Bug 22875 - Strip complains about and then destroys unrecognised relocs
Summary: Strip complains about and then destroys unrecognised relocs
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-22 13:07 UTC by Nick Clifton
Modified: 2018-04-04 01:03 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Clifton 2018-02-22 13:07:15 UTC
Hi Guys,

If strip encounters a relocation that it does not recognise, it issues a warning message, and then proceeds to replace the relocation with a null version.  It then completes successfully, even though it has now produced a corrupt binary.

For example, consider this test:

  % cat unknown-reloc.s
	.text
  foo:
	.dc.l    0x12345678

	.section .rela.text
	.dc.l	 0
	.dc.l	 0
	.dc.l    0x12345678
	.dc.l	 0

	.dc.l	 0
	.dc.l	 0
	.dc.l    0
	.dc.l	 0

  % as unknown-reloc.s -o unknown-reloc.o

  % readelf -r unknown-reloc.o
  Relocation section '.rela.text' at offset 0x44 contains 1 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
  000000000000  000012345678 unrecognized: 12345678                    0

  % strip -g unknown-reloc.o
  strip: bad-reloc.o: invalid relocation type 120

  % echo $?
  0

  % readelf -r unknown-reloc.o
  Relocation section '.rela.text' at offset 0xc8 contains 1 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
  000000000000  000000000000 R_X86_64_NONE                        0

This is not just a theoretical problem.  We (Red Hat) recently had a user report
that they were seeing corrupt binaries, and the problem turned out to be that they were compiling using a toolchain with a 2.28 assembler that produced  R_X86_64_REX_GOTPCRELX relocations, but using a version of strip that came from the 2.25 binutils release.

There are at least two bugs here:

  * strip should not replace relocations that it does not recognise.
  * strip should either accept and ignore unknown relocations, or, if
   it must, complain about them, leave the input alone, and return an
   exit failure status.

I am filing this bug as a reminder to myself to investigate and fix the problems.  That is unless somebody else does it first... :-)

Cheers
  Nick
Comment 1 cvs-commit@gcc.gnu.org 2018-02-27 10:17:43 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f3185997ac0951edac802e29df03dfc0844fda34

commit f3185997ac0951edac802e29df03dfc0844fda34
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Feb 27 10:15:13 2018 +0000

    Have info_to_howto functions return a success/fail status.  Check this result.  Stop strip from completeing if one of these functions fails.
    
