Bug 22192 - float point exception in decode_line_info in binutils 2.29 dwarf2.c
Summary: float point exception in decode_line_info in binutils 2.29 dwarf2.c
Status: RESOLVED DUPLICATE of bug 22186
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.29
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2017-09-23 08:52 UTC by skysider
Modified: 2017-09-23 10:29 UTC (History)
1 user (show)

See Also:
Last reconfirmed:

floating point exception poc (22.94 KB, application/x-executable)
2017-09-23 08:52 UTC, skysider

Note You need to log in before you can comment on or make changes to this bug.
Description skysider 2017-09-23 08:52:21 UTC
Created attachment 10464 [details]
floating point exception poc

The result of gdb debugging "objdump -x -SD -Wl -R crash_float.elf " is as follows:

Program received signal SIGFPE, Arithmetic exception.
0x00000000007861e5 in decode_line_info (unit=0xd6f980, stash=stash@entry=0xd69270) at ./dwarf2.c:2440
2440                    address += (lh.minimum_instruction_length
(gdb) bt
#0  0x00000000007861e5 in decode_line_info (unit=0xd6f980, stash=stash@entry=0xd69270) at ./dwarf2.c:2440
#1  0x000000000079ad3c in comp_unit_find_nearest_line (unit=0xd6f980, addr=4198724, filename_ptr=0x7fffffffdec8, function_ptr=0x7fffffffded0, linenumber_ptr=0x7fffffffdeb8, discriminator_ptr=0x7fffffffdebc, stash=0xd69270) at ./dwarf2.c:3562
#2  0x00000000007a44f5 in _bfd_dwarf2_find_nearest_line (abfd=abfd@entry=0xd601c0, symbols=symbols@entry=0xd69c40, symbol=symbol@entry=0x0, section=section@entry=0xd655e8, offset=offset@entry=0, filename_ptr=filename_ptr@entry=0x7fffffffe0b0, 
    functionname_ptr=0x7fffffffe0b8, linenumber_ptr=0x7fffffffe0a4, discriminator_ptr=0x7fffffffe0a8, debug_sections=0xb03840 <dwarf_debug_sections>, addr_size=0, pinfo=0xd60620) at ./dwarf2.c:4622
#3  0x00000000006c286e in _bfd_elf_find_nearest_line (abfd=0xd601c0, symbols=0xd69c40, section=0xd655e8, offset=0, filename_ptr=0x7fffffffe0b0, functionname_ptr=0x7fffffffe0b8, line_ptr=0x7fffffffe0a4, discriminator_ptr=0x7fffffffe0a8) at elf.c:8653
#4  0x0000000000422f41 in show_line (addr_offset=0, section=<optimized out>, abfd=0xd601c0) at ./objdump.c:1486
#5  disassemble_bytes (inf=inf@entry=0x7fffffffe360, disassemble_fn=0x59c380 <print_insn_i386>, insns=insns@entry=1, data=<optimized out>, start_offset=start_offset@entry=0, stop_offset=stop_offset@entry=9, rel_offset=4198724, relppp=0x7fffffffe278, relppend=0xd6c720)
    at ./objdump.c:1791
#6  0x000000000042ddfe in disassemble_section (abfd=0xd601c0, section=<optimized out>, inf=0x7fffffffe360) at ./objdump.c:2313
#7  0x00000000005f390c in bfd_map_over_sections (abfd=abfd@entry=0xd601c0, operation=operation@entry=0x42b580 <disassemble_section>, user_storage=user_storage@entry=0x7fffffffe360) at section.c:1395
#8  0x00000000004165a0 in disassemble_data (abfd=abfd@entry=0xd601c0) at ./objdump.c:2449
#9  0x000000000041c620 in dump_bfd (abfd=abfd@entry=0xd601c0) at ./objdump.c:3546
#10 0x000000000041e0f0 in display_object_bfd (abfd=0xd601c0) at ./objdump.c:3603
#11 display_any_bfd (file=file@entry=0xd601c0, level=level@entry=0) at ./objdump.c:3692
#12 0x000000000040c75e in display_file (last_file=1, target=<optimized out>, filename=0x7fffffffe8aa "crash_float.elf") at ./objdump.c:3713
#13 main (argc=6, argv=0x7fffffffe658) at ./objdump.c:4015
(gdb) list
2435                  break;
2436                case DW_LNS_set_basic_block:
2437                  break;
2438                case DW_LNS_const_add_pc:
2439                  if (lh.maximum_ops_per_insn == 1)
2440                    address += (lh.minimum_instruction_length
2441                                * ((255 - lh.opcode_base) / lh.line_range));
2442                  else
2443                    {
2444                      bfd_vma adjust = ((255 - lh.opcode_base) / lh.line_range);
(gdb) x/i $rip
=> 0x7861e5 <decode_line_info+14101>:   idivl  0x78(%rsp)
(gdb) x/xw $rsp+0x78
0x7fffffffdcd8: 0x00000000

We can see clearly that lh.line_range =0 resulting the floating point exception.
Comment 1 skysider 2017-09-23 09:07:14 UTC
Oops, it's perhaps a dupicate of bug 22186.
Comment 2 Alan Modra 2017-09-23 10:29:21 UTC
The same problem as pr22186

*** This bug has been marked as a duplicate of bug 22186 ***