https://sourceware.org/bugzilla/show_bug.cgi?id=19005
--- Comment #9 from Andrew Stubbs <ams at sourceware dot org> --- No, it's the call to bfd_set_section_contents in which the UB occurs. You can see this with valgrind: ==14966== Invalid read of size 1 ==14966== at 0x50AA0A0: _IO_default_xsputn (genops.c:480) ==14966== by 0x50A7104: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1380) ==14966== by 0x509D2DC: fwrite (iofwrite.c:45) ==14966== by 0x49937B: cache_bwrite (cache.c:378) ==14966== by 0x42B2C0: bfd_bwrite (bfdio.c:211) ==14966== by 0x42DE66: _bfd_generic_set_section_contents (libbfd.c:885) ==14966== by 0x42FD4F: bfd_set_section_contents (section.c:1518) ==14966== by 0x405D18: copy_section (objcopy.c:3179) ==14966== by 0x42FDEB: bfd_map_over_sections (section.c:1380) ==14966== by 0x403BE6: copy_object (objcopy.c:2215) ==14966== by 0x4057DB: copy_file (objcopy.c:2667) ==14966== by 0x407001: main (objcopy.c:4475) ==14966== Address 0x53cb873 is 0 bytes after a block of size 3 alloc'd ==14966== at 0x4C2865E: malloc (vg_replace_malloc.c:270) ==14966== by 0x42E0EA: bfd_malloc (libbfd.c:184) ==14966== by 0x42C287: bfd_get_full_section_contents (compress.c:248) ==14966== by 0x405B4B: copy_section (objcopy.c:3124) ==14966== by 0x42FDEB: bfd_map_over_sections (section.c:1380) ==14966== by 0x403BE6: copy_object (objcopy.c:2215) ==14966== by 0x4057DB: copy_file (objcopy.c:2667) ==14966== by 0x407001: main (objcopy.c:4475) Neither patch fixes that. Both also leave the interleave code broken, I think. The correct length is always the input section size after conversion, IIUC. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils