From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Roland.Schwingel@onevision.com>
Received: from outdoor.onevision.de (outdoor.onevision.de [212.77.172.51])
 by sourceware.org (Postfix) with ESMTPS id 8F1F23858C74
 for <binutils@sourceware.org>; Tue, 10 May 2022 17:19:32 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8F1F23858C74
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=onevision.com
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=onevision.com
Received: from sanders.onevision.de (moonrace [212.77.172.62])
 by outdoor.onevision.de (8.15.2/8.13.7/ROSCH/DDB) with ESMTP id 24AHJQ09001425
 for <binutils@sourceware.org>; Tue, 10 May 2022 19:19:31 +0200
DKIM-Filter: OpenDKIM Filter v2.10.3 outdoor.onevision.de 24AHJQ09001425
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=onevision.com;
 s=ov2020; t=1652203171;
 bh=eh8foGVbHFEDCfjNgyzcGd4qEfW9n9HxSTzXjvfFq8A=;
 h=To:Subject:From:Date;
 b=YoUxB7VedlfvHi8X9vEIXsVF43O5Y2O+BTni0CAQN5TBup8bogTgNFc/WsVW1LW65
 SMd5XlHUogfwy/Ek+g3PSgudYlvDN4AoQaROCjHGR7uB46gAZBzMXljA9RdtRnyUpR
 BewxXTUMwFnUTjpj5K+EzeNsUN90v0tu6gK/Tbpc=
To: "Binutils" <binutils@sourceware.org>
MIME-Version: 1.0
Subject: LD: Invalid memory access when linking a dll (maybe Bug 29006
 revisited)
X-KeepSent: 55448B10:6B442CE8-C125883E:00509B6E;
 type=4; name=$KeepSent
X-Mailer: HCL Notes Release 12.0.1 November 22, 2021
Message-ID: <OF55448B10.6B442CE8-ONC125883E.00509B6E-C125883E.005F2C39@onevision.com>
From: Roland Schwingel <Roland.Schwingel@onevision.com>
Date: Tue, 10 May 2022 19:19:03 +0200
X-MIMETrack: Serialize by Router on DE1/Onevision(Release 12.0.1|November 22,
 2021) at 10.05.2022 19:19:13,
 Serialize complete at 10.05.2022 19:19:13
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, HTML_MESSAGE, JMQ_SPF_NEUTRAL,
 SPF_HELO_NONE, SPF_NEUTRAL, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
Content-Type: text/plain; charset="US-ASCII"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2022 17:19:35 -0000

Hi...

I am building C++20 code on windows and cross on linux for windows.

Unfortunately ld crashes on linking a dll on both windows and linux.There 
is a bug report from Sandro Mani describing maybe the same - or at least - 
a very similar problem.
(https://sourceware.org/bugzilla/show_bug.cgi?id=29006)
The issue got adressed by Nick Clifton who also added a patch to the issue

We are using binutils 2.38 (with and with out the fix of Nick) together 
with some self built GCC 11.2 and 11.3.But it seems it does not make a 
difference.

The bug does not happen always. The concrete circumstances are yet unclear 
to me. The invalid memory access may only happen when I link C++20 code 
compiled by GCC with debug informations (-g) when linking with -O3 (and no 
-g) it appears to work. I got it reproducable in about 10 different cases. 
Valgrind reports around 19110 errors by invalid memory access.

Invocation with valgrind of ld with the patch of nick already applied: 
valgrind 
/ovde_plugins/gcc11/mingwin/lib64/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/bin/ld 
-v 
  --sysroot=/ovde_plugins/gcc11/mingwin -m i386pep 
  --subsystem console --dll -Bdynamic -e DllMainCRTStartup 
--enable-auto-image-base 
  -o /tmp/parser_lib_g.dll 
/ovde_plugins/gcc11/mingwin/lib64/gcc/x86_64-w64-mingw32/11.3.0/../../../../x86_64-w64-mingw32/lib/../lib/dllcrt2.o 

