28674 – objdump crashed when compiled with `clang-13 -O0`

Bug 28674 - objdump crashed when compiled with `clang-13 -O0`

Summary: objdump crashed when compiled with `clang-13 -O0`

Status:	RESOLVED FIXED

Alias:	None

Product:	binutils
Classification:	Unclassified
Component:	binutils (show other bugs)
Version:	2.38

Importance:	P2 normal
Target Milestone:	2.38
Assignee:	Alan Modra

URL:
Keywords:

Duplicates (2):	28652 28662 (view as bug list)
Depends on:
Blocks:

Reported:	2021-12-08 15:26 UTC by Shaohua Li
Modified:	2021-12-10 00:03 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
poc_clang-O0 (495 bytes, application/x-object) 2021-12-08 15:26 UTC, Shaohua Li	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shaohua Li 2021-12-08 15:26:41 UTC

Created attachment 13831 [details]
poc_clang-O0

Hi there,

I crashed `objdump -S -D` when I compile binutils with `clang-13 -O0`. For the provided poc, if I compile with other opt flags, e.g., `clang-13 -O2`, `objdump -S -D` would not crash.

- Compiler: clang-13 -O0

- Platform: Ubuntu 20.04.4 LTS, x86_64

- Reproduce: run `objdump -S -D poc_clang-O0`

- Raw output:

../bin/objdump-clang13-O0: Warning: Corrupt unit length (got 0x656c6966 expected at most 0x12) in section .debug_info

bugs/diff_5:     file format elf64-x86-64


Disassembly of section .debug_str:

0000000000000000 <string1>:
../bin/objdump-clang13-O0: BFD (GNU Binutils) 2.37.50.20211202 assertion fail ./dwarf2.c:4296
../bin/objdump-clang13-O0: DWARF error: info pointer extends beyond end of attributes
../bin/objdump-clang13-O0: DWARF error: info pointer extends beyond end of attributes
Segmentation fault (core dumped)

Comment 1 Sourceware Commits 2021-12-09 22:07:55 UTC

The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b243230f64fb4db9a16ef88ec5bd3e3f48f1fe41

commit b243230f64fb4db9a16ef88ec5bd3e3f48f1fe41
Author: Alan Modra <amodra@gmail.com>
Date:   Fri Dec 10 08:27:58 2021 +1030

    PR28674, objdump crash
    
    Not returning an error indication here leaves the attribute
    uninitialised, which then leads to intemperate behaviour.
    
            PR 28674
            * dwarf2.c (read_attribute_value): Return NULL on trying to read
            past end of attributes.

Comment 2 Alan Modra 2021-12-09 22:08:48 UTC

Fixed

Comment 3 Alan Modra 2021-12-09 23:59:13 UTC

*** Bug 28662 has been marked as a duplicate of this bug. ***

Comment 4 Alan Modra 2021-12-10 00:03:18 UTC

*** Bug 28652 has been marked as a duplicate of this bug. ***