[PATCH-bfd] i386-mingw32-ld crash on x86_64 linux

Peter O'Gorman binutils@mlists.thewrittenword.com
Tue Apr 14 14:06:00 GMT 2009 

Hi,

We had a customer report a ld crash on an x86_64 linux cross compiler
setup targetting mingw32, with some of the input libraries generated by
visual studio, some generated by the GNU tools. They had no issues with
a similar setup on i386 linux.

The crash occurred with binutils-2.18.50 and 2.19.1 here:

 bfd_vma sec_vma = s->output_section->vma + s->output_offset;

#0  0x0000000000426ef8 in generate_reloc (abfd=0x618fc0, info=0x60a140) at ../../ld/pe-dll.c:1258
#1  0x000000000042b0c6 in pe_dll_fill_sections (abfd=0x618fc0, info=0x60a140) at ../../ld/pe-dll.c:2887
#2  0x000000000042230a in gld_i386pe_finish () at ei386pe.c:1540
#3  0x000000000041c5e4 in ldemul_finish () at ../../ld/ldemul.c:90
#4  0x0000000000414306 in lang_process () at ../../ld/ldlang.c:6186
#5  0x0000000000417bb1 in main (argc=35, argv=0x7fbfffbf38) at ../../ld/ldmain.c:453

s->output_section is NULL here.

gdb tells us that the bfd in question has the following sections:
.debug$S
.idata$2
.idata$6
.idata$4\004
.idata$5\004
.idata$4
.idata$5

This library was generated by Visual Studio 2005 SP1.

As you can see there is an issue, there are two instances of .idata$4
and 5, one with a trailing 0x04, one without. One has output_section as
a valid section, one is NULL.

This patch fixes the crash, though we are still unsure why it crashes
with an x86_64 linux build and works with an i386 linux build.

2009-04-14  Peter O'Gorman  <pogma@thewrittenword.com>

	* peXXigen.c: Ensure in->_n._n_name is NULL terminated.

Thanks,
Peter
-- 
Peter O'Gorman
pogma@thewrittenword.com
-------------- next part --------------
Index: bfd/peXXigen.c
===================================================================
--- bfd/peXXigen.c.orig	2007-11-13 20:17:43.000000000 +0000
+++ bfd/peXXigen.c	2009-04-09 22:24:04.653228328 +0000
@@ -105,7 +105,10 @@
       in->_n._n_n._n_offset = H_GET_32 (abfd, ext->e.e.e_offset);
     }
   else
+    {
     memcpy (in->_n._n_name, ext->e.e_name, SYMNMLEN);
+    in->_n._n_name[SYMNMLEN] = 0;
+    }
 
   in->n_value = H_GET_32 (abfd, ext->e_value);
   in->n_scnum = H_GET_16 (abfd, ext->e_scnum);

More information about the Binutils mailing list