[Bug binutils/23772] A NULL-Pointer dereference problems in ldlang.c in program ld (member access within null pointer of type 'union lang_statement_union')

[wcventure at 126 dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23772

--- Comment #2 from wcventure <wcventure at 126 dot com> ---
My configure and compile option is:

> CC=clang LDFLAGS="-ldl" CFLAGS="-DFORTIFY_SOURCE=2 -fstack-protector-all 
> -fsanitize=undefined,address -fno-omit-frame-pointer -g -O0 -Wno-error" 
> ./configure --disable-shared --disable-gdb --disable-libdecnumber 
> --disable-sim --prefix=$PWD/build/
> make
> make install

I use POC as input. The program displays the following error:

> $ ./ld -E POC_ld_NULLp1
> ./ld: unknown architecture of input file `POC_ld_NULLp1' is incompatible with 
> i386:x86-64 output
> ldlang.c:916:7: runtime error: member access within null pointer of type 
> 'union lang_statement_union'
> SUMMARY: AddressSanitizer: undefined-behavior ldlang.c:916:7 in
> ldlang.c:931:7: runtime error: member access within null pointer of type 
> 'union lang_statement_union'
> SUMMARY: AddressSanitizer: undefined-behavior ldlang.c:931:7 in
> ldlang.c:6726:3: runtime error: member access within null pointer of type 
> 'union lang_statement_union'
> SUMMARY: AddressSanitizer: undefined-behavior ldlang.c:6726:3 in
> eelf_x86_64.c:1646:5: runtime error: member access within null pointer of 
> type 'union lang_statement_union'
> SUMMARY: AddressSanitizer: undefined-behavior eelf_x86_64.c:1646:5 in
> ./ld: warning: cannot find entry symbol _start; not setting start address

I have debugged this program again. I will show you de debug process. I set a
break point at ldlang.c:916. After twice reach the break point. I typed "print
f" and the gdb show that the vlaue of variable f is "(lang_input_statement_type
*) 0x0".

> $ gdb --args ./ld -E POC
> GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
> Copyright (C) 2016 Free Software Foundation, Inc.
> This GDB was configured as "x86_64-linux-gnu".
> Reading symbols from ./ld...done.
> (gdb) start
> Temporary breakpoint 1 at 0x5f9eb9: file ./ldmain.c, line 192.
> Starting program: 
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/binutils_ASAN_O0/build/bin/ld
>  -E POC_ld_NULLp1
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> 
> Temporary breakpoint 1, main (argc=<error reading variable: Cannot access 
> memory at address 0x0>,
>     argv=<error reading variable: Cannot access memory at address 0x1>) at 
> ./ldmain.c:192
> 192     {
> (gdb) b ldlang.c:916
> Breakpoint 2 at 0x5d7d6b: file ldlang.c, line 916.
> (gdb) continue
> Continuing.
> ./build/bin/ld: unknown architecture of input file `POC_ld_NULLp1' is 
> incompatible with i386:x86-64 output
> 
> Breakpoint 2, walk_wild (s=0x619000005d40, callback=0x5d8580 
> <gc_section_callback>, data=0x0) at ldlang.c:916
> 916           LANG_FOR_EACH_INPUT_STATEMENT (f)
> (gdb) p f
> $1 = (lang_input_statement_type *) 0x621000012f20
> (gdb) c
> Continuing.
> ldlang.c:916:7: runtime error: member access within null pointer of type 
> 'union lang_statement_union'
> SUMMARY: AddressSanitizer: undefined-behavior ldlang.c:916:7 in
> 
> Breakpoint 2, walk_wild (s=0x619000001e90, callback=0x5d8580 
> <gc_section_callback>, data=0x0) at ldlang.c:916
> 916           LANG_FOR_EACH_INPUT_STATEMENT (f)
> (gdb) p f
> $2 = (lang_input_statement_type *) 0x0
> (gdb) c
> Continuing.
> 
> Breakpoint 2, walk_wild (s=0x619000001f10, callback=0x5d8580 
> <gc_section_callback>, data=0x0) at ldlang.c:916
> 916           LANG_FOR_EACH_INPUT_STATEMENT (f)
> (gdb) p f
> $3 = (lang_input_statement_type *) 0x0

The runtime error shows that there exists a member access within Null pointer
of type 'union lang_statement_union'.

If you have any questions, please let me know.

-- 
You are receiving this mail because:
You are on the CC list for the bug.