[Bug ld/23839] New: ld generates a corrupted relocation table for .ARM.e

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/23839] New: ld generates a corrupted relocation table for .ARM.e

From:	blastrock at free dot fr
Subject:	[Bug ld/23839] New: ld generates a corrupted relocation table for .ARM.exidx sections
Date:	Sun, 28 Oct 2018 08:14:40 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23839

            Bug ID: 23839
           Summary: ld generates a corrupted relocation table for
                    .ARM.exidx sections
           Product: binutils
           Version: 2.30
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: blastrock at free dot fr
  Target Milestone: ---

I have a bug where my unwind tables are corrupted because of a faulty
relocation in the .rel.ARM.exidx section of my output executable.

I just discovered https://sourceware.org/bugzilla/show_bug.cgi?id=20595 which
is fixed, but it seems like this is the exact bug I am seeing.

I have applied the following patch to catch my issue:

diff -ru binutils-2.30.orig/bfd/elf32-arm.c binutils-2.30/bfd/elf32-arm.c
--- binutils-2.30.orig/bfd/elf32-arm.c  2018-10-28 14:32:50.434311154 +0100
+++ binutils-2.30/bfd/elf32-arm.c       2018-10-28 14:33:48.771218065 +0100
@@ -12275,6 +12275,9 @@
   relend = relocs + input_section->reloc_count;
   for (; rel < relend; rel++)
     {
+      if (rel->r_offset < 0 || rel->r_offset >= input_section->size)
+        printf("that's an overflow !!!\n");
+
       int                         r_type;
       reloc_howto_type *          howto;
       unsigned long               r_symndx;

And indeed, some relocations are applied to addresses that are outside of the
concerned section. This is my first time digging in ld's code so please tell me
if this is actually normal behavior.

So I assumed that's because of exidx entries merging and I reached the same
workaround described here:
https://sourceware.org/bugzilla/show_bug.cgi?id=20595#c1 .

I can see some rests of #20595's fix around elf32-arm.c:14823 (still on
binutils 2.30), but I don't understand what those external or internal
relocations and swap in and out functions are.

I could reproduce my issue on binutils 2.31, but I did all my investigation on
2.30.

Please tell me if I can help investigate the issue. I can provide a
reproduction case but I couldn't simplify it so it implies lots of objects,
libraries and a custom toolchain.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/23839] New: ld generates a corrupted relocation table for .ARM.exidx sections, blastrock at free dot fr <=

Prev by Date: [Bug binutils/23834] Infinite Recursion in demangle_nested_args - Stack Overflow (118486503)
Next by Date: [Bug gas/23837] Segmentation fault in resolve_symbol_value at symbols.c:1165
Previous by thread: [Bug gas/23837] New: Segmentation fault in resolve_symbol_value at symbols.c:1165
Next by thread: [Bug gas/23840] New: .symver fails with multiple versions [...] for symbol `...'
Index(es):
- Date
- Thread