 
/ovde_plugins/gcc11/mingwin/lib64/gcc/x86_64-w64-mingw32/11.3.0/crtbegin.o 

  <a bunch of -L params>
  /tmp/parser_lib_g.exp 
  -pie --image-base 0x15690000 --enable-auto-import 
  /tmp/parser_lib_dllmain.o /tmp/Parser.o /tmp/Parser_17020R.o <and some 
more .o files>
  --nxcompat --whole-archive -lxml_g -lovcore_g -lhelper_lib_g 
--no-whole-archive -lstdc++ 
  --as-needed -lgomp -luser32 -lkernel32 -lmingwthrd -lmingw32 -lgcc_s 
-lgcc -lmoldname -lmingwex -lmsvcrt -lkernel32 
  /ovde_plugins/gcc11/mingwin/lib64/gcc/x86_64-w64-mingw32/11.3.0/crtend.o

==23381==
GNU ld (GNU Binutils) 2.38
==23381== Invalid read of size 1
==23381==    at 0x508B434: vfprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50B3E63: vasprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50912F6: asprintf (in /lib64/libc-2.17.so)
==23381==    by 0x4432CE: make_runtime_pseudo_reloc (pe-dll.c:2663)
==23381==    by 0x443A81: pep_create_import_fixup (pe-dll.c:2838)
==23381==    by 0x432CA6: make_import_fixup (ei386pep.c:1129)
==23381==    by 0x43F8A5: pe_walk_relocs (pe-dll.c:1349)
==23381==    by 0x43FD95: pep_find_data_imports (pe-dll.c:1497)
==23381==    by 0x433674: gld_i386pep_after_open (ei386pep.c:1408)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Address 0x95e2500 is 0 bytes inside a block of size 20 free'd
==23381==    at 0x4C2E10B: free (vg_replace_malloc.c:871)
==23381==    by 0x445199: pep_process_import_defs (pe-dll.c:3324)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Block was alloc'd at
==23381==    at 0x4C306F1: malloc (vg_replace_malloc.c:380)
==23381==    by 0x51658B: xmalloc (xmalloc.c:149)
==23381==    by 0x5166BE: xstrdup (xstrdup.c:34)
==23381==    by 0x444ADB: pep_process_import_defs (pe-dll.c:3234)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==
==23381== Invalid read of size 1
==23381==    at 0x50B83A0: _IO_default_xsputn (in /lib64/libc-2.17.so)
==23381==    by 0x508B472: vfprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50B3E63: vasprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50912F6: asprintf (in /lib64/libc-2.17.so)
==23381==    by 0x4432CE: make_runtime_pseudo_reloc (pe-dll.c:2663)
==23381==    by 0x443A81: pep_create_import_fixup (pe-dll.c:2838)
==23381==    by 0x432CA6: make_import_fixup (ei386pep.c:1129)
==23381==    by 0x43F8A5: pe_walk_relocs (pe-dll.c:1349)
==23381==    by 0x43FD95: pep_find_data_imports (pe-dll.c:1497)
==23381==    by 0x433674: gld_i386pep_after_open (ei386pep.c:1408)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==  Address 0x95e2500 is 0 bytes inside a block of size 20 free'd
==23381==    at 0x4C2E10B: free (vg_replace_malloc.c:871)
==23381==    by 0x445199: pep_process_import_defs (pe-dll.c:3324)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Block was alloc'd at
==23381==    at 0x4C306F1: malloc (vg_replace_malloc.c:380)
==23381==    by 0x51658B: xmalloc (xmalloc.c:149)
==23381==    by 0x5166BE: xstrdup (xstrdup.c:34)
==23381==    by 0x444ADB: pep_process_import_defs (pe-dll.c:3234)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==
==23381== Invalid read of size 1
==23381==    at 0x50B83AE: _IO_default_xsputn (in /lib64/libc-2.17.so)
==23381==    by 0x508B472: vfprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50B3E63: vasprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50912F6: asprintf (in /lib64/libc-2.17.so)
==23381==    by 0x4432CE: make_runtime_pseudo_reloc (pe-dll.c:2663)
==23381==    by 0x443A81: pep_create_import_fixup (pe-dll.c:2838)
==23381==    by 0x432CA6: make_import_fixup (ei386pep.c:1129)
==23381==    by 0x43F8A5: pe_walk_relocs (pe-dll.c:1349)
==23381==    by 0x43FD95: pep_find_data_imports (pe-dll.c:1497)
==23381==    by 0x433674: gld_i386pep_after_open (ei386pep.c:1408)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==  Address 0x95e2502 is 2 bytes inside a block of size 20 free'd
==23381==    at 0x4C2E10B: free (vg_replace_malloc.c:871)
==23381==    by 0x445199: pep_process_import_defs (pe-dll.c:3324)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Block was alloc'd at
==23381==    at 0x4C306F1: malloc (vg_replace_malloc.c:380)
==23381==    by 0x51658B: xmalloc (xmalloc.c:149)
==23381==    by 0x5166BE: xstrdup (xstrdup.c:34)
==23381==    by 0x444ADB: pep_process_import_defs (pe-dll.c:3234)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==
==23381== Invalid read of size 1
==23381==    at 0x508B434: vfprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50B3E63: vasprintf (in /lib64/libc-2.17.so)
==23381==    by 0x50912F6: asprintf (in /lib64/libc-2.17.so)
==23381==    by 0x4436C3: pe_create_runtime_relocator_reference 
(pe-dll.c:2754)
==23381==    by 0x443AD1: pep_create_import_fixup (pe-dll.c:2844)
==23381==    by 0x432CA6: make_import_fixup (ei386pep.c:1129)
==23381==    by 0x43F8A5: pe_walk_relocs (pe-dll.c:1349)
==23381==    by 0x43FD95: pep_find_data_imports (pe-dll.c:1497)
==23381==    by 0x433674: gld_i386pep_after_open (ei386pep.c:1408)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Address 0x95e2500 is 0 bytes inside a block of size 20 free'd
==23381==    at 0x4C2E10B: free (vg_replace_malloc.c:871)
==23381==    by 0x445199: pep_process_import_defs (pe-dll.c:3324)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==  Block was alloc'd at
==23381==    at 0x4C306F1: malloc (vg_replace_malloc.c:380)
==23381==    by 0x51658B: xmalloc (xmalloc.c:149)
==23381==    by 0x5166BE: xstrdup (xstrdup.c:34)
==23381==    by 0x444ADB: pep_process_import_defs (pe-dll.c:3234)
==23381==    by 0x433648: gld_i386pep_after_open (ei386pep.c:1405)
==23381==    by 0x428FCB: ldemul_after_open (ldemul.c:65)
==23381==    by 0x41D9F2: lang_process (ldlang.c:8162)
==23381==    by 0x422440: main (ldmain.c:497)
==23381==
==23381==
==23381== HEAP SUMMARY:
==23381==     in use at exit: 83,040,828 bytes in 25,511 blocks
==23381==   total heap usage: 96,735 allocs, 71,224 frees, 122,050,867 
bytes allocated
==23381==
==23381== LEAK SUMMARY:
==23381==    definitely lost: 2,432,172 bytes in 1,940 blocks
==23381==    indirectly lost: 194,424 bytes in 1,075 blocks
==23381==      possibly lost: 0 bytes in 0 blocks
==23381==    still reachable: 80,414,232 bytes in 22,496 blocks
==23381==         suppressed: 0 bytes in 0 blocks
==23381== Rerun with --leak-check=full to see details of leaked memory
==23381==
==23381== For lists of detected and suppressed errors, rerun with: -s
==23381== ERROR SUMMARY: 19110 errors from 4 contexts (suppressed: 0 from 
0)

