https://sourceware.org/bugzilla/show_bug.cgi?id=22706
--- Comment #5 from Sergei Trofimovich <slyfox at inbox dot ru> ---
Managed to craft an object file to trigger needed asserts.
As a bonus the test also causes out-of-bounds read access in ld and causes
SIGSEGV:
# cat bug.S
# trying to trigger BFD_ASSERTs to make errors better:
# https://sourceware.org/PR22706
# originally was found on toolchain that hits those asserts
# and makes failures hard to discover
.text
.globl _start
_start:
.word 0
.word 0
.word 0
.globl bar
.hidden bar
bar:
.word 0
.word 0
.word 0
.reloc _start, R_SH_TLS_LE_32, bar-5
.reloc _start, R_SH_TLS_IE_32, bar-5
.reloc _start, R_SH_TLS_GD_32, bar-5
Triggering (already patched binutils to produce nicer failures):
$ sh4-unknown-linux-gnu-as bug.S -o bug.o
$ sh4-unknown-linux-gnu-ld -m shlelf_linux -dynamic-linker /lib/ld-linux.so.2
-o bug.elf bug.o
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5156
sh4-unknown-linux-gnu-ld: bug.o(.text+0xfffffffffffffff6): unexpected
instruction 0000 (expected 0xd0??, mov.l)
sh4-unknown-linux-gnu-ld: bug.o(.text+0xfffffffffffffff8): unexpected
instruction 0021 (expected 0x0?12, stc)
sh4-unknown-linux-gnu-ld: bug.o(.text+0xfffffffffffffffa): unexpected
instruction 0000 (expected 0x0?ce, mov.l)
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5115
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5126
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5128
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5130
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5132
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5134
sh4-unknown-linux-gnu-ld: BFD (Gentoo 2.30 p3) 2.30.0 assertion fail
/tmp/portage-tmpdir/portage/cross-sh4-unknown-linux-gnu/binutils-2.30-r3/work/binutils-2.30/bfd/elf32-sh.c:5136
free(): invalid size
./do.sh: line 7: 17526 Aborted (core dumped)
sh4-unknown-linux-gnu-ld -m shlelf_linux -dynamic-linker /lib/ld-linux.so.2 -o
bug.elf bug.o
valgrind suggests SIGSEGV might be related to out-of-bounds write:
==22276== Invalid read of size 2
==22276== at 0x4E790A0: bfd_getl16 (libbfd.c:505)
==22276== by 0x4E91634: sh_elf_relocate_section (elf32-sh.c:5159)
==22276== by 0x4EB870F: elf_link_input_bfd (elflink.c:10715)
==22276== by 0x4EBA25E: bfd_elf_final_link (elflink.c:12033)
==22276== by 0x1294CE: ldwrite (ldwrite.c:581)
==22276== by 0x11202F: main (ldmain.c:456)
==22276== Address 0x596b806 is 10 bytes before a block of size 12 alloc'd
==22276== at 0x4C2CE6F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22276== by 0x4E78E81: bfd_malloc (libbfd.c:193)
==22276== by 0x4EB9DE0: bfd_elf_final_link (elflink.c:11910)
==22276== by 0x1294CE: ldwrite (ldwrite.c:581)
==22276== by 0x11202F: main (ldmain.c:456)
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
