[Bug binutils/31843] New: Segfault in objdump (bfd_get_section_contents)
https://sourceware.org/bugzilla/show_bug.cgi?id=31843 Bug ID: 31843 Summary: Segfault in objdump (bfd_get_section_contents) Product: binutils Version: 2.42 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: g.priamo at diag dot uniroma1.it Target Milestone: --- Created attachment 15563 --> https://sourceware.org/bugzilla/attachment.cgi?id=15563&action=edit Testcase ### Describe the bug AddressSanitizer: SEGV on unknown address in objdump (`bfd_get_section_contents`). ### To Reproduce Cloned binutils from git://sourceware.org/git/binutils-gdb.git and built version 2.42.50.20240604 (the crash reproduces also on release 2.42) taking inspiration from the build script in [oss-fuzz](https://github.com/google/oss-fuzz/blob/master/projects/binutils/build.sh): ``` export CFLAGS="-O0 -g -fno-omit-frame-pointer -fno-function-sections -fno-unique-section-names -fsanitize=address" cd binutils sed -i 's/vfprintf (stderr/\/\//' elfcomm.c sed -i 's/fprintf (stderr/\/\//' elfcomm.c cd ../ ./configure --disable-gdb --disable-gdbserver --disable-gdbsupport \ --disable-libdecnumber --disable-readline --disable-sim \ --disable-libbacktrace --disable-gas --disable-ld --disable-werror \ --enable-targets=all make clean make MAKEINFO=true && true ``` The crash also reproduces with this simpler build configuration: ``` ./configure --enable-targets=all make ``` ### ASAN Output ``` ./objdump -S testcase testcase: file format elf64-nfp ./objdump: testcase: invalid string offset 1751545201 >= 20 for section `'' ./objdump: testcase: invalid string offset 906572078 >= 20 for section `'' ./objdump: testcase: invalid string offset 738812268 >= 20 for section `'' ./objdump: testcase: invalid string offset 154553390 >= 20 for section `'' ./objdump: testcase: invalid string offset 1902390537 >= 20 for section `'' ./objdump: testcase: invalid string offset 1764426094 >= 20 for section `'' ./objdump: testcase: invalid string offset 1802926173 >= 20 for section `'' ./objdump: testcase: invalid string offset 23489141 >= 20 for section `'' Disassembly of section .text: 0001 <.text>: AddressSanitizer:DEADLYSIGNAL = ==560100==ERROR: AddressSanitizer: SEGV on unknown address 0x0024 (pc 0x00b7eda4 bp 0x7fffb04a3210 sp 0x7fffb04a3170 T0) ==560100==The signal is caused by a READ memory access. ==560100==Hint: address points to the zero page. #0 0xb7eda4 in bfd_get_section_contents bfd/section.c:1568:16 #1 0x93b084 in init_nfp3200_priv opcodes/nfp-dis.c:2578:12 #2 0x937339 in init_nfp_priv opcodes/nfp-dis.c:2783:13 #3 0x935fb4 in _print_instrs opcodes/nfp-dis.c:2803:25 #4 0x935a8a in print_insn_nfp opcodes/nfp-dis.c:2973:9 #5 0x4e9d72 in disassemble_bytes binutils/./objdump.c:3509:20 #6 0x4e210b in disassemble_section binutils/./objdump.c:4116:4 #7 0xb7e6aa in bfd_map_over_sections bfd/section.c:1387:5 #8 0x4d87e3 in disassemble_data binutils/./objdump.c:4264:3 #9 0x4d3c23 in dump_bfd binutils/./objdump.c:5791:2 #10 0x4d2cdf in display_object_bfd binutils/./objdump.c:5852:7 #11 0x4d2be0 in display_any_bfd binutils/./objdump.c:5939:5 #12 0x4d19dc in display_file binutils/./objdump.c:5960:3 #13 0x4d0006 in main binutils/./objdump.c:6377:6 #14 0x7f624bf48082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #15 0x41d6ad in _start (objdump+0x41d6ad) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV bfd/section.c:1568:16 in bfd_get_section_contents ==560100==ABORTING ``` ### Environment info `uname -a` output: Linux ThinkPad 5.15.0-107-generic #117~20.04.1-Ubuntu SMP Tue Apr 30 10:35:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux ### Testcase See attached testcase file -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 --- Comment #13 from Sourceware Commits --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=333cf8e4d6e4d2a393ee522ef1af0102ad8d8531 commit 333cf8e4d6e4d2a393ee522ef1af0102ad8d8531 Author: Rostislav Krasny Date: Tue Jun 4 14:58:49 2024 +0100 src-release.sh: fix adjusting files permissions and cleaning PR 31800 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 Nick Clifton changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #14 from Nick Clifton --- Hi Rostislav, Thanks for the updated patch and the DCO. I have now applied your patch to the sources. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/28363] ld (*-w64-mingw32) could not link a pe dll created with a def file
https://sourceware.org/bugzilla/show_bug.cgi?id=28363 --- Comment #4 from Ralf Habacker --- Has there been any progress in the meantime ? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 --- Comment #15 from Rostislav Krasny --- (In reply to Nick Clifton from comment #14) > Hi Rostislav, > > Thanks for the updated patch and the DCO. I have now applied your patch > to the sources. Thank you too for accepting my first contribution in the project. I made a small improvement of the new src-release.sh and going to attache an additional patch. Before this additional patch the src-release.sh script can't be ran again and again without manually deleting all untracked files that src-release.sh created in the previous run. With this patch the check of uncommitted changes looks for changes of the tracked files only, i.e. any new file is not taken into account in this check. Such files are removed a few lines later by the 'git clean -fdx' command that also prints their names. I think this is better and more consistent behavior. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/31800] src-release.sh recursively changes permissions of everything in to 0777
https://sourceware.org/bugzilla/show_bug.cgi?id=31800 --- Comment #16 from Rostislav Krasny --- Created attachment 15566 --> https://sourceware.org/bugzilla/attachment.cgi?id=15566&action=edit additional improvement -- You are receiving this mail because: You are on the CC list for the bug.
