12632 – strip crashes when it does not recognise the file format

Bug 12632 - strip crashes when it does not recognise the file format

Summary: strip crashes when it does not recognise the file format

Status:	RESOLVED FIXED

Alias:	None

Product:	binutils
Classification:	Unclassified
Component:	binutils (show other bugs)
Version:	2.21

Importance:	P2 critical
Target Milestone:	---
Assignee:	unassigned

URL:	http://sourceware.org/ml/binutils/201...
Keywords:

Depends on:
Blocks:

Reported:	2011-04-01 22:34 UTC by Jan Lieven
Modified:	2011-05-29 04:52 UTC (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
File that triggers the crash (489 bytes, application/octet-stream) 2011-04-03 20:51 UTC, Jan Lieven	Details
File that triggers bug (287.33 KB, application/octet-stream) 2011-05-06 05:02 UTC, Allan McRae	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Lieven 2011-04-01 22:34:27 UTC

The crash occurs when the target is of an unknown format.
The problem seems to be a NULL-pointer dereference in ./bfd/bfdio.c on line 206 as can be seen from the gdb output below:

/usr/bin/strip:libeay32.lib(tmp32/e_capi.obj): Unable to recognize the format of file: File format not recognized

Program received signal SIGSEGV, Segmentation fault.
bfd_bwrite (ptr=0x807ed00, size=335, abfd=0x0) at /build/src/binutils/bfd/bfdio.c:206
206       if (abfd->iovec)

strip --version is: GNU strip (GNU Binutils) 2.21.0.20110209

Comment 1 H.J. Lu 2011-04-03 20:26:29 UTC

Please provide a small testcase to show the crash.

Comment 2 Jan Lieven 2011-04-03 20:51:54 UTC

Created attachment 5642 [details]
File that triggers the crash

Comment 3 H.J. Lu 2011-04-03 21:43:51 UTC

A patch is posted at

http://sourceware.org/ml/binutils/2011-04/msg00013.html

Comment 4 Sourceware Commits 2011-04-04 01:36:05 UTC

CVSROOT:	/cvs/src
Module name:	src
Changes by:	hjl@sourceware.org	2011-04-04 01:35:59

Modified files:
	binutils       : ChangeLog objcopy.c 

Log message:
	Make the unknown archive element readable.
	
	2011-04-03  H.J. Lu  <hongjiu.lu@intel.com>
	
	PR binutils/12632
	* objcopy.c (copy_unknown_object): Make the archive element
	readable.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/ChangeLog.diff?cvsroot=src&r1=1.1776&r2=1.1777
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/objcopy.c.diff?cvsroot=src&r1=1.150&r2=1.151

Comment 5 H.J. Lu 2011-04-04 01:36:54 UTC

Fixed.

Comment 6 Allan McRae 2011-05-06 05:02:25 UTC

Created attachment 5710 [details]
File that triggers bug

I am still getting a similar crash on the current head (2.21.51.20110506)

(gdb) run
Starting program: /home/arch/code/binutils-install/usr/bin/strip --strip-debug pkg/usr/src/metasploit/external/source/meterpreter/source/jpeg-8/lib/win/x64/jpeg.lib
/home/arch/code/binutils-install/usr/bin/strip:pkg/usr/src/metasploit/external/source/meterpreter/source/jpeg-8/lib/win/x64/jpeg.lib(./x64/Release/jutils.obj): Unable to recognise the format of file: File format not recognized

