This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

objcopy --redefine-sym(s) segfaults on mach-o-i386


Hello,

objcopy crashes very often when renaming symbols in mach-o-i386 object files.
I've uploaded a coredump http://176.28.14.46/core.24966  and a small
object file with which the crash happened.
The coredump was generated on linux x86_64
The binutils version is:

x86_64-apple-darwin-objcopy --version
GNU objcopy (GNU Binutils) 2.24.51.20140331
Copyright (C) 2014 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.

The binary was compiled on Mountain Lion with gcc -m32 -c test.c -o test.o
where gcc is really a link on clang:
gcc --version
Apple LLVM version 5.1 (clang-503.0.38) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin12.5.0
Thread model: posix

The problem is reproducible with recent binutils compiled on OSX.
I've also attached a valgrind logmessage.

Kind Regards,
Michael
==25435== Memcheck, a memory error detector
==25435== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==25435== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==25435== Command: /home/nax/macools/bin/x86_64-apple-darwin-objcopy --redefine-sym _hello1=_hoho /home/nax/Downloads/test\ (2).o
==25435== Parent PID: 23854
==25435== 
--25435-- 
--25435-- Valgrind options:
--25435--    -v
--25435--    --leak-check=full
--25435--    --log-file=valgrind.log
--25435-- Contents of /proc/version:
--25435--   Linux version 3.13.7-1-ARCH (nobody@var-lib-archbuild-extra-x86_64-thomas) (gcc version 4.8.2 20140206 (prerelease) (GCC) ) #1 SMP PREEMPT Mon Mar 24 20:06:08 CET 2014
--25435-- Arch and hwcaps: AMD64, amd64-cx16-rdtscp-sse3-avx
--25435-- Page sizes: currently 4096, max supported 4096
--25435-- Valgrind library directory: /usr/lib/valgrind
--25435-- Reading syms from /home/nax/macools/bin/x86_64-apple-darwin-objcopy
--25435-- Reading syms from /usr/lib/ld-2.19.so
--25435-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux
--25435--    object doesn't have a symbol table
--25435--    object doesn't have a dynamic symbol table
--25435-- Scheduler: using generic scheduler lock implementation.
--25435-- Reading suppressions file: /usr/lib/valgrind/default.supp
==25435== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-25435-by-nax-on-???
==25435== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-25435-by-nax-on-???
==25435== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-25435-by-nax-on-???
==25435== 
==25435== TO CONTROL THIS PROCESS USING vgdb (which you probably
==25435== don't want to do, unless you know exactly what you're doing,
==25435== or are doing some strange experiment):
==25435==   /usr/lib/valgrind/../../bin/vgdb --pid=25435 ...command...
==25435== 
==25435== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==25435==   /path/to/gdb /home/nax/macools/bin/x86_64-apple-darwin-objcopy
==25435== and then give GDB the following command
==25435==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=25435
==25435== --pid is optional if only one valgrind process is running
==25435== 
--25435-- REDIR: 0x40178e0 (strlen) redirected to 0x380673f1 (???)
--25435-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
--25435--    object doesn't have a symbol table
--25435-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--25435--    object doesn't have a symbol table
--25435-- REDIR: 0x4017690 (index) redirected to 0x4c2b7f0 (index)
