Re: Possible bug in objdump

[Nick Clifton]

Hi Joe,

> The possible bug is explained in the comments near the beginning of the file
> Bug.c

Please could file a bug report using the binutils Bugzilla system here:

  https://sourceware.org/bugzilla/enter_bug.cgi?product=binutils

When you do, it would be really helpful if you could include a copy of the
"Bug" executable, as well as the other files, as it is very hard to ensure
that we have exactly the same compilation environment as you have.

As to the the bug itself:

  //  99f:  48 8b 05 8a 52 20 00movrax,QWORD PTR [rip+0x20528a] 
   # 205c30 
  //
  // The instructions access XtStrings+0x48f0.  However, if you look at Bug.elf 
you see
  //
  //  11: 00201340  2649 OBJECT  GLOBAL DEFAULT   21 XtStrings
  //
  // The size of XtStrings is 2649 decimal.  But XtStrings+0x48f0 is beyond the 
region occupied by XtStrings.

My guess is that the disassembler has chosen XtStrings as being the
nearest user-visible symbol to the address referenced, in the hopes
that it might be useful to the reader.  The disassembler is not saying
that the XtStrings array is actually being used, but merely that it
could find any closer symbol.

Cheers
  Nick

[Bug ld/25802] Several 64-bit SPARC tests FAIL: relocation truncated to fit

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25802

Nick Clifton  changed:

   What|Removed |Added

 CC||nickc at redhat dot com

--- Comment #2 from Nick Clifton  ---
Hi Rainer,

>  I wonder how best to handle this: bfd/elfxx-sparc.c 
> (_bfd_sparc_elf_relocate_section) already silently ignores the overflow in a
> few select cases (like .stab sections), following the lead of Solaris ld. 

Do you know if the Solaris linker ignores overflow in other cases as well ?
IE should we be emulating the Solaris linker and ignoring more overflows ?

>  As expected, the tests do PASS if I do this unconditionally for the 
> 3 affected relocs.
> 
> This may or may not be a hack, though.

It probably is a hack, modulo the answer to the question above of course.

Are you able to examine a Solaris linked binary and find out how
those relocs were resolved ?  Ie is the debug info correct or corrupt
or just uninitialised ?

One possibility that occurs to me is that the Solaris linker is using
a different linker script to the bfd linker (or whatever it uses) and
so placing the sections in different places.  Places which are more
amenable to resolving the relocs.

It also occurs to me that maybe the bug is in the assembler, in that it 
should be generating R_SPARC_UA64 relocs instead of R_SPARC_UA32 relocs.
Not being a Solaris expert however, I do not know if this is the case.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/26111] New: Attempting free on address which was not malloc()

[15664243668 at 163 dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26111

Bug ID: 26111
   Summary: Attempting free on address which was not malloc()
   Product: binutils
   Version: 2.34
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: 15664243668 at 163 dot com
  Target Milestone: 2.34

Created attachment 12616
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12616&action=edit
PoC

I have found a bug of attempting free on address which was not malloc() in
function _bfd_coff_free_symbols by fuzzing, which is located in
binutils-2.34/bfd/coffgen.c:1782. This bug is triggered as
$objdump -d PoC

We compile GNU Binutils-2.34 with AddressSanitizer in 32-bits on Ubuntu 16.04.
The information are printed as:


./id:47,sig:06,src:001766,op:havoc,rep:4: file format pei-i386


Disassembly of section .text:

 <.text>:
   0:   ff 25 00 00 00 00   jmp*0x0
   6:   90  nop
   7:   90  nop
=
==20459==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0xf3803b60 in thread T0
#0 0xf7275a84 in free (/usr/lib32/libasan.so.2+0x96a84)
#1 0x867669f in _bfd_coff_free_symbols
/home/ubuntu/yuetai/asan_programs/binutils-2.34/bfd/coffgen.c:1782
#2 0x867669f in _bfd_coff_close_and_cleanup
/home/ubuntu/yuetai/asan_programs/binutils-2.34/bfd/coffgen.c:3180
#3 0x82b5784 in bfd_close_all_done
/home/ubuntu/yuetai/asan_programs/binutils-2.34/bfd/opncls.c:789
#4 0x8059628 in display_file objdump.c:5016
#5 0x8059628 in main objdump.c:5349
#6 0xf703e636 in __libc_start_main (/lib32/libc.so.6+0x18636)
#7 0x805ced5 
(/home/ubuntu/yuetai/asan_target/binutils-2-34/objdump+0x805ced5)

0xf3803b60 is located 736 bytes inside of 1745-byte region
[0xf3803880,0xf3803f51)
allocated by thread T0 here:
#0 0xf7275f8e in calloc (/usr/lib32/libasan.so.2+0x96f8e)
#1 0x82a60ae in bfd_malloc
/home/ubuntu/yuetai/asan_programs/binutils-2.34/bfd/libbfd.c:275
#2 0x82a60ae in bfd_zmalloc
/home/ubuntu/yuetai/asan_programs/binutils-2.34/bfd/libbfd.c:360
#3 0x893dd8b 
(/home/ubuntu/yuetai/asan_target/binutils-2-34/objdump+0x893dd8b)

SUMMARY: AddressSanitizer: bad-free ??:0 free
==20459==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/26111] Attempting free on address which was not malloc()

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26111

Alan Modra  changed:

   What|Removed |Added

 Resolution|--- |DUPLICATE
 Status|UNCONFIRMED |RESOLVED

--- Comment #1 from Alan Modra  ---
Fixed for 2.35

*** This bug has been marked as a duplicate of bug 25447 ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/25447] objcopy : free() invalid pointer in _bfd_coff_free_symbols

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=25447

Alan Modra  changed:

   What|Removed |Added

 CC||15664243668 at 163 dot com

--- Comment #10 from Alan Modra  ---
*** Bug 26111 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/25802] Several 64-bit SPARC tests FAIL: relocation truncated to fit

[ro at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=25802

--- Comment #4 from Rainer Orth  ---
Created attachment 12617
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12617&action=edit
ld-elf/eh5 elfdump -u output

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/25802] Several 64-bit SPARC tests FAIL: relocation truncated to fit

[ro at CeBiTec dot Uni-Bielefeld.DE]

https://sourceware.org/bugzilla/show_bug.cgi?id=25802

--- Comment #3 from Rainer Orth  ---
> --- Comment #2 from Nick Clifton  ---
> Hi Rainer,
>
>>  I wonder how best to handle this: bfd/elfxx-sparc.c 
>> (_bfd_sparc_elf_relocate_section) already silently ignores the overflow in a
>> few select cases (like .stab sections), following the lead of Solaris ld. 
>
> Do you know if the Solaris linker ignores overflow in other cases as well ?
> IE should we be emulating the Solaris linker and ignoring more overflows ?

I'd have to ask the Solaris linker engineer (Ali Bahrami, you may know
him) that.  I haven't found anything in the OpenSolaris linker sources,
though.

>>  As expected, the tests do PASS if I do this unconditionally for the 
>> 3 affected relocs.
>> 
>> This may or may not be a hack, though.
>
> It probably is a hack, modulo the answer to the question above of course.
>
> Are you able to examine a Solaris linked binary and find out how
> those relocs were resolved ?  Ie is the debug info correct or corrupt
> or just uninitialised ?

After linking the ld-elf/eh5 test with Solaris ld instead of ld-new, I
tried the following:

* Run readelf -u on the result, which comes up blank:

The decoding of unwind sections for machine type Sparc v9 is not currently
supported.

* However, elfdump -u (the native Solaris ELF object dumping utility)
  produces results that seem at least well formed and possibly sensible
  (attached).

* I've also run readelf -wf (also attached) and visually compared it to
  eh5.d (is there a manual way to perform a comparison between readelf
  etc. output and a .d file?): the first few sections seemed to match.

