[Bug ld/24226] Need advise on the binutils problem that generating wrong instruction like lw a3,-2048(a5) on RISC-V backend
https://sourceware.org/bugzilla/show_bug.cgi?id=24226
--- Comment #3 from GraceLiu ---
(In reply to Jim Wilson from comment #1)
> The medany explicit-relocs problem is different than the one here. This
> requires an auipc to trigger, and there is no auipc here.
>
> This looks like a compiler bug if this is compiler generated code, or a
> programmer error if this is hand written assembly code. It is not safe to
> use
> lw a3,%lo(g_3030+4)(a5)
> unless g_3030 has 8-byte alignment, and if it does, then the %lo can not
> overflow.
>
> The current linker sources will give an error if it detects an auipc/lw
> overflow, but I hadn't considered this case with an incorrect lui/lw
> instruction pair. Even though this is compiler/user error, it would still
> be useful if the linker gave an error for it instead of silently producing
> incorrect code, as finding this incorrect code after the fact is likely to
> be hard.
Thanks Jim for your comments.
We are not using any hand written assembly code or any customized link script.
The code is generated by compiler.
The struct of g_3030 is
#pragma pack(push)
#pragma pack(1)
struct S0 {
signed f0 : 4;
const volatile int64_t f1;
volatile signed f2 : 1;
signed f3 : 31;
unsigned f4 : 8;
signed f5 : 20;
unsigned f6 : 5;
};
#pragma pack(pop)
static const struct S0 g_3030 = {0,-9L,-0,-22553,7,-841,1};/* VOLATILE GLOBAL
g_3030 */
we tried to print the value of -9L in g_3030 but the value is wrong. I have
attached the testcase.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/24226] Need advise on the binutils problem that generating wrong instruction like lw a3,-2048(a5) on RISC-V backend
https://sourceware.org/bugzilla/show_bug.cgi?id=24226 --- Comment #2 from Jim Wilson --- Another possibility here is a broken linker script that isn't respecting section alignment. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/24226] Need advise on the binutils problem that generating wrong instruction like lw a3,-2048(a5) on RISC-V backend
https://sourceware.org/bugzilla/show_bug.cgi?id=24226 Jim Wilson changed: What|Removed |Added CC||wilson at gcc dot gnu.org --- Comment #1 from Jim Wilson --- The medany explicit-relocs problem is different than the one here. This requires an auipc to trigger, and there is no auipc here. This looks like a compiler bug if this is compiler generated code, or a programmer error if this is hand written assembly code. It is not safe to use lw a3,%lo(g_3030+4)(a5) unless g_3030 has 8-byte alignment, and if it does, then the %lo can not overflow. The current linker sources will give an error if it detects an auipc/lw overflow, but I hadn't considered this case with an incorrect lui/lw instruction pair. Even though this is compiler/user error, it would still be useful if the linker gave an error for it instead of silently producing incorrect code, as finding this incorrect code after the fact is likely to be hard. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24229] nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #1 from Nick Clifton --- Hi spinpx, Thanks for reporting this bug. Unfortunately the problem is in the libiberty library which is maintained by the gcc project, rather than the binutils project. So please could you report this bug here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #2 from Nick Clifton --- Hi spinpx, Thanks for reporting this bug. Unfortunately the problem is in the libiberty library which is maintained by the gcc project, rather than the binutils project. So please could you report this bug here: https://gcc.gnu.org/bugzilla/enter_bug.cgi?product=gcc Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23919] bfd doesn't handle ELF compressed data alignment
https://sourceware.org/bugzilla/show_bug.cgi?id=23919 --- Comment #14 from cvs-commit at gcc dot gnu.org --- The binutils-2_31-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=88739f776b733b0b84600b283417f862a010bb5d commit 88739f776b733b0b84600b283417f862a010bb5d Author: Nick Clifton Date: Mon Feb 18 15:08:57 2019 + Import patch to fix PR23919 from the mainline. PR binutils/23919 bfd * bfd.c (bfd_update_compression_header): Explicitly set alignment. (bfd_check_compression_header): Add uncompressed_alignment_power argument. Check ch_addralign is a power of 2. * bfd-in2.h: Regenerated. * compress.c (bfd_compress_section_contents): Get and set orig_uncompressed_alignment_pow if section is decompressed. (bfd_is_section_compressed_with_header): Add and get uncompressed_align_pow_p argument. (bfd_is_section_compressed): Add uncompressed_align_power argument to bfd_is_section_compressed_with_header call. (bfd_init_section_decompress_status): Get and set uncompressed_alignment_power. * elf.c (_bfd_elf_make_section_from_shdr): Add uncompressed_align_power argument to bfd_is_section_compressed_with_header call. * compress.c (bfd_is_section_compressed_with_header): Initialize * uncompressed_align_pow_p to 0. binutils* readelf.c (dump_sections_as_strings): Remove bogus addralign check. (dump_sections_as_bytes): Likewise. (load_specific_debug_sections): Likewise. * testsuite/binutils-all/dw2-3.rS: Adjust alignment. * testsuite/binutils-all/dw2-3.rt: Likewise. gold* merge.cc (Output_merge_string::do_add_input_section): Get addralign from decompressed_section_contents. * object.cc (build_compressed_section_map): Set info.addralign. (Object::decompressed_section_contents): Add a palign argument and store p->second.addralign in *palign if it isn't NULL. * object.h (Compressed_section_info): Add addralign. (section_is_compressed): Add