Bug 22163 - null pointer dereference in elf_x86_64_get_synthetic_symtab, elf64-x86-64.c:6945 in binutils 2.29.1
Summary: null pointer dereference in elf_x86_64_get_synthetic_symtab, elf64-x86-64.c:6...
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.29
: P2 normal
Target Milestone: 2.30
Assignee: Not yet assigned to anyone
URL:
Keywords:
: 22168 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-09-21 06:57 UTC by skysider
Modified: 2017-09-22 21:39 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
crash of elf (4.88 KB, application/x-executable)
2017-09-21 06:57 UTC, skysider 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description skysider 2017-09-21 06:57:09 UTC 
Created attachment 10435 [details]
crash of elf

When I run objdump with a specific elf, it crashes.
The command I run is objdump -S crash.pdf, and the result is as follows:

ASAN:SIGSEGV
=================================================================
==82641==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000510f8a bp 0x7ffebb774a00 sp 0x7ffebb774720 T0)
    #0 0x510f89 in elf_x86_64_get_synthetic_symtab /work/binutils-2.29.1-asan/binutils-2.29.1/bfd/elf64-x86-64.c:6945
    #1 0x4140d2 in dump_bfd objdump.c:3525
    #2 0x4144a5 in display_object_bfd objdump.c:3603
    #3 0x4148a1 in display_any_bfd objdump.c:3692
    #4 0x414916 in display_file objdump.c:3713
    #5 0x415925 in main objdump.c:4015
    #6 0x7ff3314b782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x403128 in _start (/work/binutils-2.29.1-asan/binutils-2.29.1/binutils/objdump+0x403128)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /work/binutils-2.29.1-asan/binutils-2.29.1/bfd/elf64-x86-64.c:6945 elf_x86_64_get_synthetic_symtab
==82641==ABORTING

The crash elf is attached.
Comment 1 Sourceware Commits 2017-09-22 14:28:04 UTC 
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b69e9267d15a09ce3f3d4599eae2952dfc6df502

commit b69e9267d15a09ce3f3d4599eae2952dfc6df502
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Sep 22 07:25:16 2017 -0700

    x86: Return -1 if bfd_canonicalize_dynamic_reloc returns 0
    
    Stop if bfd_canonicalize_dynamic_reloc returns 0.
    
    	PR ld/22163
    	* elfxx-x86.c (_bfd_x86_elf_get_synthetic_symtab): Also return
    	-1 if bfd_canonicalize_dynamic_reloc returns 0.
Comment 2 H.J. Lu 2017-09-22 14:30:00 UTC 
*** Bug 22168 has been marked as a duplicate of this bug. ***
Comment 3 Sourceware Commits 2017-09-22 21:11:45 UTC 
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=59ca4c1bbd48a47073eed2c4b933045674cafe41

commit 59ca4c1bbd48a47073eed2c4b933045674cafe41
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Sep 22 14:09:56 2017 -0700

    Update ChangeLog entry for PR 22163
Comment 4 Sourceware Commits 2017-09-22 21:34:38 UTC 
The binutils-2_29-branch branch has been updated by H.J. Lu <hjl@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf

commit e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Fri Sep 22 07:25:16 2017 -0700

    x86: Return -1 if bfd_canonicalize_dynamic_reloc returns 0
    
    Stop if bfd_canonicalize_dynamic_reloc returns 0.
    
    	PR binutils/22163
    	* elf32-i386.c (elf_i386_get_synthetic_symtab): Also return -1
    	if bfd_canonicalize_dynamic_reloc returns 0.
    	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
    
    (cherry picked from commit b69e9267d15a09ce3f3d4599eae2952dfc6df502)
Comment 5 H.J. Lu 2017-09-22 21:39:24 UTC 
Fixed for master and 2.29.