Bug 13387 - Abort at elf32-hppa.c:3921 in elf32_hppa_relocate_section
Summary: Abort at elf32-hppa.c:3921 in elf32_hppa_relocate_section
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-05 16:43 UTC by John David Anglin
Modified: 2012-01-28 02:22 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John David Anglin 2011-11-05 16:43:07 UTC 
Breakpoint 1, elf32_hppa_relocate_section (output_bfd=0xa21f0, info=0x8078c, 
    input_bfd=0x8a03430, input_section=0x8acac68, contents=0x4052c008 "", 
    relocs=0x8abe9d8, local_syms=0xced4478, local_sections=0xd9515c8)
    at ../../src/bfd/elf32-hppa.c:3921
3921			abort ();
(gdb) p *hh
$22 = {eh = {root = {root = {next = 0x0, 
        string = 0x8aa0679 "_ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev", hash = 475821030}, type = bfd_link_hash_defined, non_ir_ref = 0, u = {
        undef = {next = 0x8a87a98, abfd = 0x8ac8568}, def = {next = 0x8a87a98, 
          section = 0x8ac8568, value = 0}, i = {next = 0x8a87a98, 
          link = 0x8ac8568, warning = 0x0}, c = {next = 0x8a87a98, 
          p = 0x8ac8568, size = 0}}}, indx = -1, dynindx = -1, got = {
      refcount = -1, offset = 4294967295, glist = 0xffffffff, 
      plist = 0xffffffff}, plt = {refcount = -1, offset = 4294967295, 
      glist = 0xffffffff, plist = 0xffffffff}, size = 160, type = 2, 
    other = 2, target_internal = 0, ref_regular = 1, def_regular = 1, 
    ref_dynamic = 0, def_dynamic = 0, ref_regular_nonweak = 1, 
    dynamic_adjusted = 1, needs_copy = 0, needs_plt = 0, non_elf = 0, 
    hidden = 0, forced_local = 1, dynamic = 0, mark = 1, non_got_ref = 0, 
    dynamic_def = 0, dynamic_weak = 0, pointer_equality_needed = 0, 
    unique_global = 0, dynstr_index = 7049, u = {weakdef = 0x0, 
      elf_hash_value = 0}, verinfo = {verdef = 0x0, vertree = 0x0}, 
    vtable = 0x0}, hsh_cache = 0x0, dyn_relocs = 0x8abc4d8, 
  tls_type = GOT_UNKNOWN, plabel = 1}

Relocation is R_PARISC_PLABEL32.  Symbol visibility is STV_HIDDEN and
it has been forced local.  No space has been allocated in plt because
the plt refcount is -1.

Function is defined in .s:

        .section        .text._ZN7WebCore35XMLHttpRequestProgressEventThrottleD1
Ev,"ax",@progbits
        .align 4
.globl _ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev
        .hidden _ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev
        .type   _ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev, @function
.LFB3486:
        .cfi_startproc
        .cfi_personality 0x9b,DW.ref.__gxx_personality_v0
        .cfi_lsda 0x1b,.LLSDA3486
_ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev:
        .PROC
        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=5
        .ENTRY
        stw %r2,-20(%r30)
        addil LT'_ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE,%r19
        ldw RT'_ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE(%r1),%r20
        ldo 8(%r20),%r20
        stwm %r5,128(%r30)

This is reference:

        .section        .data.rel.ro._ZTVN7WebCore35XMLHttpRequestProgressEventT
hrottleE,"awG",@progbits,_ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE,comdat
        .align 8
        .type   _ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE, @object
        .size   _ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE, 20
_ZTVN7WebCore35XMLHttpRequestProgressEventThrottleE:
        .word   0
        .word   _ZTIN7WebCore35XMLHttpRequestProgressEventThrottleE
        .word   P%_ZN7WebCore35XMLHttpRequestProgressEventThrottleD1Ev

Maybe this is a comdat issue.

The problem is present in earlier versions.
Comment 1 John David Anglin 2011-11-05 23:06:27 UTC 
elf32_hppa_hide_symbol appears to be broken as it can be called
before are all relocs are processed by elf32_hppa_check_relocs.
As a result, the plabel flag may not be set when it is called,
and as a result the plt.refcounts are reset.  This messes up
the refcounts for the symbol causing the abort.
Comment 2 Sourceware Commits 2011-11-06 20:25:22 UTC 
CVSROOT:	/cvs/src
Module name:	src
Changes by:	danglin@sourceware.org	2011-11-06 20:25:18

Modified files:
	bfd            : ChangeLog elf32-hppa.c 

Log message:
	PR ld/13387
	* elf32-hppa.c (elf32_hppa_hide_symbol): Make STT_GNU_IFUNC symbol
	go through PLT.  Reset plt field with init_plt_offset.
	(elf32_hppa_adjust_dynamic_symbol): Ensure that a PLT slot is
	allocated for symbols referenced by a plabel.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/ChangeLog.diff?cvsroot=src&r1=1.5509&r2=1.5510
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf32-hppa.c.diff?cvsroot=src&r1=1.181&r2=1.182
Comment 3 John David Anglin 2011-11-06 20:47:55 UTC 
Fixed.
Comment 4 Sourceware Commits 2012-01-28 02:22:05 UTC 
CVSROOT:	/cvs/src
Module name:	src
Branch: 	binutils-2_22-branch
Changes by:	danglin@sourceware.org	2012-01-28 02:22:01

Modified files:
	bfd            : ChangeLog elf32-hppa.c 

Log message:
	Backport from mainline:
	2011-11-06  John David Anglin  <dave.anglin@nrc-cnrc.gc.ca>
	
	PR ld/13387
	* elf32-hppa.c (elf32_hppa_hide_symbol): Make STT_GNU_IFUNC symbol
	go through PLT.  Reset plt field with init_plt_offset.
	(elf32_hppa_adjust_dynamic_symbol): Ensure that a PLT slot is
	allocated for symbols referenced by a plabel.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/ChangeLog.diff?cvsroot=src&only_with_tag=binutils-2_22-branch&r1=1.5473.2.33&r2=1.5473.2.34
http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf32-hppa.c.diff?cvsroot=src&only_with_tag=binutils-2_22-branch&r1=1.179&r2=1.179.2.1