Bug 26408

Summary: A null pointer deference in elf.c:12901:11
Product: binutils Reporter: zhouan <seviezhou>
Component: binutilsAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED WORKSFORME    
Severity: normal CC: nickc
Priority: P2    
Version: 2.36   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: SEGV-_bfd_elf_write_secondary_reloc_section-elf-12901

Description zhouan 2020-08-19 15:29:54 UTC
Created attachment 12780 [details]
SEGV-_bfd_elf_write_secondary_reloc_section-elf-12901

## System info

Ubuntu x86_64, clang 6.0, binutils (2.36 d1ce973eb377f19240005665258ce1d89bd064b5)

## Configure

CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure

## Command line

./binutils/strip-new -s -g -S -d -w -x -X -v -o /dev/null @@

## AddressSanitizer output

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==68830==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000069c27f bp 0x7ffd6cec00f0 sp 0x7ffd6cebff40 T0)
==68830==The signal is caused by a READ memory access.
==68830==Hint: address points to the zero page.
    #0 0x69c27e in _bfd_elf_write_secondary_reloc_section /home/seviezhou/binutils/bfd/elf.c:12901:11
    #1 0x642b07 in bfd_elf64_write_relocs /home/seviezhou/binutils/bfd/./elfcode.h:1002:8
    #2 0x5d7bbc in bfd_map_over_sections /home/seviezhou/binutils/bfd/section.c:1379:5
    #3 0x6847f0 in _bfd_elf_write_object_contents /home/seviezhou/binutils/bfd/elf.c:6657:3
    #4 0x5cf909 in bfd_close /home/seviezhou/binutils/bfd/opncls.c:775:13
    #5 0x51e9d4 in copy_file /home/seviezhou/binutils/binutils/objcopy.c:3846:51
    #6 0x5143d8 in strip_main /home/seviezhou/binutils/binutils/objcopy.c:4826:7
    #7 0x5143d8 in main /home/seviezhou/binutils/binutils/objcopy.c:6024
    #8 0x7f9cefa3eb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #9 0x41ac99 in _start (/home/seviezhou/binutils/binutils/strip-new+0x41ac99)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/seviezhou/binutils/bfd/elf.c:12901:11 in _bfd_elf_write_secondary_reloc_section
==68830==ABORTING
```
Comment 1 Nick Clifton 2020-08-26 14:30:20 UTC
Hi Zhouan,

  I cannot reproduce this problem.  However I that this is probably
  because of commit 44466e45c51 which disables the _bfd_elf_write_secondary_reloc_section 
  from even being called if there are no secondary relocs in the 
  input file(s).

  If you are able to create a fuzzed file which does contain secondary
  relocs and which does also trigger this bug, then please could you
  upload it here.

Cheers
  Nick
Comment 2 Alan Modra 2021-01-15 05:39:52 UTC
Already fixed, I believe.