[Bug ld/18466] New: too long symbol names in def files are causing the linker to crash

[t.poechtrager at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=18466

            Bug ID: 18466
           Summary: too long symbol names in def files are causing the
                    linker to crash
           Product: binutils
           Version: 2.25
            Status: NEW
          Severity: minor
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: t.poechtrager at gmail dot com
  Target Milestone: ---

$ echo "EXPORTS" > test.def && for i in {1..10000}; do echo -n 'A' >> test.def;
done

$ i686-w64-mingw32-ld test.def
*** buffer overflow detected ***: i686-w64-mingw32-ld terminated
======= Backtrace: =========
/usr/lib/libc.so.6(+0x71bad)[0x7f0843426bad]
/usr/lib/libc.so.6(__fortify_fail+0x37)[0x7f08434acff7]
/usr/lib/libc.so.6(+0xf61c0)[0x7f08434ab1c0]
/usr/lib/libc.so.6(+0xf5729)[0x7f08434aa729]
/usr/lib/libc.so.6(_IO_default_xsputn+0x80)[0x7f0843429e10]
/usr/lib/libc.so.6(_IO_vfprintf+0x3d12)[0x7f08433fd182]
/usr/lib/libc.so.6(__vsprintf_chk+0x8c)[0x7f08434aa7bc]
/usr/lib/libc.so.6(__sprintf_chk+0x7d)[0x7f08434aa70d]
i686-w64-mingw32-ld[0x42006e]
i686-w64-mingw32-ld[0x4203fd]
i686-w64-mingw32-ld[0x413c25]
i686-w64-mingw32-ld[0x403a20]
/usr/lib/libc.so.6(__libc_start_main+0xf0)[0x7f08433d5790]
i686-w64-mingw32-ld[0x403edb]
======= Memory map: ========
00400000-0050c000 r-xp 00000000 fe:02 10237198                          
/usr/bin/i686-w64-mingw32-ld
0070c000-0070d000 r--p 0010c000 fe:02 10237198                          
/usr/bin/i686-w64-mingw32-ld
0070d000-00710000 rw-p 0010d000 fe:02 10237198                          
/usr/bin/i686-w64-mingw32-ld
00710000-00716000 rw-p 00000000 00:00 0 
02213000-02278000 rw-p 00000000 00:00 0                                  [heap]
7f0842df0000-7f0842e06000 r-xp 00000000 fe:02 10096046                  
/usr/lib/libgcc_s.so.1
7f0842e06000-7f0843005000 ---p 00016000 fe:02 10096046                  
/usr/lib/libgcc_s.so.1
7f0843005000-7f0843006000 rw-p 00015000 fe:02 10096046                  
/usr/lib/libgcc_s.so.1
7f0843006000-7f08433b5000 r--p 00000000 fe:02 10133086                  
/usr/lib/locale/locale-archive
7f08433b5000-7f084354e000 r-xp 00000000 fe:02 10095707                  
/usr/lib/libc-2.21.so
7f084354e000-7f084374d000 ---p 00199000 fe:02 10095707                  
/usr/lib/libc-2.21.so
7f084374d000-7f0843751000 r--p 00198000 fe:02 10095707                  
/usr/lib/libc-2.21.so
7f0843751000-7f0843753000 rw-p 0019c000 fe:02 10095707                  
/usr/lib/libc-2.21.so
7f0843753000-7f0843757000 rw-p 00000000 00:00 0 
7f0843757000-7f084375a000 r-xp 00000000 fe:02 10095742                  
/usr/lib/libdl-2.21.so
7f084375a000-7f0843959000 ---p 00003000 fe:02 10095742                  
/usr/lib/libdl-2.21.so
7f0843959000-7f084395a000 r--p 00002000 fe:02 10095742                  
/usr/lib/libdl-2.21.so
7f084395a000-7f084395b000 rw-p 00003000 fe:02 10095742                  
/usr/lib/libdl-2.21.so
7f084395b000-7f0843970000 r-xp 00000000 fe:02 10098790                  
/usr/lib/libz.so.1.2.8
7f0843970000-7f0843b6f000 ---p 00015000 fe:02 10098790                  
/usr/lib/libz.so.1.2.8
7f0843b6f000-7f0843b70000 r--p 00014000 fe:02 10098790                  
/usr/lib/libz.so.1.2.8
7f0843b70000-7f0843b71000 rw-p 00015000 fe:02 10098790                  
/usr/lib/libz.so.1.2.8
7f0843b71000-7f0843b93000 r-xp 00000000 fe:02 10095762                  
/usr/lib/ld-2.21.so
7f0843d52000-7f0843d56000 rw-p 00000000 00:00 0 
7f0843d90000-7f0843d92000 rw-p 00000000 00:00 0 
7f0843d92000-7f0843d93000 r--p 00021000 fe:02 10095762                  
/usr/lib/ld-2.21.so
7f0843d93000-7f0843d94000 rw-p 00022000 fe:02 10095762                  
/usr/lib/ld-2.21.so
7f0843d94000-7f0843d95000 rw-p 00000000 00:00 0 
7ffd71c05000-7ffd71c26000 rw-p 00000000 00:00 0                         
[stack]
7ffd71c82000-7ffd71c84000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                 
[vsyscall]
Aborted (core dumped)

Backtrace:

(gdb) r
Starting program: /tmp/binutils-2.25/build/ld/ld-new test.def

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff76a2fab in __mempcpy_sse2 () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff76a2fab in __mempcpy_sse2 () from /usr/lib/libc.so.6
#1  0x00007ffff7693e2e in __GI__IO_default_xsputn () from /usr/lib/libc.so.6
#2  0x00007ffff7667182 in vfprintf () from /usr/lib/libc.so.6
#3  0x00007ffff7689e8b in vsprintf () from /usr/lib/libc.so.6
#4  0x00007ffff766df67 in sprintf () from /usr/lib/libc.so.6
#5  0x0000000000429bdb in pe_find_data_imports () at ei386pe.c:1113
#6  0x4141414141414141 in ?? ()
#7  0x4141414141414141 in ?? ()
#8  0x4141414141414141 in ?? ()
#9  0x4141414141414141 in ?? ()
#10 0x4141414141414141 in ?? ()
#11 0x4141414141414141 in ?? ()
#12 0x4141414141414141 in ?? ()
#13 0x4141414141414141 in ?? ()
#14 0x4141414141414141 in ?? ()
#15 0x4141414141414141 in ?? ()
#16 0x4141414141414141 in ?? ()
#17 0x4141414141414141 in ?? ()
[...]

$ i686-w64-mingw32-ld --version
GNU ld (GNU Binutils) 2.25

Found this by accident because I have forgotten line breaks in my automatically
genereted .def file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils