| Summary: | ld SEGV in bfd_putl64 (bfd/libbfd.c:989:11) with -w option | ||
|---|---|---|---|
| Product: | binutils | Reporter: | 孙文举 <swj22> |
| Component: | ld | Assignee: | Not yet assigned to anyone <unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | nickc |
| Priority: | P2 | ||
| Version: | 2.43 | ||
| Target Milestone: | --- | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
| Attachments: | poc | ||
This bug has been fixed at some point between the 2.43 and 2.44 releases. (I did not perform a triage to find exactly which commit fixes the problem). Anyway the point is that the problem is fixed with 2.44. (In reply to Nick Clifton from comment #1) > This bug has been fixed at some point between the 2.43 and 2.44 releases. > (I did not perform a triage to find exactly which commit fixes the problem). > Anyway the point is that the problem is fixed with 2.44. Got it, thanks. |
Created attachment 15915 [details] poc **Description** A segv can occur in ld (part of binutils 2.43) when using the -w option with a specially crafted input file. This issue leads to memory corruption (illegal memory access)and crashes. **Affected Version** GNU ld (GNU Binutils) 2.43 **Steps to Reproduce** Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make -j). Run the following command: ./binutils-2.43/bins/bin/ld -w $poc Observe the AddressSanitizer error indicating a segv. $ ./binutils-2.43/bins/bin/ld -w /tmp/poc ./binutils-2.43/bins/bin/ld: warning: /tmp/poc has a section extending past end of file AddressSanitizer:DEADLYSIGNAL ================================================================= ==484973==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000007 (pc 0x557c2d205250 bp 0x7ffc11e6c490 sp 0x7ffc11e6c3f0 T0) ==484973==The signal is caused by a WRITE memory access. ==484973==Hint: address points to the zero page. #0 0x557c2d205250 in bfd_putl64 ./binutils-2.43/bfd/libbfd.c:989:11 #1 0x557c2d25d6f3 in elf_x86_64_relocate_section ./binutils-2.43/bfd/elf64-x86-64.c:4101:8 #2 0x557c2d38714e in elf_link_input_bfd ./binutils-2.43/bfd/elflink.c:11848:10 #3 0x557c2d378f0d in bfd_elf_final_link ./binutils-2.43/bfd/elflink.c:13107:11 #4 0x557c2d171d0e in ldwrite ./binutils-2.43/ld/ldwrite.c:550:8 #5 0x557c2d16c4e9 in main ./binutils-2.43/ld/./ldmain.c:556:3 #6 0x7f6584b14082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #7 0x557c2d0446bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd) (BuildId: d9731e405748db264b62c84ded760ba4f068cb0a) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/libbfd.c:989:11 in bfd_putl64 ==484973==ABORTING ** Env ** Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal