Created attachment 14396 [details] bug analysis and poc # Reproduce cd binutils-gdb git reset --hard 1d4e62f498b1340569fd58c401f98c287cb5d071 mkdir build ../configure --disable-gdb --disable-gdbserver --disable-gdbsupport --disable-libdecnumber --disable-readline --disable-sim --disable-libbacktrace --disable-gas --disable-ld --disable-werror --enable-targets=all CPPFLAGS=-DDEBUG CFLAGS="-g -O0 -fsanitize=address" make all-binutils MAKEINFO=true && true binutils/objdump -d the_bfd_uninit.bin # Output ../../fuzz/poc/the_bfd_uninit.bin: file format mach-o-x86-64 ./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type field 0x6: setting to undefined ./objdump: bfd_mach_o_read_symtab_symbol: symbol "" specified invalid type field 0x4: setting to undefined AddressSanitizer:DEADLYSIGNAL ================================================================= ==474946==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x55795709e9ec bp 0x7ffd19b7eaf0 sp 0x7ffd19b7eae0 T0) ==474946==The signal is caused by a READ memory access. ==474946==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used. #0 0x55795709e9ec in bfd_get_flavour ../bfd/bfd.h:7803 #1 0x5579570a2b2b in compare_symbols ../../binutils/objdump.c:1204 #2 0x7f3971b6940e in msort_with_tmp stdlib/msort.c:82 #3 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44 #4 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53 #5 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44 #6 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52 #7 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:44 #8 0x7f3971b693a4 in msort_with_tmp stdlib/msort.c:52 #9 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:44 #10 0x7f3971b693c1 in msort_with_tmp stdlib/msort.c:53 #11 0x7f3971b69a55 in msort_with_tmp stdlib/msort.c:44 #12 0x7f3971b69a55 in __GI___qsort_r stdlib/msort.c:296 #13 0x7f3971da0934 in __interceptor_qsort ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:9917 #14 0x5579570ae4fb in disassemble_section ../../binutils/objdump.c:3780 #15 0x5579575a429f in bfd_map_over_sections ../../bfd/section.c:1373 #16 0x5579570b0855 in disassemble_data ../../binutils/objdump.c:4152 #17 0x5579570b80a3 in dump_bfd ../../binutils/objdump.c:5564 #18 0x5579570b837d in display_object_bfd ../../binutils/objdump.c:5627 #19 0x5579570b86b7 in display_any_bfd ../../binutils/objdump.c:5713 #20 0x5579570b8730 in display_file ../../binutils/objdump.c:5734 #21 0x5579570b9fd1 in main ../../binutils/objdump.c:6130 #22 0x7f3971b4ed8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #23 0x7f3971b4ee3f in __libc_start_main_impl ../csu/libc-start.c:392 #24 0x55795709e584 in _start (/home/holing/pro/github/binutils-gdb/build/binutils/objdump+0xdf0584) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ../bfd/bfd.h:7803 in bfd_get_flavour ==474946==ABORTING Aborted
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 commit d12f8998d2d086f0a6606589e5aedb7147e6f2f1 Author: Alan Modra <amodra@gmail.com> Date: Fri Oct 14 10:30:21 2022 +1030 PR29677, Field `the_bfd` of `asymbol` is uninitialised Besides not initialising the_bfd of synthetic symbols, counting symbols when sizing didn't match symbols created if there were any dynsyms named "". We don't want synthetic symbols without names anyway, so get rid of them. Also, simplify and correct sanity checks. PR 29677 * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
fixed