--25435-- REDIR: 0x40178b0 (strcmp) redirected to 0x4c2c8d0 (strcmp)
--25435-- Reading syms from /usr/lib/libz.so.1.2.8
--25435--    object doesn't have a symbol table
--25435-- Reading syms from /usr/lib/libc-2.19.so
--25435-- REDIR: 0x50cedf0 (strcasecmp) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50d10e0 (strncasecmp) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50ce5c0 (memcpy@GLIBC_2.2.5) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50cc940 (rindex) redirected to 0x4c2b5e0 (rindex)
--25435-- REDIR: 0x50c9230 (__GI_strcmp) redirected to 0x4c2c880 (__GI_strcmp)
--25435-- REDIR: 0x50cac40 (strlen) redirected to 0x4c2bb80 (strlen)
--25435-- REDIR: 0x50cb0b0 (__GI_strncmp) redirected to 0x4c2c090 (__GI_strncmp)
--25435-- REDIR: 0x50c8fd0 (__GI_strchr) redirected to 0x4c2b6f0 (__GI_strchr)
--25435-- REDIR: 0x50d5780 (strchrnul) redirected to 0x4c2e5c0 (strchrnul)
--25435-- REDIR: 0x50c4fd0 (malloc) redirected to 0x4c286c0 (malloc)
--25435-- REDIR: 0x50c5610 (free) redirected to 0x4c29930 (free)
--25435-- REDIR: 0x50cec80 (__GI_stpcpy) redirected to 0x4c2dbd0 (__GI_stpcpy)
--25435-- REDIR: 0x50c91f0 (strcmp) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x516d830 (__strcmp_ssse3) redirected to 0x4c2c830 (strcmp)
--25435-- REDIR: 0x50cae00 (strnlen) redirected to 0x4c2bb20 (strnlen)
--25435-- REDIR: 0x50c5940 (calloc) redirected to 0x4c2a7a0 (calloc)
--25435-- REDIR: 0x50cdc90 (memchr) redirected to 0x4c2c970 (memchr)
--25435-- REDIR: 0x50d5570 (rawmemchr) redirected to 0x4c2e600 (rawmemchr)
--25435-- REDIR: 0x50c8fa0 (index) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50cc900 (strncpy) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50de8d0 (__strncpy_sse2_unaligned) redirected to 0x4c2bd80 (strncpy)
--25435-- REDIR: 0x50ca680 (strcpy) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50de2a0 (__strcpy_sse2_unaligned) redirected to 0x4c2bbc0 (strcpy)
--25435-- REDIR: 0x50d37c0 (memcpy@@GLIBC_2.14) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x50d96e0 (__memcpy_sse2_unaligned) redirected to 0x4c2cc20 (memcpy@@GLIBC_2.14)
--25435-- REDIR: 0xffffffffff600000 (???) redirected to 0x380673d3 (???)
--25435-- REDIR: 0x50ce650 (memset) redirected to 0x4c2dfc0 (memset)
--25435-- REDIR: 0x50cb060 (strncmp) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x516ea90 (__strncmp_ssse3) redirected to 0x4c2c020 (strncmp)
--25435-- REDIR: 0x50cdfe0 (bcmp) redirected to 0x4a23730 (_vgnU_ifunc_wrapper)
--25435-- REDIR: 0x518d690 (__memcmp_sse4_1) redirected to 0x4c2da70 (bcmp)
==25435== Invalid read of size 8
==25435==    at 0x4401F6: bfd_mach_o_canonicalize_relocs (mach-o.c:1093)
==25435==    by 0x440863: bfd_mach_o_canonicalize_reloc (mach-o.c:1178)
==25435==    by 0x407923: mark_symbols_used_in_relocations (objcopy.c:3122)
==25435==    by 0x43069B: bfd_map_over_sections (section.c:1354)
==25435==    by 0x409499: copy_object (objcopy.c:2081)
==25435==    by 0x40A9F3: copy_file (objcopy.c:2514)
==25435==    by 0x405852: main (objcopy.c:4270)
==25435==  Address 0x805439aa0 is not stack'd, malloc'd or (recently) free'd
==25435== 
==25435== Invalid read of size 8
==25435==    at 0x4401FA: bfd_mach_o_canonicalize_relocs (mach-o.c:1093)
==25435==    by 0x440863: bfd_mach_o_canonicalize_reloc (mach-o.c:1178)
==25435==    by 0x407923: mark_symbols_used_in_relocations (objcopy.c:3122)
==25435==    by 0x43069B: bfd_map_over_sections (section.c:1354)
