[Bug binutils/29370] dwarf.c: infinite loop in display_debug_abbrev

2022-07-15 Thread h3xrabbit at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=29370

Hex Rabbit  changed:

   What|Removed |Added

 CC||h3xrabbit at gmail dot com,
   ||nickc at redhat dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/29370] New: dwarf.c: infinite loop in display_debug_abbrev

2022-07-15 Thread h3xrabbit at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=29370

Bug ID: 29370
   Summary: dwarf.c: infinite loop in display_debug_abbrev
   Product: binutils
   Version: 2.40 (HEAD)
Status: UNCONFIRMED
  Severity: normal
  Priority: P2
 Component: binutils
  Assignee: unassigned at sourceware dot org
  Reporter: h3xrabbit at gmail dot com
  Target Milestone: ---

Created attachment 14211
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14211&action=edit
file that caused infinite loop

During fuzzing campaign, I found some files will cause infinite loop inside
`display_debug_abbrev()` with the command below:

readelf -w poc


build on the latest commit (9afca381e2e46ccee433ce09001506e7683b273f), with
default config `../configure`

Command output:

readelf: Warning: The e_shentsize field in the ELF header is larger than the
size of an ELF section header
readelf: Error: Reading 3584 bytes extends past end of file for program headers
readelf: Error: Reading 1717502016 bytes extends past end of file for
.trace_abbrev section data

... warnings ...

Contents of the .trace_abbrev section:

... contents ...

Section '.trace_abbrev' has no debugging data.
Contents of the .trace_abbrev section:

  Number TAG (0x0)
   3878592198768  DW_TAG_padding[no children]
Unknown AT value: 70e1c3870e1c3870 Unknown FORM value: 45
DW_AT_virtuality   Unknown FORM value: 46
DW_AT_location DW_FORM_addr
DW_AT_sibling  DW_FORM value: 0
DW_AT value: 0 DW_FORM value: 0
readelf: Warning: Debug info is corrupted, abbrev offset (1240) is larger than
abbrev section size (8)

Contents of the .trace_abbrev section:

  Number TAG (0x0)
   3878592198768  DW_TAG_padding[no children]
Unknown AT value: 70e1c3870e1c3870 Unknown FORM value: 45
DW_AT_virtuality   Unknown FORM value: 46
DW_AT_location DW_FORM_addr
DW_AT_sibling  DW_FORM value: 0
DW_AT value: 0 DW_FORM value: 0

... looping same contents ...


I observed through gdb when the program starts to loop, break on `if (list ==
NULL)` line and print out the variables:

gdb$ p start
$43 = (unsigned char *) 0x55660b70 "\177ELF.trace_abbrev"

gdb$ p section->start
$44 = (unsigned char *) 0x55660b70 "\177ELF.trace_abbrev"

gdb$ p *list
$45 = {
  first_abbrev = 0x5565f3d0,
  last_abbrev = 0x5565f3d0,
  abbrev_base = 0x0,
  abbrev_offset = 0x0,
  next = 0x0,
  start_of_next_abbrevs = 0x55660b70 "\177ELF.trace_abbrev"
}

The `offset` variable will always be 0, and the `start` variable will never
updated since `list->start_of_next_abbrevs` is the same as `start`, maybe it's
caused by entering this function more than once?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gprofng/29364] libgprofng.so: needs to link against -pthread

2022-07-15 Thread vladimir.mezentsev at oracle dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=29364

Vladimir Mezentsev  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED

--- Comment #2 from Vladimir Mezentsev  
---
$(PTHREAD_LIBS) is empty when -nostdlib is passed to libtool.

I propose the following fix:

diff --git a/gprofng/src/Makefile.am b/gprofng/src/Makefile.am
index 2584a67dc55..6e0931524e4 100644
--- a/gprofng/src/Makefile.am
+++ b/gprofng/src/Makefile.am
@@ -127,10 +127,14 @@ EXTRA_DIST = QLParser.yy $(man_MANS)
 pkglib_LTLIBRARIES = $(LIBGPROFNG)
 libgprofng_la_SOURCES = $(CCSOURCES) $(CSOURCES)
 libgprofng_la_LDFLAGS = -version-info 0:0:0
+
+# Pass -lpthread instead of $(PTHREAD_LIBS) due to $(PTHREAD_LIBS) being empty
+# when -nostdlib is passed to libtool.
+# See bug 29364 - libgprofng.so: needs to link against -pthread
 libgprofng_la_LIBADD = $(top_builddir)/../opcodes/libopcodes.la \
$(top_builddir)/../bfd/libbfd.la \
$(GPROFNG_LIBADD) \
-   $(PTHREAD_LIBS) -ldl
+   -lpthread -ldl

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/29369] [2.39 Regression] ld: internal error ../../ld/ldlang.c 6452 on powerpc64le-linux-gnu

2022-07-15 Thread amodra at gmail dot com 
https://sourceware.org/bugzilla/show_bug.cgi?id=29369

Alan Modra  changed:

   What|Removed |Added

   Assignee|unassigned at sourceware dot org   |amodra at gmail dot com

--- Comment #1 from Alan Modra  ---
The assertion failure is the one at the end of lang_size_relro_segment_1, which
indicates that the reverse layout of sections done there somehow exceeds the
space requirement for the normal forward layout of sections.  I'm not clever
enough to see how this might happen without the objects files.

-- 
You are receiving this mail because:
You are on the CC list for the bug.