Bug 25196 - binutils/strip-new: BFD (GNU Binutils) 2.33 internal error, aborting at elf.c:7256 in rewrite_elf_program_header
Summary: binutils/strip-new: BFD (GNU Binutils) 2.33 internal error, aborting at elf.c...
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.33
: P3 normal
Target Milestone: 2.34
Assignee: Alan Modra
Depends on:
Reported: 2019-11-16 02:25 UTC by chien_hsiang
Modified: 2019-11-18 12:18 UTC (History)
0 users

See Also:
Last reconfirmed: 2019-11-18 00:00:00

file that reproduces this problem (93.72 KB, application/x-core)
2019-11-16 02:25 UTC, chien_hsiang

Note You need to log in before you can comment on or make changes to this bug.
Description chien_hsiang 2019-11-16 02:25:53 UTC
Created attachment 12077 [details]
file that reproduces this problem

Sorry about that I'm not familiar with this project, so don't know the abort or assertion I hit is apart of application feature or actually a bug. And, the input I used is so corrupted that normal users are almost impossible to use.

I write some fuzzing strategy for fun, and report all the stuff I found.

binutils Version : 2.33.1 (https://ftp.yzu.edu.tw/pub/gnu/binutils/binutils-2.33.1.tar.xz)

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0

Steps to Reproduce :
download the sample from attachment

strip-new -F elf32-i386 -U ./abort_sample_2
Comment 1 Alan Modra 2019-11-18 01:54:58 UTC
The abort was added way back in 1998-07-02, git commit 9e7e5d5e5b0.
Comment 2 chien_hsiang 2019-11-18 03:02:44 UTC
(In reply to Alan Modra from comment #1)
> The abort was added way back in 1998-07-02, git commit 9e7e5d5e5b0.

Wow, thanks for your reply, and your contribution on this bug.
Comment 3 cvs-commit@gcc.gnu.org 2019-11-18 11:54:01 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:


commit 9aea1e31371a883452e80bd96e8818289c3e6b6e
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Nov 18 12:31:55 2019 +1030

    PR25196, abort in rewrite_elf_program_header
    This patch introduces a new "sorry, cannot handle this file" bfd error
    status.  The idea is to use this error in cases where bfd hasn't found
    a bfd_bad_value error, ie. an input file or set of options that are
    invalid, but rather an input file that is simply too difficult to
    process.  Typically this might happen with fuzzed object files such as
    the one in the PR, a wildly improbable core file.  Some things are
    just not worth wasting time over to fix "properly".
    	PR 25196
    	* bfd.c (bfd_error_type): Add bfd_error_sorry.
    	(bfd_errmsgs): Likewise.
    	* elf.c (rewrite_elf_program_header): Don't abort on confused
    	lma/alignment.  Replace bfd_error_bad_value with bfd_error_sorry.
    	(_bfd_elf_validate_reloc): Use bfd_error_sorry.
    	(_bfd_elf_final_write_processing): Likewise.
    	* bfd-in2.h: Regenerate.
Comment 4 Alan Modra 2019-11-18 12:18:40 UTC