==25435==    by 0x409499: copy_object (objcopy.c:2081)
==25435==    by 0x40A9F3: copy_file (objcopy.c:2514)
==25435==    by 0x405852: main (objcopy.c:4270)
==25435==  Address 0x78 is not stack'd, malloc'd or (recently) free'd
==25435== 
==25435== 
==25435== Process terminating with default action of signal 11 (SIGSEGV)
==25435==  Access not within mapped region at address 0x78
==25435==    at 0x4401FA: bfd_mach_o_canonicalize_relocs (mach-o.c:1093)
==25435==    by 0x440863: bfd_mach_o_canonicalize_reloc (mach-o.c:1178)
==25435==    by 0x407923: mark_symbols_used_in_relocations (objcopy.c:3122)
==25435==    by 0x43069B: bfd_map_over_sections (section.c:1354)
==25435==    by 0x409499: copy_object (objcopy.c:2081)
==25435==    by 0x40A9F3: copy_file (objcopy.c:2514)
==25435==    by 0x405852: main (objcopy.c:4270)
==25435==  If you believe this happened as a result of a stack
==25435==  overflow in your program's main thread (unlikely but
==25435==  possible), you can try to increase the size of the
==25435==  main thread stack using the --main-stacksize= flag.
==25435==  The main thread stack size used in this run was 8388608.
==25435== 
==25435== HEAP SUMMARY:
==25435==     in use at exit: 53,784 bytes in 37 blocks
==25435==   total heap usage: 2,429 allocs, 2,392 frees, 231,742 bytes allocated
==25435== 
==25435== Searching for pointers to 37 not-freed blocks
==25435== Checked 413,176 bytes
==25435== 
==25435== LEAK SUMMARY:
==25435==    definitely lost: 0 bytes in 0 blocks
==25435==    indirectly lost: 0 bytes in 0 blocks
==25435==      possibly lost: 0 bytes in 0 blocks
==25435==    still reachable: 53,784 bytes in 37 blocks
==25435==         suppressed: 0 bytes in 0 blocks
==25435== Reachable blocks (those to which a pointer was found) are not shown.
==25435== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==25435== 
==25435== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)
==25435== 
==25435== 1 errors in context 1 of 2:
==25435== Invalid read of size 8
==25435==    at 0x4401FA: bfd_mach_o_canonicalize_relocs (mach-o.c:1093)
==25435==    by 0x440863: bfd_mach_o_canonicalize_reloc (mach-o.c:1178)
==25435==    by 0x407923: mark_symbols_used_in_relocations (objcopy.c:3122)
==25435==    by 0x43069B: bfd_map_over_sections (section.c:1354)
==25435==    by 0x409499: copy_object (objcopy.c:2081)
==25435==    by 0x40A9F3: copy_file (objcopy.c:2514)
==25435==    by 0x405852: main (objcopy.c:4270)
==25435==  Address 0x78 is not stack'd, malloc'd or (recently) free'd
==25435== 
==25435== 
==25435== 1 errors in context 2 of 2:
==25435== Invalid read of size 8
==25435==    at 0x4401F6: bfd_mach_o_canonicalize_relocs (mach-o.c:1093)
==25435==    by 0x440863: bfd_mach_o_canonicalize_reloc (mach-o.c:1178)
==25435==    by 0x407923: mark_symbols_used_in_relocations (objcopy.c:3122)
==25435==    by 0x43069B: bfd_map_over_sections (section.c:1354)
==25435==    by 0x409499: copy_object (objcopy.c:2081)
==25435==    by 0x40A9F3: copy_file (objcopy.c:2514)
==25435==    by 0x405852: main (objcopy.c:4270)
==25435==  Address 0x805439aa0 is not stack'd, malloc'd or (recently) free'd
==25435== 
--25435-- 
--25435-- used_suppression:      1 dl-hack3-cond-1 /usr/lib/valgrind/default.supp:1196
==25435== 
==25435== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)

Attachment: test (2).o
Description: application/object


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]