a palign argument, default it to NULL, store p->second.addralign in *palign if it isn't NULL. (Object::decompressed_section_contents): Likewise. * output.cc (Output_section::add_input_section): Get addralign from section_is_compressed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] New: nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 Bug ID: 24227 Summary: nm: stack overflow Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: critical Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==1992137==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc986fff68 (pc 0x008975c5 bp 0x7ffc987000a0 sp 0x7ffc986fff70 T0) #0 0x8975c4 in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4149:7 #1 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #2 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #3 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #4 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #5 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #6 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #7 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #8 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #9 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #10 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #11 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #12 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #13 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #14 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #15 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #16 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #17 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #18 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #19 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #20 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #21 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #22 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #23 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #24 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #25 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #26 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #27 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #28 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #29 0x89762f in d_count_templates_scopes /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:4151:7 #30 0x89762f in d_count_templates_scopes
[Bug binutils/24229] nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 spinpx changed: What|Removed |Added Severity|normal |critical -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24227] nm: stack overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24227 --- Comment #1 from Peng Chen --- Created attachment 11611 --> https://sourceware.org/bugzilla/attachment.cgi?id=11611=edit Inputs trigger the bug -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24229] New: nm: heap buffer overflow
https://sourceware.org/bugzilla/show_bug.cgi?id=24229 Bug ID: 24229 Summary: nm: heap buffer overflow Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: spinpx at gmail dot com Target Milestone: --- Created attachment 11612 --> https://sourceware.org/bugzilla/attachment.cgi?id=11612=edit inputs that trigger bugs - Intel Xeon Gold 5118 processors and 256 GB memory - Linux n18-065-139 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 GNU/Linux - clang version 4.0.0 (tags/RELEASE_400/final) - version: commit commit 388a192d73df7439bf375d8b8042bb53a6be9c60 - run: nm -C input_file (We attached the inputs that trigger the bug) - asan report: ==2003322==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e000d8 at pc 0x008957c6 bp 0x7ffdf2e36340 sp 0x7ffdf2e36338 READ of size 1 at 0x60e000d8 thread T0 #0 0x8957c5 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3356:12 #1 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #2 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #3 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #4 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #5 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #6 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #7 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #8 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #9 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #10 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #11 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #12 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #13 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #14 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #15 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #16 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #17 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #18 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #19 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #20 0x896370 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3449:16 #21 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #22 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #23 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #24 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #25 0x89610c in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3416:18 #26 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #27 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #28 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #29 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #30 0x896210 in d_expression_1 /mnt/raid/user/chenpeng/FuzzingBench/binutils/binutils-gdb/libiberty/cp-demangle.c:3438:15 #31 0x896210 in d_expression_1
