Created attachment 11123 [details] crash input http://git.hunter-ht.cn/zhanggen/objcopy_crash_input_1 please download the latest version of objcopy and the crash input file. COMMAND LINE: ./objcopy crash\ input a.elf Then you will see the segmentation fault
Seems to already be fixed with 2.31 or master binutils
(In reply to Alan Modra from comment #1) > Seems to already be fixed with 2.31 or master binutils The stack trace is as follows from gdb: #0 aout_32_swap_std_reloc_out (abfd=abfd@entry=0x7482f0, g=0x74a730, natptr=natptr@entry=0x748658) at aoutx.h:1971 #1 0x000000000048980f in aout_32_squirt_out_relocs (abfd=abfd@entry=0x7482f0, section=<optimized out>) at aoutx.h:2444 #2 0x00000000004840a1 in i386linux_write_object_contents (abfd=0x7482f0) at i386linux.c:77 #3 0x000000000043066a in bfd_close (abfd=0x7482f0) at opncls.c:731 #4 0x000000000040bd36 in copy_file ( input_filename=input_filename@entry=0x7fffffffe284 "./crashes/id:000024,sig:11,src:002665,op:flip1,pos:52", output_filename=output_filename@entry=0x7fffffffe2ba "a.elf", input_target=input_target@entry=0x0, output_target=<optimized out>, output_target@entry=0x0, input_arch=input_arch@entry=0x0) at objcopy.c:3530 #5 0x0000000000404924 in copy_main (argv=<optimized out>, argc=<optimized out>) at objcopy.c:5478 #6 main (argc=3, argv=0x7fffffffdef8) at objcopy.c:5582 So the crash happens in aoutx.h, a header file in Binary File Descriptor library.
Yes, I see a segfault with 2.30, but don't with 2.31. I don't believe we should be spending time fixing bugs that are only tickled by fuzzed objects, on anything but master binutils. *** This bug has been marked as a duplicate of bug 22887 ***
(In reply to Alan Modra from comment #3) > Yes, I see a segfault with 2.30, but don't with 2.31. I don't believe we > should be spending time fixing bugs that are only tickled by fuzzed objects, > on anything but master binutils. > > *** This bug has been marked as a duplicate of bug 22887 *** Hi, Alan. I checked out Binutils official download website http://ftp.gnu.org/gnu/binutils/. 2.31 was uploaded in 2018-7-14. But I submitted bug 23405 in 2018-7-12. And I was told my bug is fixed in 2.31. And I just wanna know, is there any other websites where Binutils 2.31 can be downloaded before I submitted bug 23405? I just cannot understand this logic.
(In reply to zhanggen12 from comment #4) > (In reply to Alan Modra from comment #3) > > Yes, I see a segfault with 2.30, but don't with 2.31. I don't believe we > > should be spending time fixing bugs that are only tickled by fuzzed objects, > > on anything but master binutils. > > > > *** This bug has been marked as a duplicate of bug 22887 *** > > Hi, Alan. I checked out Binutils official download website > http://ftp.gnu.org/gnu/binutils/. 2.31 was uploaded in 2018-7-14. But I > submitted bug 23405 in 2018-7-12. And I was told my bug is fixed in 2.31. > And I just wanna know, is there any other websites where Binutils 2.31 can > be downloaded before I submitted bug 23405? I just cannot understand this > logic. You should also test the latest release branch, binutils-2_31-branch, which was created on June 24, 2018.