25629 – objcopy : SIGSEGV in filter_symbols ( objcopy.c:1584 )

Bug 25629 - objcopy : SIGSEGV in filter_symbols ( objcopy.c:1584 )

Summary: objcopy : SIGSEGV in filter_symbols ( objcopy.c:1584 )

Status:	RESOLVED FIXED

Alias:	None

Product:	binutils
Classification:	Unclassified
Component:	binutils (show other bugs)
Version:	2.35

Importance:	P2 normal
Target Milestone:	---
Assignee:	Alan Modra

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-03-04 14:11 UTC by chien_hsiang
Modified:	2020-03-05 04:55 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:	2020-03-05 00:00:00

Attachments
file that reproduces this problem (152 bytes, application/x-executable) 2020-03-04 14:11 UTC, chien_hsiang	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description chien_hsiang 2020-03-04 14:11:13 UTC

Created attachment 12345 [details]
file that reproduces this problem

binutils Version : HEAD
git clone git://sourceware.org/git/binutils-gdb.git

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy  -I  binary  -O  pei-i386  --change-leading-char ./sample


gdb backtrace :

#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1  0x000055555558bd2d in filter_symbols (symcount=<optimized out>, isyms=<optimized out>, osyms=0x5555558ad910, obfd=0x5555558ad520, abfd=0x5555558ac3c0)
    at objcopy.c:1584
#2  copy_object (ibfd=0x5555558ac3c0, obfd=<optimized out>, input_arch=<optimized out>) at objcopy.c:3214
#3  0x000055555558e129 in copy_file (input_filename=0x7fffffff26c9 "./sample", output_filename=0x7fffffff26d2 "./oo", input_target=<optimized out>, 
    output_target=<optimized out>, input_arch=0x0) at objcopy.c:3805
#4  0x0000555555588210 in copy_main (argv=<optimized out>, argc=<optimized out>) at objcopy.c:5855
#5  main (argc=<optimized out>, argc@entry=0x8, argv=<optimized out>, argv@entry=0x7fffffff2288) at objcopy.c:5981
#6  0x00007ffff7801b97 in __libc_start_main (main=0x5555555865c0 <main>, argc=0x8, argv=0x7fffffff2288, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffff2278) at ../csu/libc-start.c:310
#7  0x00005555555890ba in _start ()


-----------------

Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x5555558ac558 --> 0x5555558ac3c0 --> 0x5555558ae740 ("./sample")
RCX: 0x0 
RDX: 0x0 
RSI: 0xbd0 
RDI: 0x0 
RBP: 0x5555558ac5e8 ("_binary___sample_start")
RSP: 0x7fffffff1ea8 --> 0x55555558bd2d (<copy_object+4093>:	mov    rdi,r12)
RIP: 0x7ffff796e5a1 (<__strlen_avx2+17>:	vpcmpeqb ymm1,ymm0,YMMWORD PTR [rdi])
R8 : 0x0 
R9 : 0x0 
R10: 0x5555558aa010 --> 0x1 
R11: 0x0 
R12: 0x5555558ac5e8 ("_binary___sample_start")
R13: 0x7fffffff26d2 --> 0x554c43006f6f2f2e ('./oo')
R14: 0x0 
R15: 0x5555558ad520 --> 0x5555558ad670 --> 0x7f006f6f2f2e
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff796e599 <__strlen_avx2+9>:	and    ecx,0x3f
   0x7ffff796e59c <__strlen_avx2+12>:	cmp    ecx,0x20
   0x7ffff796e59f <__strlen_avx2+15>:	ja     0x7ffff796e5c0 <__strlen_avx2+48>
=> 0x7ffff796e5a1 <__strlen_avx2+17>:	vpcmpeqb ymm1,ymm0,YMMWORD PTR [rdi]
   0x7ffff796e5a5 <__strlen_avx2+21>:	vpmovmskb eax,ymm1
   0x7ffff796e5a9 <__strlen_avx2+25>:	test   eax,eax
   0x7ffff796e5ab <__strlen_avx2+27>:	jne    0x7ffff796e690 <__strlen_avx2+256>
   0x7ffff796e5b1 <__strlen_avx2+33>:	add    rdi,0x20
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff1ea8 --> 0x55555558bd2d (<copy_object+4093>:	mov    rdi,r12)
0008| 0x7fffffff1eb0 --> 0x5555558ad8c0 --> 0x5555558ac558 --> 0x5555558ac3c0 --> 0x5555558ae740 ("./sample")
0016| 0x7fffffff1eb8 --> 0x20582eae00000002 
0024| 0x7fffffff1ec0 --> 0x0 
0032| 0x7fffffff1ec8 --> 0x5555558ae8f8 --> 0x55555565552e --> 0x617461642e ('.data')
0040| 0x7fffffff1ed0 --> 0x5555558ac3c0 --> 0x5555558ae740 ("./sample")
0048| 0x7fffffff1ed8 --> 0x5555558ad520 --> 0x5555558ad670 --> 0x7f006f6f2f2e 
0056| 0x7fffffff1ee0 --> 0x5555558ad8d8 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62

Comment 1 Sourceware Commits 2020-03-05 04:54:26 UTC

The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1faf7ca0a9ecbc7f89998638e5cf08d3dca6e84

commit d1faf7ca0a9ecbc7f89998638e5cf08d3dca6e84
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Mar 5 14:57:47 2020 +1030

    PR25629, objcopy : SIGSEGV in filter_symbols
    
    	PR 25629
    	* objcopy.c (filter_symbols): Don't segfault on NULL
    	prefix_symbols_string.

Comment 2 Alan Modra 2020-03-05 04:55:14 UTC

Fixed.