[Bug binutils/25675] New: objcopy : SIGSEGV in bfd_octets_per_byte ( archures.c:1405 )

fdgkhdkgh at gmail dot com Sat, 14 Mar 2020 06:37:02 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=25675


            Bug ID: 25675
           Summary: objcopy : SIGSEGV in bfd_octets_per_byte (
                    archures.c:1405 )
           Product: binutils
           Version: 2.35 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: fdgkhdkgh at gmail dot com
  Target Milestone: ---

Created attachment 12377
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12377&action=edit
file that reproduces this problem

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy   ./sample

gdb backtrace :

#0  bfd_octets_per_byte (abfd=0x5555558c9190, sec=0x5555558c9048)
    at ./archures.c:1405
#1  0x00005555555c32dd in elf_sort_segments (arg1=arg1@entry=0x5555558c2780, 
    arg2=arg2@entry=0x5555558c2788) at elf.c:5315
#2  0x00007ffff78221f2 in msort_with_tmp (p=p@entry=0x7fffffff1c40, 
    b=b@entry=0x5555558c2780, n=n@entry=0x3) at msort.c:83
#3  0x00007ffff782215e in msort_with_tmp (n=0x3, b=0x5555558c2780, 
    p=0x7fffffff1c40) at msort.c:117
#4  msort_with_tmp (p=0x7fffffff1c40, b=0x5555558c2770, n=n@entry=0x5)
    at msort.c:54
#5  0x00007ffff7822170 in msort_with_tmp (n=0x5, b=0x5555558c2770, 
    p=0x7fffffff1c40) at msort.c:117
#6  msort_with_tmp (p=p@entry=0x7fffffff1c40, b=b@entry=0x5555558c2770, 
    n=n@entry=0xa) at msort.c:53
#7  0x00007ffff7822596 in msort_with_tmp (n=0xa, b=0x5555558c2770, 
    p=0x7fffffff1c40) at msort.c:45
#8  __GI___qsort_r (b=b@entry=0x5555558c2770, n=n@entry=0xa, s=s@entry=0x8, 
    cmp=cmp@entry=0x5555555c3240 <elf_sort_segments>, arg=arg@entry=0x0)
    at msort.c:297
#9  0x00007ffff78226d8 in __GI_qsort (b=b@entry=0x5555558c2770, n=n@entry=0xa, 
    s=s@entry=0x8, cmp=cmp@entry=0x5555555c3240 <elf_sort_segments>)
    at msort.c:308
#10 0x00005555555cb599 in assign_file_positions_for_load_sections
(link_info=0x0, 
    abfd=0x5555558b94d0) at elf.c:5508
#11 assign_file_positions_except_relocs (link_info=0x0, abfd=0x5555558b94d0)
    at elf.c:6370
#12 _bfd_elf_compute_section_file_positions (abfd=<optimized out>, 
    link_info=link_info@entry=0x0) at elf.c:4342
#13 0x00005555555d1daf in _bfd_elf_set_section_contents (abfd=0x5555558b94d0, 
    section=0x5555558b7610, location=0x5555558b8a20, offset=0x0, count=0x13)
    at elf.c:9193
#14 0x00005555555acfa4 in bfd_set_section_contents (abfd=0x5555558b94d0, 
    section=0x5555558b7610, location=0x5555558b8a20, offset=<optimized out>, 
    count=<optimized out>) at section.c:1518
#15 0x000055555558af97 in copy_section (ibfd=<optimized out>, 
    isection=<optimized out>, obfdarg=0x5555558b94d0) at objcopy.c:4427
#16 0x00005555555ace3c in bfd_map_over_sections (abfd=0x5555558ae3c0, 
    operation=0x55555558aca0 <copy_section>, user_storage=0x5555558b94d0)
    at section.c:1377
#17 0x000055555558c7a8 in copy_object (ibfd=<optimized out>, 
    obfd=<optimized out>, input_arch=<optimized out>) at objcopy.c:3265
#18 0x000055555558e929 in copy_file (input_filename=0x7fffffff26cb "./sample", 
    output_filename=0x7fffffff26d4 "./oo", input_target=<optimized out>, 
    output_target=<optimized out>, input_arch=0x0) at objcopy.c:3830
#19 0x0000555555588900 in copy_main (argv=<optimized out>, argc=<optimized
out>)
    at objcopy.c:5889
#20 main (argc=<optimized out>, argc@entry=0x3, argv=<optimized out>, 
    argv@entry=0x7fffffff22e8) at objcopy.c:6015
#21 0x00007ffff7801b97 in __libc_start_main (main=0x555555586cb0 <main>, 
    argc=0x3, argv=0x7fffffff22e8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffff22d8)
    at ../csu/libc-start.c:310
#22 0x00005555555897aa in _start ()

