This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

binutils-2.17: --cref broken? Extra warnings and corrupted data

From: "Paul Nash" <nashpaulr at gmail dot com>
To: binutils at sourceware dot org
Date: Sat, 15 Jul 2006 23:41:23 -0700
Subject: binutils-2.17: --cref broken? Extra warnings and corrupted data

Hello all,

I've done my best to narrow this down somewhat, but I'm not sure it's
good enough for Bugzilla yet.  I hope someone can help who knows more
about the internals of BFD and what's really supposed to be happening
here. It looks to me like memory is getting stepped on.

Note, this does not happen with various other versions of binutils
that I've tried, most certainly the binutils-2.17-pre CSL release.

I am seeing a situation where linking any binary with binutils-2.17 ld
using the --cref option causes lots of "symbol 'blah' missing from
main hash table" warnings.  The "blah" in these cases is complete
garbage.

I determined with gdb that at the time add_cref is called,
h->root.string is a valid string pointer.  What's causing the problem
is that later when the cref table is output, the underlying memory
behind that pointer has been corrupted. In one case I looked at, a
later bfd_zalloc call memset's all the memory around that string to 0.

It seems like a potentially simple fix would be to have add_cref copy
the string when inserting into its hash table. But I assume the reason
it does not do this is because the string is supposed to be valid and
unchanging in the presumed lifetime of the cref hash table, so why
waste the memory to copy.  So I'm reluctant to implement this hack
without understanding the cause.  But, knowing where this string is
really allocated and where it might be freed is beyond my bfd/ld
knowledge. :-(

Details
----------

I built binutils-2.17 from pur sources, configured like this:

   .././binutils-2.17/configure  --prefix=/usr/local/i686/4.1.1-1b
--enable-shared --with-lib-path=/usr/local/i686/4.1.1-1b/lib

A few small cross-arm patches are present, but I've got same results
without those.  It was built using gcc-4.1.1.

I can compile a very very simple test program, for example let's say
I main a file with:

#include <stdio.h>
#include <stdlib.h>
int main(int argc, char* argv[])
{
  printf("Hello cref!\n");
}

Now I compile this with: "gcc -c -o test.o test.c"

Now I link with: "ld --cref -o test -lc test.o"

And what will happen in my build is that a bunch of errors come out:

Cross Reference Table

Symbol                                            File
/tmp/ld-new: symbol `no symbol' missing from main hash table

/usr/local/i686/4.1.1-1b/lib/ld-linux.so.2
/tmp/ld-new: symbol `no symbol' missing from main hash table

/usr/local/i686/4.1.1-1b/lib/ld-linux.so.2
/tmp/ld-new: symbol `no symbol' missing from main hash table

/usr/local/i686/4.1.1-1b/lib/ld-linux.so.2
/tmp/ld-new: symbol `no symbol' missing from main hash table

/usr/local/i686/4.1.1-1b/lib/ld-linux.so.2
/tmp/ld-new: symbol `x\uffff8\uffff' missing from main hash table
x\uffff8\uffff
/usr/local/i686/4.1.1-1b/lib/ld-linux.so.2


-----> Here's what I found on one symbol I know has this problem in
my test exe:

Breakpoint 3, add_cref (name=0x81be448
"_dl_allocate_tls_init@GLIBC_PRIVATE", abfd=0x80e7818,
section=0xb7f03b80, value=0)
    at ldcref.c:159
159       if (h == NULL)
(gdb) enable 6 7 8
(gdb) c

------> So here we can see that name==0x81be448, and it's a valid
string. So I set a watchpoint for memory at that location to change
and, sure enough:

(gdb) watch *0x81be448
Hardware watchpoint 4: *136045640
(gdb) c
Continuing.
Hardware watchpoint 4: *136045640

Old value = 1600939103
New value = 0
0xb7dd3987 in memset () from /usr/local/i686/4.1.1-1b/lib/libc.so.6
(gdb) bt
#0  0xb7dd3987 in memset () from /usr/local/i686/4.1.1-1b/lib/libc.so.6
#1  0xb7ea3ac4 in bfd_zalloc (abfd=0x80efae0, size=748) at opncls.c:926
#2  0xb7eb8f2b in elf_i386_mkobject (abfd=0x80efae0) at elf32-i386.c:630
#3  0xb7ebc98c in bfd_elf32_object_p (abfd=0x80efae0) at elfcode.h:547
#4  0xb7ea1de3 in bfd_check_format_matches (abfd=0x80efae0,
format=bfd_object, matching=0xbfd23c6c) at format.c:169
#5  0x080555b4 in load_symbols (entry=0x80a20c0, place=0xbfd23cbc) at
ldlang.c:2323
#6  0x080562ad in open_input_bfds (s=0x80a20c0, force=0) at ldlang.c:2852
#7  0x0805a1de in lang_process () at ldlang.c:5476
#8  0x0805da28 in main (argc=6, argv=0xbfd23e54) at ldmain.c:459

Help?

-PN

Follow-Ups:
- Re: binutils-2.17: --cref broken? Extra warnings and corrupted data
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]