Bug 17110 - ld crash in _bfd_elf_find_segment_containing_section with -relax
Summary: ld crash in _bfd_elf_find_segment_containing_section with -relax
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.25
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-03 19:20 UTC by Ryan Mansfield
Modified: 2014-07-08 15:23 UTC (History)
1 user (show)

See Also:
Host:
Target: sh4-unknown-linux-gnu
Build:
Last reconfirmed:

Attachments
reduced testcase (205 bytes, text/plain)
2014-07-03 19:20 UTC, Ryan Mansfield 		Details
Do not look for output segments in input files. (356 bytes, patch)
2014-07-08 12:16 UTC, Nick Clifton 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Mansfield 2014-07-03 19:20:01 UTC 
Created attachment 7678 [details]
reduced testcase

Configured with --target=sh4-unknown-linux-gnu

$ ./gas/as-new ~/t.s -o t.o -relax 
$ ./ld/ld-new t.o -relax
./ld/ld-new: warning: cannot find entry symbol _start; defaulting to 00400054
Segmentation fault (core dumped)

(gdb) bt
#0  0x08093aab in _bfd_elf_find_segment_containing_section (abfd=0x8147690, 
    section=0x8148a58) at ../../bfd/elf.c:3649
#1  0x0808728e in sh_elf_osec_to_segment (output_bfd=0x8147690, osec=0x8147750)
    at ../../bfd/elf32-sh.c:3680
#2  0x0808c524 in sh_elf_relocate_section (output_bfd=0x8147690, 
    info=0xffffc4f8, input_bfd=0x8147690, input_section=0x8148a58, 
    contents=0x8159f98 "]", relocs=0x8149e38, local_syms=0x814a980, 
    local_sections=0x815a048) at ../../bfd/elf32-sh.c:3838
#3  0x0808fe83 in sh_elf_get_relocated_section_contents (output_bfd=0x8147690, 
    link_info=0xffffc4f8, link_order=0xffffc5a8, data=0x8159f98 "]", 
    relocatable=0, symbols=0x8149eac) at ../../bfd/elf32-sh.c:5592
#4  0x08085da9 in bfd_simple_get_relocated_section_contents (abfd=0x8147690, 
    sec=0x8148a58, outbuf=0x8159f98 "]", symbol_table=0x8149eac)
    at ../../bfd/simple.c:270
#5  0x08081c57 in read_section (abfd=0x8147690, 
    sec=0x8119638 <dwarf_debug_sections+24>, syms=0x8149eac, offset=0, 
    section_buffer=0x814a1d8, section_size=0xffffc668)
    at ../../bfd/dwarf2.c:526
#6  0x08084936 in _bfd_dwarf2_slurp_debug_info (abfd=0x8147690, 
    debug_bfd=0x8147690, debug_sections=0x8119620 <dwarf_debug_sections>, 
    symbols=0x8149eac, pinfo=0x8147990, do_place=1) at ../../bfd/dwarf2.c:3549
#7  0x08084ccc in find_line (abfd=0x8147690, 
    debug_sections=0x8119620 <dwarf_debug_sections>, section=0x8148788, 
    offset=8, symbol=0x0, symbols=0x8149eac, filename_ptr=0xffffc888, 
    functionname_ptr=0xffffc884, linenumber_ptr=0xffffc880, 
    discriminator_ptr=0x0, addr_size=0, pinfo=0x8147990)
    at ../../bfd/dwarf2.c:3641
#8  0x08096259 in _bfd_elf_find_nearest_line_discriminator (abfd=0x8147690, 
    section=0x8148788, symbols=0x8149eac, offset=8, filename_ptr=0xffffc888, 
    functionname_ptr=0xffffc884, line_ptr=0xffffc880, discriminator_ptr=0x0)
    at ../../bfd/elf.c:7692
#9  0x08096373 in _bfd_elf_find_nearest_line (abfd=0x8147690, 
    section=0x8148788, symbols=0x8149eac, offset=8, filename_ptr=0xffffc888, 
    functionname_ptr=0xffffc884, line_ptr=0xffffc880) at ../../bfd/elf.c:7661
#10 0x08062cc8 in vfinfo (fp=0xf7f8f960 <_IO_2_1_stderr_>, 
    fmt=0x80ec964 ": undefined reference to `%T'\n", arg=<optimized out>, 
    is_warning=1) at ../../ld/ldmisc.c:312
#11 0x08063579 in einfo (fmt=0x80ec960 "%X%C: undefined reference to `%T'\n")
    at ../../ld/ldmisc.c:464
#12 0x0805d714 in undefined_symbol (info=0x8130d40 <link_info>, 
    name=0x8149c3a "trap", abfd=0x8147690, section=0x8148788, address=8, 
    error=1) at ../../ld/ldmain.c:1325
#13 0x0808c75a in sh_elf_relocate_section (output_bfd=0x813f100, 
    info=0x8130d40 <link_info>, input_bfd=0x8147690, input_section=0x8148788, 
    contents=0x814a8b8 "\"OCe", relocs=0x8149c4c, local_syms=0x814a980, 
    local_sections=0x8154fd8) at ../../bfd/elf32-sh.c:4123
#14 0x080af0cd in elf_link_input_bfd (flinfo=0xffffcd40, input_bfd=0x8147690)
    at ../../bfd/elflink.c:9759
#15 0x080b0a16 in bfd_elf_final_link (abfd=0x813f100, 
    info=0x8130d40 <link_info>) at ../../bfd/elflink.c:10948
