Bug ID: 22887
           Summary: null pointer dereference in aout_32_swap_std_reloc_out
           Product: binutils
           Version: 2.31 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: luanjunchao at 163 dot com
  Target Milestone: ---

The test command is objcopy with specific elf file.
Below is part of gdb debugging output.

Program received signal SIGSEGV, Segmentation fault.
0x084cf65c in aout_32_swap_std_reloc_out (natptr=0xf590528c, g=0xf4b03fe8,
abfd=<optimized out>) at /work/binutils-gdb/bfd/aoutx.h:1971
1971      asection *output_section = sym->section->output_section;
(gdb) bt
#0  0x084cf65c in aout_32_swap_std_reloc_out (natptr=0xf590528c, g=0xf4b03fe8,
abfd=<optimized out>) at /work/binutils-gdb/bfd/aoutx.h:1971
#1  aout_32_squirt_out_relocs (abfd=0xf5b03970, section=0xf5903d48) at
#2  0x0849ae05 in i386linux_write_object_contents (abfd=0xf5b03970) at
#3  0x081a9940 in bfd_close (abfd=0xf5b03970) at
#4  0x08080bbe in copy_file (input_filename=input_filename@entry=0xffffd8ef
output_filename=output_filename@entry=0xf6500b80 "out/slave/crashes/stv31c0r",
input_target=<optimized out>, 
    output_target=0x87f6320 "a.out-i386-linux", input_arch=0x0) at
#5  0x0805b429 in copy_main (argv=<optimized out>, argc=<optimized out>) at
#6  main (argc=2, argv=0xffffd7c4) at
(gdb) list
1966      asymbol *sym = *(g->sym_ptr_ptr);
1967      int r_extern;
1968      unsigned int r_length;
1969      int r_pcrel;
1970      int r_baserel, r_jmptable, r_relative;
1971      asection *output_section = sym->section->output_section;
1973      PUT_WORD (abfd, g->address, natptr->r_address);
1975      BFD_ASSERT (g->howto != NULL);
(gdb) p sym
$1 = (asymbol *) 0x0

It seems that there is lack of check if sym is null.
The test elf file is

You are receiving this mail because:
You are on the CC list for the bug.
bug-binutils mailing list

Reply via email to