[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gold/28585] New: Invalid read of size 1 when using plugin

From: mliska at suse dot cz
Subject: [Bug gold/28585] New: Invalid read of size 1 when using plugin
Date: Thu, 11 Nov 2021 17:27:27 +0000


            Bug ID: 28585
           Summary: Invalid read of size 1 when using plugin
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gold
          Assignee: ccoutant at gmail dot com
          Reporter: mliska at suse dot cz
                CC: ian at airs dot com
  Target Milestone: ---

The following crashes:

$ touch foobar && valgrind ./ld-new -plugin
/usr/lib64/gcc/x86_64-suse-linux/11/liblto_plugin.so foobar
==23259== Memcheck, a memory error detector
==23259== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==23259== Using Valgrind-3.17.0.GIT and LibVEX; rerun with -h for copyright
==23259== Command: ./ld-new -plugin
/usr/lib64/gcc/x86_64-suse-linux/11/liblto_plugin.so foobar
./ld-new: error: foobar: file is empty
==23259== Invalid read of size 1
==23259==    at 0x48441E2: strlen (vg_replace_strmem.c:469)
==23259==    by 0x7023BC: string_length<char> (stringpool.h:54)
==23259==    by 0x7023BC: Hashkey (stringpool.h:350)
==23259==    by 0x7023BC: gold::Stringpool_template<char>::find(char const*,
unsigned long*) const (stringpool.cc:312)
==23259==    by 0x707ACC: gold::Symbol_table::lookup(char const*, char const*)
const (symtab.cc:705)
==23259==    by 0x6C8778: gold::Plugin_hook::run(gold::Workqueue*)
==23259==    by 0x71F3F7: gold::Workqueue::find_and_run_task(int)
==23259==    by 0x71F679: gold::Workqueue::process(int) (workqueue.cc:495)
==23259==    by 0x4119F0: main (main.cc:252)
==23259==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Can be fixed with simple patch:

diff --git a/gold/symtab.cc b/gold/symtab.cc
index 5a21ddc8cc2..ed6b5434592 100644
--- a/gold/symtab.cc
+++ b/gold/symtab.cc
@@ -701,6 +701,8 @@ Symbol_table::resolve_forwards(const Symbol* from) const
 Symbol_table::lookup(const char* name, const char* version) const
+  if (name == NULL)
+    return NULL;
   Stringpool::Key name_key;
   name = this->namepool_.find(name, &name_key);
   if (name == NULL)

You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]