <return> to quit---
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynstrtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynversym_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
---Type <return> to continue, or q <return> to quit---
contents = 0x0
},
dynverref_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynverdef_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
symtab_shndx_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
---Type <return> to continue, or q <return> to quit---
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
symtab_section = 0,
shstrtab_section = 0,
strtab_section = 0,
dynsymtab_section = 0,
symtab_shndx_section = 0,
dynversym_section = 0,
dynverdef_section = 0,
dynverref_section = 0,
next_file_pos = 0,
gp = 0,
gp_size = 0,
core_signal = 0,
core_pid = 0,
core_lwpid = 0,
core_program = 0x0,
core_command = 0x0,
sym_hashes = 0x0,
local_got = {
refcounts = 0x0,
offsets = 0x0,
ents = 0x0
},
dt_name = 0x0,
dt_audit = 0x0,
program_header_size = 18446744073709551615,
line_info = 0x0,
find_line_info = 0x0,
dwarf1_find_line_info = 0x0,
---Type <return> to continue, or q <return> to quit---
dwarf2_find_line_info = 0x0,
local_stubs = 0x0,
local_call_stubs = 0x0,
eh_frame_hdr = 0x0,
group_sect_ptr = 0x0,
num_group = 0,
cverdefs = 0,
cverrefs = 0,
stack_flags = 0,
verdef = 0x0,
verref = 0x0,
elf_data_symbol = 0x0,
elf_text_symbol = 0x0,
elf_data_section = 0x0,
elf_text_section = 0x0,
eh_frame_section = 0x0,
dyn_lib_class = DYN_NORMAL,
linker = 0,
bad_symtab = 0,
flags_init = 0,
symbuf = 0x0,
known_obj_attributes = {{{
type = 0,
i = 0,
s = 0x0
} <repeats 71 times>}, {{
type = 0,
i = 0,
s = 0x0
} <repeats 71 times>}},
other_obj_attributes = {0x0, 0x0},
after_write_object_contents = 0,
after_write_object_contents_info = 0x0,
build_id_size = 0,
build_id = 0x0,
sdt_note_head = 0x0,
---Type <return> to continue, or q <return> to quit---
has_gnu_symbols = 0,
object_id = X86_64_ELF_DATA
}
(gdb)
(gdb) p *(sections_being_created_abfd->tdata.elf_obj_data)
$10 = {
elf_header = {{
e_ident = "\177ELF\002\001\001\003\000\000\000\000\000\000\000",
e_entry = 0,
e_phoff = 0,
e_shoff = 85440,
e_version = 1,
e_flags = 0,
e_type = 1,
e_machine = 62,
e_ehsize = 64,
e_phentsize = 0,
e_phnum = 0,
e_shentsize = 64,
e_shnum = 832,
e_shstrndx = 829
}},
elf_sect_ptr = 0x113e27f0,
phdr = 0x0,
segment_map = 0x0,
strtab_ptr = 0x0,
num_locals = 0,
num_globals = 0,
num_elf_sections = 832,
num_section_syms = 0,
section_syms = 0x0,
symtab_hdr = {
sh_name = 1,
sh_type = 2,
sh_flags = 0,
sh_addr = 0,
sh_offset = 138688,
sh_size = 29568,
sh_link = 831,
sh_info = 785,
sh_addralign = 8,
---Type <return> to continue, or q <return> to quit---
sh_entsize = 24,
bfd_section = 0x0,
contents = 0x0
},
shstrtab_hdr = {
sh_name = 17,
sh_type = 3,
sh_flags = 0,
sh_addr = 0,
sh_offset = 58104,
sh_size = 27331,
sh_link = 0,
sh_info = 0,
sh_addralign = 1,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x113e4240 ""
},
strtab_hdr = {
sh_name = 9,
sh_type = 3,
sh_flags = 0,
sh_addr = 0,
sh_offset = 168256,
sh_size = 39567,
sh_link = 0,
sh_info = 0,
sh_addralign = 1,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x114d3bb0 ""
},
dynsymtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
---Type <return> to continue, or q <return> to quit---
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynstrtab_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynversym_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
---Type <return> to continue, or q <return> to quit---
contents = 0x0
},
dynverref_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
dynverdef_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
symtab_shndx_hdr = {
sh_name = 0,
sh_type = 0,
sh_flags = 0,
sh_addr = 0,
sh_offset = 0,
---Type <return> to continue, or q <return> to quit---
sh_size = 0,
sh_link = 0,
sh_info = 0,
sh_addralign = 0,
sh_entsize = 0,
bfd_section = 0x0,
contents = 0x0
},
symtab_section = 830,
shstrtab_section = 0,
strtab_section = 0,
dynsymtab_section = 0,
symtab_shndx_section = 0,
dynversym_section = 0,
dynverdef_section = 0,
dynverref_section = 0,
next_file_pos = 0,
gp = 0,
gp_size = 8,
core_signal = 0,
core_pid = 0,
core_lwpid = 0,
core_program = 0x0,
core_command = 0x0,
sym_hashes = 0x1151afc0,
local_got = {
refcounts = 0x0,
offsets = 0x0,
ents = 0x0
},
dt_name = 0x0,
dt_audit = 0x0,
program_header_size = 18446744073709551615,
line_info = 0x0,
find_line_info = 0x0,
dwarf1_find_line_info = 0x0,
---Type <return> to continue, or q <return> to quit---
dwarf2_find_line_info = 0x0,
local_stubs = 0x0,
local_call_stubs = 0x0,
eh_frame_hdr = 0x0,
group_sect_ptr = 0x114d1180,
num_group = 307,
cverdefs = 0,
cverrefs = 0,
stack_flags = 0,
verdef = 0x0,
verref = 0x0,
elf_data_symbol = 0x0,
elf_text_symbol = 0x0,
elf_data_section = 0x0,
elf_text_section = 0x0,
eh_frame_section = 0x0,
dyn_lib_class = DYN_NORMAL,
linker = 0,
bad_symtab = 0,
flags_init = 0,
symbuf = 0x0,
known_obj_attributes = {{{
type = 0,
i = 0,
s = 0x0
} <repeats 71 times>}, {{
type = 0,
i = 0,
s = 0x0
} <repeats 71 times>}},
other_obj_attributes = {0x0, 0x0},
after_write_object_contents = 0,
after_write_object_contents_info = 0x0,
build_id_size = 0,
build_id = 0x0,
sdt_note_head = 0x0,
---Type <return> to continue, or q <return> to quit---
has_gnu_symbols = 0,
object_id = X86_64_ELF_DATA
}
(gdb)
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.