From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12olkn2100.outbound.protection.outlook.com [40.92.23.100]) by sourceware.org (Postfix) with ESMTPS id 06FEB385AF9B; Thu, 13 Jul 2023 05:41:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 06FEB385AF9B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=maskray.me Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=maskray.me ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k67Dbd9yqNHeQDgRZZ2ANq+QOBB/Xn8Ydv3VNaOTcwIxGbQH5UxjNbUsPMiWnwHteQPBl3A/MuFMmh477LOp+fRibllfeJCbkI5OMKqLRObswoRgTv+mkLBLNXWAvga2c6i7J4VlsGjoJN0ZIb+4rbhmE6lY1HLk51YZOu/v9l8Co1hLzQ6f23cleOYxbCP2cbbxeYYDxgePK56Ec3BRfIzxqzdkHAlw117Rq995ZqkuDb74OK4/TwN+iJsnvv5dMHIayTsAmcSfDUE7lZmQFU/IlxjtV3Jgb5bDX1atciqyUZ6PhgLRsjEBrjtdgq0GWIZXWQLO6MwLukGPV3Nz7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bc8+YjMTk4pu2tWKyBeMX2d+MrhQcMs6efR76bQA6qg=; b=UlDJDOGzqpRfYW2+Ps4lTUnMtFjlFMyVMVwm/tIuWKh5umRNzo/6En6bRGxS0sWbmM/EYQRMnF+VDTrN1/jXTVXOYiNLwWjIw+LD5RX9z4cOP+YkIuT5hC2pBSVsdvIeLTX+xTLKDZf0BjjjmvWIPWuqZko+nX7xLZGbpU8bngZY74ytZQsuACx421ACI1bFZUVzGVXuGRFnU3eaSAfWW9lxg7GbMtrZxFTdz4/whBJe+7IJDcjQKmpLmzBfSOAUaV7GhCjWEFNJTOwYUq8I2bnD6NijTzjcbX9iLIMO/lkts6Moshe/qV1Tpj4bxgoli8QROVxVbj+jDtyNb4/4Cg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) by SN7PR12MB8145.namprd12.prod.outlook.com (2603:10b6:806:350::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.30; Thu, 13 Jul 2023 05:41:51 +0000 Received: from DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::670e:64bd:78ea:b489]) by DS7PR12MB5765.namprd12.prod.outlook.com ([fe80::670e:64bd:78ea:b489%3]) with mapi id 15.20.6588.024; Thu, 13 Jul 2023 05:41:50 +0000 X-Gm-Message-State: ABy/qLZLHv1V7U1F/WPFg9rzhXzbbmvXXQnWhOXNyAPlfumFNw22/7f/ 79/JkZrHH7GxGoABJynS21EUIbmOKj8a6n7N4h8= X-Google-Smtp-Source: APBJJlGDSvPF1nekqGuvrGOdFZsEzTTNFaZTZq6MDjqqo8HcLKnb8TUt+C4GiTjIvFNrWwYrjo8KGNR+F1cta4AoTgE= X-Received: by 2002:a17:90b:4d84:b0:261:326d:99e8 with SMTP id oj4-20020a17090b4d8400b00261326d99e8mr5369900pjb.2.1689226497032; Wed, 12 Jul 2023 22:34:57 -0700 (PDT) References: <20230606175846.399377-1-hjl.tools@gmail.com> <20230606175846.399377-4-hjl.tools@gmail.com> In-Reply-To: From: Fangrui Song Date: Wed, 12 Jul 2023 22:34:45 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 3/7] bfd: Improve nm and objdump without section header To: Alan Modra , Simon Marchi Cc: "H.J. Lu" , binutils@sourceware.org, Florian Weimer , Kaylee Blake , "gdb-patches@sourceware.