Segmentation fault of 'objdump -x' in binutils-2.25.1

[Alan Modra]

On Fri, Aug 21, 2015 at 01:03:55PM +0900, Yunho Kim wrote:
> *** Configuration and build option ***
> $ ./configure CFLAGS="-fsanitize=address" && make -j4
> 
> I am using Debian 8.1 on x64 and gcc 4.9.2.
> 
> *** Command that causes a crash ***
> $ ~/binutils-2.25.1/binutils/objdump -x objdump_crash
[snip]
> t->vd_nodename
> is not initialized at the function _bfd_elf_slurp_version_tables() (in

Thanks for the report.

Belt and braces fix.  Either of the changes here is sufficient to
ensure vd_nodename is initialized properly, the memcpy change because
iverdef is calloc memory.

	* elf.c (_bfd_elf_slurp_version_tables): Always init vd_nodename.
	Don't copy fields not set by _bfd_elf_swap_verdef_in.

diff --git a/bfd/elf.c b/bfd/elf.c
index f20679e..f8e1295 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -7871,7 +7871,7 @@ error_return_verref:
 	    goto error_return_bad_verdef;
 
 	  iverdef = &iverdefarr[(iverdefmem.vd_ndx & VERSYM_VERSION) - 1];
-	  memcpy (iverdef, &iverdefmem, sizeof (Elf_Internal_Verdef));
+	  memcpy (iverdef, &iverdefmem, offsetof (Elf_Internal_Verdef, vd_bfd));
 
 	  iverdef->vd_bfd = abfd;
 
@@ -7920,6 +7920,7 @@ error_return_verref:
 			  ((bfd_byte *) everdaux + iverdaux->vda_next));
 	    }
 
+	  iverdef->vd_nodename = NULL;
 	  if (iverdef->vd_cnt)
 	    iverdef->vd_nodename = iverdef->vd_auxptr->vda_nodename;
 

-- 
Alan Modra
Australia Development Lab, IBM