From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1504 invoked by alias); 8 Aug 2012 22:49:44 -0000 Received: (qmail 1495 invoked by uid 22791); 8 Aug 2012 22:49:43 -0000 X-SWARE-Spam-Status: No, hits=-4.3 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,KHOP_THREADED,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL,TW_FX X-Spam-Check-By: sourceware.org Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 08 Aug 2012 22:49:30 +0000 Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58]) by relay1.mentorg.com with esmtp id 1SzF4E-000204-2V from Maciej_Rozycki@mentor.com ; Wed, 08 Aug 2012 15:49:30 -0700 Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 8 Aug 2012 15:49:29 -0700 Received: from [172.30.3.42] (137.202.0.76) by SVR-IES-FEM-01.mgc.mentorg.com (137.202.0.104) with Microsoft SMTP Server id 14.1.289.1; Wed, 8 Aug 2012 23:49:28 +0100 Date: Wed, 08 Aug 2012 22:50:00 -0000 From: "Maciej W. Rozycki" To: CC: Richard Sandiford Subject: [PATCH 2/3] MIPS/BFD: Correct IRIX 6 DT_MIPS_OPTIONS processing In-Reply-To: Message-ID: References: User-Agent: Alpine 1.10 (DEB 962 2008-03-14) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2012-08/txt/msg00166.txt.bz2 Hello, The change below fixes a segmentation fault in LD triggered when the .MIPS.options n64 ABI special section is forcefully removed by a /DISCARD/ clause in the linker script used. In this case a DT_MIPS_OPTIONS dynamic tag is nevertheless created and when later on in _bfd_mips_elf_finish_dynamic_sections LD tries to retrieve the section's address to use as the value of the tag it crashes on a NULL pointer dereference. For reasons beyond my knowledge the tag is only used for IRIX 6 targets and never for Linux, although the special .MIPS.options section is always produced; `readelf' is only capable of decoding the contents of the section if the dynamic tag has also been created. The fix causes the creation of a DT_MIPS_OPTIONS dynamic section/segment's entry to be omitted if no output section has been made for .MIPS.options, making the crash go away. The fix is covered by the test cases used to verify processing of R_MIPS_CALL16 relocations that end up satified by a symbol of the protected export class. The test cases are provided separately. No regressions for the other 22 MIPS targets, OK to apply? 2012-08-08 Maciej W. Rozycki bfd/ * elfxx-mips.c (_bfd_mips_elf_size_dynamic_sections): Only add a DT_MIPS_OPTIONS tag if output options section has been created. Maciej binutils-bfd-mips-irix-options.diff Index: binutils-fsf-trunk-quilt/bfd/elfxx-mips.c =================================================================== --- binutils-fsf-trunk-quilt.orig/bfd/elfxx-mips.c 2012-07-26 03:29:00.000000000 +0100 +++ binutils-fsf-trunk-quilt/bfd/elfxx-mips.c 2012-07-26 04:45:31.560520511 +0100 @@ -9268,11 +9268,17 @@ _bfd_mips_elf_size_dynamic_sections (bfd && ! MIPS_ELF_ADD_DYNAMIC_ENTRY (info, DT_MIPS_HIPAGENO, 0)) return FALSE; - if (IRIX_COMPAT (dynobj) == ict_irix6 - && (bfd_get_section_by_name - (dynobj, MIPS_ELF_OPTIONS_SECTION_NAME (dynobj))) - && !MIPS_ELF_ADD_DYNAMIC_ENTRY (info, DT_MIPS_OPTIONS, 0)) - return FALSE; + if (IRIX_COMPAT (dynobj) == ict_irix6) + { + const char *const name = MIPS_ELF_OPTIONS_SECTION_NAME (dynobj); + asection *opt_sec; + + opt_sec = bfd_get_section_by_name (dynobj, name); + if (opt_sec != NULL + && opt_sec->output_section != bfd_abs_section_ptr + && !MIPS_ELF_ADD_DYNAMIC_ENTRY (info, DT_MIPS_OPTIONS, 0)) + return FALSE; + } } if (htab->splt->size > 0) {