    bfd	PR 22875
    	* elf-bfd.h (struct elf_backend_data): Change the return type of
    	the elf_info_to_howto and elf_info_to_howto_rel function pointers
    	to bfd_boolean.
    	* elfcode.h (elf_slurp_reloc_table_from_section): Check the return value from the info_to_howto function and fail if that function failed.
    	* elf32-h8300.c (elf32_h8_relocate_section): Check return value from the info_to_howto function.
    	(elf32_h8_relax_section): Likewise.
    	* elf32-lm32.c (lm32_elf_relocate_section): Likewise.
    	* elf32-m68hc1x.c (elf32_m68hc11_relocate_section): Likewise.
    	* elf32-score.c (s3_bfd_score_elf_relocate_section): Likewise.
    	* elf32-score7.c (s7_bfd_score_elf_relocate_section): Likewise.
    	* elf32-tic6x.c (elf32_tic6x_relocate_section): Likewise.
    	* elf64-ia64-vms.c (elf64_ia64_relocate_section): Likewise.
    	* elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Likewise.
    	* elf64-x86-64.c (elf_x86_64_tls_transition): Likewise.
    	* elfnn-ia64.c (elfNN_ia64_relocate_section): Likewise.
    	* elfnn-riscv.c (riscv_elf_check_relocs): Likewise.
    	(riscv_elf_relocate_section): Likewise.
    	* elf-hppa.h (elf_hppa_info_to_howto): Change return type to
    	bfd_boolean.  Issue an error message, set an error value and
    	return FALSE if the reloc is not recognized.
    	(elf_hppa_info_to_howto_rel): Likewise.
    	* elf-m10200.c (mn10200_info_to_howto): Likewise.
    	* elf-m10300.c (mn10300_info_to_howto): Likewise.
    	* elf.c (_bfd_elf_no_info_to_howto): Likewise.
    	* elf32-arc.c (arc_info_to_howto_rel): Likewise.
    	* elf32-arm.c (elf32_arm_info_to_howto): Likewise.
    	* elf32-avr.c (avr_info_to_howto_rela): Likewise.
    	* elf32-bfin.c (bfin_info_to_howto): Likewise.
    	* elf32-cr16.c (elf_cr16_info_to_howto): Likewise.
    	* elf32-cr16c.c (elf_cr16c_info_to_howto): Likewise.
    	* elf32-cris.c (elf_cr16c_info_to_howto_rel, cris_info_to_howto_rela): Likewise.
    	* elf32-crx.c (elf_crx_info_to_howto): Likewise.
    	* elf32-d10v.c (d10v_info_to_howto_rel): Likewise.
    	* elf32-d30v.c (d30v_info_to_howto_rel, d30v_info_to_howto_rela): Likewise.
    	* elf32-dlx.c (dlx_rtype_to_howto, elf32_dlx_info_to_howto, elf32_dlx_info_to_howto_rel): Likewise.
    	* elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise.
    	* elf32-fr30.c (fr30_info_to_howto_rela): Likewise.
    	* elf32-frv.c (frv_info_to_howto_rela, 	frvfdpic_info_to_howto_rel): Likewise.
    	* elf32-ft32.c (ft32_info_to_howto_rela): Likewise.
    	* elf32-gen.c (elf_generic_info_to_howto, elf_generic_info_to_howto_rel): Likewise.
    	* elf32-h8300.c (elf32_h8_info_to_howto, elf32_h8_info_to_howto_rel): Likewise.
    	* elf32-i370.c (i370_elf_info_to_howto): Likewise.
    	* elf32-i386.c (elf_i386_reloc_type_lookup, elf_i386_rtype_to_howto, elf_i386_info_to_howto_rel): Likewise.
    	* elf32-i860.c (lookup_howto, elf32_i860_info_to_howto_rela): Likewise.
    	* elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise.
    	* elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise.
    	* elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise.
    	* elf32-lm32.c (lm32_info_to_howto_rela): Likewise.
    	* elf32-m32c.c (m32c_info_to_howto_rela): Likewise.
    	* elf32-m32r.c (m32r_info_to_howto_rel, m32r_info_to_howto): Likewise.
    	* elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise.
    	* elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise.
    	* elf32-m68k.c (rtype_to_howto): Likewise.
    	* elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
    	* elf32-mep.c (mep_info_to_howto_rela): Likewise.
    	* elf32-metag.c (metag_info_to_howto_rela): Likewise.
    	* elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
    	* elf32-mips.c (mips_info_to_howto_rel, mips_info_to_howto_rela): Likewise.
    	* elf32-moxie.c (moxie_info_to_howto_rela): Likewise.
    	* elf32-msp430.c (msp430_info_to_howto_rela): Likewise.
    	* elf32-mt.c (mt_info_to_howto_rela): Likewise.
    	* elf32-nds32.c (nds32_info_to_howto_rel, nds32_info_to_howto): Likewise.
    	* elf32-nios2.c (nios2_elf32_info_to_howto): Likewise.
    	* elf32-or1k.c (or1k_info_to_howto_rela): Likewise.
    	* elf32-pj.c (pj_elf_info_to_howto): Likewise.
    	* elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
    	* elf32-pru.c (pru_elf32_info_to_howto): Likewise.
    	* elf32-rl78.c (rl78_info_to_howto_rela): Likewise.
    	* elf32-rx.c (rx_info_to_howto_rela): Likewise.
    	* elf32-s390.c (elf_s390_info_to_howto): Likewise.
    	* elf32-score.c (s3_bfd_score_info_to_howto, _bfd_score_info_to_howto): Likewise.
    	* elf32-score7.c (s7_bfd_score_info_to_howto): Likewise.
    	* elf32-sh.c (sh_elf_info_to_howto): Likewise.
    	* elf32-spu.c (spu_elf_info_to_howto): Likewise.
    	* elf32-tic6x.c (elf32_tic6x_info_to_howto, elf32_tic6x_info_to_howto_rel): Likewise.
    	* elf32-tilepro.c (tilepro_info_to_howto_rela): Likewise.
    	* elf32-v850.c (v850_elf_info_to_howto_rel, v850_elf_info_to_howto_rela, v800_elf_info_to_howto): Likewise.
    	* elf32-vax.c (rtype_to_howto): Likewise.
    	* elf32-visium.c (visium_info_to_howto_rela): Likewise.
    	* elf32-wasm32.c (elf32_wasm32_rtype_to_howto, elf32_wasm32_info_to_howto_rela): Likewise.
    	* elf32-xc16x.c (elf32_xc16x_info_to_howto): Likewise.
    	* elf32-xgate.c (xgate_info_to_howto_rel): Likewise.
    	* elf32-xstormy16.c (xstormy16_info_to_howto_rela): Likewise.
    	* elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise.
    	* elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
    	* elf64-gen.c (elf_generic_info_to_howto, elf_generic_info_to_howto_rel): Likewise.
    	* elf64-ia64-vms.c (elf64_ia64_info_to_howto): Likewise.
    	* elf64-mips.c (mips_elf64_info_to_howto_rela): Likewise.
    	* elf64-mmix.c (mmix_info_to_howto_rela): Likewise.
    	* elf64-ppc.c (ppc64_elf_info_to_howto): Likewise.
    	* elf64-s390.c (elf_s390_reloc_type_lookup): Likewise.
    	* elf64-sh64.c (elf_s390_info_to_howto, sh_elf64_info_to_howto): Likewise.
    	* elf64-x86-64.c (elf_x86_64_info_to_howto): Likewise.
    	* elfn32-mips.c (mips_info_to_howto_rel, mips_info_to_howto_rela): Likewise.
    	* elfnn-aarch64.c (elfNN_aarch64_info_to_howto): Likewise.
    	* elfnn-ia64.c (elfNN_ia64_info_to_howto): Likewise.
    	* elfnn-riscv.c (riscv_info_to_howto_rela): Likewise.
    	* elfxx-ia64.c (ia64_elf_reloc_type_lookup): Likewise.
    	* elfxx-sparc.c (_bfd_sparc_elf_info_to_howto): Likewise.
    	* elfxx-tilegx.c (tilegx_info_to_howto_rela): Likewise.
    	* elf32-score.h (s7_bfd_score_info_to_howto): Update prototype.
    	* elfxx-sparc.h (_bfd_sparc_elf_info_to_howto): Update prototype.
    	* elfxx-tilegx.h (tilegx_info_to_howto_rela): Update prototype.
    	* elfxx-target.h (elf_info_to_howto, elf_info_to_howto_rel): Default to NULL.
    