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-TMN: [O0OU770UmcfVsIA5n8UuZHwBHquQNvsF] X-ClientProxiedBy: SA9PR13CA0036.namprd13.prod.outlook.com (2603:10b6:806:22::11) To DS7PR12MB5765.namprd12.prod.outlook.com (2603:10b6:8:74::19) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR12MB5765:EE_|SN7PR12MB8145:EE_ X-MS-Office365-Filtering-Correlation-Id: b2c53090-57ea-4c36-f0fd-08db8363db35 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nrp9xJyaYfANDLj/5U7kfNr9aQJqpCi1maftGm6clHuduxeJun7UTtrjWtty1fgpKRdImJWn7MVYMHDxifJoVFmj0GdBs/v/jENHQV3cfPIk7bW94pLKcLTe4R7nZ3hdHe8bYmSrn207VqeditE58XgfYraSyGUTud3x7nepzRLzZU/NKwRLmwNc1DVcSRwKm9LmDEz8tQsvrNUH4/RU/ZXpu6INlNVeAfFn3NHxdkjQFBT/OGRrfs9ACE75Qrgz3p52mO050GW+VL4JMxi1vRjSrV+F/9WQLXN8IDCp+Sr2c1lKIaTWR3PsVdz3DVMJ6yh0zFWNDXzhk/GhC9jZnPnekUr69ebX4Pag/PnTagkGVOzyOVIJIfC4AEoAsprSR/sams49C10Q3qOgiKqTi6q38EoKFEl1fUcvAzNF02uVVC12RRa1foge9GdgZ3VtYWoABr0MXO4P5XDwa0C75prZAd9Oi7MK9VtSJNoWNB+hNHzDGfYuLt0UEpTM84qSz1Zd/jQw+3FncmFh8l6PNYYb05vDRlr5y3wBplZwIpHoipg1HdKEc47wqlMd4GTr X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?alJMT3ZiejJIbEJocjROTUZMQlpSWkhvR2ZJRFNjV2x3d2R3bDBONTZKcnRM?= =?utf-8?B?UGVFRWpVNzV0SEdlU09ZS0VIQ3Z4OVRmYk5xeittd3ZEUThaREU0SHE0TEtt?= =?utf-8?B?ZGJQU2E5V2h1Q2t0QS8yb3FsMU9kSWgwOGhnc2NvVVY2S0h5cnhiQ1crU0x5?= =?utf-8?B?SmliYUdUNDc2Rnl2bTJNbHlvM2hWYVlSNDBuelBaMHBQRG00cldCWm8xS2l2?= =?utf-8?B?NmNHaGlaS1Y2UlRxMm5acjE2Smd0TTBFa1M3RVZqZzdBS3hCVUlVdm9KdlJM?= =?utf-8?B?YkRvK1B4WnRZREJXUzhMMG85RURpNnI1alFVM0Zid3JvM3lmQldldm4vYUFu?= =?utf-8?B?ZmoyQ0FVS3FUN25Na2lGYmZ6Uy9jNS9scHdpWVhQS1RCaWJYK3J3cWdBM2xF?= =?utf-8?B?Q0NmTnBHSHEyTDVGU0Ywc3ZpMytQT1k4UFBmcnNKQkJ6bWFsM2xIR2IvL21K?= =?utf-8?B?RlRCSytJNUZpMTFIcnZvcVdERDdKV2EvRjl1M2NwTmF6cWdEVmljMk5iRXo0?= =?utf-8?B?TlNjL1hsdGlaNFFWL1BwQmh4K0Y2dEpJbXl6SVEvdzdGWFpualR5eTU2RGts?= =?utf-8?B?RXpCWXFGRHFPazQ3WVY5MW1WOEVqYTltb1NMVnNWMlRYa3VwV2JXZThNdmJ0?= =?utf-8?B?UXpvWTA2T2pOSmowNE1tT1RTZkJNMzRYWVF0VXU0Nkx4N0dWSFlmalhkSW9P?= =?utf-8?B?dkgxY2dKblJ6M2dPYWtHMGxqUHMraWs3RzJVQ2tCelAybWR3WjZUVDY2QjJa?= =?utf-8?B?T1dicnN5SXNybkJJMzlyRE5EZUJPN3plZmUxcHlYZzBYMzFTekViWUJ3YTBJ?= =?utf-8?B?T09tTm95M0lvNWZMWTd4OXYwQ0lUcExyY0hWeG54ZStoOWlNb2xlenNlVEhK?= =?utf-8?B?OCtTNVY0K1NzY2ZyYUZuRmVvdEt0elM0V1dpMHd6S0xxYTdxWkRnOFlpL3ow?= =?utf-8?B?cytUT0RNOGMxQlllSzJyaHRpUTVucDlaYXpuMncvRHIwTmNxTDNXZldMMjlr?= =?utf-8?B?clFBNmRKQnhrTGI2ZnpMR0o5a0JBOWo1OVdMSm1sYTBCc2Z3Nm5vR0t6VkVi?= =?utf-8?B?SDBneHROMzRGZzA0dGt6UDhqeGk2dXN4dmFKVVdUeXo5ZUtUNGJKUUNqK1A2?= =?utf-8?B?Rkc2Z3RFVFZZNHFxbDRiRXA5aTUvcUoydUVoTXdqeHNrV3NGTkhabFVFeHV5?= =?utf-8?B?M0NGOERLKzJYVStoQVFXMTFMUDVHVDZldnZuRHhHV1BqMzJZZ2ltQXZDMEs5?= =?utf-8?B?WTJOYU5YbjZhQ3BZc3o3Wkl1Q25kb1Rjc3FSQXAzWXhrT3V4dEdsVFZFQ1d1?= =?utf-8?B?VVRuMGdyUFdXbXlPOTUybENwK1UwbGhOcGRIeXR6bXh2dzJzVTVNUGZLNVVY?= =?utf-8?B?VTIzdXlmSGx3RmVzVGlQSzhCbDZ3b3BnR0Fwc3Y0Zzc4M1hQZkZrdFdJMXFY?= =?utf-8?B?enhmaHBKWGdBaVdUSyt3b3RnRExwZUxUR3lSVEJhZ2FFTWJ1RmtkeUFqY24r?