[Bug binutils/24435] heap overflow in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=24435 --- Comment #4 from Alan Modra --- alan@bubble:~/build/gas/sanitize$ ld/ld-new ~/src/tmp/pr24435.so ld/ld-new: /home/alan/src/tmp/pr24435.so: file not recognized: bad value This with binutils configured as CFLAGS="-g -O2 -fsanitize=address" CXXFLAGS="-g -O2 -fsanitize=address" \ ~/src/binutils-gdb/configure --build=x86_64-linux --enable-targets=all \ --enable-gold --enable-threads --disable-gdb --disable-sim --disable-readline \ --disable-libdecnumber --enable-plugins And the reason ld doesn't recognize the file is that we hit the pr24273 patch in bfd_elf_string_from_elf_section. So, how did you configure your binutils? -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24435] heap overflow in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=24435 --- Comment #3 from Agostino Sarubbo --- I can reproduce the issue with the master compiled today, so I really guess that the fix was not complete: gf (CHROOT) crashes $ ld -v GNU ld (Gentoo ) 2.32.51.20190410 gf (CHROOT) crashes $ ld 1.crashes.elf ld: warning: 1.crashes.elf has a corrupt section with a size (1810) larger than the file size = ==27723==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602028bf at pc 0x7efd46d96abb bp 0x7ffc2316a3e0 sp 0x7ffc2316a3d8 READ of size 1 at 0x602028bf thread T0 #0 0x7efd46d96aba in bfd_getl64 /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/libbfd.c:758:8 #1 0x7efd46e2ceaf in bfd_elf64_swap_dyn_in /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elfcode.h:457:21 #2 0x7efd46ea9d76 in elf_link_add_object_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elflink.c:4084:8 #3 0x7efd46ea734a in bfd_elf_link_add_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elflink.c:5772:14 #4 0x528b26 in load_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:3080:7 #5 0x5448a2 in open_input_bfds /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:3529:13 #6 0x538a7a in lang_process /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:7382:3 #7 0x55eb86 in main /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldmain.c:440:3 #8 0x7efd45d292aa in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/csu/../csu/libc-start.c:308:16 #9 0x41ecd9 in _init (/usr/x86_64-pc-linux-gnu/binutils-bin//ld+0x41ecd9) 0x602028bf is located 7 bytes to the right of 8-byte region [0x602028b0,0x602028b8) allocated by thread T0 here: #0 0x4ca673 in malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-8.0.0/work/compiler-rt-8.0.0.src/lib/asan/asan_malloc_linux.cc:146:3 #1 0x7efd46d94d0e in bfd_malloc /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/libbfd.c:275:9 #2 0x7efd46d84db2 in bfd_get_full_section_contents /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/compress.c:253:21 #3 0x7efd46ea9b24 in elf_link_add_object_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elflink.c:4066:9 #4 0x7efd46ea734a in bfd_elf_link_add_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elflink.c:5772:14 #5 0x528b26 in load_symbols /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:3080:7 #6 0x5448a2 in open_input_bfds /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:3529:13 #7 0x538a7a in lang_process /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldlang.c:7382:3 #8 0x55eb86 in main /var/tmp/portage/sys-devel/binutils-/work/binutils/ld/ldmain.c:440:3 #9 0x7efd45d292aa in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.27-r6/work/glibc-2.27/csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: heap-buffer-overflow /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/libbfd.c:758:8 in bfd_getl64 Shadow bytes around the buggy address: 0x0c047fff84c0: fa fa 00 07 fa fa 00 07 fa fa 00 00 fa fa 00 00 0x0c047fff84d0: fa fa 00 00 fa fa 00 00 fa fa 00 06 fa fa 00 06 0x0c047fff84e0: fa fa 00 05 fa fa 00 05 fa fa 00 04 fa fa 00 04 0x0c047fff84f0: fa fa 00 00 fa fa 00 00 fa fa 00 02 fa fa 00 00 0x0c047fff8500: fa fa 00 07 fa fa 00 03 fa fa 07 fa fa fa 06 fa =>0x0c047fff8510: fa fa 00 06 fa fa 00[fa]fa fa fa fa fa fa fa fa 0x0c047fff8520: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8530: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff8560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Container overflow: fc Array cookie:ac Intra object redzone:bb ASan internal: fe Left alloca redzone: ca Right alloca redzone:cb Shadow gap: cc ==27723==ABORTING Aborted -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24403] addr2line _GLOBAL__sub_I__Z11print_tracev
