[Bug binutils/16638] New: AR - Segmentation fault due to call stack over

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/16638] New: AR - Segmentation fault due to call stack over

From:	razvan.ghitulete at gmail dot com
Subject:	[Bug binutils/16638] New: AR - Segmentation fault due to call stack overflow
Date:	Wed, 26 Feb 2014 16:25:38 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=16638

            Bug ID: 16638
           Summary: AR - Segmentation fault due to call stack overflow
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: razvan.ghitulete at gmail dot com

AR seems to have some issues when run with a plugin and the -r flag. More
specifically:

ar rcsD arch.a elf_obj bitcode_obj -> Segmentation fault
ar csD arch.a elf_obj bitcode_obj -> OK

It seems that the issue occurs specifically when resolving the -r flag on a
callchain invoked from replace_members() in ar.c.

...
#2 bfd_check_format (abfd=0x732e40, format=bfd_object) at bfd/format.c:95
#3 bfd_plugin_get_symbols_in_object_only (abfd=0x6e75b0) at bfd/plugin.c:157
#4 add_symbols (handle=0x6e75b0, nsyms=2, syms=<>) at bfd/plugin.c:280          
#5 claim_file_hook() from bfd-plugins/LLVMgold.so
#6 bfd_plugin_object_p (abfd=0x6e75b0) at bfd/plugin.c:451
#7 bfd_check_format_matches (abfd=0x6e75b0, format=bfd_object, matching=0x0)
    at bfd/format.c:336
#8 bfd_check_format (abfd=0x6e75b0, format=bfd_object) at bfd/format.c:95
#9 _bfd_write_archive_contents (arch=0x715be0) at bfd/archive.c:2149
#0 bfd_close (abfd=0x715be0) at bfd/opncls.c:703
#1 write_archive (iarch=0x6e5210) at binutils/ar.c:1161
#2 replace_members
(arch=0x6e5210,files_to_move=0x6e51e0,files_to_move=0x6e51d8, quick=0)

As far as I can tell when invoked from replace_members the abfd->my_archive
never gets filled in, and bfd_plugin_object_p passes it like this to
claim_file_hook in the plugin, which obviously cannot fill it in since the
plugin API exposes the abfd as a (void*). Nonetheless in
bfd_plugin_get_symbols_in_object_only() due to the abfd->my_archive being NULL
there is a new bfd object created 0x732e40 from scratch as opposed to the
initial 0x6e75b0. This basically seems to be the loop that overflows the stack.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/16638] New: AR - Segmentation fault due to call stack overflow, razvan.ghitulete at gmail dot com <=
- [Bug binutils/16638] AR - Segmentation fault due to call stack overflow, razvan.ghitulete at gmail dot com, 2014/02/26
- [Bug binutils/16638] AR - Segmentation fault due to call stack overflow, razvan.ghitulete at gmail dot com, 2014/02/26
- [Bug binutils/16638] AR - Segmentation fault due to call stack overflow, razvan.ghitulete at gmail dot com, 2014/02/26

Prev by Date: [Bug ld/16569] --cref does not respect --no-demangle
Next by Date: [Bug binutils/16638] AR - Segmentation fault due to call stack overflow
Previous by thread: [Bug ld/16635] New: insert crc
Next by thread: [Bug binutils/16638] AR - Segmentation fault due to call stack overflow
Index(es):
- Date
- Thread