[Bug gold/28585] New: Invalid read of size 1 when using plugin

Thu, 11 Nov 2021 09:28:49 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=28585

            Bug ID: 28585
           Summary: Invalid read of size 1 when using plugin
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gold
          Assignee: ccoutant at gmail dot com
          Reporter: mliska at suse dot cz
                CC: ian at airs dot com
  Target Milestone: ---

The following crashes:

$ touch foobar && valgrind ./ld-new -plugin
/usr/lib64/gcc/x86_64-suse-linux/11/liblto_plugin.so foobar
==23259== Memcheck, a memory error detector
==23259== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==23259== Using Valgrind-3.17.0.GIT and LibVEX; rerun with -h for copyright
info
==23259== Command: ./ld-new -plugin
/usr/lib64/gcc/x86_64-suse-linux/11/liblto_plugin.so foobar
==23259== 
./ld-new: error: foobar: file is empty
==23259== Invalid read of size 1
==23259==    at 0x48441E2: strlen (vg_replace_strmem.c:469)
==23259==    by 0x7023BC: string_length<char> (stringpool.h:54)
==23259==    by 0x7023BC: Hashkey (stringpool.h:350)
==23259==    by 0x7023BC: gold::Stringpool_template<char>::find(char const*,
unsigned long*) const (stringpool.cc:312)
==23259==    by 0x707ACC: gold::Symbol_table::lookup(char const*, char const*)
const (symtab.cc:705)
==23259==    by 0x6C8778: gold::Plugin_hook::run(gold::Workqueue*)
(plugin.cc:1766)
==23259==    by 0x71F3F7: gold::Workqueue::find_and_run_task(int)
(workqueue.cc:319)
==23259==    by 0x71F679: gold::Workqueue::process(int) (workqueue.cc:495)
==23259==    by 0x4119F0: main (main.cc:252)
==23259==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Can be fixed with simple patch:

diff --git a/gold/symtab.cc b/gold/symtab.cc
index 5a21ddc8cc2..ed6b5434592 100644
--- a/gold/symtab.cc
+++ b/gold/symtab.cc
@@ -701,6 +701,8 @@ Symbol_table::resolve_forwards(const Symbol* from) const
 Symbol*
 Symbol_table::lookup(const char* name, const char* version) const
 {
+  if (name == NULL)
+    return NULL;
   Stringpool::Key name_key;
   name = this->namepool_.find(name, &name_key);
   if (name == NULL)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to