https://sourceware.org/bugzilla/show_bug.cgi?id=24403 --- Comment #4 from Jonny Grant --- Hi Nick Thank you for pinpointing the library. ok I filed with gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90039 Cheers, Jonny -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24403] addr2line _GLOBAL__sub_I__Z11print_tracev
https://sourceware.org/bugzilla/show_bug.cgi?id=24403 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |MOVED --- Comment #3 from Nick Clifton --- (In reply to Jonny Grant from comment #2) Hi Jonny, > Looks like it is just the "_GLOBAL__sub_I_" prefix which isn't recognised. > Would be good if c++filt could also decode the symbol. Actually the code that needs to be updated is the libiberty library, which contains the name demangling code. (A quick look shows that it already has code to detect a __GLOBAL_ prefix, so there is precedence for this kind of thing). Unfortunately the libiberty library is maintained as part of the gcc project, not the binutils project. (It is used by the binutils in c++filt amongst other tools, but it is not maintained by us). So please could you refile this PR as an enhancement request with gcc ? Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/24426] Binutils 2.28.1 segfault when presented (any) linker script on riscv64
https://sourceware.org/bugzilla/show_bug.cgi?id=24426 Alexander von Gluck IV changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |WONTFIX --- Comment #10 from Alexander von Gluck IV --- Thanks! Flagging this one as resolved. "Maybe an issue with 2.28.1, but definitely seems to be resolved in later versions of binutils" -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 H.J. Lu changed: What|Removed |Added CC||hjl.tools at gmail dot com --- Comment #10 from H.J. Lu --- (In reply to Jakub Jelinek from comment #9) > Yes, but none of those tests test the VSIB addressing. > We do have AVX2 tests for no base register, why not have also AVX512 VSIB > tests? I don't think this adds additional test coverage to assembler. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24440] binutils/wrstabs.c:1476:25: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
https://sourceware.org/bugzilla/show_bug.cgi?id=24440 dilyan.palauzov at aegee dot org changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |MOVED --- Comment #2 from dilyan.palauzov at aegee dot org --- Moved to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90036 . -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #9 from Jakub Jelinek --- Yes, but none of those tests test the VSIB addressing. We do have AVX2 tests for no base register, why not have also AVX512 VSIB tests? -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #8 from H.J. Lu --- The problem is EVEX disp8 without base register, not VSIB. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24440] binutils/wrstabs.c:1476:25: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
https://sourceware.org/bugzilla/show_bug.cgi?id=24440 --- Comment #1 from Andreas Schwab --- That doesn't make sense. vstring must be non-null since it has been passed to strlen already. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #7 from H.J. Lu --- (In reply to Jakub Jelinek from comment #6) > It is not a dup, this PR is about missing testsuite coverage, which is still > the case on binutils trunk. If you take out the fix, some tests will fail: FAIL: ix86 EVEX no disp scaling FAIL: x86-64 EVEX no disp scaling commit 629cfaf1b0fbb32a985607c774bd8e7870b9fa94 Author: Jan Beulich Date: Mon Jul 30 17:25:05 2018 +0200 x86: don't mistakenly scale non-8-bit displacements In commit b5014f7af2 I've removed (instead of replaced) a conditional, resulting in addressing forms not allowing 8-bit displacements to now get their displacements scaled under certain circumstances. Re-add the missing conditional. diff --git a/gas/ChangeLog b/gas/ChangeLog index 3f5c4e5638..8f77c3d448 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,12 @@ +2018-07-30 Jan Beulich + + PR gas/23465 + * config/tc-i386.c (output_disp): Restrict scaling. + * testsuite/gas/i386/evex-no-scale.s, +testsuite/gas/i386/evex-no-scale-32.d +testsuite/gas/i386/evex-no-scale-64.d: New. + * testsuite/gas/i386/i386.exp: Run new tests. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24440] New: binutils/wrstabs.c:1476:25: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
https://sourceware.org/bugzilla/show_bug.cgi?id=24440 Bug ID: 24440 Summary: binutils/wrstabs.c:1476:25: error: ‘%s’ directive argument is null [-Werror=format-overflow=] Product: binutils Version: 2.33 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: dilyan.palauzov at aegee dot org Target Milestone: --- Compiling most recent binutils (git/master - commit b05971a652c35ed72d3c95290e18) with gcc 8.3.1 20190330fails with: make[4]: Entering directory '/root/binutils/binutils' gcc -DHAVE_CONFIG_H -I. -I/git/binutils-gdb/binutils -I. -I/git/binutils-gdb/binutils -I../bfd -I/git/binutils-gdb/binutils/.. /bfd -I/git/binutils-gdb/binutils/../include -DLOCALEDIR="\"/usr/local/share/locale\"" -Dbin_dummy_emulation=bin_vanilla_emulat ion -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wstack-usage=262144 -Werror -O2 -pipe -g -MT wrstabs.o -MD -M P -MF .deps/wrstabs.Tpo -c -o wrstabs.o /git/binutils-gdb/binutils/wrstabs.c /git/binutils-gdb/binutils/wrstabs.c: In function ‘stab_start_class_type’: /git/binutils-gdb/binutils/wrstabs.c:1476:25: error: ‘%s’ directive argument is null [-Werror=format-overflow=] sprintf (vtable, "~%%%s", vstring); ^~ cc1: all warnings being treated as errors make[4]: *** [Makefile:1061: wrstabs.o] Error 1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #6 from Jakub Jelinek --- It is not a dup, this PR is about missing testsuite coverage, which is still the case on binutils trunk. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 H.J. Lu changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #5 from H.J. Lu --- Dup. *** This bug has been marked as a duplicate of bug 23465 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23465] wrongly scale non-8-bit x86 displacements
https://sourceware.org/bugzilla/show_bug.cgi?id=23465 H.J. Lu changed: What|Removed |Added CC||jakub at redhat dot com --- Comment #7 from H.J. Lu --- *** Bug 24434 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24273] An out-of-bounds read in bfd_hash_hash()
https://sourceware.org/bugzilla/show_bug.cgi?id=24273 Alan Modra changed: What|Removed |Added CC||ago at gentoo dot org --- Comment #5 from Alan Modra --- *** Bug 24435 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24435] heap overflow in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=24435 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||amodra at gmail dot com Resolution|--- |DUPLICATE --- Comment #2 from Alan Modra --- This doesn't reproduce on master since the pr24273 fix. *** This bug has been marked as a duplicate of bug 24273 *** -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24005] CVE-2018-20671 objdump integer overflow in load_specific_debug_section
https://sourceware.org/bugzilla/show_bug.cgi?id=24005 tfx changed: What|Removed |Added Summary|objdump integer overflow in |CVE-2018-20671 objdump |load_specific_debug_section |integer overflow in ||load_specific_debug_section -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434
--- Comment #4 from Jakub Jelinek ---
Well, ideally not just that, but much more.
grep 'gather.*(,' gas/testsuite/gas/i386/*.s
shows those VEX encoded ones testing this (in AT&T mode), so perhaps just copy
and tweak all or big part of the
grep '\(gather\|scatter\).*(.*{' gas/testsuite/gas/i386/*.s
tests and remove the base register in those (ditto for Intel mode).