= =?utf-8?B?TldVc0FnUDR5cU5GcThCdDV1MjZIR2lsVFBnTVU2SGZ1aElkOFBxWStSL2VT?= =?utf-8?Q?QEteKrIMGffqqar2Le1olXWqwz+Z/4Zt6cGUbAmCLg/9mE?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-71ea3.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: b2c53090-57ea-4c36-f0fd-08db8363db35 X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB5765.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2023 05:41:50.8721 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB8145 X-Spam-Status: No, score=-8.7 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_STATUS,KAM_INFOUSMEBIZ,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, Jul 12, 2023 at 10:02=E2=80=AFPM Alan Modra via Binutils wrote: > > On Sun, Jul 09, 2023 at 11:30:01PM -0400, Simon Marchi wrote: > > > > > It works for me: > > > > > > $ make check TESTS=3D"gdb.base/eu-strip-infcall.exp" > > > .... > > > =3D=3D=3D gdb Summary =3D=3D=3D > > > > > > # of expected passes 1 > > > > > > My change only impacts files without section header. eu-strip-infcall= .exp does > > > "eu-strip -f ${binfile}.debug $binfile", which doesn't remove section= header. > > > > > > > I can reliably reproduce the problem on two separate machine, one Ubunt= u > > 22.04 and one failrly up to date Arch Linux. elfutils version 0.186 an= d > > 0.189, respectively. > > > > It goes wrong when GDB does a bfd_check_format call on > > testsuite/outputs/gdb.base/eu-strip-infcall/eu-strip-infcall.debug. > > Before you commit it works, and after your commit it returns false. It > > happens in this new statement added to elf_object_p, added by the commi= t: > > > > if ((i_phdr->p_offset + i_phdr->p_filesz) > filesize) > > goto got_no_match; > > > > (top-gdb) p i_phdr->p_offset > > $1 =3D 8192 > > (top-gdb) p i_phdr->p_filesz > > $2 =3D 196 > > (top-gdb) p filesize > > $3 =3D 5104 > > (top-gdb) p i > > $4 =3D 4 > > > > It would be this program header causing the condition to fail: > > > > Type Offset VirtAddr PhysAddr FileSiz= MemSiz Flg Align > > ... > > LOAD 0x002000 0x0000000000002000 0x0000000000002000 0x0000c= 4 0x0000c4 R 0x1000 > > > > So, the program header of the .debug file describes the segments of the > > main binary, not sure if that's expected. > > No, that's not expected. Program headers in a .debug file ought to > describe the contents of the debug file. You'll typically see many > with p_filesz zero. eu-strip appears to be broken in this respect. Do you have a bug number for eu-strip ? It seems good to keep a reference of the bug so that we can track it. > There is another problem with the code added to elf_object_p: > _bfd_elf_get_dynamic_symbols is