[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/26569] New: R_RISCV_RVC_JUMP results in buffer overflow
|
From: |
amodra at gmail dot com |
|
Subject: |
[Bug ld/26569] New: R_RISCV_RVC_JUMP results in buffer overflow |
|
Date: |
Thu, 03 Sep 2020 07:00:00 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=26569
Bug ID: 26569
Summary: R_RISCV_RVC_JUMP results in buffer overflow
Product: binutils
Version: 2.36 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: amodra at gmail dot com
Target Milestone: ---
Compiling "int main (void) { return 0; }" with -static results in
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x618000006fe4 at pc
0x55e5807860d8 bp 0x7ffce37f2060 sp 0x7ffce37f2050
READ of size 1 at 0x618000006fe4 thread T0
#0 0x55e5807860d7 in bfd_getl32
/home/alan/src/binutils-gdb/bfd/libbfd.c:644
#1 0x55e5807cce36 in perform_relocation
/home/alan/build/gas-san/riscv64-linux/bfd/elfnn-riscv.c:1426
#2 0x55e5807ea538 in riscv_elf_relocate_section
/home/alan/build/gas-san/riscv64-linux/bfd/elfnn-riscv.c:2220
#3 0x55e5808eeb56 in elf_link_input_bfd
/home/alan/src/binutils-gdb/bfd/elflink.c:11183
This is when linking glibc's string/wordcopy.o which has the following at the
end of a 0x364 byte .text:
0000000000000362 <.LVL188>:
362: bf61 j 2fa <.L93>
362: R_RISCV_RVC_JUMP .L93
So why is R_RISCV_RVC_JUMP defined in elfxx-riscv.c to operate on a 32-bit word
(size = 2 in the howto)?
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/26569] New: R_RISCV_RVC_JUMP results in buffer overflow,
amodra at gmail dot com <=