[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[boehme.marcel at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

Marcel Böhme  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |INVALID

--- Comment #7 from Marcel Böhme  ---
Hi Alan,

Yes, very likely. Could not find an invalid read with GDB and there are no
complaints from ASAN. So, I'm marking this report as resolved invalid.

Thanks!
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

--- Comment #6 from Alan Modra  ---
I suspect this is a valgrind problem
https://bugs.launchpad.net/ubuntu/+source/valgrind/+bug/852760

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[boehme.marcel at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

--- Comment #5 from Marcel Böhme  ---
Hi Alan,

Tried executing it from different working directories. Same outcome.
Tried executing it on Ubuntu 16.04 on Binutils revision 5cd1d8bc and I cannot
reproduce. Hmm...

This is what I get from GDB:

Reading symbols from
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new...done.
(gdb) set args -T a
(gdb) b make-relative-prefix.c:385
Breakpoint 1 at 0x977c44: file ../../libiberty/make-relative-prefix.c, line
385.
(gdb) r
Starting program:
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T a

Breakpoint 1, make_relative_prefix_1 (progname=,
bin_prefix=bin_prefix@entry=0x999a73 "/usr/local/bin", 
prefix=prefix@entry=0x999b30 "/usr/local/x86_64-pc-linux-gnu/lib",
resolve_links=resolve_links@entry=1)
at ../../libiberty/make-relative-prefix.c:385
385   ptr = ret + strlen(ret);
(gdb) p ret
$1 = 0xc9d970 "/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/"
(gdb) p strlen(ret)
$2 = 57


Here is some more info from Valgrind about where it is allocated:
valgrind /home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T
test100
==50130== Memcheck, a memory error detector
==50130== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==50130== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==50130== Command:
/home/ubuntu/subjects/binutils-gdb_fixed/obj-gold-afl/ld/ld-new -T test100
==50130== 
==50130== Invalid read of size 4
==50130==at 0x977CB8: make_relative_prefix_1 (make-relative-prefix.c:385)
==50130==by 0x4C6B57: find_scripts_dir (ldfile.c:518)
==50130==by 0x4C6B57: ldfile_find_command_file (ldfile.c:554)
==50130==by 0x4C6B57: ldfile_open_command_file_1 (ldfile.c:594)
==50130==by 0x42D304: parse_args (lexsup.c:1219)
==50130==by 0x40D18D: main (ldmain.c:312)
==50130==  Address 0x5409ac8 is 56 bytes inside a block of size 58 alloc'd
==50130==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==50130==by 0x97767B: make_relative_prefix_1 (make-relative-prefix.c:375)
==50130==by 0x4C6B57: find_scripts_dir (ldfile.c:518)
==50130==by 0x4C6B57: ldfile_find_command_file (ldfile.c:554)
==50130==by 0x4C6B57: ldfile_open_command_file_1 (ldfile.c:594)
==50130==by 0x42D304: parse_args (lexsup.c:1219)
==50130==by 0x40D18D: main (ldmain.c:312)

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

--- Comment #4 from Alan Modra  ---
Oops, there should of course be an "r" command after the break (b) command.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

Alan Modra  changed:

   What|Removed |Added

 CC||amodra at gmail dot com

--- Comment #3 from Alan Modra  ---
I also can't reproduce the problem.  Marcel, can you run ld under gdb and tell
us the results of

set args -T test
b make-relative-prefix.c:385
p ret
p strlen(ret)

I'm wondering if the problem only shows up with a particular directory
structure.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gold/20878] gold powerpc64 le linux fails to link large Linux kernel

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20878

--- Comment #5 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Alan Modra :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a5018ae555cdf491005907c03f997558ba15fc47

commit a5018ae555cdf491005907c03f997558ba15fc47
Author: Alan Modra 
Date:   Wed Dec 7 14:12:26 2016 +1030

[GOLD] powerpc64le-linux fails to link large Linux kernel

Gold attaches stubs to an existing section in contrast to ld.bfd which
inserts a new section for stubs.  If we want stubs before branches,
then the stubs must be added to the previous section.  Adding to the
previous section is a disaster if there is a large gap between the
previous section and the group.

PR gold/20878
* powerpc.cc (Stub_control): Replace stubs_always_before_branch_
with stubs_always_after_branch_, group_end_addr_ with
group_start_addr_.
(Stub_control::can_add_to_stub_group): Rewrite to suit scanning
sections by increasing address.
(Target_powerpc::group_sections): Scan that way.  Delete corner
case.
* options.h (--stub-group-size): Update help string.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20893] Sigabrt in objdump

[thuanpv at comp dot nus.edu.sg]

https://sourceware.org/bugzilla/show_bug.cgi?id=20893

Thuan Pham  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #4 from Thuan Pham  ---
No abort anymore.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[boehme.marcel at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

--- Comment #2 from Marcel Böhme  ---
Hi Nick,

I can still reproduce the problem on the latest sources from trunk on Ubuntu
14.04 x86_64.

