https://sourceware.org/bugzilla/show_bug.cgi?id=31710
Bug ID: 31710
Summary: Segmentation fault using wrapping and debug
information
Product: binutils
Version: 2.43 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: roberto.vargas at midokura dot com
Target Milestone: ---
Created attachment 15497
--> https://sourceware.org/bugzilla/attachment.cgi?id=15497&action=edit
Minimun test case to reproduce the problem
Hi,
I found a case where ld segfaults when a wrap is done around
a struct initialized, debug is enabled and the symbol to be
wrapped is extracted from a library:
$ uname -a
Linux nomad 6.6.27_1 #1 SMP PREEMPT_DYNAMIC Tue Apr 16 17:28:14 UTC
2024 x86_64 GNU/Linux
$ gcc --version
gcc (GCC) 13.2.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
$ ld --version
GNU ld (GNU Binutils) 2.42.50.20240507
Copyright (C) 2024 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms
of
the GNU General Public License version 3 or (at your option) a later
version.
This program has absolutely no warranty.
$ ar --version
GNU ar (GNU Binutils) 2.42.50.20240507
Copyright (C) 2024 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms
of
the GNU General Public License version 3 or (at your option) any later
version.
This program has absolutely no warranty.
$ make
cc -c -o main.o main.c
cc -c -o impl.o impl.c
ar -rv lib.a impl.o
ar: creating lib.a
a - impl.o
gcc -Wl,--wrap=impl main.o lib.a
$ make clean
rm -f *.o *.a a.out core*
$ make CFLAGS=-g
cc -g -c -o main.o main.c
cc -g -c -o impl.o impl.c
ar -rv lib.a impl.o
ar: creating lib.a
a - impl.o
gcc -Wl,--wrap=impl main.o lib.a
collect2: fatal error: ld terminated with signal 11 [Segmentation
fault], core dumped
compilation terminated.
make: *** [Makefile:4: main] Error 1
I executed the linker command line with a local build of binutils master
(commit 810203888da) with the same result:
$ /usr/local/x86_64-pc-linux-gnu/bin/ld --build-id --eh-frame-hdr
--hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie
/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../lib64/Scrt1.o
/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../lib64/crti.o
/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/crtbeginS.o
-L/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0
-L/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../lib64
-L/lib/../lib64 -L/usr/lib/../lib64
-L/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/../../.. --wrap=impl main.o
lib.a -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state
--as-needed -lgcc_s --pop-state
/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/crtendS.o
/usr/lib64/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../lib64/crtn.o
Segmentation fault (core dumped)
$ gdb /usr/local/x86_64-pc-linux-gnu/bin/ld core
GNU gdb (GDB) 15.0.50.20240507-git
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/x86_64-pc-linux-gnu/bin/ld...
[New LWP 25976]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/usr/local/x86_64-pc-linux-gnu/bin/ld --build-id
--eh-frame-hdr --hash-style=gn'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005564c777ba2a in elf_x86_64_relocate_section
(output_bfd=0x5564c80ba070, info=0x5564c79c4300 <link_info>,
input_bfd=0x5564c80d5d90, input_section=0x5564c8104568,
contents=0x5564c84f9df0 <incomplete sequence \327>,
relocs=0x5564c84e0fc0, local_syms=0x5564c84dbbc0,
local_sections=0x5564c84d7b20) at elf64-x86-64.c:2776
2776 RELOC_FOR_GLOBAL_SYMBOL (info, input_bfd,
input_section, rel,
(gdb) bt
#0 0x00005564c777ba2a in elf_x86_64_relocate_section
(output_bfd=0x5564c80ba070, info=0x5564c79c4300 <link_info>,
input_bfd=0x5564c80d5d90, input_section=0x5564c8104568,
contents=0x5564c84f9df0 <incomplete sequence \327>,
relocs=0x5564c84e0fc0, local_syms=0x5564c84dbbc0,
local_sections=0x5564c84d7b20) at elf64-x86-64.c:2776
#1 0x00005564c77d5297 in elf_link_input_bfd (flinfo=0x7ffea91dacc0,
input_bfd=0x5564c80d5d90) at elflink.c:11834
#2 0x00005564c77d867e in bfd_elf_final_link (abfd=0x5564c80ba070,
info=0x5564c79c4300 <link_info>) at elflink.c:13096
#3 0x00005564c7736d6d in ldwrite () at ldwrite.c:550
#4 0x00005564c77333cf in main (argc=33, argv=0x7ffea91daf68) at
./ldmain.c:531
(gdb) fr 0
#0 0x00005564c777ba2a in elf_x86_64_relocate_section
(output_bfd=0x5564c80ba070, info=0x5564c79c4300 <link_info>,
input_bfd=0x5564c80d5d90, input_section=0x5564c8104568,
contents=0x5564c84f9df0 <incomplete sequence \327>,
relocs=0x5564c84e0fc0, local_syms=0x5564c84dbbc0,
local_sections=0x5564c84d7b20) at elf64-x86-64.c:2776
2776 RELOC_FOR_GLOBAL_SYMBOL (info, input_bfd,
input_section, rel,
(gdb) l
2771 else
2772 {
2773 bool warned ATTRIBUTE_UNUSED;
2774 bool ignored ATTRIBUTE_UNUSED;
2775
2776 RELOC_FOR_GLOBAL_SYMBOL (info, input_bfd,
input_section, rel,
2777 r_symndx, symtab_hdr,
sym_hashes,
2778 h, sec, relocation,
2779 unresolved_reloc, warned,
ignored);
2780 st_size = h->size;
(gdb)
I attach a tar.gz with a minimum test case to reproduce it.
--
You are receiving this mail because:
You are on the CC list for the bug.
