<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=http://email.email.llvm.org/c/eJztWEtv4zgS_jX2haAgS3ZsH3xwJx3sAN3YoHswfQwoirI5kUgNSTnO_vr9ipJluzuTyTywpw0SR-Kj3vVVlQtbvmz-pSfZ7SS9m6Tb_vObmmTLg2J7HZhgRbdj2rBn4Rtelyy4F212LFgmbdPqWuHILWud3TnR0PI3VWy9V01Rv4Aue95ruWfPijXa6Eb_R5V0KOwVq2xd22cQm-TbS_aTm7T_lf37weqSyc4H2zxWnZFBWzPJVpNszSbLD_i7u7ytTWCN0MOJYWf5oX9g-Ink4u6WqD0EFykNBPO7H1jlF5fHG5H45Y5ToXOGpePiWa6TPpdi_qKcB3HPOq_K0QCMcSZrAfvyAxbZLE_SJD3vnZzw-u637def4vo8ueJ1Gx0lSBlmu9B24fcsPrxm81EKxnkQbqdw5Y645xnvzJOxz4bjVWPbv3hnbYAF720b8Enr3JdP4-NwIJLk0gm_TyTjlRdGBwQEKMsKlKoagcGrg_a60LUOL9jY67JUpherF-nQG-5K-Z8HCbfsFRGHI3unRMkaW6qaDrbW62O_9ZPxQdS1Ku-0oy3I3Xm4-L7QA2csZVer2X2vzCzHDuNSzhgPTrfIhleNpBodeF0fGl7IUVF84hhyjJfai6JWvHJKnd_ieairK61cXJbClfwg6k5xIxrlGadI5xWyMC58b-LGqdrK6HgeNWfQNGjaqZCtircW6aKg9Z2xBqwrY7mznSmRlaAd9jgpEaXBdTJYx0WthSe-fUxw2XZspwxkJJokMNlBicAha93rpI-q5Mo5uu5hD2cIP3ipACw75XjoTMSAu11ZxICrpIXWYqe4PAcu1CcxYfm9bYBP9791yoToihZ_XsnOIWTI-niNWCNqro6igVMgsFPedk4qonP2cK2Lky_xvw8pxvW7Q5pH8xlwojtBNW-TxoM2su5K9frNN5mdL_cbFGV9dP0NUrB2dMQ_aeqqd3YNtA9str5KadYn9A_Zj3Bw-oBAkcJDvFta0gihenhuqouXziCuRbg-bQ4XJ-LzBRMEpWj_N5x6F3C9MxZ3tQ-9Kd8MCr8XjgwNgo_ni0k4hkvKxE4KJCqJy3_tmhZpWPQm35lO8gEawXCeZMksZlINT5RagKhH4tNR39YERiP4WAqX0LQjqEX44ItlWZaLBEB1ZPIaWC7hOGLfNSazAhhRsq7FyqdPv3w-LZeqEl0dWI8d7Li6ebyZ81YiUkx35FBhqOBkAcIIwqQjDIHoY4hJRRD0MmDxX0oVujpUuPyUAFhLkoRg3Cvh0KoAIl3wbK_gkrFMXpzPb-l8_vGt8--FgfPp9-oTL3w0JbPVSYAYK79bqIaWIdapZqhOjH96B8te9Cvz3ceahNi5QMu_ROo9Kr_GX7owI6xqhCmTP4zcWv6hI0Ymun-JBx5dSIpO1wA9qlgkQCIoU0SC_qk39cOnj9uvCIKuaMY22anWukD97T6E1lM4ZPfkiW7nEzJdYh1xZ5CenQKKWuEoOPJGPgGopBq8-TVggZVI9DGwUmytH4ZmG3nUNUgO_0PXMrr9_z7_J30-I-t_6UzsYFrhPVgt74c5gT3Qwmdh0LmA-ZJhCU1XVxPGLOuSoyy0Cay4HNybvUbtYnpi48OD69u0nuhpMKHjk3n6w2S0HDErZekxxc-yKtO5yHIl13k_6VzFCsHfYBR8EmSjsU08RP2QHguR4dZ5lMry2XdU5Vzc_HmquHpzSTW7pLq-WanVMmWPj-jbgPoK3mFe70RUERUo36bx73Q7v7pdVfN8JhgFLmVOvrVO9g-fhdz_-wElvbJu2DM26Orli2rsgfrQbPXKtS9D9_gzsvOJHHEzzozv13m9WEGqS53no9RVNZuVUslFyi6qK80XSO3YT9FDZ6jeE76oI7qwoNiQFrT5Ve0IDPoxr6-0EFDCeBFCMGWeOL9KG0UYmp0IggCGihI3IzuYHv0l0cO4Sk06rWFW0eYwzBdntV6bdr8pthcHxWprn0BVV4R6oFTVYueBYyqOwcyj33ymQspU7RV9exBFoYEEF0QAv1LRfcNaR7EgI3y-MLRFrFDDSewSpj5rqnq3UU4iDHT2MMpYqb_D6J0O-65IoH_scamyTvL732L3tsiyi4Y1W8RGEj6NM1z8fzG00vYwttJFbFNoLPItjWmInPDSUtN7a0_VfFpu8nKdr8VUdGFv3UZIDHxWl9PO1Zs3pIyBOuBz6-yvaJCoU_C-Ux4Pi3wxn0_3m1zNFrNltV5Ui3SZzpb5bJXPi9W8qkQlq1U6xaAGe28miw_oEox6ZpEEtRKLu-nfl0BvsjTDb5rN5rN5ukjyuVDpqlyvbhY3M1WUADGFQbYeS-TUbfphGXUTm9TgnOvnFEiJcFQqCgwJgw612pwKXl9KEUVm-IKK0HWEzGHg9d99UYVgoVn3T3wlMY1KbqKG_wU8TTRp>53544</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            wasm-ld crash when compiling function pointers to WebAssembly with -fsanitize=cfi -flto -fvisibility=hidden
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          acieroid
      </td>
    </tr>
</table>

<pre>
    Hi,

We've hit a bug in wasm-ld trying to compile a C program to WebAssembly, which we minimized to the following:

```c
void custom_function() { }

int main()
{
    void (*funcPtr) () = custom_function;
    funcPtr();
    return 0;
}
```

Versions used:
  - clang -v: 13.0.0
  - wasm-ld -v: 13.0.0
  - WASI: 14.0

Compilation output:

```
$ clang -v --target=wasm32-unknown-wasi --sysroot /opt/wasi-sdk/wasi-sysroot clang-crash.c -fsanitize=cfi -flto -fvisibility=hidden
clang version 13.0.0
Target: wasm32-unknown-wasi
Thread model: posix
InstalledDir: /usr/bin
 "/usr/bin/clang-13" -cc1 -triple wasm32-unknown-wasi -emit-llvm-bc -flto -flto-unit -disable-free -disable-llvm-verifier -discard-value-names -main-file-name clang-crash.c -mrelocation-model static -mframe-pointer=none -fno-rounding-math -mconstructor-aliases -target-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -v -fcoverage-compilation-dir=/home/quentin/p/securitywasm/minimal-examples -resource-dir /usr/lib/clang/13.0.0 -isysroot /opt/wasi-sdk/wasi-sysroot -internal-isystem /usr/lib/clang/13.0.0/include -internal-isystem /opt/wasi-sdk/wasi-sysroot/include/wasm32-wasi -internal-isystem /opt/wasi-sdk/wasi-sysroot/include -fdebug-compilation-dir=/home/quentin/p/securitywasm/minimal-examples -ferror-limit 19 -fvisibility hidden -fsanitize=cfi-derived-cast,cfi-icall,cfi-mfcall,cfi-unrelated-cast,cfi-nvcall,cfi-vcall -fsanitize-trap=cfi-derived-cast,cfi-icall,cfi-mfcall,cfi-unrelated-cast,cfi-nvcall,cfi-vcall -fsanitize-system-ignorelist=/usr/lib/clang/13.0.0/share/cfi_ignorelist.txt -fsanitize-cfi-canonical-jump-tables -fgnuc-version=4.2.1 -fcolor-diagnostics -fsplit-lto-unit -o /tmp/clang-crash-57ddd5.o -x c clang-crash.c
clang -cc1 version 13.0.0 based upon LLVM 13.0.0 default target x86_64-pc-linux-gnu
ignoring nonexistent directory "/opt/wasi-sdk/wasi-sysroot/include/wasm32-wasi"
#include "..." search starts here:
#include <...> search starts here:
 /usr/lib/clang/13.0.0/include
 /opt/wasi-sdk/wasi-sysroot/include
End of search list.
