This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [ARM] Avoid dereferencing null pointers

From: Christophe Lyon <christophe dot lyon at linaro dot org>
To: Alan Modra <amodra at gmail dot com>, binutils <binutils at sourceware dot org>
Date: Wed, 20 Nov 2019 16:11:51 +0100
Subject: Re: [ARM] Avoid dereferencing null pointers
References: <CAKdteOYqxMCpOrBnH_N8JmJZzLgMwxZx0ywkh_DDPUvub9OPKA@mail.gmail.com> <20181023221621.GA27701@bubble.grove.modra.org> <CAKnkMGs2JmPjLHFv4LA06p5-3KHPSuxNjpQm+pcv5VZu1D7Q6g@mail.gmail.com> <20181024113624.GC1322@bubble.grove.modra.org>

On Wed, 24 Oct 2018 at 13:36, Alan Modra <amodra@gmail.com> wrote:
>
> On Wed, Oct 24, 2018 at 10:37:59AM +0100, Thomas Preudhomme wrote:
> > Hi Christophe,
> >
> > I'm a bit surprised cmse_scan is run at all in your case. Where you
> > targeting an M profile core?
> >
> > Regarding sym_hashes[X] being null, under what conditions can a global
> > symbol have a null hash?
>
> I sent a little more info to Christophe privately, after I thought a
> little more about the problem.  Guess I should have sent it to the
> list.
>
> You can have sym_hashes[n] being 0 when you have an as-needed library
> that wasn't needed (it's loaded but then unloaded).
>
> Note this elflink.c code:
>   if ((elf_dyn_lib_class (abfd) & DYN_AS_NEEDED) != 0)
>     {
>       unsigned int i;
>
>       /* Restore the symbol table.  */
>       old_ent = (char *) old_tab + tabsize;
>       memset (elf_sym_hashes (abfd), 0,
>               extsymcount * sizeof (struct elf_link_hash_entry *));
>
> The memset zaps all the sym_hashes, because after restoring the symbol
> table to as it was before loading the as-needed library, the symbol
> pointers are no longer valid.
>
> The patch I suggest instead of the one Christophe posted is:
>

Hi Alan,

Despite your fix below, I am again facing the same crash, in a case
which might be similar to the one you fixed.
My link command has:
-lgcc_s -lgcc -lc -lgcc_s
and cmse_scan crashes again because sym_hashes is null when scanning
the second occurrence of -lgcc_s.
If I remove -lgcc_s, the link succeeds, which suggests that even
though I'm not uses --as-needed in this case, the behaviour is
similar: the second -lgcc_s is useless (does not help resolve any
reference), so its sym_hashes is null.

Does that sound right? What's the proper way of skipping it, since
DYN_AS_NEEDED is not set?

Thanks,

Christophe

> diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
> index 2c321bbcb6..5adec5e473 100644
> --- a/bfd/elf32-arm.c
> +++ b/bfd/elf32-arm.c
> @@ -6449,7 +6449,8 @@ elf32_arm_size_stubs (bfd *output_bfd,
>           asection *section;
>           Elf_Internal_Sym *local_syms = NULL;
>
> -         if (!is_arm_elf (input_bfd))
> +         if (!is_arm_elf (input_bfd)
> +             || (elf_dyn_lib_class (input_bfd) & DYN_AS_NEEDED) != 0)
>             continue;
>
>           num_a8_relocs = 0;
>
> --
> Alan Modra
> Australia Development Lab, IBM

Follow-Ups:
- Re: [ARM] Avoid dereferencing null pointers
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]