[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #99 from Alexander Cherepanov --- Created attachment 7947 --> https://sourceware.org/bugzilla/attachment.cgi?id=7947&action=edit AFL crashers for `objdump -x` With AFL... Files: 3 Errors: 3 Invalid write of size ... 3 Process terminating with default action of signal 11 (SIGSEGV) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
objdump man page lines too long
$ COLUMNS=80 man objdump|perl -nwle 'print if length > 155' --dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,=frames-interp,=str,=loc,=Ranges,=pubtypes,=trace_info,=trace_abbrev,=trace_aranges,=gdb_index]] -a,-d,-D,-e,-f,-g,-G,-h,-H,-p,-P,-r,-R,-s,-S,-t,-T,-V,-x must be given. enabled by -M reg-names-atpcs and -M reg-names-special-atpcs which intel and att-mnemonic implies att. addr64, addr32, addr16, data32 relocs, lineno, loader, except, typchk, traceback, toc and ldinfo. --dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,=frames-interp,=str,=loc,=Ranges,=pubtypes,=trace_inf]] $ su - nobody No directory, logging in with HOME=/ nobody@jidanni3:/$ < /dev/null > /dev/null man objdump :170: warning [p 1, 5.5i]: can't break line :611: warning [p 6, 8.0i, div `an-div', 0.0i]: can't break line binutils 2.24.90.2014-2 ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/14243] software that includes bfd.h fails to build with "#error config.h must be included before this header"
https://sourceware.org/bugzilla/show_bug.cgi?id=14243 yuexu changed: What|Removed |Added CC||yue.xu at intel dot com Assignee|unassigned at sourceware dot org |yue.xu at intel dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #98 from Hanno Boeck --- Nick, did you see attachment 7937? Still crashes nm with latest git, this is in the ihex parser. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 Evandro Menezes changed: What|Removed |Added CC||evandro at yahoo dot com --- Comment #8 from Evandro Menezes --- (In reply to H.J. Lu from comment #7) > I also want to support larger code size in small model. Put .plt after .text > will help small model. I will implement large PLT for large model. Methinks that it's more appealing to maintain a single PLT template, regardless of the model, and have sparse segments to support text-ro-plt-got. The overhead in the memory space should be insignificant if done only in the large code model. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gold/17619] New: Gold fails to check PC-relative offset overflow in PLT entry
https://sourceware.org/bugzilla/show_bug.cgi?id=17619
Bug ID: 17619
Summary: Gold fails to check PC-relative offset overflow in PLT
entry
Product: binutils
Version: 2.26 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: gold
Assignee: ccoutant at google dot com
Reporter: hjl.tools at gmail dot com
CC: ian at airs dot com
On Linux/x86-64, gold fails to check PC-relative offset overflow in PLT entry:
[hjl@gnu-6 pr17618]$ cat main.c
extern void foo (void);
extern void bar (void);
int
main ()
{
foo ();
bar ();
return 0;
}
[hjl@gnu-6 pr17618]$ cat foo.S
.section.rodata.str1.1,"aMS",@progbits,1
.LC0:
.string"PASS"
.text
.p2align 4,,15
.globlfoo
.typefoo, @function
foo:
leal.LC0(%rip), %edi
jmpputs@PLT
.sizefoo, .-foo
.p2align 4,,15
.globlbar
.typebar, @function
bar:
jmp .L0
.space 0x4000, 0x90
.L0:
jmp .L2
.space 0x4fdfff14, 0x90
.L2:
.sizebar, .-bar
.section.note.GNU-stack,"",@progbits
[hjl@gnu-6 pr17618]$ make
gcc -mx32 -O2-c -o main.o main.c
gcc -mx32 -O2 -fpic -c -o foo.o foo.S
./ld -m elf32_x86_64 -shared -o libfoo.so foo.o
./ld: warning: overflow in PLT unwind data; unwinding through PLT may fail
gcc -mx32 -O2 -o foo main.o libfoo.so -Wl,-R,.