#16 0x0805f2c4 in ldwrite () at ../../ld/ldwrite.c:580
Comment 1 Ryan Mansfield 2014-07-03 19:21:45 UTC 
Using GNU ld (GNU Binutils) 2.24.51.20140703
Comment 2 Ryan Mansfield 2014-07-03 19:38:24 UTC 
./ld/ld-new: warning: cannot find entry symbol _start; defaulting to 00400054
==3204== Invalid read of size 4
==3204==    at 0x8098B6A: sh_elf_relocate_section (elf32-sh.c:3825)
==3204==    by 0x809CEB6: sh_elf_get_relocated_section_contents (elf32-sh.c:5592)
==3204==    by 0x8074106: bfd_get_relocated_section_contents (bfd.c:1562)
==3204==    by 0x809302B: bfd_simple_get_relocated_section_contents (simple.c:270)
==3204==    by 0x808CC9F: read_section (dwarf2.c:526)
==3204==    by 0x80920A9: _bfd_dwarf2_slurp_debug_info (dwarf2.c:3549)
==3204==    by 0x809228E: find_line (dwarf2.c:3641)
==3204==    by 0x8092916: _bfd_dwarf2_find_nearest_line (dwarf2.c:3893)
==3204==    by 0x80B4549: _bfd_elf_find_nearest_line_discriminator (elf.c:7692)
==3204==    by 0x80B444F: _bfd_elf_find_nearest_line (elf.c:7661)
==3204==    by 0x8066599: vfinfo (ldmisc.c:312)
==3204==    by 0x8066A1A: einfo (ldmisc.c:464)
==3204==  Address 0x425abfc is 0 bytes after a block of size 44 alloc'd
==3204==    at 0x402A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==3204==    by 0x807B286: bfd_malloc (libbfd.c:181)
==3204==    by 0x8083702: _bfd_generic_link_hash_table_create (linker.c:771)
==3204==    by 0x8092E0D: bfd_simple_get_relocated_section_contents (simple.c:215)
==3204==    by 0x808CC9F: read_section (dwarf2.c:526)
==3204==    by 0x80920A9: _bfd_dwarf2_slurp_debug_info (dwarf2.c:3549)
==3204==    by 0x809228E: find_line (dwarf2.c:3641)
==3204==    by 0x8092916: _bfd_dwarf2_find_nearest_line (dwarf2.c:3893)
==3204==    by 0x80B4549: _bfd_elf_find_nearest_line_discriminator (elf.c:7692)
==3204==    by 0x80B444F: _bfd_elf_find_nearest_line (elf.c:7661)
==3204==    by 0x8066599: vfinfo (ldmisc.c:312)
==3204==    by 0x8066A1A: einfo (ldmisc.c:464)
==3204== 
==3204== Invalid read of size 4
==3204==    at 0x80ABF13: _bfd_elf_find_segment_containing_section (elf.c:3649)
==3204==    by 0x80985A8: sh_elf_osec_to_segment (elf32-sh.c:3680)
==3204==    by 0x8098C46: sh_elf_relocate_section (elf32-sh.c:3838)
==3204==    by 0x809CEB6: sh_elf_get_relocated_section_contents (elf32-sh.c:5592)
==3204==    by 0x8074106: bfd_get_relocated_section_contents (bfd.c:1562)
==3204==    by 0x809302B: bfd_simple_get_relocated_section_contents (simple.c:270)
==3204==    by 0x808CC9F: read_section (dwarf2.c:526)
==3204==    by 0x80920A9: _bfd_dwarf2_slurp_debug_info (dwarf2.c:3549)
==3204==    by 0x809228E: find_line (dwarf2.c:3641)
==3204==    by 0x8092916: _bfd_dwarf2_find_nearest_line (dwarf2.c:3893)
==3204==    by 0x80B4549: _bfd_elf_find_nearest_line_discriminator (elf.c:7692)
==3204==    by 0x80B444F: _bfd_elf_find_nearest_line (elf.c:7661)
==3204==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3204== 
==3204== 
==3204== Process terminating with default action of signal 11 (SIGSEGV)
==3204==  Access not within mapped region at address 0x0
==3204==    at 0x80ABF13: _bfd_elf_find_segment_containing_section (elf.c:3649)
==3204==    by 0x80985A8: sh_elf_osec_to_segment (elf32-sh.c:3680)
==3204==    by 0x8098C46: sh_elf_relocate_section (elf32-sh.c:3838)
==3204==    by 0x809CEB6: sh_elf_get_relocated_section_contents (elf32-sh.c:5592)
==3204==    by 0x8074106: bfd_get_relocated_section_contents (bfd.c:1562)
==3204==    by 0x809302B: bfd_simple_get_relocated_section_contents (simple.c:270)
==3204==    by 0x808CC9F: read_section (dwarf2.c:526)
==3204==    by 0x80920A9: _bfd_dwarf2_slurp_debug_info (dwarf2.c:3549)
==3204==    by 0x809228E: find_line (dwarf2.c:3641)
==3204==    by 0x8092916: _bfd_dwarf2_find_nearest_line (dwarf2.c:3893)
==3204==    by 0x80B4549: _bfd_elf_find_nearest_line_discriminator (elf.c:7692)
==3204==    by 0x80B444F: _bfd_elf_find_nearest_line (elf.c:7661)
Comment 3 Nick Clifton 2014-07-08 12:16:29 UTC 
Created attachment 7690 [details]
Do not look for output segments in input files.

