[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/20376] New: Possible address calculation overflow
From: |
gan.bo at columbia dot edu |
Subject: |
[Bug ld/20376] New: Possible address calculation overflow |
Date: |
Fri, 15 Jul 2016 22:19:00 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=20376
Bug ID: 20376
Summary: Possible address calculation overflow
Product: binutils
Version: 2.26
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: gan.bo at columbia dot edu
Target Milestone: ---
Created attachment 9393
--> https://sourceware.org/bugzilla/attachment.cgi?id=9393&action=edit
test cases
In the attachment there are prot.elf, real.elf and micro.ld
ld --gc-sections -T micro.ld prot.elf real.elf -o micro.elf
readelf -l -S micro.elf
There are 18 section headers, starting at offset 0x4196b8:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf
Al
[ 0] NULL 00000000 000000 000000 00 0 0
0
[ 1] .rodata.prot PROGBITS 000f8000 0f8000 00603a 00 A 0 0
4096
[ 2] .rodata.real PROGBITS 0000e040 20e040 000036 00 A 0 0
16
[ 3] .text.real32 PROGBITS 0000e080 20e080 000022 00 AX 0 0
1
[ 4] .text.real PROGBITS 0000e0b0 20e0b0 0001f1 00 AX 0 0
1
[ 5] .text.prot PROGBITS 000fe2b0 2fe2b0 000056 00 AX 0 0
4
[ 6] .text.prot64 PROGBITS 000fe310 2fe310 000010 00 AX 0 0
1
[ 7] .begin PROGBITS 0000fff0 40fff0 000010 00 WA 0 0
1
[ 8] .debug_aranges PROGBITS 00000000 410000 000108 00 0 0
8
[ 9] .debug_info PROGBITS 00000000 410108 0063d0 00 0 0
1
[10] .debug_abbrev PROGBITS 00000000 4164d8 000a1a 00 0 0
1
[11] .debug_line PROGBITS 00000000 416ef2 000a82 00 0 0
1
[12] .debug_str PROGBITS 00000000 417974 001154 01 MS 0 0
1
[13] .debug_loc PROGBITS 00000000 418ac8 0005ce 00 0 0
1
[14] .debug_ranges PROGBITS 00000000 419098 000098 00 0 0
8
[15] .shstrtab STRTAB 00000000 4195f1 0000c5 00 0 0
1
[16] .symtab SYMTAB 00000000 419130 000330 10 17 30
4
[17] .strtab STRTAB 00000000 419460 000191 00 0 0
1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Elf file type is EXEC (Executable file)
Entry point 0xe0b0
There are 5 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0xfff10000 0xfe03a 0xfe03a R 0x200000
LOAD 0x20e040 0x0000e040 0x0000e040 0x00261 0x00261 R E 0x200000
LOAD 0x2fe2b0 0x000fe2b0 0x0000e2b0 0x00070 0x00070 R E 0x200000
LOAD 0x40fff0 0x0000fff0 0x0000fff0 0x00010 0x00010 RW 0x200000
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x10
Section to Segment mapping:
Segment Sections...
00 .rodata.prot
01 .rodata.real .text.real32 .text.real
02 .text.prot .text.prot64
03 .begin
04
Observe that the first segment is at PhysAddr 0xfff10000
ld.gold --gc-sections -T micro.ld prot.elf real.elf -o micro.elf
readelf -l -S micro.elf
There are 19 section headers, starting at offset 0x11758:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf
Al
[ 0] NULL 00000000 000000 000000 00 0 0
0
[ 1] .rodata.prot PROGBITS 000f8000 001000 00603a 00 A 0 0
4096
[ 2] .rodata.real PROGBITS 0000e040 007040 000036 00 A 0 0
16
[ 3] .text.real32 PROGBITS 0000e080 007080 000022 00 AX 0 0
1
[ 4] .text.real PROGBITS 0000e0b0 0070b0 0001f1 00 AX 0 0
1
[ 5] .text.prot PROGBITS 000fe2b0 0072b0 000056 00 AX 0 0
4
[ 6] .text.prot64 PROGBITS 000fe310 007310 000010 00 AX 0 0
1
[ 7] .begin PROGBITS 0000fff0 007ff0 000010 00 A 0 0
0
[ 8] .debug_aranges PROGBITS 00000000 008000 000108 00 0 0
8
[ 9] .debug_info PROGBITS 00000000 008108 0063d0 00 0 0
1
[10] .debug_abbrev PROGBITS 00000000 00e4d8 000a1a 00 0 0
1
[11] .debug_line PROGBITS 00000000 00eef2 000a82 00 0 0
1
[12] .debug_str PROGBITS 00000000 00f974 00129e 01 MS 0 0
1
[13] .debug_loc PROGBITS 00000000 010c12 0005ce 00 0 0
1
[14] .debug_ranges PROGBITS 00000000 0111e0 000098 00 0 0
8
[15] .note.gnu.gold-ve NOTE 00000000 011278 00001c 00 0 0
4
[16] .symtab SYMTAB 00000000 011294 000250 10 17 16
4
[17] .strtab STRTAB 00000000 0114e4 000196 00 0 0
1
[18] .shstrtab STRTAB 00000000 01167a 0000dc 00 0 0
1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Elf file type is EXEC (Executable file)
Entry point 0xe0b0
There are 6 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x000f7000 0x00007000 0x000f4 0x000f4 R 0x1000
LOAD 0x001000 0x000f8000 0x00008000 0x0603a 0x0603a R 0x1000
LOAD 0x007040 0x0000e040 0x0000e040 0x00261 0x00261 R E 0x1000
LOAD 0x0072b0 0x000fe2b0 0x0000e2b0 0x00070 0x00070 R E 0x1000
LOAD 0x007ff0 0x0000fff0 0x0000fff0 0x00010 0x00010 R 0x1000
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0
Section to Segment mapping:
Segment Sections...
00
01 .rodata.prot
02 .rodata.real .text.real32 .text.real
03 .text.prot .text.prot64
04 .begin
05
ld.gold gives expected output, whereas ld gives the wrong PhysAddr for the
first segment.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/20376] New: Possible address calculation overflow,
gan.bo at columbia dot edu <=
- [Bug ld/20376] Possible address calculation overflow, gan.bo at columbia dot edu, 2016/07/15
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, gan.bo at columbia dot edu, 2016/07/17
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/18
- [Bug ld/20376] Possible address calculation overflow, hjl.tools at gmail dot com, 2016/07/18
- [Bug ld/20376] Possible address calculation overflow, cvs-commit at gcc dot gnu.org, 2016/07/20
- [Bug ld/20376] Possible address calculation overflow, cvs-commit at gcc dot gnu.org, 2016/07/21