Program received signal SIGSEGV, Segmentation fault.
0xf7f1ddb9 in bfd_bwrite (ptr=0x808d268, size=8192, abfd=0x0)
    at ../../binutils/bfd/bfdio.c:206
206	  if (abfd->iovec)
(gdb) bt
#0  0xf7f1ddb9 in bfd_bwrite (ptr=0x808d268, size=8192, abfd=0x0)
    at ../../binutils/bfd/bfdio.c:206
#1  0x0804be94 in copy_unknown_object (ibfd=0x8088d58, obfd=0x0)
    at ../../binutils/binutils/objcopy.c:1391
#2  0x0804d60d in copy_archive (ibfd=0x80825d8, obfd=0x808aec0, 
    output_target=0xf7fb74dc "elf32-i386", force_output_target=0, 
    input_arch=0x0) at ../../binutils/binutils/objcopy.c:2102
#3  0x0804da17 in copy_file (
    input_filename=0xffffd8db "pkg/usr/src/metasploit/external/source/meterpreter/source/jpeg-8/lib/win/x64/jpeg.lib", 
    output_filename=0x8082578 "pkg/usr/src/metasploit/external/source/meterpreter/source/jpeg-8/lib/win/x64/stz6t8Ie", input_target=0x0, 
    output_target=0xf7fb74dc "elf32-i386", input_arch=0x0)
    at ../../binutils/binutils/objcopy.c:2249
#4  0x0804f03f in strip_main (argc=3, argv=0xffffd6f4)
    at ../../binutils/binutils/objcopy.c:3055
#5  0x08050cf4 in main (argc=3, argv=0xffffd6f4)
    at ../../binutils/binutils/objcopy.c:4014

Comment 7 Alan Modra 2011-05-06 07:14:26 UTC

Allan, the testcase you attached can't be processed by the GNU binutils because the archive elements have names that contain directories.
$ ar t jpeg.lib 
./x64/Release/jutils.obj
./x64/Release/jquant2.obj
[snip]

Even ar can't extract these files without some help; You need to create the directory structure for it.  I'll fix the strip/objcopy segfault, but don't intend to add full support for this sort of archive myself.  If you or anyone else wanted to spend the time implementing support, that would be welcome.

Comment 8 Sourceware Commits 2011-05-08 14:43:22 UTC

CVSROOT:	/cvs/src
Module name:	src
Changes by:	hjl@sourceware.org	2011-05-08 14:43:19

Modified files:
	binutils       : ChangeLog 

Log message:
	Mention	PR binutils/12632 in ChangeLog.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/ChangeLog.diff?cvsroot=src&r1=1.1796&r2=1.1797

Comment 9 Sourceware Commits 2011-05-29 04:52:59 UTC

CVSROOT:	/cvs/src
Module name:	src
Branch: 	binutils-2_21-branch
Changes by:	amodra@sourceware.org	2011-05-29 04:51:53

Modified files:
	bfd            : ChangeLog aoutx.h archive.c bfd-in2.h bfdio.c 
	                 coff-aux.c coffcode.h coffgen.c cofflink.c 
	                 config.in configure configure.in dwarf2.c 
	                 elf-bfd.h elf-m10300.c elf.c elf32-ppc.c 
	                 elf32-rx.c elf64-ppc.c elflink.c elfxx-ia64.c 
	                 libbfd.c linker.c peXXigen.c vms-alpha.c 
	bfd/hosts      : x86-64linux.h 
	binutils       : ChangeLog nm.c objcopy.c 
	binutils/doc   : binutils.texi 
	binutils/testsuite: ChangeLog 
	binutils/testsuite/binutils-all: nm.exp 
	binutils/testsuite/lib: utils-lib.exp 
	gas            : ChangeLog dwarf2dbg.c input-scrub.c messages.c 
	                 read.c 
	gas/config     : obj-elf.h tc-arc.c tc-d10v.h tc-d30v.h 
	                 tc-m32r.h 
	gas/testsuite  : ChangeLog 
	gas/testsuite/gas/i386: inval-equ-2.l 
	gas/testsuite/gas/symver: symver2.l 
	include        : ChangeLog ansidecl.h bfdlink.h 
	ld             : ChangeLog ldexp.c ldlang.c ldlex.l ldmain.c 
	                 plugin.c 
	ld/emultempl   : elf32.em pe.em pep.em 
	ld/scripttempl : pe.sc pep.sc 
	ld/testsuite   : ChangeLog 
	ld/testsuite/ld-cris: tls-e-tpoffcomm1.d 
	ld/testsuite/ld-plugin: plugin-7.d plugin-8.d 

