Bug 11430 - nm crashes when handling some lib file.
Summary: nm crashes when handling some lib file.
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.21
: P2 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-25 03:19 UTC by brook hong
Modified: 2023-01-12 07:16 UTC (History)
1 user (show)

See Also:
Host: mingw32
Target: mingw32
Build: cygwin
Last reconfirmed:


Attachments
diff file for bfd/coffcode.h (176 bytes, patch)
2010-03-25 03:25 UTC, brook hong
Details | Diff
diff file for bfd/coffcode.h (256 bytes, patch)
2010-04-07 03:09 UTC, brook hong
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description brook hong 2010-03-25 03:19:55 UTC
When listing symbols in a lib file, it crashed here.

#0  coff_slurp_symbol_table (abfd=0x16e3888) at coffcode.h:4519
#1  0x0040f9fc in coff_get_symtab_upper_bound (abfd=0x16e3888) at coffgen.c:338
#2  0x004057ac in _bfd_generic_read_minisymbols (abfd=0x16e3888, dynamic=0,
minisymsp=0xe2cc60, sizep=0xe2cc5c) at syms.c:808
#3  0x0040268e in display_rel_file (abfd=0x16e3888, archive_bfd=0x166b0e0) at
nm.c:1006
#4  0x00402b15 in display_archive (file=0x166b0e0) at nm.c:1147
#5  0x00402c2e in display_file (filename=0xe2cd6d "/d/WebCoreediting.lib") at
nm.c:1195
#6  0x004037d0 in main (argc=2, argv=0x166ae40) at nm.c:1661

Here is the code, the sym variable got a value as 1,
	  /* FIXME: We should not be casting between ints and
	     pointers like this.  */
	  sym = ((coff_symbol_type *)
		 ((symndx + obj_raw_syments (abfd))
		  ->u.syment._n._n_n._n_zeroes));


then it crashed at
if (sym->lineno != NULL && ! warned)


I'm proposing a solution as below, to check the sym after setting its value.

          //brook
          if(sym < obj_symbols (abfd) ) {
              _bfd_error_handler (_("%B: warning: illegal symbol address %x,
which should be greater than %x"),
                      abfd, sym, obj_symbols (abfd));
              continue;
          }
Comment 1 brook hong 2010-03-25 03:25:14 UTC
Created attachment 4679 [details]
diff file for bfd/coffcode.h
Comment 2 brook hong 2010-04-07 03:09:20 UTC
Created attachment 4708 [details]
diff file for bfd/coffcode.h

The last patch is only to check low boundary of symbol address, which is not
enough, here the high boundary also needs to be checked.
Comment 3 Nick Clifton 2010-04-13 12:06:53 UTC
Hi Brook,

  Please could you upload a small test lib file that we can use to examine this
problem ?

Cheers
  Nick
Comment 4 brook hong 2010-04-14 08:38:33 UTC
This defect was found by my colleague, he sent me the lib files, and those files
are fairly big.

-rwx------+ 1 brhong mkgroup  5906336 Apr  7 09:08 WebCorecss.lib
-rwx------+ 1 brhong mkgroup 10807358 Apr  7 09:08 WebCoredom.lib
-rwx------+ 1 brhong mkgroup  8634586 Mar 23 10:29 WebCoreediting.lib
-rwx------+ 1 brhong mkgroup 36873128 Apr  7 09:10 WebCoreplatform.lib
-rwx------+ 1 brhong mkgroup 18937572 Apr  7 09:09 WebCorerendering.lib

I have tried to upload one of them, but it's more than 1 Megabyte even compressed.

I'll email some of them to you.

(In reply to comment #3)
> Hi Brook,
> 
>   Please could you upload a small test lib file that we can use to examine this
> problem ?
> 
> Cheers
>   Nick
> 

Comment 5 Alan Modra 2023-01-12 07:16:16 UTC
I believe this has been fixed.