[Bug gas/28149] debug info with wrong file association
https://sourceware.org/bugzilla/show_bug.cgi?id=28149 Richard Biener changed: What|Removed |Added CC||rguenth at gcc dot gnu.org --- Comment #1 from Richard Biener --- Note it is also undesirable to reference the (possibly temporary) filename of the assembler file as a "fix", even though that would seem to be the fix if the compiler asked the assembler to produce line info. It's the behavior you get when assembling without any .file directive. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/26778] Error: file table slot 1 is already occupied by a different file
https://sourceware.org/bugzilla/show_bug.cgi?id=26778 Alan Modra changed: What|Removed |Added Resolution|FIXED |--- CC||amodra at gmail dot com Status|RESOLVED|REOPENED --- Comment #6 from Alan Modra --- If you look at the output of dwarf4-line-1 test using readelf -wL to interpret the line number program you get: CU: ./foo.c: File nameLine numberStarting addressView Stmt foo.c 82 0 x ./foo.h:[++] foo.h 9 0x1 x foo.h - 0x4 That doesn't make much sense to me. I think dwarf4-line-1.d is erroneous output, but to be honest, I'm not sure what the assembler should do with dwarf4-line-1.s. Maybe foo.h line 82 for bar's nop dwarf4-line-1.s line 9 for bar's ret foo.c line 1 for foo's nop foo.h line 2 for foo's ret -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28149] debug info with wrong file association
https://sourceware.org/bugzilla/show_bug.cgi?id=28149 Alan Modra changed: What|Removed |Added Depends on||26778 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=26778 [Bug 26778] Error: file table slot 1 is already occupied by a different file -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/26778] Error: file table slot 1 is already occupied by a different file
https://sourceware.org/bugzilla/show_bug.cgi?id=26778 Alan Modra changed: What|Removed |Added Blocks||28149 Referenced Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=28149 [Bug 28149] debug info with wrong file association -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28149] debug info with wrong file association
https://sourceware.org/bugzilla/show_bug.cgi?id=28149 Alan Modra changed: What|Removed |Added Ever confirmed|0 |1 Last reconfirmed||2021-07-29 Status|UNCONFIRMED |NEW --- Comment #2 from Alan Modra --- More generally, you can ask gas to assemble multiple .s files to produce a single object. How are conflicting file numbers supposed to be handled then? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug gas/28149] debug info with wrong file association
https://sourceware.org/bugzilla/show_bug.cgi?id=28149 Alan Modra changed: What|Removed |Added CC||amodra at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug.
Re: Report UBSan integer overflow bugs found by automatic tools
Dear binutils developers,
How is going with analyzing and fixing these bugs? Any feedback?
Best,
Jingxuan
On 30 Jun 2021, at 19:51, He Jingxuan
mailto:jingxuan...@inf.ethz.ch>> wrote:
Dear binutils developers,
We tested objcopy and readelf with automatic tools (based on the symbolic
execution engine KLEE and the fuzzer AFL). A number of test cases triggering
UBSan integer overflow errors were generated. We manually checked those test
cases and filtered out benign cases. Finally, we identified and report 34 cases
(29 for objcopy and 5 for readelf) that could trigger bugs. Below is the
information for reproducing the bugs.
- binutils version: 2.36
- operating system: Ubuntu 16.04.7
- compiler: clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final)
- compilation commands:
mkdir obj
cd obj
CC=clang CFLAGS="-g -O1 -Xclang -disable-llvm-passes -D__NO_STRING_INLINES
-D_FORTIFY_SOURCE=0 -U__OPTIMIZE__ -fsanitize=signed-integer-overflow
-fsanitize=unsigned-integer-overflow -fsanitize=shift -fsanitize=bounds
-fsanitize=pointer-overflow -fsanitize=null" ../configure --disable-nls
--disable-largefile --disable-gdb --disable-sim --disable-readline
--disable-libdecnumber --disable-libquadmath --disable-libstdcxx --disable-ld
--disable-gprof --disable-gas --disable-intl --disable-etc
make
The bugs are listed in the attached compressed file. For each bug, we provide
the bug triggering inputs (*.input) and the relevant error messages (*.err,
with error location and reason). For bug objcopy01, the command is "objcopy
objcopy01.input @objcopy01.input” (stored in the file objcopy01.cmd). For other
objcopy bugs, the command is “objcopy {}.input”. For all readelf bugs, the
command is “readelf {}.input”.
We note that we have tried our best to rule out non-bugs during our manual
inspection. However, we are not super familiar with binutils codebase and the
bug classification policy. We are sorry if we report non-bugs or any other
irrelevant stuffs.
