Created attachment 16346 [details] POC ## Description - Version: Binutils 2.45 - Environment: Ubuntu 20.04.6 LTS, Clang 12.0.0 ## Steps to reproduce export CC="clang" export CFLAGS="-g -fsanitize=address" ./configure make -j ./ld/ld-new --gc-sections --no-print-gc-sections -w $POC ## Sanitizer output ==139056==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000071b336 bp 0x7ffc2ffb4a20 sp 0x7ffc2ffb49c0 T0) ==139056==The signal is caused by a READ memory access. ==139056==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x71b336 in get_link_hash_entry /benchmark/bin/binutils-2.45/bfd/elflink.c:115:18 #1 0x79fef6 in set_symbol_value /benchmark/bin/binutils-2.45/bfd/elflink.c:9159:7 #2 0x769253 in elf_link_input_bfd /benchmark/bin/binutils-2.45/bfd/elflink.c:11865:5 #3 0x75b599 in bfd_elf_final_link /benchmark/bin/binutils-2.45/bfd/elflink.c:13185:11 #4 0x545133 in ldwrite /benchmark/bin/binutils-2.45/ld/ldwrite.c:548:8 #5 0x53cc51 in main /benchmark/bin/binutils-2.45/ld/./ldmain.c:912:3 #6 0x7f59a62b9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #7 0x41d6ad in _start (/benchmark/bin/binutils-2.45/ld/ld-new+0x41d6ad) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /benchmark/bin/binutils-2.45/bfd/elflink.c:115:18 in get_link_hash_entry ==139056==ABORTING ## Credit Reported by Yifan Zhang, [PLL](https://pl.cs.pku.edu.cn/en/)
Dup. *** This bug has been marked as a duplicate of bug 33457 ***
After applying the patch for Bug 33457, the bug can still be triggered using a new POC, which I have uploaded.
Created attachment 16361 [details] POC_patch_33457
.
The master branch has been updated by H.J. Lu <hjl@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 commit aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Sep 23 08:52:26 2025 +0800 elf: Return error on unsorted symbol table if not allowed Normally ELF symbol table should be sorted, i.e., local symbols precede global symbols. Irix 6 is an exception and its elf_bad_symtab is set to true. Issue an error if elf_bad_symtab is false and symbol table is unsorted. PR ld/33450 * elflink.c (set_symbol_value): Change return type to bool and return false on error. Issue an error on unsorted symbol table if not allowed. (elf_link_input_bfd): Return false if set_symbol_value reurns false. Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Fixed for 2.46.
The master branch has been updated by H.J. Lu <hjl@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4b0d1b38bf8b4d3e4ce6bd990c46f574ae316ca8 commit 4b0d1b38bf8b4d3e4ce6bd990c46f574ae316ca8 Author: H.J. Lu <hjl.tools@gmail.com> Date: Sat Oct 25 05:10:49 2025 +0800 elf: Drop the FIXME comment in set_symbol_value Since commit aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Sep 23 08:52:26 2025 +0800 elf: Return error on unsorted symbol table if not allowed returns false when get_link_hash_entry returns NULL, we can drop the FIXME comment now. PR ld/33450 * elflink.c (set_symbol_value): Drop the FIXME comment. Signed-off-by: H.J. Lu <hjl.tools@gmail.com>