Hi Ryan,

  Please try out the uploaded patch and let me know if it works for you.

Cheers
  Nick
Comment 4 Ryan Mansfield 2014-07-08 14:05:10 UTC 
Comment on attachment 7690 [details]
Do not look for output segments in input files.

Hi Nick,

Yes, the attach patch fixes the bug. Thanks!
Comment 5 Sourceware Commits 2014-07-08 15:23:56 UTC 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  5bc8cb6f842e588e7ae9f3b9f52f9f41fb97bf34 (commit)
      from  792f7758e3cdbe72b82a5014d74e87e9c1ee0c3b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5bc8cb6f842e588e7ae9f3b9f52f9f41fb97bf34

commit 5bc8cb6f842e588e7ae9f3b9f52f9f41fb97bf34
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Jul 8 16:20:48 2014 +0100

    This fixes PR 17110 which shows that the SH section relocation code can be called
    for input BFDs as well as output BFDs.
    
    	PR ld/17110
    	* elf32-sh.c (sh_elf_osec_to_segment): Do not look for output
    	segments in input bfds.

-----------------------------------------------------------------------

Summary of changes:
 bfd/ChangeLog  |    6 ++++++
 bfd/elf32-sh.c |    4 +++-
 2 files changed, 9 insertions(+), 1 deletions(-)
Comment 6 Nick Clifton 2014-07-08 15:23:57 UTC 
Patch applied.