(, has EVEX coverage only in the invalid tests, not the valid ones.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #3 from Martin Liška --- (In reply to Jan Beulich from comment #2) > (In reply to Martin Liška from comment #1) > > Fixed in bintuils with: > > > > commit 629cfaf1b0fbb32a985607c774bd8e7870b9fa94 (HEAD, refs/bisect/bad) > > Author: Jan Beulich > > Date: Mon Jul 30 17:25:05 2018 +0200 > > > > x86: don't mistakenly scale non-8-bit displacements > > I don't understand this comment: Said commit does not add any S/G test > case(s) o the testsuite. I don't think you should have copied the respective > gcc bug comment here. Yes, I should have mentioned that the commit fixes the problem and that it would be nice to add the assembly snippet to test suite. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 --- Comment #2 from Jan Beulich --- (In reply to Martin Liška from comment #1) > Fixed in bintuils with: > > commit 629cfaf1b0fbb32a985607c774bd8e7870b9fa94 (HEAD, refs/bisect/bad) > Author: Jan Beulich > Date: Mon Jul 30 17:25:05 2018 +0200 > > x86: don't mistakenly scale non-8-bit displacements I don't understand this comment: Said commit does not add any S/G test case(s) o the testsuite. I don't think you should have copied the respective gcc bug comment here. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 Martin Liška changed: What|Removed |Added CC||jbeulich at novell dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24436] assertion failure in elf64-x86-64.c:2374
https://sourceware.org/bugzilla/show_bug.cgi?id=24436 --- Comment #1 from Agostino Sarubbo --- Created attachment 11734 --> https://sourceware.org/bugzilla/attachment.cgi?id=11734&action=edit stacktrace -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434
Martin Liška changed:
What|Removed |Added
CC||marxin.liska at gmail dot com
--- Comment #1 from Martin Liška ---
Fixed in bintuils with:
commit 629cfaf1b0fbb32a985607c774bd8e7870b9fa94 (HEAD, refs/bisect/bad)
Author: Jan Beulich
Date: Mon Jul 30 17:25:05 2018 +0200
x86: don't mistakenly scale non-8-bit displacements
In commit b5014f7af2 I've removed (instead of replaced) a conditional,
resulting in addressing forms not allowing 8-bit displacements to now
get their displacements scaled under certain circumstances. Re-add the
missing conditional.
Minimal reproducer:
$ cat min.s
.text
foo:
vpgatherqq 8(,%ymm1,1), %ymm0{%k2}
$ ./gas/as-new --64 min.s -o avx512.o && ./binutils/objdump -S avx512.o
avx512.o: file format elf64-x86-64
Disassembly of section .text:
:
0: 62 f2 fd 2a 91 04 0dvpgatherqq 0x1(,%ymm1,1),%ymm0{%k2}
7: 01 00 00 00
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24436] New: assertion failure in elf64-x86-64.c:2374
https://sourceware.org/bugzilla/show_bug.cgi?id=24436 Bug ID: 24436 Summary: assertion failure in elf64-x86-64.c:2374 Product: binutils Version: 2.32 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org Target Milestone: --- Created attachment 11733 --> https://sourceware.org/bugzilla/attachment.cgi?id=11733&action=edit testcase On 2.32 (but reproducible on master): ld $FILE /usr/bin/ld: BFD (Gentoo 2.32 p1) 2.32.0 assertion fail /var/tmp/portage/sys-devel/binutils-2.32/work/binutils-2.32/bfd/elf64-x86-64.c:2374 master output: ld: BFD (Gentoo ) 2.32.51.20190410 assertion fail /var/tmp/portage/sys-devel/binutils-/work/binutils/bfd/elf64-x86-64.c:2376 ld: /tmp/afl/ld/report/crashes/438.crashes.elf: invalid string offset 50331648 >= 371 for section `nterp' Attached testcase and stacktrace -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24435] heap overflow in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=24435 --- Comment #1 from Agostino Sarubbo --- Created attachment 11732 --> https://sourceware.org/bugzilla/attachment.cgi?id=11732&action=edit stacktrace -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24435] New: heap overflow in bfd_getl64
https://sourceware.org/bugzilla/show_bug.cgi?id=24435 Bug ID: 24435 Summary: heap overflow in bfd_getl64 Product: binutils Version: 2.32 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org Target Milestone: --- Created attachment 11731 --> https://sourceware.org/bugzilla/attachment.cgi?id=11731&action=edit testcase On 2.32 (but reproducible on master): ld $FILE ==10118==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020289f at pc 0x7fd11c2c97eb bp 0x7ffef2a946c0 sp 0x7ffef2a946b8 READ of size 1 at 0x6020289f thread T0 #0 0x7fd11c2c97ea in bfd_getl64 /var/tmp/portage/sys-devel/binutils-2.32/work/binutils-2.32/bfd/libbfd.c:758:8 Attached testcase and stacktrace -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24427] bfd/doc/chew.c reads uninitialized memory and subtracts from function pointer