Log message:
	PR 12365
	PR 12613
	PR 12632
	PR 12739
	PR 12753
	PR 12760
	PR 12763
	Apply fix from mainline along with assorted other small fixes.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.5180.2.34&r2=1.5180.2.35
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/aoutx.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.84.2.1&r2=1.84.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/archive.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.69.2.3&r2=1.69.2.4
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/bfd-in2.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.522.2.2&r2=1.522.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/bfdio.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.27&r2=1.27.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/coff-aux.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.10.10.1&r2=1.10.10.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/coffcode.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.171&r2=1.171.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/coffgen.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.78&r2=1.78.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/cofflink.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.74.2.1&r2=1.74.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/config.in.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.48&r2=1.48.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/configure.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.339.2.4&r2=1.339.2.5
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/configure.in.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.287.2.4&r2=1.287.2.5
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/dwarf2.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.138&r2=1.138.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf-bfd.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.313.2.2&r2=1.313.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf-m10300.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.106&r2=1.106.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.524.2.2&r2=1.524.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf32-ppc.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.290.2.3&r2=1.290.2.4
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf32-rx.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.5.2.1&r2=1.5.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf64-ppc.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.339.2.10&r2=1.339.2.11
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elflink.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.388.2.2&r2=1.388.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elfxx-ia64.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.228.2.1&r2=1.228.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/libbfd.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.53.2.1&r2=1.53.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/linker.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.77.2.2&r2=1.77.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/peXXigen.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.67&r2=1.67.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/vms-alpha.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.37.2.1&r2=1.37.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/hosts/x86-64linux.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.2&r2=1.2.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1708.2.9&r2=1.1708.2.10
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/nm.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.65&r2=1.65.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/objcopy.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.147.2.1&r2=1.147.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/doc/binutils.texi.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.173.2.1&r2=1.173.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/testsuite/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.216.2.2&r2=1.216.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/testsuite/binutils-all/nm.exp.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.5&r2=1.5.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/binutils/testsuite/lib/utils-lib.exp.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.20.2.1&r2=1.20.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.4320.2.29&r2=1.4320.2.30
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/dwarf2dbg.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.107&r2=1.107.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/input-scrub.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.23&r2=1.23.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/messages.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.23&r2=1.23.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/read.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.167.2.2&r2=1.167.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/config/obj-elf.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.38&r2=1.38.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/config/tc-arc.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.47&r2=1.47.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/config/tc-d10v.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.20&r2=1.20.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/config/tc-d30v.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.15&r2=1.15.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/config/tc-m32r.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.23&r2=1.23.4.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/testsuite/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1802.2.11&r2=1.1802.2.12
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/testsuite/gas/i386/inval-equ-2.l.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1&r2=1.1.12.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/gas/testsuite/gas/symver/symver2.l.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1&r2=1.1.38.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/include/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.510.2.2&r2=1.510.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/include/ansidecl.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.28&r2=1.28.6.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/include/bfdlink.h.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.82.2.1&r2=1.82.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.2222.2.23&r2=1.2222.2.24
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/ldexp.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.87.2.2&r2=1.87.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/ldlang.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.347.2.5&r2=1.347.2.6
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/ldlex.l.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.47.2.2&r2=1.47.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/ldmain.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.145.2.3&r2=1.145.2.4
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/plugin.c.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.7.2.5&r2=1.7.2.6
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/emultempl/elf32.em.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.214.2.1&r2=1.214.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/emultempl/pe.em.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.162.2.2&r2=1.162.2.3
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/emultempl/pep.em.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.38.2.1&r2=1.38.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/scripttempl/pe.sc.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.24&r2=1.24.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/scripttempl/pep.sc.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.13&r2=1.13.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/testsuite/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1322.2.12&r2=1.1322.2.13
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/testsuite/ld-cris/tls-e-tpoffcomm1.d.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1&r2=1.1.6.1
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/testsuite/ld-plugin/plugin-7.d.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1.2.1&r2=1.1.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/src/ld/testsuite/ld-plugin/plugin-8.d.diff?cvsroot=src&only_with_tag=binutils-2_21-branch&r1=1.1.2.1&r2=1.1.2.2