It is maybe related to C++20. I do not have problems linking 
C/C++17/ObjectiveC code. And only when linking code compiled with -g.

>From what I understand all symbols are processed in 
pep_process_import_defs() from pe_dll.c. The symbols are temporarily 
stored in the static variable dll_symname (pe-dll.c:3234) and afterwards 
freed (pe-dll.c:3324) but dll_symname remains to an already freed pointer 
afterwards. in make_runtime_pseudo_reloc() (pe-dll.c:2663) this variable 
is by then accessed. What should be the right content of dll_symname in 
this case?

Hope this can help to track down the problem.

Roland

-----------------------------------------------------------------------------------------------------
Roland Schwingel, Head of Research & Development
OneVision Software AG, Dr. Leo-Ritter-Str. 9, 93049 Regensburg, Germany
Phone: +49 941 78004 0 --- email: roland.schwingel@onevision.com
-----------------------------------------------------------------------------------------------------
This email may contain trade secrets or other confidential information. If 
you have received this email inadvertently, please let us know by reply 
and then delete the email entirely from your system. You are explicitly 
prohibited from reviewing, copying, and/or distributing the email to third 
parties.
Sitz der Gesellschaft: Regensburg; Handelsregister: HRB 8015, Amtsgericht 
Regensburg; Vorstand: Hussein Khalil; Vorsitzender des Aufsichtsrats: 
Michael Abels