./foo
make: *** [all] Segmentation fault
[hjl@gnu-6 pr17618]$
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17618] Linker fails to check PC-relative offset overflow in PLT entry
https://sourceware.org/bugzilla/show_bug.cgi?id=17618 --- Comment #1 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via ab7fede88eddf004994f8769e3c7ac145628f5b4 (commit) from 439247b656ce3bcfaa00fec7dbce70e65ca17cf5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab7fede88eddf004994f8769e3c7ac145628f5b4 commit ab7fede88eddf004994f8769e3c7ac145628f5b4 Author: H.J. Lu Date: Tue Nov 18 11:03:09 2014 -0800 Check PC-relative offset overflow in PLT entry This patch checks PC-relative offset overflow in pushq instruction in x86-64 PLT entry. bfd/ PR ld/17618 * elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check PC-relative offset overflow in PLT entry. ld/testsuite/ PR ld/17618 * ld-x86-64/x86-64.exp: Run pr17618 for Linux target. * ld-x86-64/pr17618.d: New file. * ld-x86-64/pr17618.s: Likewise. --- Summary of changes: bfd/ChangeLog |6 ++ bfd/elf64-x86-64.c| 27 +++ ld/testsuite/ChangeLog|8 ld/testsuite/ld-x86-64/pr17618.d |4 ld/testsuite/ld-x86-64/pr17618.s | 18 ++ ld/testsuite/ld-x86-64/x86-64.exp |7 +++ 6 files changed, 62 insertions(+), 8 deletions(-) create mode 100644 ld/testsuite/ld-x86-64/pr17618.d create mode 100644 ld/testsuite/ld-x86-64/pr17618.s -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17618] New: Linker fails to check PC-relative offset overflow in PLT entry
https://sourceware.org/bugzilla/show_bug.cgi?id=17618
Bug ID: 17618
Summary: Linker fails to check PC-relative offset overflow in
PLT entry
Product: binutils
Version: 2.26 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
X86-64 linker fails to check PC-relative offset overflow in PLT entry:
[hjl@gnu-6 plt]$ cat foo.c
#include
void
foo (void)
{
printf ("PASS\n");
}
[hjl@gnu-6 plt]$ cat main.c
extern void foo (void);
extern void bar (void);
int
main ()
{
foo ();
bar ();
return 0;
}
[hjl@gnu-6 plt]$ cat gap.S
.text
.p2align 4,,15
.globlbar
.typebar, @function
bar:
jmp .L0
.space 0x4000, 0x90
.L0:
jmp .L2
#ifdef GOLD
.space 0x4fdfff14, 0x90
#else
.space 0x3fdfff14, 0x90
#endif
.L2:
leaq.L2(%rip), %rcx
movabsq$_GLOBAL_OFFSET_TABLE_-.L2, %r11
movabsq$foo@PLTOFF, %rax
addq%r11, %rcx
addq%rcx, %rax
jmp*%rax
.sizebar, .-bar
.section.note.GNU-stack,"",@progbits
[hjl@gnu-6 plt]$ make LD=ld
gcc -O2-c -o main.o main.c
gcc -O2 -c -o gap.o gap.S
gcc -O2 -fpic -c -o foo.o foo.c
ld -shared -o libfoo.so gap.o foo.o
gcc -O2 -o foo main.o libfoo.so -Wl,-R,.