-------


gdb report :


[----------------------------------registers-----------------------------------]
RAX: 0x6474e551 
RBX: 0x5555558c8f78 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098
--> 0x5555558c90f0 --> 0x5555558c9140 (--> ...)
RCX: 0x0 
RDX: 0x0 
RSI: 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 --> 0x5555558c9140
--> 0x5555558c9190 --> 0x5555558c91d8 (--> ...)
RDI: 0x5555558c9190 --> 0x5555558c91d8 --> 0x0 
RBP: 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0
--> 0x5555558c9140 --> 0x5555558c9190 (--> ...)
RSP: 0x7fffffff1a08 --> 0x5555555c32dd (<elf_sort_segments+157>:        test  
BYTE PTR [rbx+0x38],0x2)
RIP: 0x5555555a4114 (<bfd_octets_per_byte+4>:   cmp    DWORD PTR [rax+0x8],0x5)
R8 : 0x0 
R9 : 0x0 
R10: 0x5555558ac010 --> 0x100 
R11: 0x1 
R12: 0x1 
R13: 0x5555558c2780 --> 0x5555558c8f78 --> 0x5555558c8fc0 --> 0x5555558c9048
--> 0x5555558c9098 --> 0x5555558c90f0 (--> ...)
R14: 0x7fffffff1c40 --> 0x8 
R15: 0x5555558c2788 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098
--> 0x5555558c90f0 --> 0x5555558c9140 (--> ...)
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x5555555a4102:      nop    DWORD PTR [rax+0x0]
   0x5555555a4106:      nop    WORD PTR cs:[rax+rax*1+0x0]
   0x5555555a4110 <bfd_octets_per_byte>:        mov    rax,QWORD PTR [rdi+0x8]
=> 0x5555555a4114 <bfd_octets_per_byte+4>:      cmp    DWORD PTR [rax+0x8],0x5
   0x5555555a4118 <bfd_octets_per_byte+8>:      
    jne    0x5555555a4125 <bfd_octets_per_byte+21>
   0x5555555a411a <bfd_octets_per_byte+10>:     test   rsi,rsi
   0x5555555a411d <bfd_octets_per_byte+13>:     
    je     0x5555555a4125 <bfd_octets_per_byte+21>
   0x5555555a411f <bfd_octets_per_byte+15>:     test   BYTE PTR [rsi+0x2b],0x40
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff1a08 --> 0x5555555c32dd (<elf_sort_segments+157>:       test  
BYTE PTR [rbx+0x38],0x2)
0008| 0x7fffffff1a10 --> 0x0 
0016| 0x7fffffff1a18 --> 0x7fffffff1bb0 --> 0x5555558c8fc0 --> 0x5555558c9048
--> 0x5555558c9098 --> 0x5555558c90f0 (--> ...)
0024| 0x7fffffff1a20 --> 0x2 
0032| 0x7fffffff1a28 --> 0x7ffff78221f2 (<msort_with_tmp+1010>: test   eax,eax)
0040| 0x7fffffff1a30 --> 0x8 
0048| 0x7fffffff1a38 --> 0x5555555c3240 (<elf_sort_segments>:   push   rbp)
0056| 0x7fffffff1a40 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
bfd_octets_per_byte (abfd=0x5555558c9190, sec=0x5555558c9048) at
./archures.c:1405
1405          && sec != NULL

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/25675] New: objcopy : SIGSEGV in bfd_octets_per_byte ( archures.c:1405 )

Reply via email to