$ rm test
$ valgrind ld/ld-new -T test
==22837== Memcheck, a memory error detector
==22837== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==22837== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==22837== Command: ld/ld-new -T a
==22837== 
==22837== Invalid read of size 4
==22837==at 0x92C638: make_relative_prefix_1 (make-relative-prefix.c:385)
==22837==by 0x4B97B7: find_scripts_dir (ldfile.c:518)
==22837==by 0x4B97B7: ldfile_find_command_file (ldfile.c:554)
==22837==by 0x4B97B7: ldfile_open_command_file_1 (ldfile.c:594)
==22837==by 0x42B43C: parse_args (lexsup.c:1219)
==22837==by 0x40CBFD: main (ldmain.c:312)

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20932] LD: Internal error during record link assignment

[boehme.marcel at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20932

--- Comment #2 from Marcel Böhme  ---
Hi Nick,

I can still reproduce the problem on the latest sources from trunk on Ubuntu
14.04 x86_64. The error occurs even without the -E option.

$ printf
"\x08\x01\x00\x00\x08\x00\x00\x00\x04\x00\x00\x00\x0\x60\x00\x00\x00\x0\x00\x00\x00\x00\x00\x00\x00\x00\x0\x02\x00\x00\x00\x18\x2300\x06\x00\x00\x00\x14000\x00\x00\x00\x00\x14000\x02\x00\x00\x00\x18000\x06\x00\x00\x00\x1e0\x090\x00\x00\x00\x00\x18000\x02\x00\x00\x00\x18000\x06\x00\x00\x00\x0d000\x08\x00\x00\x00\x0"
> test
$ ld/ld-new test
ld/ld-new: i386 architecture of input file `test' is incompatible with
i386:x86-64 output
ld/ld-new: Special section *ABS* does not support reloc BFD_RELOC_CTOR for set
0
ld/ld-new: BFD (GNU Binutils) 2.27.51.20161207 internal error, aborting at
../../bfd/elflink.c:628 in bfd_elf_record_link_assignment

ld/ld-new: Please report this bug.

$ uname -r
3.19.0-73-generic

Best regards,
- Marcel

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/19254] "too many sections" when linking COFF executables

[kyrab at mail dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=19254

--- Comment #8 from awson  ---
And yes, I'm quite happy with the patches.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/19254] "too many sections" when linking COFF executables

[kyrab at mail dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=19254

--- Comment #7 from awson  ---
Sorry, my miswording. In `ELF` case we have *no* any '$'-separated sections.

What I meant was that (almost)counterpart of PECOFF dollar-separated sections
is ELF dot-separated sections, but while PECOFF dollar-separated sections need
to be sorted, ELF dot-separated sections need no.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/19254] "too many sections" when linking COFF executables

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=19254

Nick Clifton  changed:

   What|Removed |Added

 CC||nickc at redhat dot com

--- Comment #6 from Nick Clifton  ---
Hi Guys,

  I am happy to apply the two patches that have been submitted here, as
  long as you are happy with them too.

  I am not sure however about the context for the ELF case that you are
  talking about.  Which ELF based target will produce section names with
  a $ separator ?

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20933] LD: Buffer Overflow if linker script does not exist

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20933

Nick Clifton  changed:

   What|Removed |Added

 CC||nickc at redhat dot com

--- Comment #1 from Nick Clifton  ---
Hi Marcel,

  I am unable to reproduce this problem.  Please could you recheck ?

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug ld/20932] LD: Internal error during record link assignment

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20932

Nick Clifton  changed:

   What|Removed |Added

 CC||nickc at redhat dot com

--- Comment #1 from Nick Clifton  ---
Hi Marcel,

  Please could you check to see if this problem still exists ?

  I tried using the latest development sources and the internal error
  did not occur.  I suspect that one of the earlier patches for the
  PRs that you have been submitting has also fixed this problem.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20931] STRIP crashes during copy of private bfd data

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20931

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Marcel,

  Thanks for reporting this bug.

  I have checked in a patch which should fix the problem.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20931] STRIP crashes during copy of private bfd data

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20931

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4f3ca05b487e9755018b4c9a053a2e6c35d8a7df

commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
Author: Nick Clifton 
Date:   Tue Dec 6 16:53:57 2016 +

Fix seg-fault in strip when copying a corrupt binary.

