[cfe-dev] objc protocol: invalid pointer in property of protocol list inside binary with gnustep runtime (with lto)

Perevalov Alexey via cfe-dev cfe-dev at lists.llvm.org
Tue Oct 11 04:00:01 PDT 2016 

Hello,

I faced with issue when while loading module and registering classes/categories/protocols, some protocol has corrupted fields, and gnustep-libobjc2 doesn't recognize it.


I've used clang 3.9.1 compiler and libobjc2 is based on https://github.com/gnustep/libobjc2.<https://github.com/gnustep/libobjc2>
target is arm-linux-gnueabi

During protocol initialization, initiated from .objc_load_function

I found following protocol in some of our compiled modules:

it's in isEmptyProtocol

p *p2
$1 = {isa = 0xb1f9ef88 <_OBJC_CLASS_Protocol2>, name = 0xb6e95115 "AVPlayerItemOutputPushDelegate", protocol_list = 0xb86cf000, instance_methods = 0xb86cf008,
  class_methods = 0xb86cf008, optional_instance_methods = 0xb86cf008, optional_class_methods = 0xb86cf008, properties = 0x2, optional_properties = 0xb6f5d65e}

As you can see field properties has value 0x2, sometimes it's 0xe, sometime 0x1.

To exclude probability of runtime corruption I checked binary disassembler and found 0xe on the
referenced offset.

.data:023B2538 unk_23B2538     DCB    3                ; DATA XREF: .data:023B2528o
.data:023B2539                 DCB    0
.data:023B253A                 DCB    0
.data:023B253B                 DCB    0
.data:023B253C                 DCD aAvplayeritemou     ; "AVPlayerItemOutputPushDelegate"
.data:023B2540                 DCD unk_34B2F70
.data:023B2544                 DCD unk_34B2F78
.data:023B2548                 DCD unk_34B2F78
.data:023B254C                 DCD unk_34B2F78
.data:023B2550                 DCD unk_34B2F78
.data:023B2554 unk_23B2554     DCB  0xE                ; DATA XREF: .data:023B06F0o
.data:023B2555                 DCB    0
.data:023B2556                 DCB    0
.data:023B2557                 DCB    0

So looks like it's compiler issue, but it appears in that case after applying -flto optimization.
Before that I faced with issue when optional_properties was 0x1, as I know both properties and optional_properties is pointers.

Unfortunately, I don't have minimal compiled sample for that issue. I tried to search the same issue in bugzilla, but didn't find something about it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161011/23641710/attachment.html>

More information about the cfe-dev mailing list