[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 Alan Modra changed: What|Removed |Added CC||amodra at gmail dot com --- Comment #10 from Alan Modra --- The latest patch regressed i386-darwin. i386-darwin +FAIL: objcopy (simple copy) i386-darwin +FAIL: strip --strip-unneeded on common symbol $ ./objdump -t tmpdir/bintest.o tmpdir/copy.o tmpdir/bintest.o: file format mach-o-i386 SYMBOL TABLE: l 0e SECT 01 [.text] static_text_symbol 0008 l 0e SECT 02 [.data] static_data_symbol 0008 g 0f SECT 02 [.data] data_symbol g 0f SECT 01 [.text] text_symbol 0004 01 COM00 common_symbol g 01 UND00 external_symbol tmpdir/copy.o: file format mach-o-i386 SYMBOL TABLE: l 0e SECT 01 [.text] static_text_symbol 0008 l 0e SECT 02 [.data] static_data_symbol 0004 l 00 COM00 common_symbol 0008 g 0f SECT 02 [.data] data_symbol g 0f SECT 01 [.text] text_symbol g 01 UND00 external_symbol Note the common_symbol change. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #9 from Nick Clifton --- Extra patch applied. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #8 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=334d4ced42d3d54a70a19f1323ff41c5a5f4ff5e commit 334d4ced42d3d54a70a19f1323ff41c5a5f4ff5e Author: Nick Clifton Date: Thu Aug 23 11:45:38 2018 +0100 Prevent illegal memory access when processing COFF auxillary symbol information. PR 23061 * coffgen.c (coff_pointerize_aux): Add table_end parameter. Use it to prevent walking off the end of the table. (coff_get_normalized_symtab): Pass internal_end pointer to coff_pointerize_aux. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #7 from Sandro Mani --- Hi Nick, thanks, fixes the segfault. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #6 from Nick Clifton --- Created attachment 11199 --> https://sourceware.org/bugzilla/attachment.cgi?id=11199&action=edit Proposed patch Hi Sandro, Please could you see if the uploaded patch fixes the problem ? Thanks. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 Sandro Mani changed: What|Removed |Added CC||manisandro at gmail dot com --- Comment #5 from Sandro Mani --- I suppose a similar fix/sanity check is also needed for a->u.auxent.x_sym.x_tagndx.l: running mingw-objcopy --only-keep-debug LLVM.dll LLVM.dll.debug results in: Program received signal SIGSEGV, Segmentation fault. 0x0044ab5f in coff_mangle_symbols (bfd_ptr=bfd_ptr@entry=0x54c760) at ../../bfd/coffgen.c:842 842 a->u.auxent.x_sym.x_tagndx.l = (gdb) bt #0 0x0044ab5f in coff_mangle_symbols (bfd_ptr=bfd_ptr@entry=0x54c760) at ../../bfd/coffgen.c:842 #1 0x00459ed7 in coff_write_object_contents (abfd=0x54c760) at ../../bfd/coffcode.h:4231 #2 0x004310fe in bfd_close (abfd=0x54c760) at ../../bfd/opncls.c:731 #3 0x00409fa6 in copy_file (input_filename=input_filename@entry=0x7fffe0b4 "LLVM.dll", output_filename=output_filename@entry=0x7fffe0bd "LLVM.dll.debug", input_target=input_target@entry=0x0, output_target=, output_target@entry=0x0, input_arch=input_arch@entry=0x0) at ../../binutils/objcopy.c:3530 #4 0x00404853 in copy_main (argv=, argc=) at ../../binutils/objcopy.c:5478 #5 main (argc=, argv=) at ../../binutils/objcopy.c:5582 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #4 from Nick Clifton --- (In reply to Tom Ritter from comment #3) Hi Tom, > However, looking at the patch, it seems to me that it just does a sanity > check to prevent doing something that would be illegal. Ah - you noticed... > I had thought my > input data was (supposedly) valid - but it seems that is not the case. Do > you agree? Well - I actually suspect that the problem is not that the data is illegal per-se, but rather that there is too much of it. Now don't quote me on this, because this is just a feeling rather than a certainty, but I would guess that firefox has so many symbols in it that they are filling up, and overflowing a table somewhere. (Or maybe an 32-bit offset is wrapping around and causing problems that way). > If you know, would you be able to tell me where in the file format (what > fields, etc) this illegal data is? Well, the problem appears to be that the: auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l field is ridiculously large, for the symbol that is causing the problems. (There may be more than one symbol, I did not check). Since this field is initialised (in coffmangle_symbols) to: a->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l = a->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.p->offset; The implication is that the offset field has been computed incorrectly. I have not traced the problem any further than this though. (Please feel free to do so yourself, of course). My gut tells me that there are still problems in this part of the BFD library. But my boss tells me that there are more important things to be working on at this time, so unless/until another bug turns up, I will have to sideline any further investigations. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #3 from Tom Ritter --- Thanks Nick. With the patch, I no longer get a segfault. However, looking at the patch, it seems to me that it just does a sanity check to prevent doing something that would be illegal. I had thought my input data was (supposedly) valid - but it seems that is not the case. Do you agree? If you know, would you be able to tell me where in the file format (what fields, etc) this illegal data is? I previously spent some time writing my own DWARF parser to identify some other, incorrect data (https://ritter.vg/misc/stuff/dwarf-error.html) but I had fixed that instance and hoped I was generating valid data now... -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Tom, Thanks for reporting this bug. I have checked in a small patch to fix it. Please let me know if the problem persists. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23061] objcopy segfault in coff_mangle_symbols
https://sourceware.org/bugzilla/show_bug.cgi?id=23061 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e9af4700bc7435e593dd74d4d2e099b3d7c01eb6 commit e9af4700bc7435e593dd74d4d2e099b3d7c01eb6 Author: Nick Clifton Date: Mon Apr 16 12:59:37 2018 +0100 Prevent an illegal memory access via an out of range fixup pointer. PR 23061 * coffgen.c (coff_pointerize_aux): Check for an out of range fixup. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils