[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-23 Thread amodra at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

Alan Modra  changed:

   What|Removed |Added

 CC||amodra at gmail dot com

--- Comment #10 from Alan Modra  ---
The latest patch regressed i386-darwin.
i386-darwin  +FAIL: objcopy (simple copy)
i386-darwin  +FAIL: strip --strip-unneeded on common symbol

$ ./objdump -t tmpdir/bintest.o tmpdir/copy.o

tmpdir/bintest.o: file format mach-o-i386

SYMBOL TABLE:
 l   0e SECT   01  [.text] static_text_symbol
0008 l   0e SECT   02  [.data] static_data_symbol
0008 g   0f SECT   02  [.data] data_symbol
 g   0f SECT   01  [.text] text_symbol
0004 01 COM00  common_symbol
 g   01 UND00  external_symbol



tmpdir/copy.o: file format mach-o-i386

SYMBOL TABLE:
 l   0e SECT   01  [.text] static_text_symbol
0008 l   0e SECT   02  [.data] static_data_symbol
0004 l   00 COM00  common_symbol
0008 g   0f SECT   02  [.data] data_symbol
 g   0f SECT   01  [.text] text_symbol
 g   01 UND00  external_symbol


Note the common_symbol change.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-23 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #9 from Nick Clifton  ---
Extra patch applied.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-23 Thread cvs-commit at gcc dot gnu.org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #8 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=334d4ced42d3d54a70a19f1323ff41c5a5f4ff5e

commit 334d4ced42d3d54a70a19f1323ff41c5a5f4ff5e
Author: Nick Clifton 
Date:   Thu Aug 23 11:45:38 2018 +0100

Prevent illegal memory access when processing COFF auxillary symbol
information.

PR 23061
* coffgen.c (coff_pointerize_aux): Add table_end parameter.  Use
it to prevent walking off the end of the table.
(coff_get_normalized_symtab): Pass internal_end pointer to
coff_pointerize_aux.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-23 Thread manisandro at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #7 from Sandro Mani  ---
Hi Nick, thanks, fixes the segfault.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-21 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #6 from Nick Clifton  ---
Created attachment 11199
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11199=edit
Proposed patch

Hi Sandro,

  Please could you see if the uploaded patch fixes the problem ?
  Thanks.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-08-08 Thread manisandro at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

Sandro Mani  changed:

   What|Removed |Added

 CC||manisandro at gmail dot com

--- Comment #5 from Sandro Mani  ---
I suppose a similar fix/sanity check is also needed for
a->u.auxent.x_sym.x_tagndx.l: running

mingw-objcopy --only-keep-debug LLVM.dll LLVM.dll.debug

results in:

Program received signal SIGSEGV, Segmentation fault.
0x0044ab5f in coff_mangle_symbols (bfd_ptr=bfd_ptr@entry=0x54c760) at
../../bfd/coffgen.c:842
842   a->u.auxent.x_sym.x_tagndx.l =
(gdb) bt
#0  0x0044ab5f in coff_mangle_symbols (bfd_ptr=bfd_ptr@entry=0x54c760)
at ../../bfd/coffgen.c:842
#1  0x00459ed7 in coff_write_object_contents (abfd=0x54c760) at
../../bfd/coffcode.h:4231
#2  0x004310fe in bfd_close (abfd=0x54c760) at ../../bfd/opncls.c:731
#3  0x00409fa6 in copy_file
(input_filename=input_filename@entry=0x7fffe0b4 "LLVM.dll",
output_filename=output_filename@entry=0x7fffe0bd "LLVM.dll.debug",
input_target=input_target@entry=0x0, 
output_target=, output_target@entry=0x0,
input_arch=input_arch@entry=0x0) at ../../binutils/objcopy.c:3530
#4  0x00404853 in copy_main (argv=, argc=) at ../../binutils/objcopy.c:5478
#5  main (argc=, argv=) at
../../binutils/objcopy.c:5582

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-04-16 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #4 from Nick Clifton  ---
(In reply to Tom Ritter from comment #3)

Hi Tom,

> However, looking at the patch, it seems to me that it just does a sanity
> check to prevent doing something that would be illegal.

Ah - you noticed...

> I had thought my
> input data was (supposedly) valid - but it seems that is not the case. Do
> you agree?

Well - I actually suspect that the problem is not that the data is illegal
per-se, but rather that there is too much of it.  Now don't quote me on this,
because this is just a feeling rather than a certainty, but I would guess that
firefox has so many symbols in it that they are filling up, and overflowing
a table somewhere.  (Or maybe an 32-bit offset is wrapping around and causing
problems that way).


> If you know, would you be able to tell me where in the file format (what
> fields, etc) this illegal data is? 

Well, the problem appears to be that the:

  auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l

field is ridiculously large, for the symbol that is causing the problems.
(There may be more than one symbol, I did not check).  Since this field
is initialised (in coffmangle_symbols) to:

  a->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l =
a->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.p->offset;

The implication is that the offset field has been computed incorrectly.

I have not traced the problem any further than this though.  (Please feel
free to do so yourself, of course).  My gut tells me that there are still
problems in this part of the BFD library.  But my boss tells me that there
are more important things to be working on at this time, so unless/until
another bug turns up, I will have to sideline any further investigations.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-04-16 Thread tom at ritter dot vg 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #3 from Tom Ritter  ---
Thanks Nick. With the patch, I no longer get a segfault. 

However, looking at the patch, it seems to me that it just does a sanity check
to prevent doing something that would be illegal. I had thought my input data
was (supposedly) valid - but it seems that is not the case. Do you agree?

If you know, would you be able to tell me where in the file format (what
fields, etc) this illegal data is?  I previously spent some time writing my own
DWARF parser to identify some other, incorrect data
(https://ritter.vg/misc/stuff/dwarf-error.html) but I had fixed that instance
and hoped I was generating valid data now...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-04-16 Thread nickc at redhat dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

Nick Clifton  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 CC||nickc at redhat dot com
 Resolution|--- |FIXED

--- Comment #2 from Nick Clifton  ---
Hi Tom,

  Thanks for reporting this bug.  I have checked in a small patch to fix it.
  Please let me know if the problem persists.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

[Bug binutils/23061] objcopy segfault in coff_mangle_symbols

2018-04-16 Thread cvs-commit at gcc dot gnu.org 
https://sourceware.org/bugzilla/show_bug.cgi?id=23061

--- Comment #1 from cvs-commit at gcc dot gnu.org  ---
The master branch has been updated by Nick Clifton :

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e9af4700bc7435e593dd74d4d2e099b3d7c01eb6

commit e9af4700bc7435e593dd74d4d2e099b3d7c01eb6
Author: Nick Clifton 
Date:   Mon Apr 16 12:59:37 2018 +0100

Prevent an illegal memory access via an out of range fixup pointer.

PR 23061
* coffgen.c (coff_pointerize_aux): Check for an out of range
fixup.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils