[Bug ld/20428] New: ld powerpc64le NULL deref in ppc_get_stub_entry when linking code in not-executable sections

[npiggin at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20428

            Bug ID: 20428
           Summary: ld powerpc64le NULL deref in ppc_get_stub_entry when
                    linking code in not-executable sections
           Product: binutils
           Version: 2.28 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: npiggin at gmail dot com
  Target Milestone: ---

This bug happens with git master commit
80b476c2bf85be6676cc6b55dab232730e124147, also with the 2.26.51 build.

Host and target are powerpc64le

If we have foo.S:

.section ".rodata","a"
.global foo
foo:
        bne     main

And link it with main function in another section, then the linker crashes. gdb
(from the same source build) reports:

Starting program: /home/npiggin/src/binutils/binutils-gdb/ld/ld-new -o test
main.o test.o
/home/npiggin/src/binutils/binutils-gdb/ld/ld-new: warning: cannot find entry
symbol _start; defaulting to 00000000100000b0

Program received signal SIGSEGV, Segmentation fault.
0x00000000100822a8 in ppc_get_stub_entry (input_section=0x102734c0, 
    htab=0x10249c30, rel=0x3fffffffe9a0, h=0x1024a658, sym_sec=0x10273390)
    at elf64-ppc.c:4510
4510          && h->u.stub_cache->h == h

(gdb) list
4505         more than one stub used to reach say, printf, and we need to
4506         distinguish between them.  */
4507      group = htab->sec_info[input_section->id].u.group;
4508    
4509      if (h != NULL && h->u.stub_cache != NULL
4510          && h->u.stub_cache->h == h
4511          && h->u.stub_cache->group == group)
4512        {
4513          stub_entry = h->u.stub_cache;
4514        }

(gdb) bt
#0  0x00000000100822a8 in ppc_get_stub_entry (input_section=0x102734c0, 
    htab=0x10249c30, rel=0x3fffffffe9a0, h=0x1024a658, sym_sec=0x10273390)
    at elf64-ppc.c:4510
#1  ppc64_elf_relocate_section (output_bfd=0x102478a0, 
    info=0x1022a150 <link_info>, input_bfd=0x10271e60, 
    input_section=0x102734c0, contents=0x102751f0 "", relocs=0x10275cd0, 
    local_syms=0x1028d0a0, local_sections=0x1028d3e0) at elf64-ppc.c:14013
#2  0x00000000100b8d3c in elf_link_input_bfd (flinfo=0x3fffffffed68, 
    input_bfd=0x10271e60) at elflink.c:10367
#3  0x00000000100ba8fc in bfd_elf_final_link (abfd=0x102478a0, 
    info=0x1022a150 <link_info>) at elflink.c:11677
#4  0x0000000010022d40 in ldwrite () at ldwrite.c:577
#5  0x0000000010004490 in main (argc=5, argv=0x3ffffffff518) at ./ldmain.c:431


However looking at the disassembly, gdb seems to be getting this wrong.
h->u.stub_cache is NULL, but we seem to actually be crashing on line 4519
because group is also NULL.

If branches remain within local section, the result links okay, so it's
crashing trying to generate linker stub in non-executable section. The stub
turns out to be unneeded after linking is complete, so it would be nice if we
could allow this case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.