[Bug gold/13290] New: gold crashes when relinking a truncated object

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gold/13290] New: gold crashes when relinking a truncated object

From:	zub at linux dot fjfi.cvut.cz
Subject:	[Bug gold/13290] New: gold crashes when relinking a truncated object
Date:	Wed, 12 Oct 2011 22:41:44 +0000

http://sourceware.org/bugzilla/show_bug.cgi?id=13290

             Bug #: 13290
           Summary: gold crashes when relinking a truncated object
           Product: binutils
           Version: 2.23 (HEAD)
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gold
        AssignedTo: address@hidden
        ReportedBy: address@hidden
                CC: address@hidden
    Classification: Unclassified
              Host: x86_64-linux-gnu
            Target: x86_64-linux-gnu


Created attachment 5981
  --> http://sourceware.org/bugzilla/attachment.cgi?id=5981
Archive with the particular objects used to reproduce this.

Trying to relink a truncated object (removed last byte) with gold results in
crash:

$ ld.gold -r -o test.o elfsection.cc.o elfstrtab.cc-corrupted.o
ld.gold: error: elfstrtab.cc-corrupted.o: section name section has wrong type:
1686719741
Segmentation fault

Here is what I see with gdb:

Program received signal SIGSEGV, Segmentation fault.

#0  0x00007ffff711e89b in memchr () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff7125b8a in memmem () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00000000005173ff in gold::Sized_relobj_file<64, false>::do_read_symbols
(this=0x958820, sd=0x958b00) at object.cc:611
#3  0x000000000057aef2 in read_symbols (sd=0x958b00, this=0x958820) at
object.h:563
#4  gold::Read_symbols::do_read_symbols (this=0x8e39d0,
workqueue=0x7fffffffe110) at readsyms.cc:399
#5  0x000000000057b1d9 in gold::Read_symbols::run (this=0x8e39d0,
workqueue=0x7fffffffe110) at readsyms.cc:165
#6  0x00000000005c84b5 in gold::Workqueue::find_and_run_task
(this=0x7fffffffe110, thread_number=0) at workqueue.cc:319
#7  0x00000000005c87fa in gold::Workqueue::process (this=0x7fffffffe110,
thread_number=0) at workqueue.cc:495
#8  0x0000000000406a31 in main (argc=6, argv=0x7fffffffe338) at main.cc:248


With ld.bfd I get the expected:
$ ld.bfd -r -o test.o elfsection.cc.o elfstrtab.cc-corrupted.o
elfstrtab.cc-corrupted.o: file not recognized: File truncated


The underlying cause might be the same as for bug #13288, but as the
manifestation is quite different, I'm creating a separate issue for this.

Note that the crash also happens when instead of relinking, the whole set of
the compiled objects is linked together to produce the application executable
(if needed, the sources I used to reproduce this issue are available at
git://zub.lamer.la/elf-dynpatch).

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug gold/13290] New: gold crashes when relinking a truncated object, zub at linux dot fjfi.cvut.cz <=
- [Bug gold/13290] gold crashes when relinking a truncated object, ccoutant at google dot com, 2011/10/13

Prev by Date: [Bug gold/13288] gold silently accepts truncated ELF input
Next by Date: [Bug gold/13288] gold silently accepts truncated ELF input
Previous by thread: [Bug gold/13288] New: gold silently accepts truncated ELF input
Next by thread: [Bug gold/13290] gold crashes when relinking a truncated object
Index(es):
- Date
- Thread