[Bug ld/16887] New: Timestamp bug with Windows bound import technology

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/16887] New: Timestamp bug with Windows bound import technology

From:	lindasc at qq dot com
Subject:	[Bug ld/16887] New: Timestamp bug with Windows bound import technology
Date:	Wed, 30 Apr 2014 12:39:13 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=16887

            Bug ID: 16887
           Summary: Timestamp bug with Windows bound import technology
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: critical
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: lindasc at qq dot com

Created attachment 7569
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7569&action=edit
a simple case

There is a timestamp bug in ld 2.24.

ld 2.24 introduced a new "feature" that sets timestamp flag in the Windows PE
header to zero by default to make deterministic binaries. However, BindImage /
BindImageEx of imagehlp library (bound import technology) relies on the
timestamp flag in the PE header, and it's widely used in Windows system DLLs
and VB6 compilation process. A reference of the bound import technology can be
found at http://msdn.microsoft.com/en-us/magazine/cc301808.aspx. ld 2.24 sets
the timestamp to zero by default, thus caused a serious bug.

For example, one exe was bound to a series of dlls built by ld 2.24, which sets
timestamp field in the PE header to zero by default. One of the dlls has
security issues and producer wants to update it with a new version, also built
by ld 2.24, and of course the timestamp field is all the same. Then the exe
crashes after patching the new dll.


Steps to reproduce this bug:
Here is a simple example in the attachment.

make -f dll1.mak    // make the dll
make -f exe.mak        // make the exe
bindimage exe.exe    // bind the exe to the dll
exe 1 2            // run the exe, everything is ok

make -f dll2.mak    // update the dll with patched version
exe 1 2            // the exe crashes

However, if using ld 2.23 to retry these steps, the exe won't crash at all.


Suggested solutions:
Insert timestamp *BY DEFAULT*, delete the option --insert-timestamp, and add
the option --no-timestamp to make deterministic binaries to meet someone's
needs.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/16887] New: Timestamp bug with Windows bound import technology, lindasc at qq dot com <=

Prev by Date: [Bug binutils/16886] setjmp/longjmp in libopcodes would be faster as sigsetjmp w/ save=0
Next by Date: [Bug binutils/16886] setjmp/longjmp in libopcodes would be faster as sigsetjmp w/ save=0
Previous by thread: [Bug binutils/16886] New: setjmp/longjmp in libopcodes would be faster as sigsetjmp w/ save=0
Next by thread: [Bug binutils/16891] New: libopcodes decodes x86 26 9B as 'fwait' not 'es'
Index(es):
- Date
- Thread