[llvm-bugs] [Bug 25790] New: LLD relro produces binary with RO and RW data in the same page
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Dec 9 11:36:26 PST 2015
https://llvm.org/bugs/show_bug.cgi?id=25790
Bug ID: 25790
Summary: LLD relro produces binary with RO and RW data in the
same page
Product: lld
Version: unspecified
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedbugs at nondot.org
Reporter: emaste at freebsd.org
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Linking FreeBSD /bin/sh with lld (r255103) produces a binary with .data and the
relro sections .ctors etc. in the same page, which the FreeBSD rtld leaves as
read-only and thus the binary faults immediately.
There are 31 section headers, starting at offset 0x248c0:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000010200 00000200
0000000000000015 0000000000000000 A 0 0 1
[ 2] .note.tag NOTE 0000000000010218 00000218
0000000000000030 0000000000000000 A 0 0 4
[ 3] .rodata PROGBITS 0000000000010248 00000248
0000000000001370 0000000000000000 AMS 0 0 1
[ 4] .eh_frame X86_64_UNWIND 00000000000115b8 000015b8
0000000000002144 0000000000000000 A 0 0 8
[ 5] .rodata PROGBITS 0000000000013700 00003700
0000000000001f91 0000000000000000 A 0 0 16
[ 6] .rodata PROGBITS 00000000000156a0 000056a0
0000000000000040 0000000000000000 AM 0 0 16
[ 7] .rodata PROGBITS 00000000000156e0 000056e0
0000000000000008 0000000000000000 AM 0 0 8
[ 8] .dynsym DYNSYM 00000000000156e8 000056e8
0000000000000c78 0000000000000018 A 11 1 8
[ 9] .gnu.hash GNU_HASH 0000000000016360 00006360
000000000000051c 0000000000000000 A 8 0 8
[10] .hash HASH 000000000001687c 0000687c
0000000000000430 0000000000000004 A 8 0 4
[11] .dynstr STRTAB 0000000000016cac 00006cac
0000000000000432 0000000000000000 A 0 0 1
[12] .rela.dyn RELA 00000000000170e0 000070e0
00000000000000a8 0000000000000018 A 8 0 8
[13] .rela.plt RELA 0000000000017188 00007188
0000000000000b88 0000000000000018 A 8 17 8
[14] .text PROGBITS 0000000000018000 00008000
000000000001abb8 0000000000000000 AX 0 0 16
[15] .init PROGBITS 0000000000032bb8 00022bb8
0000000000000013 0000000000000000 AX 0 0 4
[16] .fini PROGBITS 0000000000032bcc 00022bcc
000000000000000e 0000000000000000 AX 0 0 4
[17] .plt PROGBITS 0000000000032be0 00022be0
00000000000007c0 0000000000000000 AX 0 0 16
[18] .ctors PROGBITS 0000000000034000 00024000
0000000000000010 0000000000000000 WA 0 0 8
[19] .dtors PROGBITS 0000000000034010 00024010
0000000000000010 0000000000000000 WA 0 0 8
[20] .jcr PROGBITS 0000000000034020 00024020
0000000000000008 0000000000000000 WA 0 0 8
[21] .dynamic DYNAMIC 0000000000034028 00024028
0000000000000120 0000000000000010 WA 11 0 8
[22] .got PROGBITS 0000000000034148 00024148
0000000000000008 0000000000000000 WA 0 0 8
[23] .data PROGBITS 0000000000034150 00024150
000000000000024c 0000000000000000 WA 0 0 16
[24] .got.plt PROGBITS 00000000000343a0 000243a0
00000000000003f0 0000000000000000 WA 0 0 8
[25] .bss NOBITS 00000000000347a0 00024790
0000000000002570 0000000000000000 WA 0 0 32
[26] .comment PROGBITS 0000000000000000 00024790
0000000000000050 0000000000000000 MS 0 0 1
[27] .gnu_debuglink PROGBITS 0000000000000000 000247e0
0000000000000010 0000000000000000 0 0 1
[28] .shstrtab STRTAB 0000000000000000 000247f0
00000000000000cc 0000000000000000 0 0 1
[29] .symtab SYMTAB 0000000000000000 00025080
00000000000038d0 0000000000000018 30 219 8
[30] .strtab STRTAB 0000000000000000 00028950
00000000000015f1 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Elf file type is EXEC (Executable file)
Entry point 0x18000
There are 8 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000010040 0x0000000000010040
0x00000000000001c0 0x00000000000001c0 R 8
INTERP 0x0000000000000200 0x0000000000010200 0x0000000000010200
0x0000000000000015 0x0000000000000015 R 1
[Requesting program interpreter: /libexec/ld-elf.so.1]
LOAD 0x0000000000000000 0x0000000000010000 0x0000000000010000
0x0000000000007d10 0x0000000000007d10 R 1000
LOAD 0x0000000000008000 0x0000000000018000 0x0000000000018000
0x000000000001b3a0 0x000000000001b3a0 R E 1000
LOAD 0x0000000000024000 0x0000000000034000 0x0000000000034000
0x0000000000000790 0x0000000000002d10 RW 1000
DYNAMIC 0x0000000000024028 0x0000000000034028 0x0000000000034028
0x0000000000000120 0x0000000000000120 RW 8
GNU_RELRO 0x0000000000024000 0x0000000000034000 0x0000000000034000
0x0000000000000150 0x0000000000000150 R 1
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 8
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.tag .rodata .eh_frame .rodata .rodata .rodata .dynsym
.gnu.hash .hash .dynstr .rela.dyn .rela.plt
03 .text .init .fini .plt
04 .ctors .dtors .jcr .dynamic .got .data .got.plt .bss
05 .dynamic
06 .ctors .dtors .jcr .dynamic .got
07
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151209/929c8111/attachment.html>
More information about the llvm-bugs
mailing list