Created attachment 14135 [details] poc On the given poc file, `nm-new -l` crashes. AddressSanitizer report: AddressSanitizer:DEADLYSIGNAL ================================================================= ==3976414==ERROR: AddressSanitizer: SEGV on unknown address 0x00001601006a (pc 0x000000430fc5 bp 0x7ffd20f95920 sp 0x7ffd20f950c0 T0) ==3976414==The signal is caused by a READ memory access. #0 0x430fc5 in strcmp (/objdump/repo/binutils-asan/binutils/nm-new+0x430fc5) #1 0x9e854e in lookup_symbol_in_variable_table //objdump/repo/binutils-asan/bfd/./dwarf2.c:3303:5 #2 0x9aeee6 in comp_unit_find_line //objdump/repo/binutils-asan/bfd/./dwarf2.c:4636:10 #3 0x9aa86b in _bfd_dwarf2_find_nearest_line //objdump/repo/binutils-asan/bfd/./dwarf2.c:5729:11 #4 0x77d87f in _bfd_elf_find_line //objdump/repo/binutils-asan/bfd/elf.c:9349:10 #5 0x4e2723 in print_symbol //objdump/repo/binutils-asan/binutils/nm.c:1322:9 #6 0x4db407 in print_symbols //objdump/repo/binutils-asan/binutils/nm.c:1403:7 #7 0x4d7434 in display_rel_file //objdump/repo/binutils-asan/binutils/nm.c:1530:5 #8 0x4cd20d in display_file //objdump/repo/binutils-asan/binutils/nm.c:1683:7 #9 0x4cc1f0 in main //objdump/repo/binutils-asan/binutils/nm.c:2203:12 #10 0x7f6de33cb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #11 0x41c52d in _start (/objdump/repo/binutils-asan/binutils/nm-new+0x41c52d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/objdump/repo/binutils-asan/binutils/nm-new+0x430fc5) in strcmp ==3976414==ABORTING
*** Bug 29231 has been marked as a duplicate of this bug. ***
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=31d6c13defeba7716ebc9d5c8f81f2f35fe39980 commit 31d6c13defeba7716ebc9d5c8f81f2f35fe39980 Author: Alan Modra <amodra@gmail.com> Date: Tue Jun 14 12:46:42 2022 +0930 PR29230, segv in lookup_symbol_in_variable_table The PR23230 testcase uses indexed strings without specifying SW_AT_str_offsets_base. In this case we left u.str with garbage (from u.val) which then led to a segfault when attempting to access the string. Fix that by clearing u.str. The patch also adds missing sanity checks in the recently committed read_indexed_address and read_indexed_string functions. PR 29230 * dwarf2.c (read_indexed_address): Return uint64_t. Sanity check idx. (read_indexed_string): Use uint64_t for str_offset. Sanity check idx. (read_attribute_value): Clear u.str for indexed string forms when DW_AT_str_offsets_base is not yet read or missing.
Fixed.