Package: binutils
Version: 2.16.1-3
I hit this segfault[1] when building d-i.
I rebuilt binutils unstripped, reproduced & collected a backtrace[2].
An obvious NULL-pointer dereference.
I don't know if the bug is that its just not checking the pointer before
accessing it, or if a NULL pointer should never have made it this far.
I did do some blackbox testing and determined that 3 of the -u
arguments[3] will cause a segfault whenever they are used alone. If I
remove these three args, gcc completes without error.
[1]
...
reducing libc.so.6.1
Command failed with status 1 : gcc -nostdlib -nostartfiles -shared
-Wl,-soname=libc.so.6.1 -uwctomb -ufclose -ufreopen64 -ugetmntent -usleep
-uumask -usend -u__fxstat -usetutent -uisspace -ulocaltime -ugetpt -ugetppid
-uutime -ustrnlen -u__libc_sigaction -u__sched_getparam -urecvfrom -uopendir
-ustderr -uklogctl -usnprintf -uoptind -umemset -usync -ustrerror -usyslog
-u_libc_intl_domainname -ustrcasestr -u__ctype_get_mb_cur_max -uindex -ustrcspn
-uopenlog -uaccess -ugrantpt -ucfmakeraw -u__dcgettext -uioperm -umunmap
-uh_errno -ufputc -u_IO_list_lock -uwait -uwcwidth -usendmsg -uiswalnum
-urename -u__environ -umkdir -urealloc -uprintf -uunlockpt -u__strcasecmp
-uselect -ugetchar -urindex -uendservent -ustrdup -umprotect -u__resp
-u__strtold_internal -uisatty -utdelete -ustatfs64 -uwarn -ugettimeofday
-uherror -uupdwtmp -uchdir -u__errno_location -u_dl_vsym -uutmpname
-uinet_nsap_ntoa -ufnmatch -u__strtof_internal -usysconf -u__res_maybe_init
-u__poll -uaccept -uabort -ufprintf -ustrtoll -ustrlen -ustrncat -uchroot
-uclearerr -ugetgroups -ufeof -uwrite -u__gettimeofday -urewind
-u__sched_get_priority_max -uvasprintf -uunsetenv -u__cxa_finalize
-ugethostbyname -uioctl -uunlink -utcgetpgrp -usigdelset -ugetutline_r -ustdin
-u__rawmemchr -uenviron -u__xstat -usetrlimit64 -u_IO_iter_next -ubasename
-u__sigsetjmp -uuname -ustrtoul -uswapoff -uexeclp -u__clone2 -ufwrite
-u__libc_current_sigrtmax_private -ugetpid -usetgid -ufeof_unlocked -uexecl
-ucfgetospeed -usendto -uexecv -umemchr -umkfifo -usys_siglist -uconnect
-usigemptyset -udirname -u__getpid -uendpwent -ureboot -uopen64 -usetsid
-usprintf -u__ctype_b_loc -ustrrchr -uregexec -ugethostbyaddr -ustrchrnul
-uasprintf -uferror -u__sigsuspend -ugetcwd -ufree -utfind -ugetpeername -urecv
-u_IO_list_resetlock -uputchar -u__strtol_internal -utimes -usigsetmask
-ugetservbyname -uqsort -u__libc_thread_freeres -u__xstat64 -u__libc_start_main
-u__sysctl -uopen -ustrncpy -uusleep -ugetopt_long -untohl -usystem
-ustrcasecmp -udcgettext -untohs -umemcmp -u__asprintf -udprintf -umkstemp64
-ulisten -uswapon -u__libc_current_sigrtmin_private -ufscanf -ubind -uvsnprintf
-u__assert_fail -ustrtok_r -u_dl_sym -usigfillset -ucfsetospeed -ustpcpy
-u__libc_system -ugeteuid -ugetrlimit64 -u__libc_pthread_init -utsearch
-ugetrlimit -urealpath -utolower -utcgetattr -ufopen64 -u__libc_dl_error_tsd
-ustrpbrk -u_IO_iter_end -ualarm -upipe -uscandir -ustrncasecmp
-u__sched_getscheduler -urandom -u_IO_putc -ulseek64 -usetmntent -ustrtol
-u__sysv_signal -upause -ustrtok -ustrtod -u_environ -uwritev -ufputs -ufchmod
-usetlogmask -udup2 -utwalk -uinet_ntop -ubcmp -ustrsep -uptsname_r -uinet_ntoa
-umemcpy -ufileno -uperror -usrandom -uumount -uendutent -usigismember