    binutils PR 22875
    	* objcopy.c (copy_object): Check the error status after marking symbols used in relocations.
    	* testsuite/binutils-all/strip-13.s: New test source file.
    	* testsuite/binutils-all/strip-13.s: New test driver file.
    	* testsuite/binutils-all/objcopy.exp: Run the new test.
Comment 2 Nick Clifton 2018-02-27 10:52:33 UTC
Patch committed.
Comment 3 cvs-commit@gcc.gnu.org 2018-03-28 21:44:00 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b6a949ae55d3adbade84af4e11415d764647fc9

commit 8b6a949ae55d3adbade84af4e11415d764647fc9
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Mar 28 22:42:17 2018 +0100

    BFD/PA: Remove ATTRIBUTE_UNUSED from `elf_hppa_info_to_howto_rel'
    
    Remove ATTRIBUTE_UNUSED annotation from the `abfd' parameter in
    `elf_hppa_info_to_howto' now that commit f3185997ac09 ("PR 22875: Stop
    strip corrupting unknown relocs"),
    <https://sourceware.org/ml/binutils/2018-02/msg00445.html>, made it
    used.
    
    	bfd/
    	* elf-hppa.h (elf_hppa_info_to_howto_rel): Remove
    	ATTRIBUTE_UNUSED from `abfd'.
Comment 4 cvs-commit@gcc.gnu.org 2018-03-29 13:11:54 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75def2abc3dafb52418405905cd49e9c107c2640

commit 75def2abc3dafb52418405905cd49e9c107c2640
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Thu Mar 29 14:09:48 2018 +0100

    PR binutils/22875: MIPS: Remove duplicate unsupported relocation processing
    
    Remove a duplicate `unsupported relocation type' message and the setting
    of the `bfd_error_bad_value' error from `mips_elf32_rtype_to_howto',
    added with commit f3185997ac09 ("PR 22875: Stop strip corrupting unknown
    relocs"), <https://sourceware.org/ml/binutils/2018-02/msg00445.html>.
    This message is already produced and the `bfd_error_bad_value' error set
    by `mips_elf32_rtype_to_howto' before a NULL howto is returned, so there
    is no need to repeat these actions here.
    
    	bfd/
    	* elf32-mips.c (mips_info_to_howto_rel): Remove the calls to
    	`_bfd_error_handler' and to set the `bfd_error_bad_value' error.
Comment 5 cvs-commit@gcc.gnu.org 2018-04-04 01:02:56 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ed6f92aaffdcc0995b0247379fb8ea621854dce

commit 7ed6f92aaffdcc0995b0247379fb8ea621854dce
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:48 2018 +0100

    PR binutils/22875: MIPS/ELF: Also fail with relocation placeholders
    
    Do not consider placeholder EMPTY_HOWTO relocation entries valid in
    `rtype_to_howto' MIPS handlers.  Instead issue an unsupported relocation
    type error and return a NULL howto as with relocations outside the three
    ISA-specific min-max ranges.
    
    	bfd/
    	* elf32-mips.c (mips_elf32_rtype_to_howto): Also return
    	unsuccessfully for placeholder howtos.
    	* elf64-mips.c (mips_elf64_rtype_to_howto): Likewise.
    	* elfn32-mips.c (mips_elf_n32_rtype_to_howto): Likewise.
Comment 6 cvs-commit@gcc.gnu.org 2018-04-04 01:03:01 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f428698edfd845a21639f5145cba3772eb92abc2

commit f428698edfd845a21639f5145cba3772eb92abc2
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:48 2018 +0100

