[llvm-bugs] [Bug 35265] New: LLD produced executable with ld.bfd internal ldscript segfaults.

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Nov 9 08:31:06 PST 2017


https://bugs.llvm.org/show_bug.cgi?id=35265

            Bug ID: 35265
           Summary: LLD produced executable with ld.bfd internal ldscript
                    segfaults.
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: ELF
          Assignee: unassignedbugs at nondot.org
          Reporter: peter.smith at linaro.org
                CC: llvm-bugs at lists.llvm.org

Created attachment 19393
  --> https://bugs.llvm.org/attachment.cgi?id=19393&action=edit
linker script output from ld.bfd --verbose with header/trailer removed.

I took the internal linker script that ld.bfd uses for an executable and fed it
into lld. The resultant executable segfaulted in the dynamic loader when
writing back the resolved address of a function into .got.plt. I found that I
could get the executable to run if I turned off relro with -zno-relro.  

I've reproduced this problem on Ubuntu 16.04 x86_64, and on AArch64 via
qemu-aarch64. Also on Ubuntu 14.04 running on Armv7-a so I think that this is
likely to be a target independent problem with the way we handle relro.

To reproduce:
Any C program, including "int main(void) { return 0; }"
Extract the default linker-script for your target using ld.bfd --verbose
Edit out the header and trailer to leave just the SECTIONS command.
Link the program with lld

clang main.c -Wl,-script=main.script -fuse-ld=lld -o main.exe
./main.exe
Segmentation fault (core dumped)

To prevent the segfault add -Wl,-znorelro

I've attached the linker script that I used for x86_64 "GNU ld (GNU Binutils
for Ubuntu) 2.26.1"

I haven't investigated why -zrelro isn't working yet, nor have I tried a shared
library (obtain the script with "ld --verbose --shared").

The linker script contains: . = DATA_SEGMENT_RELRO_END (SIZEOF (.got.plt) >= 24
? 24 : 0, .);
so we may be missing some magic. The RELRO program header certainly looks very
different to the one produced by ld.bfd.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171109/3cc95f05/attachment-0001.html>


More information about the llvm-bugs mailing list