https://sourceware.org/bugzilla/show_bug.cgi?id=34223
Bug ID: 34223
Summary: [RISC-V] GNU ld.bfd emit rel ro output leaks internal
relax relocations
Product: binutils
Version: 2.45
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: l784896635 at gmail dot com
Target Milestone: ---
I ran into this while reducing a RISC-V linker testcase. The reproducer is
already quite small, and I have been seeing the same result consistently across
three reruns.
Summary
=======
riscv64-unknown-elf-ld 2.45 links successfully with --relax --emit-relocs but
writes GNU linker-internal RISC-V relaxation relocations into the final
executable: readelf -r shows unrecognized relocation types 43 and 44, and
objdump -dr names them R_RISCV_RVC_LUI and R_RISCV_GPREL_I in .rela.text.
Expected behavior
=================
A tiny RV32IC program materializes the address of a nearby label with the
ordinary absolute lui/addi sequence. After layout, the high part becomes zero
and relaxation can legally shrink the first instruction to c.li while
preserving standard relocation semantics under --emit-relocs.
Environment
===========
- product: binutils
- component: ld
- toolchain route: gas + ld.bfd
- march: rv32ic
- mabi: ilp32
- first failing stage: link
Reduced testcase
================
--- case.s ---
.option nopic
.text
.align 1
.globl _start
.type _start, @function
_start:
lui a0, %hi(foo)
addi a0, a0, %lo(foo)
.skip 0x7f8
foo:
ret
.size _start, .-_start
--- layout.ld ---
ENTRY(_start)
SECTIONS {
.text 0x00000000 : {
*(.text*)
}
}
Reproduction notes
==================
- This packaged root does not have a single canonical `run.ps1` wrapper.
- Use the reduced inputs under `case/` and follow the commands documented in
`case/README.md`.
- Stable witness outputs, when present, are preserved under
`verify/run1..run3/`.
What I checked
==============
- Reduced inputs are preserved under case/.
- Stable witness outputs are preserved under verify/run1..run3/.
- The strict recheck says stable normalized run signatures across three runs:
True.
- Tracker guidance link:
https://sourceware.org/binutils/docs/ld/Bug-Reporting.html
- evidence summary: 3 clean reproductions under
hunt/verify/bfd_emitrelocs_internal_relax_reloc_leak/run1..run3 show stable
assembly success, stable link success, stable final code c.li x10,0 plus addi
x10,x0,2046, and stable emitted relocation leakage into the executable. This is
a link-stage output defect: the bad relocation records do not exist before
linking and appear only when ld.bfd emits final ELF relocations under
--emit-relocs.
Notes
=====
hunt/runs/bfd-emitrelocs-internal-20260526T110000Z plus upstream May 2024
binutils RISC-V emit-relocs fix series
Root key: bfd.riscv.emit_rel_ro_output_leaks_internal_relax_relocations
Case id: 20260526-bfd-emitrelocs-internal-relax-reloc-leak
--
You are receiving this mail because:
You are on the CC list for the bug.
