[Bug binutils/25444] New: objcopy : Floating point exception in _bfd_elf_compute_section_file_positions

[fdgkhdkgh at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25444

            Bug ID: 25444
           Summary: objcopy : Floating point exception in
                    _bfd_elf_compute_section_file_positions
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12226
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12226&action=edit
file that reproduces this problem

Corrupted file can trigger the Floating point exception.


binutils Version : HEAD
git clone git://sourceware.org/git/binutils-gdb.git

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy -I elf32-i386 -O elf32-i386 -B iamcu ./sample


gdb backtrace :

#0  0x00005555555cae6b in assign_file_positions_for_load_sections
(link_info=0x0, abfd=0x5555558ac510) at elf.c:5761
#1  assign_file_positions_except_relocs (link_info=0x0, abfd=0x5555558ac510) at
elf.c:6362
#2  _bfd_elf_compute_section_file_positions (abfd=<optimized out>,
link_info=link_info@entry=0x0) at elf.c:4353
#3  0x00005555555d0da7 in _bfd_elf_set_section_contents (abfd=0x5555558ac510,
section=0x5555558b55d0, 
    location=0x5555558c0cf0, offset=0x0, count=0x13) at elf.c:9144
#4  0x00005555555ac5f4 in bfd_set_section_contents (abfd=0x5555558ac510,
section=0x5555558b55d0, 
    location=0x5555558c0cf0, offset=<optimized out>, count=<optimized out>) at
section.c:1503
#5  0x000055555558a837 in copy_section (ibfd=<optimized out>,
isection=<optimized out>, obfdarg=0x5555558ac510)
    at objcopy.c:4386
#6  0x00005555555ac48c in bfd_map_over_sections (abfd=0x5555558ab3c0,
operation=0x55555558a540 <copy_section>, 
    user_storage=0x5555558ac510) at section.c:1362
#7  0x000055555558bfcc in copy_object (ibfd=<optimized out>, obfd=<optimized
out>, input_arch=<optimized out>)
    at objcopy.c:3232
#8  0x000055555558e0f9 in copy_file (input_filename=0x7fffffff2a35 "./sample",
output_filename=0x7fffffff2a3e "./gg", 
    input_target=<optimized out>, output_target=<optimized out>,
input_arch=0x55555589d820 <bfd_iamcu_arch>)
    at objcopy.c:3798
#9  0x0000555555588200 in copy_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:5848
#10 main (argc=<optimized out>, argc@entry=0x9, argv=<optimized out>,
argv@entry=0x7fffffff26f8) at objcopy.c:5974
#11 0x00007ffff7801b97 in __libc_start_main (main=0x5555555865b0 <main>,
argc=0x9, argv=0x7fffffff26f8, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffff26e8)
    at ../csu/libc-start.c:310
#12 0x00005555555890aa in _start ()


----------------

gdb peda report:

[----------------------------------registers-----------------------------------]
RAX: 0x174 
RBX: 0x5555558c8180 --> 0x1 
RCX: 0x0 
RDX: 0x0 
RSI: 0x0 
RDI: 0x5555558c77d8 --> 0x5555558c7820 --> 0x5555558c7868 --> 0x5555558c7988
--> 0x5555558c79d0 --> 0x5555558c7a18 (--> ...)
RBP: 0x1 
RSP: 0x7fffffff20d0 --> 0x0 
RIP: 0x5555555cae6b (<_bfd_elf_compute_section_file_positions+7739>:    div   
rcx)
R8 : 0x1 
R9 : 0x97c0000 ('')
R10: 0xa ('\n')
R11: 0x2 
R12: 0x0 
R13: 0x5555558c7788 --> 0x5555558c77d8 --> 0x5555558c7820 --> 0x5555558c7868
--> 0x5555558c7988 --> 0x5555558c79d0 (--> ...)
R14: 0x5555558c8380 --> 0x5555558c7788 --> 0x5555558c77d8 --> 0x5555558c7820
--> 0x5555558c7868 --> 0x5555558c7988 (--> ...)
R15: 0x5555558ac510 --> 0x5555558b6530 --> 0x7f0067672f2e
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x5555555cae61 <_bfd_elf_compute_section_file_positions+7729>:       mov   
rcx,rsi
   0x5555555cae64 <_bfd_elf_compute_section_file_positions+7732>:       cmovae
rcx,QWORD PTR [rbx+0x38]
   0x5555555cae69 <_bfd_elf_compute_section_file_positions+7737>:       xor   
edx,edx
=> 0x5555555cae6b <_bfd_elf_compute_section_file_positions+7739>:       div   
rcx
   0x5555555cae6e <_bfd_elf_compute_section_file_positions+7742>:       mov   
QWORD PTR [rbx+0x10],rdx
   0x5555555cae72 <_bfd_elf_compute_section_file_positions+7746>:       
    jmp    0x5555555caa4a <_bfd_elf_compute_section_file_positions+6682>
   0x5555555cae77 <_bfd_elf_compute_section_file_positions+7751>:       nop   
WORD PTR [rax+rax*1+0x0]
   0x5555555cae80 <_bfd_elf_compute_section_file_positions+7760>:       test  
r12b,0x20
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff20d0 --> 0x0 
0008| 0x7fffffff20d8 --> 0x0 
0016| 0x7fffffff20e0 --> 0x174 
0024| 0x7fffffff20e8 --> 0x5555558ac510 --> 0x5555558b6530 --> 0x7f0067672f2e 
0032| 0x7fffffff20f0 --> 0x555500000000 ('')
0040| 0x7fffffff20f8 --> 0x0 
0048| 0x7fffffff2100 --> 0x5555558a32e0 --> 0xc00000008 
0056| 0x7fffffff2108 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGFPE
0x00005555555cae6b in assign_file_positions_for_load_sections (link_info=0x0,
abfd=0x5555558ac510) at elf.c:5761
5761                    p->p_offset = off % (p->p_align > maxpagesize

-- 
You are receiving this mail because:
You are on the CC list for the bug.