[Bug binutils/4110] Broken object file crashes nm

[sliedes at cc dot hut dot fi]

------- Additional Comments From sliedes at cc dot hut dot fi  2007-03-25 17:13 
-------
Sorry for taking some time to reply. It seems I can't reproduce the SEGV 
anymore myself (don't know what changed), but I do get a valgrind error. And I 
also have a log of nm crashing twice on that input file. By the way now that I 
test I also get the same Valgrind error with broken3.o and broken4.o. It seems 
the uninitialized variable has to be still idx->shdr as probably was the case 
with broken4.o, however I can't get that either to crash any more.

Here's what I get from Valgrind:

----------
$ valgrind --db-attach=yes binutils/nm-new ~/bug/nm-broken6.o
==15602== Memcheck, a memory error detector.
==15602== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==15602== Using LibVEX rev 1732, a library for dynamic binary translation.
==15602== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==15602== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation 
framework.
==15602== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==15602== For more details, rerun with: -v
==15602==
BFD: /home/sliedes/bug/nm-broken6.o: invalid string offset 798 >= 8 for section 
`.group'
==15602== Conditional jump or move depends on uninitialised value(s)
==15602==    at 0x433A71: bfd_section_from_shdr (elf.c:2181)
==15602==    by 0x42C1C7: bfd_elf64_object_p (elfcode.h:850)
==15602==    by 0x41160E: bfd_check_format_matches (format.c:240)
==15602==    by 0x403F89: display_file (nm.c:1179)
==15602==    by 0x404BB5: main (nm.c:1622)
==15602==
==15602== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
starting debugger
==15602== starting debugger with cmd: /usr/bin/gdb -nw /proc/15859/fd/1014 
15859
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Using host libthread_db library "/usr/lib/debug/libthread_db.so.1".
Attaching to program: /proc/15859/fd/1014, process 15859
Reading symbols from /usr/lib/valgrind/amd64-linux/vgpreload_core.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_core.so
Reading symbols 
from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so...done.
Loaded symbols for /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so
Reading symbols from /usr/lib/debug/libc.so.6...done.
Loaded symbols for /usr/lib/debug/libc.so.6
Reading symbols from /lib/ld-linux-x86-64.so.2...Reading symbols 
from /usr/lib/debug/lib/ld-2.3.6.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x0000000000433a71 in bfd_section_from_shdr (abfd=0x4d5c118, shindex=1) at 
elf.c:2181
2181                  if (idx->shdr != NULL
(gdb) print idx
$1 = (Elf_Internal_Group *) 0x4d5c9f0
(gdb) print *idx
$2 = {shdr = 0x0, flags = 0}
(gdb) l
2176              idx += n_elt;
2177              while (--n_elt != 0)
2178                {
2179                  --idx;
2180
2181                  if (idx->shdr != NULL
2182                      && (s = idx->shdr->bfd_section) != NULL
2183                      && elf_next_in_group (s) != NULL)
2184                    {
2185                      elf_next_in_group (hdr->bfd_section) = s;
(gdb)
----------

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=4110

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.