told that it can access up to e_phnum > program headers, but they very likely haven't all been swapped in. > > I'm going to apply the following patch. > ---- > > elf_object_p load of dynamic symbols > > This fixes an uninitialised memory access on a fuzzed file: > 0 0xf22e9b in offset_from_vma /src/binutils-gdb/bfd/elf.c:1899:2 > 1 0xf1e90f in _bfd_elf_get_dynamic_symbols /src/binutils-gdb/bfd/elf.c:20= 99:13 > 2 0x10e6a54 in bfd_elf32_object_p /src/binutils-gdb/bfd/elfcode.h:851:9 > > Hopefully it will also stop any attempt to load dynamic symbols from > eu-strip debug files. > > * elfcode.h (elf_object_p): Do not attempt to load dynamic > symbols for a file with no section headers until all the > program headers are swapped in. Do not fail on eu-strip debug > files. > > diff --git a/bfd/elfcode.h b/bfd/elfcode.h > index aae66bcebf8..b2277921680 100644 > --- a/bfd/elfcode.h > +++ b/bfd/elfcode.h > @@ -819,6 +819,7 @@ elf_object_p (bfd *abfd) > goto got_no_match; > if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_phoff, SEEK_SET) !=3D 0) > goto got_no_match; > + bool eu_strip_broken_phdrs =3D false; > i_phdr =3D elf_tdata (abfd)->phdr; > for (i =3D 0; i < i_ehdrp->e_phnum; i++, i_phdr++) > { > @@ -839,21 +840,31 @@ elf_object_p (bfd *abfd) > abfd->read_only =3D 1; > } > } > - if (i_phdr->p_filesz !=3D 0) > - { > - if ((i_phdr->p_offset + i_phdr->p_filesz) > filesize) > - goto got_no_match; > - /* Try to reconstruct dynamic symbol table from PT_DYNAMIC > - segment if there is no section header. */ > - if (i_phdr->p_type =3D=3D PT_DYNAMIC > - && i_ehdrp->e_shstrndx =3D=3D 0 > - && i_ehdrp->e_shoff =3D=3D 0 > - && !_bfd_elf_get_dynamic_symbols (abfd, i_phdr, > - elf_tdata (abfd)->phd= r, > - i_ehdrp->e_phnum, > - filesize)) > - goto got_no_match; > - } > + /* Detect eu-strip -f debug files, which have program > + headers that describe the original file. */ > + if (i_phdr->p_filesz !=3D 0 > + && (i_phdr->p_filesz > filesize > + || i_phdr->p_offset > filesize - i_phdr->p_filesz)) > + eu_strip_broken_phdrs =3D true; > + } > + if (!eu_strip_broken_phdrs > + && i_ehdrp->e_shoff =3D=3D 0 > + && i_ehdrp->e_shstrndx =3D=3D 0) > + { > + /* Try to reconstruct dynamic symbol table from PT_DYNAMIC > + segment if there is no section header. */ > + i_phdr =3D elf_tdata (abfd)->phdr; > + for (i =3D 0; i < i_ehdrp->e_phnum; i++, i_phdr++) > + if (i_phdr->p_type =3D=3D PT_DYNAMIC) > + { > + if (i_phdr->p_filesz !=3D 0 > + && !_bfd_elf_get_dynamic_symbols (abfd, i_phdr, > + elf_tdata (abfd)->p= hdr, > + i_ehdrp->e_phnum, > + filesize)) > + goto got_no_match; > + break; > + } > } > } > > > -- > Alan Modra > Australia Development Lab, IBM