-ustrncmp -umbtowc -ustrcat -ugetsockname -uclose -ustrchr -u__fcntl
-ugetnetbyaddr -uregcomp -uvdprintf -ufcntl -u__getdelim -u__lxstat64
-usigaction -usetsockopt -ucloselog -ustrftime -uchmod -ushutdown -usscanf
-usigprocmask -uraise -uputs -u__libc_fork -udup -ureaddir64 -ulchown -ufread
-ustrsignal -uexecvp -u__strtod_internal -uexecve -umount -ugetpwuid -uvsprintf
-usetuid -umalloc -ustdout -u__register_atfork -upopen -urecvmsg -utowlower
-uwaitpid -uoptarg -ulongjmp -u_IO_iter_file -u__ctype_tolower_loc -ucalloc
-usetbuf -unl_langinfo -u__libc_siglongjmp -usetitimer -u_dl_close -umempcpy
-ulseek -ugetpwent -ucfsetispeed -u__res_nclose -u__lxstat -ukill -ufflush
-ummap64 -u__xmknod -usethostname -ummap -uptsname -u_IO_iter_begin
-u__getpagesize -utmpnam -u_setjmp -uread -udaemon -ustrstr -uctime -ufsync
-umemmove -usignal -uiswpunct -umblen -ustrcmp -utoupper -ufgetc -upclose
-uftruncate64 -ureaddir -ufgets -ugetgid -uendmntent -uregfree
-u__h_errno_location -uftell -uexit -uttyname_r -u_dl_addr -u__strdup
-ugetpagesize -ugmtime -usymlink -upututline -u__stpncpy -u__sched_setscheduler
-u_IO_list_unlock -ugethostname -ugetnameinfo -usysinfo -usocket -ustrcpy
-ubsearch -ureadlink -u_exit -usetlocale -uumount2 -ufgets_unlocked
-u__fxstat64 -ufopen -uputenv -ufdopen -uerrno -uvsyslog -urmdir -uin6addr_any
-u__res_state -ufork -uvprintf -ualphasort -u__libc_longjmp -usched_yield
-ugetenv -uatoi -ulink -uvfprintf -uiswblank -ugetnetbyname -u_IO_getc -uwait3
-u_outb -u__cxa_atexit -ustrspn -uungetc -uhtonl -u__fsetlocking -ustrndup
-usyscall -u__libc_allocate_rtsig_private -umbrtowc -uinet_pton -uhtons
-u__on_exit -usetenv -u__sched_get_priority_min -ugetopt -umkstemp -uinet_aton
-u_dl_open -utcsetattr -usigsuspend -uregerror -u__ctype_toupper_loc
-usigaddset -uclosedir -ugetegid -ugetuid -uchown -utime -o
./tmp/netboot/tree/lib/libc.so.6.1-so /usr/lib/libc_pic/soinit.o
/usr/lib//libc_pic.a /usr/lib/libc_pic/sofini.o /lib//ld-linux-ia64.so.2 -u
__dso_handle -Wl,--version-script=/usr/lib//libc_pic.map -lgcc -L
./tmp/netboot/tree/lib -L./tmp/netboot/tree/usr/lib -L./tmp/netboot/udeblibs
-L/lib/ -L/usr/lib/ -L/usr/X11R6/lib/ -L./tmp/netboot/tree//usr/lib/cdebconf
-L./tmp/netboot/tree//usr/lib/cdebconf -L./tmp/netboot/tree//usr/lib/cdebconf
-L./tmp/netboot/tree//usr/lib/cdebconf -L./tmp/netboot/tree//usr/lib/cdebconf
-L./tmp/netboot/tree//usr/lib/cdebconf -L./tmp/netboot/tree//usr/lib/cdebconf
-L./tmp/netboot/tree//usr/lib/cdebconf -L./tmp/netboot/tree//usr/lib/cdebconf
With output: collect2: ld terminated with signal 11 [Segmentation fault], core
dumped
/usr/bin/ld:
make[2]: *** [stamps/tree-netboot-stamp] Error 1
make[1]: *** [_build] Error 2
make: *** [build_netboot] Error 2
[EMAIL PROTECTED]:~/svn/d-i.trunk/installer/build$ gdb /usr/bin/ld
ld ldapdelete ldappasswd ldd
ldapadd ldapmodify ldapsearch ldd.ia32-libs
ldapcompare ldapmodrdn ldapwhoami lddlibc4
[EMAIL PROTECTED]:~/svn/d-i.trunk/installer/build$ gdb /usr/bin/ld core
GNU gdb 6.3-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "ia64-linux"...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
Core was generated by `/usr/bin/ld -shared -o
./tmp/netboot/tree/lib/libc.so.6.1-so -uwctomb -ufclose'.