./foo
make: *** [all] Segmentation fault
[hjl@gnu-6 plt]$
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
comparison between signed and unsigned integer expressions in process_extended_line_op
Hi, I just ran into this error: ... /home/vries/local/arm/obj/binutils-src-mainline-0-arm-none-linux-gnueabi-i686-pc-linux-gnu/binutils/dwarf.c: In function 'process_extended_line_op': /home/vries/local/arm/obj/binutils-src-mainline-0-arm-none-linux-gnueabi-i686-pc-linux-gnu/binutils/dwarf.c:419:38: error: comparison between signed \ and unsigned integer expressions [-Werror=sign-compare] ... The line referenced is: ... 6937bb54 (Nick Clifton 2014-11-18 14:40:05 + 419) if (len == 0 || data == end || len > (end - data)) ... I suspect it's due to commit 6937bb54a9c3ddc7ba330bc18af76f8dbe856ac3 (More fixes for illegal memory accesses exposed by fuzzed binaries). Thanks, - Tom ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17605] ar crashes on malformed archive
https://sourceware.org/bugzilla/show_bug.cgi?id=17605 Nick Clifton changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #3 from Nick Clifton --- Hi Alexander, Thanks for the bug report. I have applied a patch (also uploaded here) to the master sources which should fix this problem. Please give it a try. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17605] ar crashes on malformed archive
https://sourceware.org/bugzilla/show_bug.cgi?id=17605 --- Comment #1 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via 0593bd3ace3cb64775f4d9e8039da919c26803cd (commit) from 8435453b810d8ab0574e509446003d10d04abfd4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0593bd3ace3cb64775f4d9e8039da919c26803cd commit 0593bd3ace3cb64775f4d9e8039da919c26803cd Author: Nick Clifton Date: Tue Nov 18 17:35:39 2014 + Fixes a seg-fault when displaying the time data for a corrupt archive. PR binutuls/17605 * bucomm.c (print_arelt_descr): Check for ctime returning NULL. --- Summary of changes: binutils/ChangeLog |5 + binutils/bucomm.c |8 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17605] ar crashes on malformed archive
https://sourceware.org/bugzilla/show_bug.cgi?id=17605 Nick Clifton changed: What|Removed |Added CC||nickc at redhat dot com --- Comment #2 from Nick Clifton --- Created attachment 7946 --> https://sourceware.org/bugzilla/attachment.cgi?id=7946&action=edit Check for ctime() returning NULL -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 --- Comment #7 from H.J. Lu --- (In reply to Michael Matz from comment #5) > (In reply to H.J. Lu from comment #4) > > When there is a large readonly section, it makes no differences between > > > > text, plt, readonly, got > > > > and > > > > text, readonly, plt, got > > > > since text needs to reach plt and plt needs to reach got. > > Yes, but text reaching PLT is trivial with the large code model. But PLT > reaching GOT requires changing the PLT layout. The reason for my idea > of moving the PLT was to avoid doing that. And with a large readonly only > the latter layout achieves that. So I think that should be the default > layout. I also want to support larger code size in small model. Put .plt after .text will help small model. I will implement large PLT for large model. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 --- Comment #6 from H.J. Lu --- (In reply to Michael Matz from comment #5) > (In reply to H.J. Lu from comment #4) > > When there is a large readonly section, it makes no differences between > > > > text, plt, readonly, got > > > > and > > > > text, readonly, plt, got > > > > since text needs to reach plt and plt needs to reach got. > > Yes, but text reaching PLT is trivial with the large code model. But PLT > reaching GOT requires changing the PLT layout. The reason for my idea > of moving the PLT was to avoid doing that. And with a large readonly only > the latter layout achieves that. So I think that should be the default > layout. Putting readonly data between text makes this even worse: https://sourceware.org/bugzilla/show_bug.cgi?id=16685 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 --- Comment #5 from Michael Matz --- (In reply to H.J. Lu from comment #4) > When there is a large readonly section, it makes no differences between > > text, plt, readonly, got > > and > > text, readonly, plt, got > > since text needs to reach plt and plt needs to reach got. Yes, but text reaching PLT is trivial with the large code model. But PLT reaching GOT requires changing the PLT layout. The reason for my idea of moving the PLT was to avoid doing that. And with a large readonly only the latter layout achieves that. So I think that should be the default layout. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #97 from Nick Clifton --- Alright - the bugs exposed by those latest fuzzed binaries should be fixed now. