[Bug ld/20376] New: Possible address calculation overflow

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/20376] New: Possible address calculation overflow

From:	gan.bo at columbia dot edu
Subject:	[Bug ld/20376] New: Possible address calculation overflow
Date:	Fri, 15 Jul 2016 22:19:00 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=20376

            Bug ID: 20376
           Summary: Possible address calculation overflow
           Product: binutils
           Version: 2.26
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: gan.bo at columbia dot edu
  Target Milestone: ---

Created attachment 9393
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9393&action=edit
test cases

In the attachment there are prot.elf, real.elf and micro.ld

ld --gc-sections -T micro.ld prot.elf real.elf -o micro.elf
readelf -l -S micro.elf

There are 18 section headers, starting at offset 0x4196b8:

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf
Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0 
0
  [ 1] .rodata.prot      PROGBITS        000f8000 0f8000 00603a 00   A  0   0
4096
  [ 2] .rodata.real      PROGBITS        0000e040 20e040 000036 00   A  0   0
16
  [ 3] .text.real32      PROGBITS        0000e080 20e080 000022 00  AX  0   0 
1
  [ 4] .text.real        PROGBITS        0000e0b0 20e0b0 0001f1 00  AX  0   0 
1
  [ 5] .text.prot        PROGBITS        000fe2b0 2fe2b0 000056 00  AX  0   0 
4
  [ 6] .text.prot64      PROGBITS        000fe310 2fe310 000010 00  AX  0   0 
1
  [ 7] .begin            PROGBITS        0000fff0 40fff0 000010 00  WA  0   0 
1
  [ 8] .debug_aranges    PROGBITS        00000000 410000 000108 00      0   0 
8
  [ 9] .debug_info       PROGBITS        00000000 410108 0063d0 00      0   0 
1
  [10] .debug_abbrev     PROGBITS        00000000 4164d8 000a1a 00      0   0 
1
  [11] .debug_line       PROGBITS        00000000 416ef2 000a82 00      0   0 
1
  [12] .debug_str        PROGBITS        00000000 417974 001154 01  MS  0   0 
1
  [13] .debug_loc        PROGBITS        00000000 418ac8 0005ce 00      0   0 
1
  [14] .debug_ranges     PROGBITS        00000000 419098 000098 00      0   0 
8
  [15] .shstrtab         STRTAB          00000000 4195f1 0000c5 00      0   0 
1
  [16] .symtab           SYMTAB          00000000 419130 000330 10     17  30 
4
  [17] .strtab           STRTAB          00000000 419460 000191 00      0   0 
1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

Elf file type is EXEC (Executable file)
Entry point 0xe0b0
There are 5 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x00000000 0xfff10000 0xfe03a 0xfe03a R   0x200000
  LOAD           0x20e040 0x0000e040 0x0000e040 0x00261 0x00261 R E 0x200000
  LOAD           0x2fe2b0 0x000fe2b0 0x0000e2b0 0x00070 0x00070 R E 0x200000
  LOAD           0x40fff0 0x0000fff0 0x0000fff0 0x00010 0x00010 RW  0x200000
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x10

 Section to Segment mapping:
  Segment Sections...
   00     .rodata.prot 
   01     .rodata.real .text.real32 .text.real 
   02     .text.prot .text.prot64 
   03     .begin 
   04     

Observe that the first segment is at PhysAddr 0xfff10000

ld.gold --gc-sections -T micro.ld prot.elf real.elf -o micro.elf
readelf -l -S micro.elf

There are 19 section headers, starting at offset 0x11758:

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf
Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0 
0
  [ 1] .rodata.prot      PROGBITS        000f8000 001000 00603a 00   A  0   0
4096
  [ 2] .rodata.real      PROGBITS        0000e040 007040 000036 00   A  0   0
16
  [ 3] .text.real32      PROGBITS        0000e080 007080 000022 00  AX  0   0 
1
  [ 4] .text.real        PROGBITS        0000e0b0 0070b0 0001f1 00  AX  0   0 
1
  [ 5] .text.prot        PROGBITS        000fe2b0 0072b0 000056 00  AX  0   0 
4
  [ 6] .text.prot64      PROGBITS        000fe310 007310 000010 00  AX  0   0 
1
  [ 7] .begin            PROGBITS        0000fff0 007ff0 000010 00   A  0   0 
0
  [ 8] .debug_aranges    PROGBITS        00000000 008000 000108 00      0   0 
8
  [ 9] .debug_info       PROGBITS        00000000 008108 0063d0 00      0   0 
1
  [10] .debug_abbrev     PROGBITS        00000000 00e4d8 000a1a 00      0   0 
1
  [11] .debug_line       PROGBITS        00000000 00eef2 000a82 00      0   0 
1
  [12] .debug_str        PROGBITS        00000000 00f974 00129e 01  MS  0   0 
1
  [13] .debug_loc        PROGBITS        00000000 010c12 0005ce 00      0   0 
1
  [14] .debug_ranges     PROGBITS        00000000 0111e0 000098 00      0   0 
8
  [15] .note.gnu.gold-ve NOTE            00000000 011278 00001c 00      0   0 
4
  [16] .symtab           SYMTAB          00000000 011294 000250 10     17  16 
4
  [17] .strtab           STRTAB          00000000 0114e4 000196 00      0   0 
1
  [18] .shstrtab         STRTAB          00000000 01167a 0000dc 00      0   0 
1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

Elf file type is EXEC (Executable file)
Entry point 0xe0b0
There are 6 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x000f7000 0x00007000 0x000f4 0x000f4 R   0x1000
  LOAD           0x001000 0x000f8000 0x00008000 0x0603a 0x0603a R   0x1000
  LOAD           0x007040 0x0000e040 0x0000e040 0x00261 0x00261 R E 0x1000
  LOAD           0x0072b0 0x000fe2b0 0x0000e2b0 0x00070 0x00070 R E 0x1000
  LOAD           0x007ff0 0x0000fff0 0x0000fff0 0x00010 0x00010 R   0x1000
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .rodata.prot 
   02     .rodata.real .text.real32 .text.real 
   03     .text.prot .text.prot64 
   04     .begin 
   05     


ld.gold gives expected output, whereas ld gives the wrong PhysAddr for the
first segment.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/20376] New: Possible address calculation overflow, gan.bo at columbia dot edu <=
- [Bug ld/20376] Possible address calculation overflow, gan.bo at columbia dot edu, 2016/07/15
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, gan.bo at columbia dot edu, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/18
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/18
- [Bug ld/20376] Possible address calculation overflow, cvs-commit at gcc dot gnu.org, 2016/07/20
- [Bug ld/20376] Possible address calculation overflow, cvs-commit at gcc dot gnu.org, 2016/07/21

Prev by Date: [Bug binutils/20352] ***SPAM*** Summary removed.
Next by Date: [Bug ld/20376] Possible address calculation overflow
Previous by thread: [Bug gas/20364] New: Data-based padding causes current address evaluation to be non-constant on aarch64
Next by thread: [Bug ld/20376] Possible address calculation overflow
Index(es):
- Date
- Thread