https://sourceware.org/bugzilla/show_bug.cgi?id=32944
Bug ID: 32944
Summary: objdump (2.34) segfaults with option list "-x -d -r -t
-p -S
--dwarf=info,rawline,decodedline,frames,frames-interp,
follow-links,Ranges,gdb_index,abbrev"
Product: binutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: arindam.sharma at imperial dot ac.uk
Target Milestone: ---
Created attachment 16074
--> https://sourceware.org/bugzilla/attachment.cgi?id=16074&action=edit
Bug inducing file
A segfault appears with objdump 2.34 (shipping with ubuntu 20.04). I am also
attaching the bug-inducing file and following is the reproduction command.
`objdump -x -d -r -t -p -S
--dwarf=info,rawline,decodedline,frames,frames-interp,follow-links,Ranges,gdb_index,abbrev
crasher`
Following is the full log of the bug as I run it with valgrind:
==845== Memcheck, a memory error detector
==845== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==845== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==845== Command: objdump -x -d -r -t -p -S
--dwarf=info,rawline,decodedline,frames,frames-interp,follow-links,Ranges,gdb_index,abbrev
crasher
==845==
objdump: crasher: invalid string offset 16777216 >= 13 for section `.strtab'
objdump: crasher: invalid string offset 16777216 >= 13 for section `.strtab'
objdump: crasher(.debug_info): relocation 1 has invalid symbol index 241
Can't get contents for section '.debug_info'.
crasher: file format elf64-x86-64
crasher
architecture: i386:x86-64, flags 0x00000011:
HAS_RELOC, HAS_SYMS
start address 0x0000000000000000
objdump: crasher: invalid string offset 16777216 >= 13 for section `.strtab'
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0000000f 0000000000000000 0000000000000000 00000040 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .data 00000000 0000000000000000 0000000000000000 0000004f 2**0
CONTENTS, ALLOC, LOAD, DATA
2 .bss 00000000 0000000000000000 0000000000000000 0000004f 2**0
ALLOC
3 .debug_info 00000053 0000000000000000 0000000000000000 0000004f 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
4 .debug_abbrev 00000039 0000000000000000 0000000000000000 000000a2 2**0
CONTENTS, READONLY, DEBUGGING, OCTETS
5 .debug_aranges 00000030 0000000000000000 0000000000000000 000000db 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
6 .debug_line 0000003d 0000000000000000 0000000000000000 0000010b 2**0
CONTENTS, RELOC, READONLY, DEBUGGING, OCTETS
7 .debug_str 00000093 0000000000000000 0000000000000000 00000148 2**0
CONTENTS, READONLY, DEBUGGING, OCTETS
8 .comment 0000002c 0000000000000000 0000000000000000 000001db 2**0
CONTENTS, READONLY
9 .note.GNU-stack 00000000 0000000000000000 0000000000000000 00000207
2**0
CONTENTS, READONLY
10 .note.gnu.property 00000020 0000000000000000 0000000000000000 00000208
2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
11 .eh_frame 00000038 0000000000000000 0000000000000000 00000228 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
SYMBOL TABLE:
0000000000000000 l df *ABS* 0000000000000000 main.c
0000000000000000 l d .text 0000000000000000 .text
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 l d .bss 0000000000000000 .bss
0000000000000000 l d .debug_info 0000000000000000 (null)
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_line 0000000000000000 .debug_line
0000000000000000 l d .debug_str 0000000000000000 .debug_str
0000000000000000 l d .note.GNU-stack 0000000000000000
.note.GNU-stack
0000000000000000 l d .note.gnu.property 0000000000000000
.note.gnu.property
0000000000000000 l d .eh_frame 0000000000000000 .eh_frame
0000000000000000 l d .comment 0000000000000000 .comment
0000000000000000 g F .text 000000000000000f main
Can't get contents for section '.debug_info'.
Contents of the .debug_abbrev section:
Number TAG (0x0)
1 DW_TAG_compile_unit [has children]
DW_AT_producer DW_FORM_strp
DW_AT_language DW_FORM_data1
DW_AT_name DW_FORM_ref_sup8
DW_AT_comp_dir DW_FORM_strp
DW_AT_low_pc DW_FORM_addr
DW_AT_high_pc DW_FORM_data8
DW_AT_stmt_list DW_FORM_sec_offset
DW_AT value: 0 DW_FORM value: 0
2 DW_TAG_subprogram [no children]
DW_AT_external DW_FORM_flag_present
DW_AT_name DW_FORM_strp
DW_AT_decl_file DW_FORM_data1
DW_AT_decl_line DW_FORM_data1
DW_AT_decl_column DW_FORM_data1
DW_AT_type DW_FORM_ref4
DW_AT_low_pc DW_FORM_addr
DW_AT_high_pc DW_FORM_data8
DW_AT_frame_base DW_FORM_exprloc
DW_AT_GNU_all_call_sites DW_FORM_flag_present
DW_AT value: 0 DW_FORM value: 0
3 DW_TAG_base_type [no children]
DW_AT_byte_size DW_FORM_data1
DW_AT_encoding DW_FORM_data1
DW_AT_name DW_FORM_string
DW_AT value: 0 DW_FORM value: 0
Raw dump of debug contents of section .debug_line:
Offset: 0x0
Length: 57
DWARF Version: 5
Prologue Length: 16842752
Minimum Instruction Length: 251
Maximum Ops per Instruction: 14
Initial value of 'is_stmt': 13
Line Base: 0
Line Range: 1
Opcode Base: 1
Opcodes:
The Directory Table is empty.
