Bug 25675 - objcopy : SIGSEGV in bfd_octets_per_byte ( archures.c:1405 )
Summary: objcopy : SIGSEGV in bfd_octets_per_byte ( archures.c:1405 )
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.35
: P2 normal
Target Milestone: 2.35
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-14 13:31 UTC by chien_hsiang
Modified: 2020-03-16 09:15 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2020-03-16 00:00:00

Attachments
file that reproduces this problem (2.99 KB, application/x-sharedlib)
2020-03-14 13:31 UTC, chien_hsiang 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chien_hsiang 2020-03-14 13:31:15 UTC 
Created attachment 12377 [details]
file that reproduces this problem

OS : ubuntu 18.04.3
kernel : gnu/linux 5.0.0-32-generic
processor : Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
compiler : gcc 7.4.0


Steps to Reproduce :
download the sample from attachment

objcopy   ./sample

gdb backtrace :

#0  bfd_octets_per_byte (abfd=0x5555558c9190, sec=0x5555558c9048)
    at ./archures.c:1405
#1  0x00005555555c32dd in elf_sort_segments (arg1=arg1@entry=0x5555558c2780, 
    arg2=arg2@entry=0x5555558c2788) at elf.c:5315
#2  0x00007ffff78221f2 in msort_with_tmp (p=p@entry=0x7fffffff1c40, 
    b=b@entry=0x5555558c2780, n=n@entry=0x3) at msort.c:83
#3  0x00007ffff782215e in msort_with_tmp (n=0x3, b=0x5555558c2780, 
    p=0x7fffffff1c40) at msort.c:117
#4  msort_with_tmp (p=0x7fffffff1c40, b=0x5555558c2770, n=n@entry=0x5)
    at msort.c:54
#5  0x00007ffff7822170 in msort_with_tmp (n=0x5, b=0x5555558c2770, 
    p=0x7fffffff1c40) at msort.c:117
#6  msort_with_tmp (p=p@entry=0x7fffffff1c40, b=b@entry=0x5555558c2770, 
    n=n@entry=0xa) at msort.c:53
#7  0x00007ffff7822596 in msort_with_tmp (n=0xa, b=0x5555558c2770, 
    p=0x7fffffff1c40) at msort.c:45
#8  __GI___qsort_r (b=b@entry=0x5555558c2770, n=n@entry=0xa, s=s@entry=0x8, 
    cmp=cmp@entry=0x5555555c3240 <elf_sort_segments>, arg=arg@entry=0x0)
    at msort.c:297
#9  0x00007ffff78226d8 in __GI_qsort (b=b@entry=0x5555558c2770, n=n@entry=0xa, 
    s=s@entry=0x8, cmp=cmp@entry=0x5555555c3240 <elf_sort_segments>)
    at msort.c:308
#10 0x00005555555cb599 in assign_file_positions_for_load_sections (link_info=0x0, 
    abfd=0x5555558b94d0) at elf.c:5508
#11 assign_file_positions_except_relocs (link_info=0x0, abfd=0x5555558b94d0)
    at elf.c:6370
#12 _bfd_elf_compute_section_file_positions (abfd=<optimized out>, 
    link_info=link_info@entry=0x0) at elf.c:4342
#13 0x00005555555d1daf in _bfd_elf_set_section_contents (abfd=0x5555558b94d0, 
    section=0x5555558b7610, location=0x5555558b8a20, offset=0x0, count=0x13)
    at elf.c:9193
#14 0x00005555555acfa4 in bfd_set_section_contents (abfd=0x5555558b94d0, 
    section=0x5555558b7610, location=0x5555558b8a20, offset=<optimized out>, 
    count=<optimized out>) at section.c:1518
#15 0x000055555558af97 in copy_section (ibfd=<optimized out>, 
    isection=<optimized out>, obfdarg=0x5555558b94d0) at objcopy.c:4427
#16 0x00005555555ace3c in bfd_map_over_sections (abfd=0x5555558ae3c0, 
    operation=0x55555558aca0 <copy_section>, user_storage=0x5555558b94d0)
    at section.c:1377
#17 0x000055555558c7a8 in copy_object (ibfd=<optimized out>, 
    obfd=<optimized out>, input_arch=<optimized out>) at objcopy.c:3265
#18 0x000055555558e929 in copy_file (input_filename=0x7fffffff26cb "./sample", 
    output_filename=0x7fffffff26d4 "./oo", input_target=<optimized out>, 
    output_target=<optimized out>, input_arch=0x0) at objcopy.c:3830
#19 0x0000555555588900 in copy_main (argv=<optimized out>, argc=<optimized out>)
    at objcopy.c:5889
#20 main (argc=<optimized out>, argc@entry=0x3, argv=<optimized out>, 
    argv@entry=0x7fffffff22e8) at objcopy.c:6015
#21 0x00007ffff7801b97 in __libc_start_main (main=0x555555586cb0 <main>, 
    argc=0x3, argv=0x7fffffff22e8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffff22d8)
    at ../csu/libc-start.c:310
#22 0x00005555555897aa in _start ()

