Created attachment 7144 [details]
valgrind log from step 5
The error in question can be seen here:
Where the code assumes unsigned integer wrapping semantics for pointer arithmetic on the variable 'scale' in a number of places. In particular,
432 if (ret && scale && (scale + 1))
Gets optimized to "if (ret && scale)" because it is impossible for "scale + 1" to evaluate to NULL without invoking undefined behavior. Note that the earlier decrement from NULL is also invalid, and possibly other constructs in related code.
This is is a problem as it results in the conditional being taken when scale is "(int*)-sizeof(int)", which leads to an invalid pointer being dereferenced in resolve_expression().
Steps to reproduce
1) Obtain and unpack binutils 2.22 or latest via git (tested with 0b0b7b5).
2) Obtain clang 3.3 or latest trunk (from your package manager or build) and modify PATH as appropriate.
3) Configure similar to the following:
$ CC=clang CXX=clang++ ./configure --disable-werror --enable=ld=no
$ make -j
5) Run the just-built 'as' using the following program from the testsuite:
$ valgrind gas/as-new --32 gas/testsuite/gas/i386/intelbad.s
6) Observe segfault, see attached 'valgrind.log' for the output of the above command.
Presently prevents building a functional binutils with recent versions of clang, and is a time-bomb for breaking future builds. Compilers (including gcc and clang) are known to increasingly take advantage of undefined behavior in newer versions and so this may be an issue in the future even with compilers/platforms that safely build this today.
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.
The offending code was removed in 2013:
2013-12-03 Tristan Gingold <firstname.lastname@example.org>
* config/tc-i386-intel.c (i386_intel_simplify): Avoid arithmetic
overflow on pointers.
Please could you check with the latest version of the binutils sources and if the problem persists, reopen this bug report.