Bug 29289

Summary: display_debug_names: Assertion `name_count == buckets_filled + hash_clash_count' failed
Product: binutils Reporter: Hex Rabbit <h3xrabbit>
Component: binutilsAssignee: Nick Clifton <nickc>
Status: RESOLVED FIXED    
Severity: normal CC: h3xrabbit, nickc
Priority: P2    
Version: 2.39   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed: 2022-06-27 00:00:00
Attachments: the file caused assertion failed

Description Hex Rabbit 2022-06-26 20:35:07 UTC 
Created attachment 14176 [details]
the file caused assertion failed

During fuzzing campaign, I found some files triggered the assertion inside `binutils/dwarf.c:display_debug_names` with the command:
```
readelf -w file
```

Command output:
```
readelf: Warning: The e_shentsize field in the ELF header is larger than the size of an ELF section header
readelf: Warning: Section 6 has an out of range sh_link value of 2162688
readelf: Warning: Section 7 has an out of range sh_link value of 1111638594
readelf: Warning: Section 8 has an out of range sh_link value of 14592
readelf: Warning: Section 10 has an out of range sh_link value of 237568
readelf: Warning: Section 11 has an out of range sh_link value of 4244635647
readelf: Warning: Section 12 has an out of range sh_link value of 457375744
readelf: Warning: Section 14 has an out of range sh_link value of 4278190080
readelf: Warning: The e_phentsize field in the ELF header is larger than the size of an ELF program header
readelf: Error: Reading 728 bytes extends past end of file for program headers
section '.debug_names' has the NOBITS type - its contents are unreliable.
Contents of the .debug_names section:

readelf: Warning: Debug info is corrupted, .debug_names header at 0 has length 4c457f
readelf: Error: Reading 8192 bytes extends past end of file for .debug_names section data
Contents of the .debug_names section:

Version 5
readelf: Warning: Padding field of .debug_names must be 0 (found 0x70)
readelf: Warning: Compilation unit count must be >= 1 in .debug_names
Augmentation string:  ("")
CU table:

TU table:

Foreign TU table:

Used 1 of 1 bucket.
Out of 0 items there are 0 bucket clashes (longest of 0 entries).
readelf: ../../binutils/dwarf.c:10239: display_debug_names: Assertion `name_count == buckets_filled + hash_clash_count' failed.
[1]    552315 abort      ./readelf -w
```

build on latest commit (9544899f2809833729159b0acb414ef7730650d5), with default config `../configure`
Comment 1 Sourceware Commits 2022-06-27 12:43:53 UTC 
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5

commit e3e5ae049371a27fd1737aba946fe26d06e029b5
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Jun 27 13:43:02 2022 +0100

    Replace a run-time assertion failure with a warning message when parsing corrupt DWARF data.
    
            PR 29289
            * dwarf.c (display_debug_names): Replace assert with a warning
            message.
Comment 2 Nick Clifton 2022-06-27 12:44:14 UTC 
Resolved