 "/usr/bin/wasm-ld" -m wasm32 -L/opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi/llvm-lto/13.0.0 -L/opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi /opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi/crt1-command.o /tmp/clang-crash-57ddd5.o -lc /usr/lib/clang/13.0.0/lib/wasi/libclang_rt.builtins-wasm32.a -o a.out
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.      Program arguments: /usr/bin/wasm-ld -m wasm32 -L/opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi/llvm-lto/13.0.0 -L/opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi /opt/wasi-sdk/wasi-sysroot/lib/wasm32-wasi/crt1-command.o /tmp/clang-crash-57ddd5.o -lc /usr/lib/clang/13.0.0/lib/wasi/libclang_rt.builtins-wasm32.a -o a.out
1.      Running pass 'Function Pass Manager' on module 'ld-temp.o'.
2.      Running pass 'WebAssembly Assembly Printer' on function '@custom_function'
#0 0x00007fd04a23ec93 (/usr/bin/../lib/libLLVM-13.so+0xba2c93)
#1 0x00007fd04a23c4a6 (/usr/bin/../lib/libLLVM-13.so+0xba04a6)
#2 0x00007fd04968e870 __restore_rt sigaction.c:0:0
#3 0x00007fd049ff431a llvm::orc::MachOPlatform::notifyRemoving(llvm::orc::ResourceTracker&) (/usr/bin/../lib/libLLVM-13.so+0x95831a)
#4 0x00007fff11dcec50 
clang-13: error: unable to execute command: Segmentation fault (core dumped)
clang-13: error: linker command failed due to signal (use -v to see invocation)
```

We have looked if these flags are used somewhere else, and found that indeed in practice they can be found in the wild, see some results here: https://github.com/search?q=%22-fsanitize%3Dcfi+-flto+-fvisibility%3Dhidden%22+in%3Afile&type=Code

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJztWEtv4zgS_jXOhaAgS37EBx_cSQc7QDc26B5MHwOKpGxOJFFDUo6zv36_omTZ7vZkMg_saYPEkfiod31V5cKq1_W_zCS7m6T3k3TTf37Tk2y512xnAhOs6LbMNOxF-JpXigX3apotC5ZJW7em0jhyx1pnt07UtPxNFxvvdV1Ur6DLXnZG7tiLZrVpTG3-oxUdCjvNSltV9gXEJvnmnP1kkfa_sn_fW6OY7Hyw9VPZNTIY20yy20m2YpPlB_zdn982TWC1MMOJYWf5oX9g-Ink4u6GqD0GFykNBPP7H1jlZ5fHG5H4-Y7ToXMNS8fFk1xHfc7F_EU7D-KedV6r0QCMcSYrAfvyPRbZNE_SJD3tHZ1wfffb5utPcX2WXPC6i44SpAyzXWi78HsWH16z2SgF4zwIt9W4ck_c84x3zXNjXxqOV4Nt_-qdtQEWfLBtwCetc6-ex8fhQCTJpRN-l0jGSy8aExAQoCxLUCorBAYv98abwlQmvGJjZ5TSTS9WL9K-N9yF8j8PEm7YFRGHIzunhWK1Vbqig6315tBv_dT4IKpKq3vjaAtydx4ufijMwBlL2cVq9tArM82xw7iUU8aDMy2y4aqRdG0Cr6p9zQs5KopPHEOOcWW8KCrNS6f16S2eh7qmNNrFZSmc4ntRdZo3otaecYp0XiIL48L3Jq6drqyMjudRcwZNg6GdEtmqeWuRLhpa3ze2AeuysdzZrlHIStAOO5yUiNLgOhms46IywhPfPia4bDu21Q1kJJokMNlBi8Aha9XrZA5ace0cXfewh2sIP7jSAJatdjx0TcSA-60qYsCV0kJrsdVcngIX6pOYsPzO1sCnh9863YToihZ_XsvOIWTI-niNWCMqrg-ihlMgsNPedk5qonPycGWKoy_xvw8pxs27Q5pH8zXgRHeCrt8mjQfTyKpT-vrNN5mdLvcbFGV9dP0NUrB2dMQ_aeqyd3YFtA9surpIadYn9A_Zj3BwZo9AkcJDvDtaMgihaniuy7OXrkFci3B5utmfnYjPZ0wQlKL933DqXcDNtrG4a3zoTflmUPidcGRoEHw6XUzCIZxTJnZSIFFJXP5rV7dIw6I3-bbpJB-gEQxnSZZMYyZV8IQyAkQ9Ep-O-rYiMBrBx1K4hLodQS3CB58vlVLzBEB1YPISWM7hOGLfJSazAhihWNdi5dOnXz4fl5UuRVcF1mMHO9wunhYz3kpEStMdOFQYKjhZgDCCMOkAQyD6GGJSEwS9Dlj8l1KFrg4VLj8mANaSJCEY91o4tCqASBc822m4ZCyTZ-fzOzqff3zr_Hth4HT6vfrECx8bxWx5FCDGyu8WqqFliHWqHqoT45_ewbIX_cJ8D7EmIXbO0PIvkXqPytf4SxemhFW1aFTyh5FbyT90xMjE9C_xwJMLSdGZCqBHFYsESARlikjQP_Wmfvz0cfMVQdAV9dgmO91aF6i_3YXQegqH7IE80W19QqZLrCPuDNKzY0BRKxwFR97IZwCV1IM3vwYsMIVEHwMrxdbqcWi2kUddjeTwP3Qto9v_7_N_0udTsv6XrokdTCu8B6vlwzAnsEda-CwadC5gvmRYQtPVVYQxy0pxlIU2gRWXg3uza9TOpic2Pjy6vk3riR4HEzo-maU_TEbLEbNSlh5S_CxLlc5Elmu5yvtJ5yJWCP4Go-CTIBuNbeIh6of0UIgMt06jVJZPv6MqZ2Lx56ni6uKcanZOdbW41bfLlD09oW8D6mt4h3mzFVFFVKB8k8a_4-384nZZzvKpYBS4lDn5xjrZP3wWcvfvR5T00rphr7HBlK9fdG331Idmt1eufRm6x5-Rnc_kiMU4M75f59X8FlKd6zwbpS7L6VRJLecpO6uuNF8gtWM_RQ9dQ_We8EUf0IUFzYa0oM2vektg0I95faWFgBLGixCCKfPI-SptFGFodiQIAhgqFG5GdjA9-kuih3GVmnRaw6ximv0wX5zUujbtftNsJ_aaVdY-g6opCfVAqazE1gPHdByDmUe_-UKFlOnKa_r2IIpCAwkuiAB-StP9hrWOYkFG-HxlaItYoYeT2CVMfTFU9e6inEQY6OxhlLFSf4fRWxN2XZFA_9jjUmWd5A-_xe5tnmVnDWs2j40kfBpnuPj_bGil7WFspYvYptCY5xsa0xA54bWlpvfOHqv5jVrnapWvxE0wodLrI3T3RQH2aIavWggnxuQfRjf_3VcuUJumtj8xXN90rlq_YYuYDkMVaJ39FW0Y9SPed9rjYZ7PZ7Ob3XoOFYppqct5OVWFTmezuS4WhZqt5iuxLPMbjIPw6noy_4BepNEvLJKghmV-f2PWWZrhN82ms-ksnSf5TOj0Vq1uF_PFVBcKQKcx7FZjGb1x636gRm3FJjVBpxp7AzRFyGod2YG-6MLOurWQGKWtUTeR9zrK_l-9Yx_o">