> One possibility that occurs to me is that the Solaris linker is using
> a different linker script to the bfd linker (or whatever it uses) and
> so placing the sections in different places.  Places which are more
> amenable to resolving the relocs.

The Solaris linker doesn't use explicit linker scripts (and has a
different mapfile syntax compared to GNU ld).  However, the internal
rules (in the Solaris syntax) are documented in the Linkers and
Libraries Guide:

https://docs.oracle.com/cd/E37838_01/html/E36783/gjqaz.html#scrolltoc

> It also occurs to me that maybe the bug is in the assembler, in that it 
> should be generating R_SPARC_UA64 relocs instead of R_SPARC_UA32 relocs.
> Not being a Solaris expert however, I do not know if this is the case.

Me neither: I'm just the messenger ;-)  Unfortunately, the Solaris/SPARC
assembler doesn't support the .cfi_* directives, otherwise I could have
tried to use it to assemble the input and compare.  Are there C sources
corresponding to the eh5*.s files that I could feed through
Solaris/SPARC gcc configure to use as instead of gas?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/25802] Several 64-bit SPARC tests FAIL: relocation truncated to fit

[ro at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=25802

--- Comment #5 from Rainer Orth  ---
Created attachment 12618
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12618&action=edit
ld-elf/eh5 readelf -wf output

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/26103] Assertion failure at ldlang.c:7269 when compiling with LTO on MinGW

[markus.boeck02 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26103

--- Comment #2 from Markus Böck  ---
Created attachment 12619
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12619&action=edit
Symbols in ios.o of the working compiler

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/26103] Assertion failure at ldlang.c:7269 when compiling with LTO on MinGW

[markus.boeck02 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26103

--- Comment #3 from Markus Böck  ---
Created attachment 12620
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12620&action=edit
Symbols in ios.o of the compiler causing the assert in ld

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/26103] Assertion failure at ldlang.c:7269 when compiling with LTO on MinGW

[markus.boeck02 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26103

--- Comment #4 from Markus Böck  ---
Using git bisect I managed to figure out which commit of GCC 9 has started
causing the issue. I am confused as to how or why it would do so however.
The first commit that causes this bug is: "PR libstdc++/86450 use -Wabi=2 and
simplify -Werror use" with revision number
c3be340eb67fff7ef353d37bd02898f295ea0ef1

Regarding the reproducability I have used following configure options for
building GCC 9:
../configure --target=x86_64-w64-mingw32 --disable-bootstrap
--enable-version-specific-runtime-libs --with-gcc-major-version-only
--prefix=/mnt/c/GCC-Build/NewestLinux
--with-sysroot=/mnt/c/GCC-Build/NewestLinux --disable-libstdcxx-pch
--disable-multilib --with-tune=znver1 --with-cross-host
--disable-libstdcxx-verbose --enable-languages=c,c++,fortran,lto,objc,obj-c++
--disable-nls --disable-win32-registry --enable-shared --with-gnu-ld
--program-prefix=x86_64-w64-mingw32- --enable-threads=posix
--enable-__cxa_atexit --enable-libgomp --with-gnu-as --program-suffix=-9
--without-isl

All tests that I performed have been using the same version of MinGW (close to
current trunk) as well as the binutils at the revision specified in the
original post.

Additionally I ran gdb to check which symbol cause the re-inclusion of
libstdc++. The function with the assert 'ldlang_add_file' is called by
'add_archive_element', whose name parameter has following content:
".weak._ZSt4swapISt6localeENSt9enable_ifIXsrSt6__and_IISt6__not_ISt15__is_tuple_likeIT_EESt21is_move_constructibleIS5_ESt18is_move_assignableIS5_EEE5valueEvE4typeERS5_SF_._ZStanSt12_Ios_IostateS_"

Last I tried to print and compare the symbol table of ios.o both before and
after the bad commit. I ran llvm-objdump -t on both versions of libstdc++ and
removed all other object files but ios.o in the output. Only the object file
after the bad commit contains .weak symbols that might trip up the linker. I
have attached both symbols tables of the working compiler and the one
triggering the assert.