The File Name Table (offset 0x18):
Entry
0
Line Number Statements:
[0x00000018]objdump: Warning: Badly formed extended line op encountered!
[0x0000001a] Special opcode 0: advance Address by 0 to 0x0[0] and Line by 0
to 1
[0x0000001b]objdump: Warning: Badly formed extended line op encountered!
[0x0000001d] Special opcode 96: advance Address by 96 to 0x5e2[12] and Line
by 0 to 1
[0x0000001e] Special opcode 104: advance Address by 104 to 0xdba[4] and Line
by 0 to 1
[0x0000001f] Special opcode 109: advance Address by 109 to 0x1592[1] and
Line by 0 to 1
[0x00000020] Special opcode 45: advance Address by 45 to 0x1883[4] and Line
by 0 to 1
[0x00000021] Special opcode 98: advance Address by 98 to 0x1f60[4] and Line
by 0 to 1
[0x00000022]objdump: Warning: Badly formed extended line op encountered!
[0x00000024]objdump: Warning: Badly formed extended line op encountered!
[0x00000026] Extended opcode 12: UNKNOWN: length 4 [ 00 09 02 00]
[0x0000002d]objdump: Warning: Badly formed extended line op encountered!
[0x0000002f]objdump: Warning: Badly formed extended line op encountered!
[0x00000031]objdump: Warning: Badly formed extended line op encountered!
[0x00000033] Extended opcode 5: UNKNOWN: length 0 []
[0x00000036] Special opcode 12: advance Address by 12 to 0x205b[2] and Line
by 0 to 1
[0x00000037] Special opcode 199: advance Address by 199 to 0x2e15[5] and
Line by 0 to 1
[0x00000038] Special opcode 1: advance Address by 1 to 0x2e15[6] and Line by
0 to 1 (view 1)
[0x00000039] Special opcode 1: advance Address by 1 to 0x2e15[7] and Line by
0 to 1 (view 2)
[0x0000003a] Extended opcode 1: End of Sequence
Contents of the .debug_line section:
CU: ./(null):
File name Line number Starting address View
Stmt
objdump: Warning: Badly formed extended line op encountered!
UNKNOWN (0): length 2
==845== Invalid read of size 1
==845== at 0x483EF46: strlen (in
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==845== by 0x12BD6F: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x11A4E9: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x4A29FF6: bfd_map_over_sections (in
/usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so)
==845== by 0x115744: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x11644C: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x4B3B082: (below main) (libc-start.c:308)
==845== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==845==
==845==
==845== Process terminating with default action of signal 11 (SIGSEGV): dumping
core
==845== Access not within mapped region at address 0x0
==845== at 0x483EF46: strlen (in
/usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==845== by 0x12BD6F: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x11A4E9: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x4A29FF6: bfd_map_over_sections (in
/usr/lib/x86_64-linux-gnu/libbfd-2.34-system.so)
==845== by 0x115744: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x11644C: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x116532: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x111B3C: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==845== by 0x4B3B082: (below main) (libc-start.c:308)
==845== If you believe this happened as a result of a stack
==845== overflow in your program's main thread (unlikely but
==845== possible), you can try to increase the size of the
==845== main thread stack using the --main-stacksize= flag.
==845== The main thread stack size used in this run was 8388608.
==845==
==845== HEAP SUMMARY:
==845== in use at exit: 55,445 bytes in 47 blocks
==845== total heap usage: 86 allocs, 39 frees, 214,999 bytes allocated
==845==
==845== LEAK SUMMARY:
==845== definitely lost: 0 bytes in 0 blocks
==845== indirectly lost: 0 bytes in 0 blocks
==845== possibly lost: 120 bytes in 1 blocks
==845== still reachable: 55,325 bytes in 46 blocks
==845== suppressed: 0 bytes in 0 blocks
==845== Rerun with --leak-check=full to see details of leaked memory
==845==
==845== For lists of detected and suppressed errors, rerun with: -s
==845== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
--
You are receiving this mail because:
You are on the CC list for the bug.