Program terminated with signal 11, Segmentation fault.
warning: current_sos: Can't read pathname for load map: Input/output error
Reading symbols from /usr/lib/libfakeroot/libfakeroot-sysv.so.0...done.
Loaded symbols for /usr/lib/libfakeroot/libfakeroot-sysv.so.0
Reading symbols from /usr/lib/libbfd-2.16.1.so...done.
Loaded symbols for /usr/lib/libbfd-2.16.1.so
Reading symbols from /lib/tls/libc.so.6.1...Reading symbols from
/usr/lib/debug/lib/tls/libc-2.3.5.so...done.
done.
Loaded symbols for /lib/tls/libc.so.6.1
Reading symbols from /lib/tls/libdl.so.2...Reading symbols from
/usr/lib/debug/lib/tls/libdl-2.3.5.so...done.
done.
Loaded symbols for /lib/tls/libdl.so.2
Reading symbols from /lib/ld-linux-ia64.so.2...Reading symbols from
/usr/lib/debug/lib/ld-2.3.5.so...done.
done.
Loaded symbols for /lib/ld-linux-ia64.so.2
#0 _bfd_default_error_handler (fmt=0x2000000000173e56 "")
at ../../bfd/bfd.c:481
481 if (abfd->my_archive)
(gdb) bt
#0 _bfd_default_error_handler (fmt=0x2000000000173e56 "")
at ../../bfd/bfd.c:481
#1 0x2000000000117a10 in _bfd_elf_merge_symbol (abfd=Variable "abfd" is not
available.
)
at ../../bfd/elflink.c:952
#2 0x200000000011f650 in bfd_elf_link_add_symbols (abfd=0x60000000000b8b40,
info=0x60000000000115e8) at ../../bfd/elflink.c:3776
#3 0x200000000011e240 in elf_link_add_archive_symbols (
abfd=0x6000000000098490, info=0x60000000000115e8)
at ../../bfd/elflink.c:4650
#4 0x200000000011ec30 in bfd_elf_link_add_symbols (abfd=Variable "abfd" is not
available.
)
at ../../bfd/elflink.c:4706
#5 0x400000000001c380 in load_symbols (entry=0x600000000001c540,
place=0x60000fffff877600) at ../../ld/ldlang.c:1869
#6 0x400000000002bbd0 in open_input_bfds (s=0x600000000001c540, force=0)
at ../../ld/ldlang.c:2279
#7 0x400000000002c1a0 in lang_process () at ../../ld/ldlang.c:4743
#8 0x4000000000031c10 in main (argc=426, argv=0x60000fffff8778d8)
at ../../ld/ldmain.c:458
(gdb) bt full
#0 _bfd_default_error_handler (fmt=0x2000000000173e56 "")
at ../../bfd/bfd.c:481
abfd = (bfd *) 0x0
ap = Cannot access memory at address 0xe8
(gdb)
[3]
-uh_errno
-u__resp
-uerrno