Bug 21914 - [x86_64] SEGV during link
Summary: [x86_64] SEGV during link
Status: RESOLVED WORKSFORME
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.29
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-07 14:55 UTC by David Howells
Modified: 2017-08-08 00:31 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
Test data (912 bytes, application/x-bzip)
2017-08-07 14:55 UTC, David Howells
Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Howells 2017-08-07 14:55:16 UTC
Created attachment 10322 [details]
Test data

ld from binutils-2.29 can be made to crash when attempting to link the attached test data.  The test data needs to be decompressed and then ld commanded as follows:

x86_64-linux-gnu-ld  -m elf_i386 -N --no-check-sections --section-start=.prefix=0 --gc-sections -static -o usbdisk.bin --oformat binary -e 0 usbdisk.o

Note that the ld being used here is an x86_64-on-x86_64 cross.

Poking around in the crashed ld process with gdb shows:

Program received signal SIGSEGV, Segmentation fault.
0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
(gdb) bt
#0  0x000000000042e3a4 in gldelf_i386_place_orphan (s=0x82cea0, 
    secname=0x82c692 ".prefix", constraint=382) at eelf_i386.c:1978
#1  0x0000000000412bfa in lang_place_orphans ()
    at ../../binutils-2.29/ld/ldlang.c:6396
#2  0x0000000000416f21 in lang_process ()
    at ../../binutils-2.29/ld/ldlang.c:7198
#3  0x0000000000403ee0 in main (argc=<optimized out>, argv=<optimized out>)
    at ../../binutils-2.29/ld/ldmain.c:413

The fault apparently occurs on line 1978 in the following:

1977            if (os->bfd_section != NULL
1978                && (elf_section_data (os->bfd_section)->this_hdr.sh_info
1979                    == elf_section_data (s)->this_hdr.sh_info)
1980                && (os->bfd_section->flags == 0
1981                    || ((!bfd_link_relocatable (&link_info)
1982                         || (iself && (((elf_section_flags (s)
1983                                         ^ elf_section_flags (os->bfd_section))
1984                                        & SHF_EXCLUDE) == 0)))

(gdb) p os
$1 = (lang_output_section_statement_type *) 0x81e168
(gdb) p os->bfd_section
$2 = (asection *) 0x820720
(gdb) p s
$3 = (asection *) 0x82cea0

Looking at the disassembly, line 1977 starts here:

   0x000000000042e386 <+822>:   mov    0x38(%rbx),%rsi
   0x000000000042e38a <+826>:   test   %rsi,%rsi
   0x000000000042e38d <+829>:   je     0x42e448 <gldelf_i386_place_orphan+1016>
   0x000000000042e393 <+835>:   mov    0xe0(%rsi),%rax
   0x000000000042e39a <+842>:   mov    0xe0(%rbp),%rdx
   0x000000000042e3a1 <+849>:   mov    0x2c(%rdx),%ecx
=> 0x000000000042e3a4 <+852>:   cmp    %ecx,0x2c(%rax)

So %rbx holds 'os', %rsi holds 'os->bfd_section' and %rbp holds 's'.

(gdb) p/x *(long*)($rsi+0xe0)
$13 = 0x0
(gdb) p/x *(long*)($rbp+0xe0)
$14 = 0x82f170

So elf_section_data (os->bfd_section) returns NULL and a SEGV occurs when we try and dereference it.
Comment 1 David Howells 2017-08-07 14:57:03 UTC
binutils was configured thusly:

+ LDFLAGS='-Wl,-z,relro '
+ ../binutils-2.29/configure --disable-dependency-tracking --disable-silent-rules --enable-checking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-linux-gnu --program-prefix=x86_64-linux-gnu- --disable-shared --disable-install_libbfd --with-sysroot=/usr/x86_64-linux-gnu/sys-root --enable-deterministic-archives=no --enable-compressed-debug-sections=none --enable-lto --with-bugurl=http://bugzilla.redhat.com/bugzilla/
Comment 2 H.J. Lu 2017-08-07 17:13:12 UTC
Please try binutils 2.29 branch.
Comment 3 Alan Modra 2017-08-08 00:31:24 UTC
Alread fixed both master and branch.