    PR binutils/22875: FRV/ELF: Prevent an out-of-bounds howto table access
    
    Prevent an out-of-bounds `elf32_frv_howto_table' table access in
    `frv_info_to_howto_rela' by using the size of the table rather than
    R_FRV_max to determine the number of entries in the contiguous regular
    FRV relocation range defined and described in the table.
    
    	bfd/
    	* elf32-frv.c (frv_info_to_howto_rela): Correct the range check
    	for `elf32_frv_howto_table' table access.
Comment 7 cvs-commit@gcc.gnu.org 2018-04-04 01:03:07 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0cc919dc6abede5e61b9d8234028fba879166088

commit 0cc919dc6abede5e61b9d8234028fba879166088
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:49 2018 +0100

    PR binutils/22875: IQ2000/ELF: Prevent an out-of-bounds howto table access
    
    Prevent an out-of-bounds `iq2000_elf_howto_table' table access in
    `iq2000_info_to_howto_rela' by using the size of the table rather than
    R_IQ2000_max to determine the number of entries in the contiguous
    regular IQ2000 relocation range defined and described in the table.
    
    	bfd/
    	* elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range
    	check for `iq2000_elf_howto_table' table access.
Comment 8 cvs-commit@gcc.gnu.org 2018-04-04 01:03:15 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=707bad1b21c18cf8e570fb8df8f7c5961fb0f3a5

commit 707bad1b21c18cf8e570fb8df8f7c5961fb0f3a5
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:49 2018 +0100

    PR binutils/22875: Visium/ELF: Prevent an out-of-bounds howto table access
    
    Prevent an out-of-bounds `visium_elf_howto_table' table access in
    `visium_info_to_howto_rela' by using the size of the table rather than
    R_VISIUM_max to determine the number of entries in the contiguous
    regular Visium relocation range defined and described in the table.
    
    	bfd/
    	* elf32-visium.c (visium_info_to_howto_rela): Correct the range
    	check for `visium_elf_howto_table' table access.
Comment 9 cvs-commit@gcc.gnu.org 2018-04-04 01:03:21 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5d7c8b80485d75242e7c78e79b3ecb4c71abaee3

commit 5d7c8b80485d75242e7c78e79b3ecb4c71abaee3
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:49 2018 +0100

    PR binutils/22875: i860/ELF: Report unsupported relocation types
    
    Complement commit f3185997ac09 ("PR 22875: Stop strip corrupting unknown
    relocs"), <https://sourceware.org/ml/binutils/2018-02/msg00445.html>,
    and also set the `bfd_error_bad_value' error and report an unsupported
    relocation type if a howto lookup fails with the i860 backend, fixing a
    confusing `no error' error message and removing a binutils test failure:
    
    failed with: <.../binutils/strip-new: tmpdir/bintest.o: no error>, expected: <.* bad value>
    .../binutils/strip-new: tmpdir/bintest.o: no error
    FAIL: binutils-all/strip-13
    
    with the `i860-stardent-elf' target.
    
    	bfd/
    	* elf32-i860.c (lookup_howto): Add `abfd' parameter.  Set the
    	`bfd_error_bad_value' error and call `_bfd_error_handler' on a
    	howto lookup failure.
    	(elf32_i860_reloc_type_lookup): Adjust `lookup_howto' call
    	accordingly.
    	(elf32_i860_info_to_howto_rela): Likewise.
    	(elf32_i860_relocate_splitn): Likewise.
    	(elf32_i860_relocate_pc16): Likewise.
    	(elf32_i860_relocate_pc26): Likewise.
    	(elf32_i860_relocate_section): Likewise.
Comment 10 cvs-commit@gcc.gnu.org 2018-04-04 01:03:26 UTC
The master branch has been updated by Maciej W. Rozycki <macro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ee55178c22326c3624ad5872dc5382341ddcd2c

commit 8ee55178c22326c3624ad5872dc5382341ddcd2c
Author: Maciej W. Rozycki <macro@mips.com>
Date:   Wed Apr 4 02:00:49 2018 +0100

    PR binutils/22875: HPPA/ELF: Also fail with relocation placeholders
    
    Do not consider R_PARISC_UNIMPLEMENTED placeholder relocation entries of
    the `elf_hppa_howto_table' table valid in `info_to_howto' HPPA handlers.
    Instead issue an unsupported relocation type error and return a NULL
    howto as with relocations whose number is R_PARISC_UNIMPLEMENTED or
    beyond.
    
    	bfd/
    	* elf-hppa.h (elf_hppa_info_to_howto): Also return
    	unsuccessfully for unimplemented relocations.
    	(elf_hppa_info_to_howto_rel): Likewise.