[hjl@gnu-skx-1 gcc]$ eu-strip -g -o foo cc1 [hjl@gnu-skx-1 gcc]$ /export/build/gnu/tools-build/binutils/build-x86_64-linux/binutils/objcopy -S --keep-symbols=/tmp/tmp.yLgUcMHDhK foo /tmp/tmp.zjDexOItuy /export/build/gnu/tools-build/binutils/build-x86_64-linux/binutils/objcopy: warning: foo: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010000 /export/build/gnu/tools-build/binutils/build-x86_64-linux/binutils/objcopy: warning: foo: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001 Segmentation fault [hjl@gnu-skx-1 gcc]$
It is caused by 3391569f218cd5d05e96769f47559d5828be3acd is the first bad commit commit 3391569f218cd5d05e96769f47559d5828be3acd Author: Nick Clifton <nickc@redhat.com> Date: Fri Jul 20 15:05:34 2018 +0100 Close memory and resource leaks detected by coverity in the binutils directory. * objcopy.c (add_specific_symbols): Free buffer on exit. (add_redefine_syms_file): Close file handle on exit. (copy_object): Close file handle on early exit. Free buffer on early exit. Free gaps buffers once they are no longer needed. * dwarf.c (display_debug_frames): Free allocated memory on exit. (load_separate_debug_info): Free allocate memory on early exit. I am working on a small testcase.
Created attachment 11235 [details] A testcase [hjl@gnu-cfl-1 pr23633]$ cat x.c int main () { return 0; } [hjl@gnu-cfl-1 pr23633]$ make gcc -g x.c -o x strip -g -o x.g x ./objcopy -S --keep-symbols=x.list x.g x1 make: *** [Makefile:13: x1] Segmentation fault make: *** Deleting file 'x1' [hjl@gnu-cfl-1 pr23633]$
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=508d0c9b5945d30bcf163b9b88213d277949e9a8 commit 508d0c9b5945d30bcf163b9b88213d277949e9a8 Author: Nick Clifton <nickc@redhat.com> Date: Thu Sep 13 16:14:36 2018 +0100 Fix a use-after-freed error introduced by previous attempt to fix a Coverity scan result. PR 23633 * objcopy.c (add_specific_symbols): Do not free the buffer at the end of the function.
Hi H.J. Thanks for reporting this bug. The problem was the new call to free() at the end of add_specific_symbols(). I had reviewed the code, and looked at the call to add_specific_symbol, and thought that the buffer would not be used after the function finished. What I failed to notice was that although add_specific_symbol calls htab_find_slot with the INSERT parameter, it also records the name string as a value in the hash table. So I have removed the free() and now everything is working again. Cheers Nick
The master branch has been updated by H.J. Lu <hjl@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=319dbdfbb78d82470498704bca21729e057464f2 commit 319dbdfbb78d82470498704bca21729e057464f2 Author: H.J. Lu <hjl.tools@gmail.com> Date: Thu Sep 13 09:09:00 2018 -0700 Add a testcase for PR binutils/23633 PR binutils/23633 * testsuite/binutils-all/objcopy.exp: Run pr23633. * testsuite/binutils-all/pr23633.d: New file. * testsuite/binutils-all/pr23633.list: Likewise. * testsuite/binutils-all/pr23633.s: Likewise.
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1fcd7e871c38ac1049dd5d5509ea1f11a456bf16 commit 1fcd7e871c38ac1049dd5d5509ea1f11a456bf16 Author: Alan Modra <amodra@gmail.com> Date: Fri Sep 14 19:20:06 2018 +0930 PR23633 testcase fix PR binutils/23633 * testsuite/binutils-all/pr23633.d: Don't fail when assembler generates sections other than .text.
The master branch has been updated by H.J. Lu <hjl@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d839b9149957d9a8842c368caf97ef378d8c97af commit d839b9149957d9a8842c368caf97ef378d8c97af Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Sep 17 08:50:42 2018 -0700 Free symbol buffers if they are no longer in use add_specific_symbols allocates a buffer to hold symbols. It should be freed only if it is no longer in use. PR binutils/23633 * objcopy.c (strip_specific_buffer): New. (strip_unneeded_buffer): Likewise. (keep_specific_buffer): Likewise. (localize_specific_buffer): Likewise. (globalize_specific_buffer): Likewise. (keepglobal_specific_buffer): Likewise. (weaken_specific_buffer): Likewise. (add_specific_symbols): Add an argument to return pointer to allocated buffer. (copy_main): Update add_specific_symbols to update pointers to allocated buffer. Free pointers to allocated buffer before return.