Please tell me if there is anything more that I can do for you and thank you
for your patience and time already spent!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/26112] New: readelf --debug-dump=macro can't parse clang debug info

[tstellar at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26112

Bug ID: 26112
   Summary: readelf --debug-dump=macro can't parse clang debug
info
   Product: binutils
   Version: 2.34
Status: NEW
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: tstellar at redhat dot com
  Target Milestone: ---

Created attachment 12621
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12621&action=edit
Clang binary output.

Test case:

$ echo "#define FOO bar" | clang -x c -c - -fdebug-macro -gdwarf-5 -o
clang-debug-macro.o
$ readelf --debug-dump=macro ./clang-debug-macro.o 
Contents of the .debug_macro section:

  Offset:  0x0
  Version: 5
  Offset size: 4
  Offset into .debug_line: 0x0

 DW_MACRO_start_file - lineno: 0 filenum: 1
readelf: ./clang-debug-macro.o: Error:  Unknown macro opcode 0b seen



I'm using binutils-2.34.0-6.fc33 from Fedora and clang 11 (which is current
trunk).  It looks this used to work, but stopped working after clang commit:
https://github.com/llvm/llvm-project/commit/b47403c0a4c532554cf3d67ed1669fe00530aab3

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gas/26113] New: gas 2.34 gets stuck in infinite loop after compilation error

[me at tbrindus dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=26113

Bug ID: 26113
   Summary: gas 2.34 gets stuck in infinite loop after compilation
error
   Product: binutils
   Version: 2.34
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: gas
  Assignee: unassigned at sourceware dot org
  Reporter: me at tbrindus dot ca
  Target Milestone: ---

Created attachment 12622
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12622&action=edit
Python source code

Hi,

We run a system where students may submit code in several languages and have it
run on our machines -- among others, we support x64 Assembly and Python. One
student mis-selected the language of their source code, and submitted a Python
program as x64 Assembly. This caused gas 2.34 to lock up after emitting the
expected syntax errors; it did not terminate after 8 hours (when we found out
and SIGKILL'd the process).

We are running gas from Debian sid's repos. In particular:


$ x86_64-linux-gnu-as --version
GNU assembler (GNU Binutils for Debian) 2.34
Copyright (C) 2020 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or later.
This program has absolutely no warranty.
This assembler was configured for a target of `x86_64-linux-gnu'.


The file submitted is attached. Running gas with no extra arguments exhibits
the issue.

$ x86_64-linux-gnu-as test.py
test.py: Assembler messages:
test.py:1: Error: no such instruction: `def cal():'
test.py:2: Error: junk at end of line, first unrecognized character is `('
test.py:4: Error: invalid character '(' in mnemonic
...snip...
test.py:17: Error: invalid character '(' in mnemonic
test.py: Error: symbol definition loop encountered at `int'
test.py: Error: invalid operands (.text and *ABS* sections) for `%' when
setting `a'

^C

This appears to be a regression since 2.31.1 (Debian buster version of gas),
which exits after emitting the error messages.

I'm happy to provide any other information that may be useful.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gas/26113] gas 2.34 gets hangs after compilation error

[me at tbrindus dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=26113

Tudor  changed:

   What|Removed |Added

Summary|gas 2.34 gets stuck in  |gas 2.34 gets hangs after
   |infinite loop after |compilation error
   |compilation error   |

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gas/26113] gas 2.34 hangs after compilation error

[me at tbrindus dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=26113

Tudor  changed:

   What|Removed |Added

Summary|gas 2.34 gets hangs after   |gas 2.34 hangs after
   |compilation error   |compilation error

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gas/26113] gas 2.34 hangs after compilation error

[amodra at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26113

Alan Modra  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |WORKSFORME

--- Comment #1 from Alan Modra  ---
This was fixed on master with commit 2a50b40146 and on binutils-2_34-branch
with commit 5768460022.

-- 
You are receiving this mail because:
You are on the CC list for the bug.