Launchpad has imported 6 comments from the remote bug at http://sourceware.org/bugzilla/show_bug.cgi?id=13135.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-08-25T22:20:28+00:00 Stephen McCamant wrote: Created attachment 5913 Patch to fix printf argument types The change to using bfd_vma for offset computations, described in the fix for PR/12752 (CVS revision 1.146 of opcodes/arm-dis.c) causes the code to crash in configurations where the size of bfd_vma is different than the size of "int", because the code is now passing values of type bfd_vma to a "%d" format specifier. For instance one such code snippet in print_insn_coprocessor looks like: 1876 bfd_vma offset = given & 0xff; ... 1892 if (offset) 1893 func (stream, ", #%d]%s", 1894 offset, 1895 WRITEBACK_BIT_SET ? "!" : ""); When this code passes "offset" as a 64-bit value, the printf function will interpret the low 32 bits as the %d argument, and the high 32 bits as the %s argument, but if the value is negative, the high bits will be equivalent to -1, which causes a segfault when used as character pointer. For instance, I see this when I compile a version of the binutils that supports 32-bit x86, 64-bit AMD64, and ARM on a 32-bit x86/Linux host system; then "int" is 32 bits, but bfd_vma is 64 bits. This is the sort of error that is supposed to be caught by GCC's format string checking. I see that that checking was enabled at the relevant place in 2005 (change 1.54 to include/dis-asm.h), but then it was disabled again (perhaps inadvertently; I don't see anything about it in the log message) in 2007 (change 1.67 to the same file). I've attached a proof-of-concept patch which re-enables the warnings, and then adds casts on all the printf arguments in arm-dis.c that cause warnings under this configuration. I've verified that this fixes all the crashes I've seen in my configuration; objdump can now disassembly 50MB of random bytes without crashing. However I haven't investigated whether this problem occurs elsewhere, and I haven't checked whether this respects all the signs correctly, which was the issue in PR/12752. (For instance, could there be a configuration where bfd_vma is 32 bits but int is 64?) Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/0 ------------------------------------------------------------------------ On 2011-08-25T22:35:01+00:00 Stephen McCamant wrote: Here's a short command sequence to reproduce (in the appropriate configuration): % perl -e 'print pack("V*", 0xed69cdcb)' >/tmp/bad.insn % objdump -b binary -m arm -EL -D /tmp/bad.insn The expected result is something like: 0: ed69cdcb stcl 13, cr12, [r9, #-812]! ; 0xfffffcd4 whereas what I see instead is a segmentation fault. Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/1 ------------------------------------------------------------------------ On 2012-07-21T01:31:28+00:00 Dave Gilbert wrote: Hi Stephen, I think I've also hit this case. Watch out though with reenabling that attribute check that there are a few broken printf's elsewhere; mips-dis.c seems to have a load of int's passed to long's. (I'll attach a patch tomorrow or so). (A friend managed to type random hex and hit cd45b43a which segs in this way on ARM). Dave Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/2 ------------------------------------------------------------------------ On 2012-07-21T19:27:38+00:00 Dave Gilbert wrote: Created attachment 6543 more printf format fixes This diff includes Stephen's diff and also patches mips (that has mismatches) and hppa, 68k and sparc that used printf without a format string, and newer gcc's seem to be (rightly) picky about that. make check seems OK with this, but it should get checked by guys who know those arch. Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/5 ------------------------------------------------------------------------ On 2012-07-24T12:56:51+00:00 Cvs-commit wrote: CVSROOT: /cvs/src Module name: src Changes by: [email protected] 2012-07-24 12:56:48 Modified files: opcodes : ChangeLog arm-dis.c hppa-dis.c m68k-dis.c microblaze-dis.c mips-dis.c ppc-dis.c sparc-dis.c include : ChangeLog dis-asm.h Log message: PR binutils/13135 * arm-dis.c: Add necessary casts for printing integer values. Use %s when printing string values. * hppa-dis.c: Likewise. * m68k-dis.c: Likewise. * microblaze-dis.c: Likewise. * mips-dis.c: Likewise. * ppc-dis.c: Likewise. * sparc-dis.c: Likewise. * dis-asm.h (fprintf_ftype): Add ATTRIBUTE_FPTR_PRINTF_2. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/ChangeLog.diff?cvsroot=src&r1=1.1828&r2=1.1829 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/arm-dis.c.diff?cvsroot=src&r1=1.151&r2=1.152 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/hppa-dis.c.diff?cvsroot=src&r1=1.50&r2=1.51 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/m68k-dis.c.diff?cvsroot=src&r1=1.37&r2=1.38 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/microblaze-dis.c.diff?cvsroot=src&r1=1.4&r2=1.5 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/mips-dis.c.diff?cvsroot=src&r1=1.91&r2=1.92 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/ppc-dis.c.diff?cvsroot=src&r1=1.58&r2=1.59 http://sourceware.org/cgi-bin/cvsweb.cgi/src/opcodes/sparc-dis.c.diff?cvsroot=src&r1=1.23&r2=1.24 http://sourceware.org/cgi-bin/cvsweb.cgi/src/include/ChangeLog.diff?cvsroot=src&r1=1.580&r2=1.581 http://sourceware.org/cgi-bin/cvsweb.cgi/src/include/dis-asm.h.diff?cvsroot=src&r1=1.86&r2=1.87 Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/10 ------------------------------------------------------------------------ On 2012-07-24T12:58:04+00:00 Nickc wrote: Patch approved and applied. Cheers Nick Reply at: https://bugs.launchpad.net/binutils/+bug/1027454/comments/11 ** Changed in: binutils Status: Unknown => Confirmed ** Changed in: binutils Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1027454 Title: misdisassembly/and seg of ARM on 32bit hosts To manage notifications about this bug go to: https://bugs.launchpad.net/binutils/+bug/1027454/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
