Bug 30828 - notes obstack memory corruption
Summary: notes obstack memory corruption
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: gas (show other bugs)
Version: 2.42
: P2 normal
Target Milestone: ---
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-06 20:02 UTC by Paul Iannetta
Modified: 2023-09-06 23:28 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2023-09-06 00:00:00
Project(s) to access:
ssh public key:

Attachments
Test case (545 bytes, text/plain)
2023-09-06 20:02 UTC, Paul Iannetta 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Iannetta 2023-09-06 20:02:16 UTC 
Created attachment 15101 [details]
Test case

Steps to reproduce:
git checkout master
mkdir build && cd build
../binutils/configure --target=i386-linux-gnu --disable-gdb
gas/as-new debug.s

Note: I have been able to reproduce it with other targets as well.

Behavior:
../../binutils/gas/symbols.c:2497:17: runtime error: member access within null pointer of type 'struct asymbol'
ASAN:DEADLYSIGNAL
=================================================================
==6413==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x55e7d860278d bp 0x7fff6320f610 sp 0x7fff6320f5f0 T0)
==6413==The signal is caused by a READ memory access.
==6413==Hint: address points to the zero page.
    #0 0x55e7d860278c in S_GET_SEGMENT ../../binutils/gas/symbols.c:2497
    #1 0x55e7d85fba97 in resolve_symbol_value ../../binutils/gas/symbols.c:1333
    #2 0x55e7d860e5d9 in adjust_reloc_syms ../../binutils/gas/write.c:807
    #3 0x55e7d86d9d50 in bfd_map_over_sections ../../binutils/bfd/section.c:1384
    #4 0x55e7d861a92d in write_object_file ../../binutils/gas/write.c:2339
    #5 0x55e7d85682a8 in main ../../binutils/gas/as.c:1453
    #6 0x7f14c7ce6c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #7 0x55e7d855d7f9 in _start (/upstream/build-binutils/gas/as-new+0x7c57f9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../../binutils/gas/symbols.c:2497 in S_GET_SEGMENT
==6413==ABORTING

The offending commit is likely: df345f6011f (2023-08-31) -- gas init_stab_section and get_stab_string_offset

The assembly file comes from compiling "gcc/gcc/testsuite/g++.dg/debug/debug4.C" (from the gcc tree) with "-gstabs+1"
Comment 1 Sourceware Commits 2023-09-06 23:26:48 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9e99d10c9a7fc20adb0009d3761fe3cdfdbe0a8c

commit 9e99d10c9a7fc20adb0009d3761fe3cdfdbe0a8c
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Sep 7 08:43:53 2023 +0930

    PR30828, notes obstack memory corruption
    
    Commit 3bab069c29b3 carelessly allowed "string" to be released from
    the notes obstack twice, with the second call to obstack_free
    releasing memory for a fixup that just happened to be the same size as
    the original string.  The fixup then of course was overwritten.
    This patch fixes that problem, and another that could occur on an
    error path.
    
            PR 30828
            * stabs.c (s_stab_generic): Don't free string twice.  Don't
            blow away entire notes obstack on a missing string.
Comment 2 Alan Modra 2023-09-06 23:28:43 UTC 
Fixed.