The attached object file crashes ld, both 2.17 and HEAD: $ ld broken.o Segmentation fault
Created attachment 1586 [details] Test case
This on amd64. Sorry for forgetting to mention, I don't mean to cause extra work. :) I broke the .o, it wasn't generated by anything.
Created attachment 1593 [details] Another test case The patch fixes it for this object file, but I have another that crashes (attached). It's not really a problem to me, I just tried to break things on purpose. I'm sorry if you don't want me to do that, I reported this and a ld bug like this after reading from the ld documentation something like "a reliable linker doesn't crash on any input, so if ld does, it's a bug". :) So if you don't feel this is a problem, just ignore me. (Although both test cases in this bug applied to ld too.) $ gdb --args ~/rec/binutils/binutils/nm-new nm-broken.o GNU gdb 6.6-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". (gdb) r Starting program: /home/sliedes/rec/binutils/binutils/nm-new nm-broken.o BFD: nm-broken.o: no group info for section .text._ZN5Stack3popEv BFD: nm-broken.o: no group info for section .text._ZN5Stack4pushEP4Atom BFD: nm-broken.o: no group info for section .text._ZN5Queue3popEv BFD: nm-broken.o: no group info for section .rodata._ZTV7Smodels BFD: nm-broken.o: no group info for section .rodata._ZTS7Smodels BFD: nm-broken.o: no group info for section .rodata._ZTI7Smodels Program received signal SIGSEGV, Segmentation fault. 0x000000000042f918 in _bfd_elf_setup_sections (abfd=0x5dd090) at elf.c:721 721 if ((++idx)->shdr->bfd_section) (gdb) print *idx $1 = {shdr = 0xe, flags = 14} (gdb) bt #0 0x000000000042f918 in _bfd_elf_setup_sections (abfd=0x5dd090) at elf.c:721 #1 0x000000000042bfb3 in bfd_elf64_object_p (abfd=0x5dd090) at elfcode.h:816 #2 0x000000000041160f in bfd_check_format_matches (abfd=0x5dd090, format=bfd_object, matching=0x7fffafbc2d08) at format.c:240 #3 0x0000000000403f8a in display_file (filename=0x7fffafbc3555 "nm-broken.o") at nm.c:1179 #4 0x0000000000404bb6 in main (argc=2, argv=0x7fffafbc2e48) at nm.c:1622
Sorry, that was meant for #4110...
Created attachment 1639 [details] Add some checks for corrupt symbol table entries
Hi Sami, The attached patch stops the linker from seg-faulting with the test case you provided. It should now return an error code and these messages: ld: warning: cannot find entry symbol _start; defaulting to 00000000004000f0 ld: error: broken.o contains a reloc (0x0000006a00000002) for section .text that references a non-existent global symbol ld: final link failed: Bad value I suspect however that if try you can find other ways for corrupt symbol table entries to break the linker code... Please let me know if the patch works for you. Cheers Nick
Fixing this for all targets will require patching a depressingly large number of places, or another pass through the relocs in generic ELF code. It hardly seems worth fixing, given the crash will only occur if someone binary edits an ELF file and changes a symbol from global to local.
...