PR binutils/20931
* elf.c (copy_special_section_fields): Check for an invalid
sh_link field before attempting to follow it.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20930] STRIP crashes when mapping over sections

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20930

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Marcel,

  Thanks for reporting this bug.

  I have checked in a small patch, similar to the one for PR 20923, to add
extra
  checks when copying relocations during a strip.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20930] STRIP crashes when mapping over sections

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20930

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b929e420a810afe23d5ba57a98109c74d1d5816

commit 8b929e420a810afe23d5ba57a98109c74d1d5816
Author: Nick Clifton 
Date:   Tue Dec 6 16:26:42 2016 +

Fix seg-fault running strip on a corrupt binary.

PR binutils/20930
* objcopy.c (mark_symbols_used_in_relocations): Check for a null
symbol pointer pointer before attempting to mark the symbol as
kept.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20929] STRIP crashes when closing the output bfd after copying

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20929

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Marcel,

  Thanks for reporting this bug.

  I have checked in a patch very similar to the one for PR 20921, that
  adds an additional check for unrecognised relocations.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/20929] STRIP crashes when closing the output bfd after copying

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20929

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=92744f058094edd0b29bf9762f4ac26e4c6743c2

commit 92744f058094edd0b29bf9762f4ac26e4c6743c2
Author: Nick Clifton 
Date:   Tue Dec 6 15:58:15 2016 +

Fix seg-fault running strip on a corrupt binary.

PR binutils/20929
* aoutx.h (squirt_out_relocs): Check for relocs without an
associated symbol.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/20901] AS: Hangs

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20901

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #3 from Nick Clifton  ---
Hi Marcel,

  Thanks for reporting this bug.

  I have checked in a patch to place an upper limit on the number of spaces
  generated by a .space or .ds directive, so now both of your tests exit with
  an error message.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/20901] AS: Hangs

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20901

--- Comment #2 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=005304aae36522a90bbe169faea36db559d0f3d6

commit 005304aae36522a90bbe169faea36db559d0f3d6
Author: Nick Clifton 
Date:   Tue Dec 6 15:31:14 2016 +

Stop the assembler from running out of memory when asked to generate a huge
number of spaces.

PR gas/20901
* read.c (s_space): Place an upper limit on the number of spaces
generated.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/20896] AS: Buffer Overflow when expanding .irp directives

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=20896

--- Comment #11 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5e359a63b7a39e0ff0f750ca8fc97d27b14c0ef7

commit 5e359a63b7a39e0ff0f750ca8fc97d27b14c0ef7
Author: Nick Clifton 
Date:   Tue Dec 6 14:13:57 2016 +

Fix mmix assembler test to account for changes in the error messages
produced by the assembler.

PR gas/20896
* testsuite/gas/mmix/err-byte1.s: Adjust expected warning messages
to account for patch to next_char_of_string.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/20896] AS: Buffer Overflow when expanding .irp directives

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20896

Nick Clifton  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #12 from Nick Clifton  ---
Hi Alan,

> I can confirm you've cured the crash and valgrind failure, but there are
> excess errors..
> 
> pr20896.s: Assembler messages:
> pr20896.s: Warning: end of file in string; '"' inserted
> pr20896.s:2: Warning: missing closing `"'
> pr20896.s:3: Warning: missing closing `"'
> pr20896.s:1: Error: unexpected end of file in irp or irpc

True - but I didn't see any point in worrying about that.  If you are going
to feed the assembler badly malformed input files then you should be grateful
to get any kind of error message at all, let alone several of them.  Well
that's my opinion anyway...

> This also shows up as a fail of one of the mmix gas tests (paths trimmed a
> little below).

Oops - I missed that one.  But I have now checked in a patch to update the
test.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug gas/20934] New: wrong replacements for ld/sd on mips-o32 abi

[ma.jiang at zte dot com.cn]

https://sourceware.org/bugzilla/show_bug.cgi?id=20934

Bug ID: 20934
   Summary: wrong replacements for ld/sd on mips-o32 abi
   Product: binutils
   Version: 2.28 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: gas
  Assignee: unassigned at sourceware dot org
  Reporter: ma.jiang at zte dot com.cn
  Target Milestone: ---

Hi all,
  When using mips-o32 abi, gas will replace ld/sd into lw/sw. This behavior
seems strange. The gas could produce wrong codes easily without any warnings.
  Using "gas -mabi=32", a "ld $v0, ($a1)" will be silently translated into "lw 
v0,0(a1);lw v1,4(a1)". IMO, this is NOT right, because the v1 register is
changed and the coder probably could not notice this.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils