Bug #13684
closed
ld aborts when input object has no file name
100%
Description
I was trying to set up afl++ from https://github.com/AFLplusplus/AFLplusplus and it does something a little bit unconventional that causes ld to abort:
@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) $(CFLAGS) -w -x c - -o .test1 || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "Don't panic! You can use the LLVM or QEMU mode, but see docs/INSTALL first."; echo "(To ignore this error, set AFL_NO_X86=1 and try again.)"; echo; exit 1 )
However, this causes ld to blow up using relatively recent bits:
> ::status debugging core file of ld (64-bit) from beowulf file: /usr/bin/amd64/ld initial argv: /bin/ld -Y P,/usr/gcc/10/lib/amd64:/lib/amd64:/usr/lib/amd64 -R /usr/gcc/10/lib threading model: native threads status: process terminated by SIGABRT (Abort), pid=426966 uid=100 code=-1 libc panic message: Assertion failed: dynsym == (ldynsym + ldynsym_ndx), file /ws/rm/pcie/usr/src/cmd/sgs/libld/common/update.c, line 2010, function update_osym > $C fffffc7fffdf33f0 libc.so.1`_lwp_kill+0xa() fffffc7fffdf3420 libc.so.1`raise+0x1e(6) fffffc7fffdf3470 libc.so.1`abort+0x58() fffffc7fffdf36e0 0xfffffc7febb7c9a2() fffffc7fffdf3900 libld.so.4`update_osym+0x31af(fffffc7feaa00020) fffffc7fffdf3a00 libld.so.4`ld64_update_outfile+0x53b(fffffc7feaa00020) fffffc7fffdf3a80 libld.so.4`ld64_main+0x53f(25, fffffc7fffdf3b18, 3e) fffffc7fffdf3ac0 main+0xf2() fffffc7fffdf3af0 _start_crt+0x87() fffffc7fffdf3b00 _start+0x18() > rm@beowulf:~/afl/AFLplusplus$ pargs core core 'core' of 426966: /bin/ld -Y P,/usr/gcc/10/lib/amd64:/lib/amd64:/usr/lib/amd64 -R /usr/gcc/10/lib argv[0]: /bin/ld argv[1]: -Y argv[2]: P,/usr/gcc/10/lib/amd64 argv[3]: -R argv[4]: /usr/gcc/10/lib/amd64 argv[5]: -L argv[6]: /usr/gcc/10/lib/amd64 argv[7]: -Qy argv[8]: -o argv[9]: .test1 argv[10]: /usr/lib/amd64/crt1.o argv[11]: /opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0/crtp.o argv[12]: /usr/lib/amd64/crti.o argv[13]: /usr/lib/amd64/values-Xa.o argv[14]: /usr/lib/amd64/values-xpg6.o argv[15]: /opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0/crtbegin.o argv[16]: -L/opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0 argv[17]: -L/opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0/../../../amd64 argv[18]: -L/lib/amd64 argv[19]: -L/usr/lib/amd64 argv[20]: -L/opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0/../../.. argv[21]: /var/tmp//ccYLG0dA.o argv[22]: -lgcc argv[23]: -z argv[24]: ignore argv[25]: -lgcc_s argv[26]: -z argv[27]: record argv[28]: -lc argv[29]: -lgcc argv[30]: -z argv[31]: ignore argv[32]: -lgcc_s argv[33]: -z argv[34]: record argv[35]: /opt/gcc-10/lib/gcc/x86_64-pc-solaris2.11/10.2.0/crtend.o argv[36]: /usr/lib/amd64/crtn.o
We should probably figure out what's causing ld to abort as it does not cause gld to abort.
Files
Updated by Robert Mustacchi 8 months ago
I updated this with the right instance, I think I had a second core and accidentally plowed over the first. This is trivially reproducible with the following:
echo 'main() { __asm__("xorb %al, %al"); }' | gcc -w -x c - -o .test1
Assertion failed: dynsym == (ldynsym + ldynsym_ndx), file /ws/rm/pcie/usr/src/cmd/sgs/libld/common/update.c, line 2010, function update_osym
collect2: fatal error: ld terminated with signal 6 [Abort], core dumped
compilation terminated.
Apologies, wasn't trying to suggest we should just remove the assert, just meant we should fix whatever's actually going on.
Updated by Robert Mustacchi 8 months ago
I've attached a bugger-ld run of this.
Updated by Rich Lowe 8 months ago
The logic in the above comment is backwards, but still descriptive.
When calculating sizes we ignore nameless symbols, but we do need to keep any file symbols to maintain the semantic in symbol tables that local symbols follow the file symbol of the file they were defined in.
Additionally, as Dan noted in the review that I didn't describe here. We should not be doing this check with sdp->sd_name in any case, because that will never be NULL for us it'll be a pointer to '\0'
Updated by Electric Monk 8 months ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit f980a4bbce3d867e2bb5e61c180593f416d181a5
commit f980a4bbce3d867e2bb5e61c180593f416d181a5
Author: Richard Lowe <richlowe@richlowe.net>
Date: 2021-04-05T19:04:36.000Z
13684 ld aborts when input object has no file name
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
Approved by: Robert Mustacchi <rm@fingolfin.org>