Bug ID: 22881
           Summary: null pointer dereference in
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: luanjunchao at 163 dot com
  Target Milestone: ---

When I test latest objcopy with elf file, there is null pointer dereference
Here is part of output.

==23042==ERROR: AddressSanitizer: SEGV on unknown address 0x00000038 (pc
0x082cd8d8 bp 0x1ea219a1 sp 0xffa84c10 T0)                    
    #0 0x82cd8d7 in assign_file_positions_for_non_load_sections
    #1 0x82cd8d7 in assign_file_positions_except_relocs
    #2 0x82cd8d7 in _bfd_elf_compute_section_file_positions
    #3 0x82ffe3a in _bfd_elf_set_section_contents
    #4 0x81ba6ee in bfd_set_section_contents
    #5 0x806a3be in copy_section /work/binutils-gdb/binutils/objcopy.c:4099     
    #6 0x81b9f44 in bfd_map_over_sections /work/binutils-gdb/bfd/section.c:1394 
    #7 0x80743ac in copy_object /work/binutils-gdb/binutils/objcopy.c:3048      
    #8 0x808087b in copy_object /work/binutils-gdb/binutils/objcopy.c:2432      
    #9 0x808087b in copy_file /work/binutils-gdb/binutils/objcopy.c:3523        
    #10 0x805596c in copy_main /work/binutils-gdb/binutils/objcopy.c:5478       
    #11 0x805596c in main /work/binutils-gdb/binutils/objcopy.c:5582            
    #12 0xf70af636 in __libc_start_main (/lib/i386-linux-gnu/ 
    #13 0x8060dc5  (/work/build/binutils/objcopy+0x8060dc5)   

The snippt of function assign_file_positions_for_non_load_sections.
(gdb) list
5903                        break;
5904                    }
5905                  BFD_ASSERT (lm != NULL);
5907                  /* Find the section starting the RELRO segment.  */
5908                  for (i = 0; i < lm->count; i++)
5909                    {
5910                      asection *s = lm->sections[i];
5911                      if (s->vma >= start
5912                          && s->vma < end

It seems that BFD_ASSERT(lm != NULL) doesn't end the execution which leads to
null pointer dereference.
The test command is `objcopy test.elf` and the test elf file is

You are receiving this mail because:
You are on the CC list for the bug.
bug-binutils mailing list

Reply via email to