This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [ARM] Avoid dereferencing null pointers
- From: Alan Modra <amodra at gmail dot com>
- To: Christophe Lyon <christophe dot lyon at linaro dot org>
- Cc: binutils <binutils at sourceware dot org>
- Date: Thu, 21 Nov 2019 08:19:03 +1030
- Subject: Re: [ARM] Avoid dereferencing null pointers
- References: <CAKdteOYqxMCpOrBnH_N8JmJZzLgMwxZx0ywkh_DDPUvub9OPKA@mail.gmail.com> <20181023221621.GA27701@bubble.grove.modra.org> <CAKnkMGs2JmPjLHFv4LA06p5-3KHPSuxNjpQm+pcv5VZu1D7Q6g@mail.gmail.com> <20181024113624.GC1322@bubble.grove.modra.org> <CAKdteOYDyCxKgE5t7siHc-1G+p0uJjoVsom34sa3RMN4vLHMwA@mail.gmail.com>
On Wed, Nov 20, 2019 at 04:11:51PM +0100, Christophe Lyon wrote:
> Despite your fix below, I am again facing the same crash, in a case
> which might be similar to the one you fixed.
> My link command has:
> -lgcc_s -lgcc -lc -lgcc_s
> and cmse_scan crashes again because sym_hashes is null when scanning
> the second occurrence of -lgcc_s.
> If I remove -lgcc_s, the link succeeds, which suggests that even
> though I'm not uses --as-needed in this case, the behaviour is
> similar: the second -lgcc_s is useless (does not help resolve any
> reference), so its sym_hashes is null.
>
> Does that sound right? What's the proper way of skipping it, since
> DYN_AS_NEEDED is not set?
I guess you're hitting this code in elf_link_add_object_symbols:
ret = elf_add_dt_needed_tag (abfd, info, soname, add_needed);
if (ret < 0)
goto error_return;
/* If we have already included this dynamic object in the
link, just ignore it. There is no reason to include a
particular dynamic object more than once. */
if (ret > 0)
return TRUE;
and returning because the lib has indeed already been loaded. That's
before sym_hashes are allocated, so sym_hashes will be NULL. It's a
wonder I didn't think of this case last year, even though you were
reporting sym_hashes[i] being NULL rather than sym_hashes NULL.
Using this should work:
if (!is_arm_elf (input_bfd)
|| elf_sym_hashes (input_bfd) == 0
|| (elf_dyn_lib_class (input_bfd) & DYN_AS_NEEDED) != 0)
continue;
You may also want to cover the case of sym_hashes[i] being zero in
cmse_scan, which is possible when badly formed shared libraries hit
the following elf_link_add_object_symbols code
/* If we aren't prepared to handle locals within the globals
then we'll likely segfault on a NULL symbol hash if the
symbol is ever referenced in relocations. */
shindex = elf_elfheader (abfd)->e_shstrndx;
name = bfd_elf_string_from_elf_section (abfd, shindex, hdr->sh_name);
_bfd_error_handler (_("%pB: %s local symbol at index %lu"
" (>= sh_info of %lu)"),
abfd, name, (long) (isym - isymbuf + extsymoff),
(long) extsymoff);
/* Dynamic object relocations are not processed by ld, so
ld won't run into the problem mentioned above. */
if (dynamic)
continue;
--
Alan Modra
Australia Development Lab, IBM