[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/21914] New: [x86_64] SEGV during link
From: |
dhowells at redhat dot com |
Subject: |
[Bug ld/21914] New: [x86_64] SEGV during link |
Date: |
Mon, 07 Aug 2017 14:55:16 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21914
Bug ID: 21914
Summary: [x86_64] SEGV during link
Product: binutils
Version: 2.29
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: dhowells at redhat dot com
Target Milestone: ---
Created attachment 10322
--> https://sourceware.org/bugzilla/attachment.cgi?id=10322&action=edit
Test data
ld from binutils-2.29 can be made to crash when attempting to link the attached
test data. The test data needs to be decompressed and then ld commanded as
follows:
x86_64-linux-gnu-ld -m elf_i386 -N --no-check-sections
--section-start=.prefix=0 --gc-sections -static -o usbdisk.bin --oformat binary
-e 0 usbdisk.o
Note that the ld being used here is an x86_64-on-x86_64 cross.
Poking around in the crashed ld process with gdb shows:
Program received signal SIGSEGV, Segmentation fault.
0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0,
secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
1978 && (elf_section_data (os->bfd_section)->this_hdr.sh_info
(gdb) bt
#0 0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0,
secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
#1 0x0000000000412bfa in lang_place_orphans ()
at ../../binutils-2.29/ld/ldlang.c:6396
#2 0x0000000000416f21 in lang_process ()
at ../../binutils-2.29/ld/ldlang.c:7198
#3 0x0000000000403ee0 in main (argc=<optimized out>, argv=<optimized out>)
at ../../binutils-2.29/ld/ldmain.c:413
The fault apparently occurs on line 1978 in the following:
1977 if (os->bfd_section != NULL
1978 && (elf_section_data (os->bfd_section)->this_hdr.sh_info
1979 == elf_section_data (s)->this_hdr.sh_info)
1980 && (os->bfd_section->flags == 0
1981 || ((!bfd_link_relocatable (&link_info)
1982 || (iself && (((elf_section_flags (s)
1983 ^ elf_section_flags
(os->bfd_section))
1984 & SHF_EXCLUDE) == 0)))
(gdb) p os
$1 = (lang_output_section_statement_type *) 0x81e168
(gdb) p os->bfd_section
$2 = (asection *) 0x820720
(gdb) p s
$3 = (asection *) 0x82cea0
Looking at the disassembly, line 1977 starts here:
0x000000000042e386 <+822>: mov 0x38(%rbx),%rsi
0x000000000042e38a <+826>: test %rsi,%rsi
0x000000000042e38d <+829>: je 0x42e448 <gldelf_i386_place_orphan+1016>
0x000000000042e393 <+835>: mov 0xe0(%rsi),%rax
0x000000000042e39a <+842>: mov 0xe0(%rbp),%rdx
0x000000000042e3a1 <+849>: mov 0x2c(%rdx),%ecx
=> 0x000000000042e3a4 <+852>: cmp %ecx,0x2c(%rax)
So %rbx holds 'os', %rsi holds 'os->bfd_section' and %rbp holds 's'.
(gdb) p/x *(long*)($rsi+0xe0)
$13 = 0x0
(gdb) p/x *(long*)($rbp+0xe0)
$14 = 0x82f170
So elf_section_data (os->bfd_section) returns NULL and a SEGV occurs when we
try and dereference it.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/21914] New: [x86_64] SEGV during link,
dhowells at redhat dot com <=