Best,
Jingxuan
[Bug ld/28138] [2.37 Regression][bisected] Linker plugin complains about "malformed archive" on thin archines
https://sourceware.org/bugzilla/show_bug.cgi?id=28138 --- Comment #17 from cvs-commit at gcc dot gnu.org --- The binutils-2_37-branch branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1c611b40e6bfc8029bff7696814330b5bc0ee5c0 commit 1c611b40e6bfc8029bff7696814330b5bc0ee5c0 Author: H.J. Lu Date: Mon Jul 26 05:59:55 2021 -0700 bfd: Close the file descriptor if there is no archive fd Close the file descriptor if there is no archive plugin file descriptor to avoid running out of file descriptors on thin archives with many archive members. bfd/ PR ld/28138 * plugin.c (bfd_plugin_close_file_descriptor): Close the file descriptor there is no archive plugin file descriptor. ld/ PR ld/28138 * testsuite/ld-plugin/lto.exp: Run tmpdir/pr28138 only for native build. PR ld/28138 * testsuite/ld-plugin/lto.exp: Run ld/28138 tests. * testsuite/ld-plugin/pr28138.c: New file. * testsuite/ld-plugin/pr28138-1.c: Likewise. * testsuite/ld-plugin/pr28138-2.c: Likewise. * testsuite/ld-plugin/pr28138-3.c: Likewise. * testsuite/ld-plugin/pr28138-4.c: Likewise. * testsuite/ld-plugin/pr28138-5.c: Likewise. * testsuite/ld-plugin/pr28138-6.c: Likewise. * testsuite/ld-plugin/pr28138-7.c: Likewise. (cherry picked from commit 5a98fb7513b559e20dfebdbaa2a471afda3b4742) (cherry picked from commit 7dc37e1e1209c80e0bab784df6b6bac335e836f2) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/28138] [2.37 Regression][bisected] Linker plugin complains about "malformed archive" on thin archines
https://sourceware.org/bugzilla/show_bug.cgi?id=28138 --- Comment #16 from cvs-commit at gcc dot gnu.org --- The staging-2.37 branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1c611b40e6bfc8029bff7696814330b5bc0ee5c0 commit 1c611b40e6bfc8029bff7696814330b5bc0ee5c0 Author: H.J. Lu Date: Mon Jul 26 05:59:55 2021 -0700 bfd: Close the file descriptor if there is no archive fd Close the file descriptor if there is no archive plugin file descriptor to avoid running out of file descriptors on thin archives with many archive members. bfd/ PR ld/28138 * plugin.c (bfd_plugin_close_file_descriptor): Close the file descriptor there is no archive plugin file descriptor. ld/ PR ld/28138 * testsuite/ld-plugin/lto.exp: Run tmpdir/pr28138 only for native build. PR ld/28138 * testsuite/ld-plugin/lto.exp: Run ld/28138 tests. * testsuite/ld-plugin/pr28138.c: New file. * testsuite/ld-plugin/pr28138-1.c: Likewise. * testsuite/ld-plugin/pr28138-2.c: Likewise. * testsuite/ld-plugin/pr28138-3.c: Likewise. * testsuite/ld-plugin/pr28138-4.c: Likewise. * testsuite/ld-plugin/pr28138-5.c: Likewise. * testsuite/ld-plugin/pr28138-6.c: Likewise. * testsuite/ld-plugin/pr28138-7.c: Likewise. (cherry picked from commit 5a98fb7513b559e20dfebdbaa2a471afda3b4742) (cherry picked from commit 7dc37e1e1209c80e0bab784df6b6bac335e836f2) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/28138] [2.37 Regression][bisected] Linker plugin complains about "malformed archive" on thin archines
https://sourceware.org/bugzilla/show_bug.cgi?id=28138 H.J. Lu changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED Target Milestone|--- |2.38 --- Comment #18 from H.J. Lu --- Fixed for 2.38 and 2.37 branch. -- You are receiving this mail because: You are on the CC list for the bug.
Re: Report UBSan integer overflow bugs found by automatic tools
On Thu, Jul 29, 2021 at 08:25:37AM +, He Jingxuan wrote: > Dear binutils developers, > > How is going with analyzing and fixing these bugs? Any feedback? See https://lists.gnu.org/archive/html/bug-binutils/2021-06/msg00149.html Your email was flagged as being malware and not delivered to anyone. I see all of these reports are unsigned integer overflow, which is an odd thing for ubsan to complain about. Overflow of unsigned integers is not undefined behaviour! -- Alan Modra Australia Development Lab, IBM
Re: Report UBSan integer overflow bugs found by automatic tools
Dear Alan,
Thanks for your information!
UBSan indeed has an option to turn on complaints about unsigned integer
overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow has
caused bugs in binutils that were fixed (see
https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).
Based on our inspection, most bugs reported by us result in wrong offsets or
addresses. The *.err files provide exact bug location and bug triggering
values, which can be used to quickly decide if the bugs are true or false
positives. Could you please take a deeper look into the bugs?
For example, objcopy02.err shows that the bug happens at line 397 of file
bfd/bfdio.c, which causes the bfd file (variable abfd) points to a wrong
position (abfd->where overflows):
int
bfd_seek (bfd *abfd, file_ptr position, int direction)
{
...
abfd->where += position; // line 397
...
}
Best,
Jingxuan
On 29 Jul 2021, at 16:07, Alan Modra
mailto:amo...@gmail.com>> wrote:
On Thu, Jul 29, 2021 at 08:25:37AM +, He Jingxuan wrote:
Dear binutils developers,
How is going with analyzing and fixing these bugs? Any feedback?
See https://lists.gnu.org/archive/html/bug-binutils/2021-06/msg00149.html
Your email was flagged as being malware and not delivered to anyone.
I see all of these reports are unsigned integer overflow, which is an
odd thing for ubsan to complain about. Overflow of unsigned integers
is not undefined behaviour!
--
Alan Modra
Australia Development Lab, IBM
[Bug binutils/26206] Add pei-aarch64 support for native EFI support
https://sourceware.org/bugzilla/show_bug.cgi?id=26206 Peter Robinson changed: What|Removed |Added CC||pbrobinson at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug.
Re: Report UBSan integer overflow bugs found by automatic tools
On Thu, Jul 29, 2021 at 03:09:40PM +, He Jingxuan wrote: > Dear Alan, > > Thanks for your information! > > UBSan indeed has an option to turn on complaints about unsigned integer > overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow > has caused bugs in binutils that were fixed (see > https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example). > > Based on our inspection, most bugs reported by us result in wrong offsets or > addresses. The *.err files provide exact bug location and bug triggering > values, which can be used to quickly decide if the bugs are true or false > positives. Could you please take a deeper look into the bugs? ../../libiberty/argv.c:478:27: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long' ../../libiberty/argv.c:478:14: runtime error: unsigned integer overflow: 3 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/bfdio.c:397:14: runtime error: unsigned integer overflow: 24 + 18446744073709551600 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elfcore.h:233:43: runtime error: unsigned integer overflow: 18446744073709537336 + 14280 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:1921:56: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long' A bug. Lack of sanity checking. ../../bfd/coffcode.h:2601:27: runtime error: unsigned integer overflow: 18446744073265032094 + 444596226 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:4392:43: runtime error: unsigned integer overflow: 0 - 335544324 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:5079:26: runtime error: unsigned integer overflow: 76704 - 4294967295 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffgen.c:1192:27: runtime error: unsigned integer overflow: 18446744073709490606 + 61235 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffgen.c:1676:38: runtime error: unsigned integer overflow: 18446744071562069503 * 18 cannot be represented in type 'unsigned long' ../../bfd/coffgen.c:1676:7: runtime error: unsigned integer overflow: 32799 + 18446744073709551598 cannot be represented in type 'unsigned long' Lack of sanity checking again. ../../bfd/coffgen.c:1988:30: runtime error: unsigned integer overflow: 4294967295 + 1 cannot be represented in type 'unsigned int' A bug. ../../bfd/elf.c:12069:41: runtime error: unsigned integer overflow: 18446744073709551604 + 32 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:12077:41: runtime error: unsigned integer overflow: 18446744073709551600 + 64 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:12062:56: runtime error: unsigned integer overflow: 18446744073709551580 + 64 cannot be represented in type 'unsigned long' Not a bug. peXXigen.c:561:26: runtime error: unsigned integer overflow: 4294967295 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. peXXigen.c:569:31: runtime error: unsigned integer overflow: 4294967295 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5543:36: runtime error: unsigned integer overflow: 16777216 + 18446744073709289469 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5715:20: runtime error: unsigned integer overflow: 128 - 2147483724 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5717:15: runtime error: unsigned integer overflow: 0 - 1996 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5789:32: runtime error: unsigned integer overflow: 18446744073709549620 + 1996 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5791:33: runtime error: unsigned integer overflow: 262147 - 294915 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:6289:10: runtime error: unsigned integer overflow: 18446744073709551594 + 22 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7265:10: runtime error: unsigned integer overflow: 0 - 22 cannot be represented in type 'unsigned long' Not a bug. i../../bfd/elf.c:7285:21: runtime error: unsigned integer overflow: 22 - 64 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7299:21: runtime error: unsigned integer overflow: 0 - 7 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7449:4: runtime error: unsigned integer overflow: 0 - 32 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7614:32: runtime error: unsigned integer overflow: 0 - 134217728 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7615:32: runtime error: unsigned integer overflow: 0 - 335544322 cannot be represented in type 'unsigned long'
