[Bug binutils/16682] New: segmentation fault in bfd/elf.c

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/16682] New: segmentation fault in bfd/elf.c

From:	antiagainst at gmail dot com
Subject:	[Bug binutils/16682] New: segmentation fault in bfd/elf.c
Date:	Mon, 10 Mar 2014 20:00:56 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=16682

            Bug ID: 16682
           Summary: segmentation fault in bfd/elf.c
           Product: binutils
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: antiagainst at gmail dot com

Created attachment 7460
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7460&action=edit
32-bit ELF containing a SHT_GNU_verdef section

The following is based on objdump 2.24. I built it on Ubuntu 13.10 with GCC
4.8.1.

There is a segmentation fault problem when processing SHT_GNU_verdef sections.
A small problem is attached to help reproduce the bug. The command is `objdump
-p A`. The program will exit with segmentation fault.

For the attached program, I tried to analyze it using gdb, but I cannot figure
it out clearly. What I currently have is the following:

gdb output:

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaaaf35f90 in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, address@hidden) at vfprintf.c:1655
1655    vfprintf.c: No such file or directory.

#0  0x00002aaaaaf35f90 in _IO_vfprintf_internal (s=<optimized out>,
format=<optimized out>, address@hidden) at vfprintf.c:1655
#1  0x00002aaaaaf3cf57 in __fprintf (stream=<optimized out>, format=<optimized
out>) at fprintf.c:32
#2  0x00000000004e5f06 in _bfd_elf_print_private_bfd_data (abfd=0x96a1c0,
farg=0x2aaaab2ab280 <_IO_2_1_stdout_>) at ../../bfd/elf.c:1351
#3  0x000000000040b604 in dump_bfd_private_header (abfd=0x96a1c0) at
../../binutils/objdump.c:2643
#4  0x000000000040d96c in dump_bfd (abfd=0x96a1c0) at
../../binutils/objdump.c:3214
#5  0x000000000040e0fd in display_object_bfd (abfd=0x96a1c0) at
../../binutils/objdump.c:3313
#6  0x000000000040e563 in display_any_bfd (file=0x96a1c0, level=0) at
../../binutils/objdump.c:3387
#7  0x000000000040e656 in display_file (filename=0x7fffffffd90d
"objdump-3-244-A", target=0x0) at ../../binutils/objdump.c:3408
#8  0x000000000040f635 in main (argc=3, argv=0x7fffffffd3a8) at
../../binutils/objdump.c:3690

In _bfd_elf_slurp_version_tables() of bfd/elf.c, starting from line 7253,
contents_end_def and is smaller than contents, and contents_end_aux is the same
as contents. This seems not correct. Besides, It seems after
`abfd->tdata.elf_obj_data->verdef` gets its memory from bfd_zalloc2() at line
7286, `verdef[0].vd_nodename` is just `0x34 <Address 0x34 out of bounds>` and
never get changed until hitting fprintf() at line 1351 which tries to access it
and segfault. I don't know whether this is because the memory allocated for
`->verdef` is not enough (`maxidx` passed in to bfd_zalloc2() is 0) because the
logic behind the macros at line 87 of include/objalloc.h is not clear to me.

I would greatly appreciate it if you guys can also explain the reason while
fixing the problem. Thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/16682] New: segmentation fault in bfd/elf.c, antiagainst at gmail dot com <=
- [Bug binutils/16682] segmentation fault in bfd/elf.c, amodra at gmail dot com, 2014/03/10

Prev by Date: [Bug binutils/16673] [Feature Request] Support "-R patterns" for strip
Next by Date: [Bug ld/16685] New: Read-only data sections should not be executable
Previous by thread: [Bug binutils/16673] New: [Feature Request] Support "-R patterns" for strip
Next by thread: [Bug binutils/16682] segmentation fault in bfd/elf.c
Index(es):
- Date
- Thread