Bug 6915

Summary: readelf -S segfaults on Solaris-specific section types
Product: binutils Reporter: Diego Elio Pettenò <flameeyes>
Component: binutilsAssignee: unassigned
Status: RESOLVED WORKSFORME    
Severity: normal CC: bug-binutils
Priority: P2    
Version: 2.19   
Target Milestone: ---   
Host: x86_64-pc-linux-gnu Target: x86_64-pc-linux-gnu
Build: x86_64-pc-linux-gnu Last reconfirmed:
Bug Depends on: 6412    
Bug Blocks:    
Attachments: object file causing the crash

Description Diego Elio Pettenò 2008-09-25 09:56:23 UTC
While working on an ELF tool of mine (ruby-elf/cowstats), I found that readelf
-S (from binutils 2.18.50.0.9.20080822) segfaults on Solaris-specific section types.

The file I'm going to attach is distributed with the source tarball of Firefox
3.0.2, and it's used as a test file for the crash handler (I'll be commenting
with the license info since it's using some BSDish terms).

Interestingly enough, eu-readelf from elfutils works fine.

HTH,
Diego
Comment 1 Diego Elio Pettenò 2008-09-25 09:57:20 UTC
Created attachment 2961 [details]
object file causing the crash

// Copyright (c) 2007, Google Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//     * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//     * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
//     * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Comment 2 Alan Modra 2008-09-28 14:35:59 UTC
I could not reproduce this with current mainline or 2.19 branch sources, with
binutils hosted on both x86 and powerpc64.  Perhaps you were bitten by a
compiler bug?  Details on where the segfault occurred might be useful.

There are 31 section headers, starting at offset 0x32a4:

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        080500f4 0000f4 000011 00   A  0   0  1
  [ 2] .SUNW_cap         LOOS+ffffff5    08050108 000108 000010 08   A  0   0  4
  [ 3] .hash             HASH            08050118 000118 000154 04   A  5   0  4
  [ 4] .SUNW_ldynsym     LOOS+ffffff3    0805026c 00026c 0000f0 10   A  6  15  4
  [ 5] .dynsym           DYNSYM          0805035c 00035c 0002a0 10   A  6   1  4
  [ 6] .dynstr           STRTAB          080505fc 0005fc 0006ae 00  AS  0   0  1
  [ 7] .SUNW_version     VERNEED         08050cac 000cac 000070 01   A  6   3  4
  [ 8] .SUNW_dynsymsort  LOOS+ffffff1    08050d1c 000d1c 000068 04   A  4   0  4
  [ 9] .rel.plt          REL             08050d84 000d84 000068 08  AI  5  10  4
  [10] .plt              PROGBITS        08050dec 000dec 0000e0 10  AX  0   0  4
  [11] .text             PROGBITS        08050ed0 000ed0 0002d7 00  AX  0   0 16
  [12] .init             PROGBITS        080511a8 0011a8 0000be 00  AX  0   0  4
  [13] .fini             PROGBITS        08051268 001268 000065 00  AX  0   0  4
  [14] .rodata           PROGBITS        080512d0 0012d0 000050 00   A  0   0  4
  [15] .got              PROGBITS        08061320 001320 00004c 04  WA  0   0  4
  [16] .dynamic          DYNAMIC         0806136c 00136c 000178 08  WA  6   0  4
  [17] .ex_shared        PROGBITS        080614e4 0014e4 000038 00  WA  0   0  4
  [18] .cpp_finidata     PROGBITS        0806151c 00151c 00000c 00  WA  0   0  4
  [19] .exception_ranges PROGBITS        08061528 001528 000068 00  WA 65280   0  4
  [20] .data             PROGBITS        08061590 001590 00005c 00  WA  0   0  4
  [21] .bssf             PROGBITS        080615ec 0015ec 000000 00  WA  0   0  1
  [22] .bss              NOBITS          080615ec 0015ec 000000 00  WA  0   0  1
  [23] .symtab           SYMTAB          00000000 0015ec 000680 10     24  63  4
  [24] .strtab           STRTAB          00000000 001c6c 000475 00   S  0   0  1
  [25] .stab.index       PROGBITS        00000000 0020e4 0000cc 0c     29   0  4
  [26] .stab             PROGBITS        00000000 0021b0 0004e0 0c     30   0  4
  [27] .comment          PROGBITS        00000000 002690 000036 00      0   0  1
  [28] .shstrtab         STRTAB          00000000 0026c6 000110 00   S  0   0  1
  [29] .stab.indexstr    STRTAB          00000000 0027d6 0003b1 00      0   0  1
  [30] .stabstr          STRTAB          00000000 002b87 00071c 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
Comment 3 H.J. Lu 2008-10-12 01:48:48 UTC
The Linux binutils has a patch for PR 6412. Please try this patch:

--- binutils/readelf.c.solaris  2008-10-11 18:47:31.000000000 -0700
+++ binutils/readelf.c  2008-10-11 18:46:18.000000000 -0700
@@ -4452,7 +4452,7 @@ process_section_headers (FILE *file)
          else
            printf (" %3s ", get_elf_section_flags (section->sh_flags));

-         if (hole_in_shndx)
+         if (hole_in_shndx && original_shndx)
            {
              if (original_shndx[i].sh_link != section->sh_link)
                printf ("%2u/-%3u ",
Comment 4 Alan Modra 2009-01-19 12:50:00 UTC
Closing as per comment #2