-------


gdb report :


[----------------------------------registers-----------------------------------]
RAX: 0x6474e551 
RBX: 0x5555558c8f78 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 --> 0x5555558c9140 (--> ...)
RCX: 0x0 
RDX: 0x0 
RSI: 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 --> 0x5555558c9140 --> 0x5555558c9190 --> 0x5555558c91d8 (--> ...)
RDI: 0x5555558c9190 --> 0x5555558c91d8 --> 0x0 
RBP: 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 --> 0x5555558c9140 --> 0x5555558c9190 (--> ...)
RSP: 0x7fffffff1a08 --> 0x5555555c32dd (<elf_sort_segments+157>:	test   BYTE PTR [rbx+0x38],0x2)
RIP: 0x5555555a4114 (<bfd_octets_per_byte+4>:	cmp    DWORD PTR [rax+0x8],0x5)
R8 : 0x0 
R9 : 0x0 
R10: 0x5555558ac010 --> 0x100 
R11: 0x1 
R12: 0x1 
R13: 0x5555558c2780 --> 0x5555558c8f78 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 (--> ...)
R14: 0x7fffffff1c40 --> 0x8 
R15: 0x5555558c2788 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 --> 0x5555558c9140 (--> ...)
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x5555555a4102:	nop    DWORD PTR [rax+0x0]
   0x5555555a4106:	nop    WORD PTR cs:[rax+rax*1+0x0]
   0x5555555a4110 <bfd_octets_per_byte>:	mov    rax,QWORD PTR [rdi+0x8]
=> 0x5555555a4114 <bfd_octets_per_byte+4>:	cmp    DWORD PTR [rax+0x8],0x5
   0x5555555a4118 <bfd_octets_per_byte+8>:	
    jne    0x5555555a4125 <bfd_octets_per_byte+21>
   0x5555555a411a <bfd_octets_per_byte+10>:	test   rsi,rsi
   0x5555555a411d <bfd_octets_per_byte+13>:	
    je     0x5555555a4125 <bfd_octets_per_byte+21>
   0x5555555a411f <bfd_octets_per_byte+15>:	test   BYTE PTR [rsi+0x2b],0x40
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff1a08 --> 0x5555555c32dd (<elf_sort_segments+157>:	test   BYTE PTR [rbx+0x38],0x2)
0008| 0x7fffffff1a10 --> 0x0 
0016| 0x7fffffff1a18 --> 0x7fffffff1bb0 --> 0x5555558c8fc0 --> 0x5555558c9048 --> 0x5555558c9098 --> 0x5555558c90f0 (--> ...)
0024| 0x7fffffff1a20 --> 0x2 
0032| 0x7fffffff1a28 --> 0x7ffff78221f2 (<msort_with_tmp+1010>:	test   eax,eax)
0040| 0x7fffffff1a30 --> 0x8 
0048| 0x7fffffff1a38 --> 0x5555555c3240 (<elf_sort_segments>:	push   rbp)
0056| 0x7fffffff1a40 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
bfd_octets_per_byte (abfd=0x5555558c9190, sec=0x5555558c9048) at ./archures.c:1405
1405	      && sec != NULL
Comment 1 Sourceware Commits 2020-03-16 09:10:02 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4b3ecb3b91b1b6154a6444efdcbadb90854a6654

commit 4b3ecb3b91b1b6154a6444efdcbadb90854a6654
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Mar 16 19:34:00 2020 +1030

    PR25675: SIGSEGV in bfd_octets_per_byte
    
            PR 25675
            * elf.c (elf_sort_segments): Don't call bfd_octets_per_byte unless
            we have a non-zero section count.  Do lma comparison in octets.
Comment 2 Alan Modra 2020-03-16 09:15:53 UTC 
Patch applied.