[Bug 1477350] Re: Rgression building sbsigntool with binutils >= 2.22-6ubuntu1.2 in precise

Steve Beattie sbeattie at ubuntu.com
Thu Jun 2 09:27:19 UTC 2016 

Mathieu Trudel-Lapierre identified that the segfault is result of the patch 
binutils-bz17512-misc.patch (aka https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=32a9d621c3c480aa093a089a36e36c35f68a4010 ). I've dug deeper into this and the issue is that stack gets corrupted in bfd/coffgen.c::coff_write_alien_symbol(), due to the added chunk:

@@ -1078,10 +1089,12 @@ coff_write_alien_symbol (bfd *abfd,
     {
       symbol->name = "";
       if (isym != NULL)
-        memset (isym, 0, sizeof(*isym));
+        memset (isym, 0, sizeof (*isym));
       return TRUE;
     }
   native = dummy;
+  native->is_sym = TRUE;
+  native[1].is_sym = FALSE;
   native->u.syment.n_type = T_NULL;
   native->u.syment.n_flags = 0;
   native->u.syment.n_numaux = 0;

The problem is the write to "native[1].is_sym", as the patch to make
dummy be a two element array of structs did not happen until after the
version of binutils in precise was released, in commit
https://sourceware.org/git/gitweb.cgi?p=binutils-
gdb.git;a=commitdiff;h=e7ebb214834628b2b0d9d3233febc9fef2912515 . This
means the write to native[1]->is_sym goes beyond the auto variables and
overwrites the return pointer, causing the segfault and corrupted stack
backtrace seen in gdb.

I'm currently working on a patch to address this.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/1477350

Title:
  Rgression building sbsigntool with binutils >= 2.22-6ubuntu1.2 in
  precise

Status in binutils package in Ubuntu:
  Invalid
Status in binutils source package in Precise:
  Confirmed

Bug description:
  objcopy segfaults in precise when running the sbsigntool testsuite on
  i386 with binutils >= 2.22-6ubuntu1.2

  See the attachment for output and downgrade iterations to show that
  1.1 works, while 1.2 and 1.3 don't.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1477350/+subscriptions

More information about the foundations-bugs mailing list