https://sourceware.org/bugzilla/show_bug.cgi?id=24427 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED Assignee|unassigned at sourceware dot org |amodra at gmail dot com --- Comment #2 from Alan Modra --- Patch applied, with a minor tweak or two. Thanks! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/24427] bfd/doc/chew.c reads uninitialized memory and subtracts from function pointer
https://sourceware.org/bugzilla/show_bug.cgi?id=24427 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b05971a652c35ed72d3c95290e18d8f6e4ef6c46 commit b05971a652c35ed72d3c95290e18d8f6e4ef6c46 Author: Michael Forney Date: Wed Apr 10 18:17:37 2019 +0930 PR24427, bfd/doc/chew.c reads uninitialized memory and subtracts from function pointer PR 24427 * doc/chew.c (free_words): Correctly free "push_text" strings. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24434] New: Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register
https://sourceware.org/bugzilla/show_bug.cgi?id=24434 Bug ID: 24434 Summary: Missing testsuite coverage for AVX512F gathers (and scatters?) with no base register Product: binutils Version: 2.33 (HEAD) Status: NEW Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: jakub at redhat dot com Target Milestone: --- As mentioned in http://gcc.gnu.org/PR90028 while a gas bug has been fixed since 2.31, I couldn't find any gas/testsuite/i386/ testsuite coverage for (,%[xyz]mm*,*) or disp(,%[xyz]mm*,*) VSIB addressing even on binutils trunk. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/22791] PLT32 should be used for 32-bit PC-relative branches
https://sourceware.org/bugzilla/show_bug.cgi?id=22791 --- Comment #23 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Rainer Orth : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a5def729be2596496aec225e843903b25c672e01 commit a5def729be2596496aec225e843903b25c672e01 Author: Rainer Orth Date: Wed Apr 10 09:48:43 2019 +0200 Disable R_X86_64_PLT32 generation as branch marker on Solaris/x86 The fix H.J. implemented for PR gas/22791 in the thread starting at [PATCH] x86-64: Treat PC32 relocation with branch as PLT32 https://sourceware.org/ml/binutils/2018-02/msg00065.html is causing problems on Solaris/x86. The native linker is strongly preferred there, and there's no intention of implementing the linker optimization he plans there. Besides, the kernel runtime linker, otherwise has no need to deal with that reloc at all, and instead of adding (possibly even more) workarounds with no benefit, it seems appropriate to disable the R_X86_64_PLT32 generation as branch marker on Solaris/x86 in the first place. The patch itself is trivial, the only complication is adapting the testsuite. Since I've found no way to have conditional sections in the .d files, I've instead used the solution already found elsewhere of having separate .d files for the affected tests in an i386/solaris subdirectory and skipping the original ones. Tested on amd64-pc-solaris2.11 and x86_64-pc-linux-gnu without regressions. * config/tc-i386.c (need_plt32_p) [TE_SOLARIS]: Return FALSE. * testsuite/gas/i386/solaris/solaris.exp: New driver. * testsuite/gas/i386/solaris/reloc64.d, testsuite/gas/i386/solaris/x86-64-jump.d, testsuite/gas/i386/solaris/x86-64-mpx-branch-1.d, testsuite/gas/i386/solaris/x86-64-mpx-branch-2.d, testsuite/gas/i386/solaris/x86-64-nop-3.d, testsuite/gas/i386/solaris/x86-64-nop-4.d, testsuite/gas/i386/solaris/x86-64-nop-5.d, testsuite/gas/i386/solaris/x86-64-relax-2.d, testsuite/gas/i386/solaris/x86-64-relax-3.d: New tests. * testsuite/gas/i386/reloc64.d, testsuite/gas/i386/x86-64-jump.d, testsuite/gas/i386/x86-64-mpx-branch-1.d, testsuite/gas/i386/x86-64-mpx-branch-2.d, testsuite/gas/i386/x86-64-nop-3.d, testsuite/gas/i386/x86-64-nop-4.d, testsuite/gas/i386/x86-64-nop-5.d, testsuite/gas/i386/x86-64-relax-2.d, testsuite/gas/i386/x86-64-relax-3.d: Skip on *-*-solaris*. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
