[llvm-bugs] [Bug 46981] New: Linker crashes attempting to patch relocation with invalid offset
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue Aug 4 06:56:54 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=46981
Bug ID: 46981
Summary: Linker crashes attempting to patch relocation with
invalid offset
Product: lld
Version: unspecified
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P
Component: ELF
Assignee: unassignedbugs at nondot.org
Reporter: jh7370.2008 at my.bristol.ac.uk
CC: llvm-bugs at lists.llvm.org, smithp352 at googlemail.com
I ran into this after accidentally crating an ELF with a relocation with an
r_offset which pointed way beyond the end of the file. Here's a simple
reproducible:
--- !ELF
FileHeader:
Class: ELFCLASS64
Data: ELFDATA2LSB
Type: ET_REL
Machine: EM_X86_64
Sections:
- Name: .foo
Type: SHT_PROGBITS
Flags: []
Size: 0x100
- Name: .rela.foo
Type: SHT_RELA
Info: .foo
Relocations:
- Type: R_X86_64_64
Offset: 0xffffffff
Symbol: .foo
Symbols:
- Name: .foo
Type: STT_SECTION
Section: .foo
PS C:\Work\TempWork> C:\llvm\build\Debug\bin\yaml2obj.exe test.yaml -o test.o
PS C:\Work\TempWork> C:\llvm\build\Debug\bin\ld.lld.exe test.o -o test.elf
<crash>
Obviously, my input is broken, so I don't expect the linker to succeed. It
should however not crash.
Relatedly, if the offset is smaller, but still not within the range of the
patched section (e.g. r_offset = 0x101 in the above example), the link appears
to succeed. I have no idea what is patched in that case. The link should fail
with an error if attempting to write outside the range of the section.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200804/594226ef/attachment.html>
More information about the llvm-bugs
mailing list