[Bug binutils/25648] New: strip-new: SIGSEGV in ihex_write_record

fdgkhdkgh at gmail dot com Mon, 09 Mar 2020 05:02:35 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=25648


            Bug ID: 25648
           Summary: strip-new: SIGSEGV in ihex_write_record
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12362
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12362&action=edit
file that reproduces this problem

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

strip-new  -F  ihex   ./sample 


gdb backtrace : 

gdb-peda$ bt
#0  ihex_write_record (abfd=abfd@entry=0x5555558af520, count=count@entry=0x2,
addr=addr@entry=0x0, type=type@entry=0x4, 
    data=0x7fffffff2405 "\004", data@entry=0x7fffffff2404 "\b\004") at
ihex.c:747
#1  0x00005555555af46e in ihex_write_object_contents (abfd=0x5555558af520) at
ihex.c:860
#2  0x00005555555ab7da in bfd_close (abfd=0x5555558af520) at opncls.c:755
#3  0x000055555558e926 in copy_file (
    input_filename=0x7fffffff2a00
"./single_in-test-3-9-strip-new/crashes/id:000000,sig:11,src:001416,op:argv1,rep:64",
 
    output_filename=0x7fffffff2a56 "./stripoutput", input_target=<optimized
out>, output_target=<optimized out>, input_arch=0x0)
    at objcopy.c:3818
#4  0x00005555555885ce in strip_main (argv=<optimized out>, argc=<optimized
out>) at objcopy.c:4787
#5  main (argc=<optimized out>, argc@entry=0x6, argv=<optimized out>,
argv@entry=0x7fffffff26f8) at objcopy.c:5985
#6  0x00007ffff7801b97 in __libc_start_main (main=0x555555586cb0 <main>,
argc=0x6, argv=0x7fffffff26f8, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffff26e8)
at ../csu/libc-start.c:310
#7  0x00005555555897aa in _start ()


--------


gdb report :


[----------------------------------registers-----------------------------------]
RAX: 0x663c ('<f')
RBX: 0x663c ('<f')
RCX: 0x30 ('0')
RDX: 0x1017467 
RSI: 0x10001 
RDI: 0x7fffffff2380 (":01FFFF0068656C6C6F20776F726C64", '0' <repeats 106
times>, "A8398B555555", '0' <repeats 20 times>,
"C0E38A5555550000883A8B555555000"...)
RBP: 0x8050000 
RSP: 0x7fffffff2380 (":01FFFF0068656C6C6F20776F726C64", '0' <repeats 106
times>, "A8398B555555", '0' <repeats 20 times>,
"C0E38A5555550000883A8B555555000"...)
RIP: 0x5555555af250 (<ihex_write_record+224>:   mov    BYTE PTR [r9-0x1],cl)
R8 : 0x5555558b901c --> 0x0 
R9 : 0x7ffffffff001 
R10: 0x5555556569d0 ("0123456789ABCDEF")
R11: 0x5555558af520 --> 0x5555558af650 ("./stripoutput")
R12: 0x5555558b29e0 ("hello world")
R13: 0x10001 
R14: 0x804ffff 
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x5555555af245 <ihex_write_record+213>:      and    ecx,0xf
   0x5555555af248 <ihex_write_record+216>:      movzx  ecx,BYTE PTR [r10+rcx*1]
   0x5555555af24d <ihex_write_record+221>:      mov    rbx,rax
=> 0x5555555af250 <ihex_write_record+224>:      mov    BYTE PTR [r9-0x1],cl
   0x5555555af254 <ihex_write_record+228>:      cmp    rax,rsi
   0x5555555af257 <ihex_write_record+231>:      jb     0x5555555af220
<ihex_write_record+176>
   0x5555555af259 <ihex_write_record+233>:      neg    edx
   0x5555555af25b <ihex_write_record+235>:      lea    rbx,[rsi+rsi*1+0xd]
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff2380 (":01FFFF0068656C6C6F20776F726C64", '0' <repeats 106
times>, "A8398B555555", '0' <repeats 20 times>,
"C0E38A5555550000883A8B555555000"...)
0008| 0x7fffffff2388 ("068656C6C6F20776F726C64", '0' <repeats 106 times>,
"A8398B555555", '0' <repeats 20 times>,
"C0E38A5555550000883A8B5555550000382A8B5"...)
0016| 0x7fffffff2390 ("C6F20776F726C64", '0' <repeats 106 times>,
"A8398B555555", '0' <repeats 20 times>,
"C0E38A5555550000883A8B5555550000382A8B555555000"...)
0024| 0x7fffffff2398 ("F726C64", '0' <repeats 106 times>, "A8398B555555", '0'
<repeats 20 times>, "C0E38A5555550000883A8B5555550000382A8B555555", '0'
<repeats 11 times>...)
0032| 0x7fffffff23a0 ('0' <repeats 105 times>, "A8398B555555", '0' <repeats 20
times>, "C0E38A5555550000883A8B5555550000382A8B555555", '0' <repeats 19
times>...)
0040| 0x7fffffff23a8 ('0' <repeats 97 times>, "A8398B555555", '0' <repeats 20
times>, "C0E38A5555550000883A8B5555550000382A8B555555", '0' <repeats 27
times>...)
0048| 0x7fffffff23b0 ('0' <repeats 89 times>, "A8398B555555", '0' <repeats 20
times>, "C0E38A5555550000883A8B5555550000382A8B555555", '0' <repeats 35
times>...)
0056| 0x7fffffff23b8 ('0' <repeats 81 times>, "A8398B555555", '0' <repeats 20
times>, "C0E38A5555550000883A8B5555550000382A8B555555", '0' <repeats 43
times>...)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
ihex_write_record (abfd=0x5555558af520, count=0x10001, addr=<optimized out>,
type=<optimized out>, data=0x5555558b901b "")
    at ihex.c:747
747           TOHEX (p, *data);

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/25648] New: strip-new: SIGSEGV in ihex_write_record

Reply via email to