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #96 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via 6937bb54a9c3ddc7ba330bc18af76f8dbe856ac3 (commit) from de84aee38c50fd306876cdbf92007afaacbfab4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6937bb54a9c3ddc7ba330bc18af76f8dbe856ac3 commit 6937bb54a9c3ddc7ba330bc18af76f8dbe856ac3 Author: Nick Clifton Date: Tue Nov 18 14:40:05 2014 + More fixes for illegal memory accesses exposed by fuzzed binaries. PR binutils/17512 * peXXIgen.c (pe_print_pdata): Fail if the section's virtual size is larger than its real size. (rsrc_print_section): Fix off-by-one error checking for overflow. * pei-x86_64.c (pex64_bfd_print_pdata): Handle empty unwind sections. * dwarf.c (get_encoded_value): Warn and return if the encoded value is more than 64-bits long. (SAFE_BYTE_GET): Do not attempt to read more than 64-bits. (process_extended_line_op): Add more range checks. (decode_location_expression): Use the return value from display_block. Add more range checks. (read_debug_line_header): Add range check. (display_debug_lines_raw): Add range checks. (display_debug_frames): Silently skip multiple zero terminators. Add range checks. (process_cu_tu_index): Check for non-existant or empty sections. Use SAFE_BYTE_GET instead of byte_get. --- Summary of changes: bfd/ChangeLog |9 +++ bfd/peXXigen.c | 10 +++- bfd/pei-x86_64.c |7 ++ binutils/ChangeLog | 16 + binutils/dwarf.c | 162 +++ 5 files changed, 165 insertions(+), 39 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 --- Comment #4 from H.J. Lu --- (In reply to Michael Matz from comment #3) > (In reply to H.J. Lu from comment #2) > > It is an interesting idea. > > Yeah, that's how I tested the large model back in the days when I implemented > some of it. Never got around to actually change the PLT layout. > > > If we place .plt just after .text, there > > may be readonly sections before .got, the distance between .plt and > > .got.plt can still be big. > > Yes, unfortunately. > > > If we place .plt just before .got, the > > text segment will have text, readonly data and followed by text. Do > > we want to do that? > > At least it wouldn't change the executable view of the ELF files, those > sections would still be contained in the read-only-exec segment. Also the > GNU_RELRO (writable, but only during loading) part could be moved after .got. > Thereby .got would be first in the RW segment and .plt last in the RE > segment, > right next to each other. When there is a large readonly section, it makes no differences between text plt readonly got and text readonly plt got since text needs to reach plt and plt needs to reach got. We should go with text plt readonly got I will prepare a patch. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/17592] x86-64 linker generates wrong PLT for large model
https://sourceware.org/bugzilla/show_bug.cgi?id=17592 --- Comment #3 from Michael Matz --- (In reply to H.J. Lu from comment #2) > It is an interesting idea. Yeah, that's how I tested the large model back in the days when I implemented some of it. Never got around to actually change the PLT layout. > If we place .plt just after .text, there > may be readonly sections before .got, the distance between .plt and > .got.plt can still be big. Yes, unfortunately. > If we place .plt just before .got, the > text segment will have text, readonly data and followed by text. Do > we want to do that? At least it wouldn't change the executable view of the ELF files, those sections would still be contained in the read-only-exec segment. Also the GNU_RELRO (writable, but only during loading) part could be moved after .got. Thereby .got would be first in the RW segment and .plt last in the RE segment, right next to each other. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17531] readelf -a crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17531 --- Comment #35 from Nick Clifton --- Hi Espen, Hi Alexander, OK, those two are fixed. Next ? Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17531] readelf -a crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17531 --- Comment #34 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via 0eff716535f3e8f501d6b438f7f796b70a0b9f98 (commit) from 25a0334e39963239f03555efe7e933558cc897e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0eff716535f3e8f501d6b438f7f796b70a0b9f98 commit 0eff716535f3e8f501d6b438f7f796b70a0b9f98 Author: Nick Clifton Date: Tue Nov 18 10:07:11 2014 + Fix memort access problems exposed by fuzzed binaries. PR binutils/17531 * readelf.c (get_unwind_section_word): Skip reloc processing if there are no relocs associated with the section. (decode_tic6x_unwind_bytecode): Warn and return if the stack pointer adjustment falls off the end of the buffer. --- Summary of changes: binutils/ChangeLog |8 binutils/readelf.c | 16 +++- 2 files changed, 23 insertions(+), 1 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
