Date: Mon, 18 Mar 2024 21:28:45 +0000
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 277794] llvm-objdump can reach llvm_unreachable("no symbol table pointer!"), causing later trouble
Message-ID: <bug-277794-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277794 Bug ID: 277794 Summary: llvm-objdump can reach llvm_unreachable("no symbol table pointer!"), causing later trouble Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: rtm@lcs.mit.edu Created attachment 249284 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D249284&action= =3Dedit broken COFF file with no symbol table, can crash llvm-objdump If llvm-objdump -x is aimed at something that looks like a COFF file, but is damaged enough that it contains no symbol table, it will hit one of the llvm_unreachable("no symbol table pointer!"); in llvm/lib/Object/COFFObjectFile.cpp. But as far as I can tell those calls are omitted from release builds. The result is that objdump continues and can trip over a DataRefImpl that wasn't initialized as expected. I've attached a demonstration. On my stock FreeBSD 14 system: # objdump --version LLVM (http://llvm.org/): LLVM version 16.0.6 Optimized build. ... # objdump -x objdump3d.exe ... RELOCATION RECORDS FOR []: OFFSET TYPE VALUE PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include = the crash backtrace. Stack dump: 0. Program arguments: objdump -x objdump3d.exe #0 0x00000000010300f1 (/usr/bin/objdump+0x10300f1) #1 0x000000000102e625 (/usr/bin/objdump+0x102e625) #2 0x00000000010307de (/usr/bin/objdump+0x10307de) #3 0x00000008249ef53f (/lib/libthr.so.3+0x1a53f) #4 0x00000008249eeafb (/lib/libthr.so.3+0x19afb) #5 0x00000008224542d3 ([vdso]+0x2d3) #6 0x0000000000de0562 (/usr/bin/objdump+0xde0562) #7 0x0000000000c59ce0 (/usr/bin/objdump+0xc59ce0) #8 0x0000000000cd61bf (/usr/bin/objdump+0xcd61bf) #9 0x0000000000cd5c11 (/usr/bin/objdump+0xcd5c11) #10 0x0000000000ce0b9a (/usr/bin/objdump+0xce0b9a) #11 0x0000000000cdbf3a (/usr/bin/objdump+0xcdbf3a) #12 0x0000000827690afa __libc_start1 (/lib/libc.so.7+0x84afa) Segmentation fault (core dumped) On a CURRENT system the assertion is triggered: # objdump --version LLVM (http://llvm.org/): LLVM version 17.0.6 Optimized build with assertions. ... # objdump -x objdump3d.exe ... RELOCATION RECORDS FOR []: OFFSET TYPE VALUE no symbol table pointer! UNREACHABLE executed at /usr/src/contrib/llvm-project/llvm/lib/Object/COFFObjectFile.cpp:1300! PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include = the crash backtrace. Stack dump: 0. Program arguments: objdump -x objdump3d.exe #0 0x0000000001230c41 PrintStackTrace /usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:602:13 #1 0x000000000122f0b5 RunSignalHandlers /usr/src/contrib/llvm-project/llvm/lib/Support/Signals.cpp:105:18 #2 0x0000000001231365 SignalHandler /usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3 #3 0x00000008243d95ff handle_signal /usr/src/lib/libthr/thread/thr_sig.c:0= :3 #4 0x00000008243d8bbb thr_sighandler /usr/src/lib/libthr/thread/thr_sig.c:244:1 #5 0x0000000821ee52d3 ([vdso]+0x2d3) #6 0x000000082928b35a thr_kill /usr/obj/usr/src/amd64.amd64/lib/libsys/thr_kill.S:4:0 #7 0x0000000827353014 _raise /usr/src/lib/libc/gen/raise.c:0:10 #8 0x0000000827406589 abort /usr/src/lib/libc/stdlib/abort.c:67:17 #9 0x000000000121537b (/usr/bin/objdump+0x121537b) #10 0x0000000000f81059 (/usr/bin/objdump+0xf81059) #11 0x0000000000dd74c4 operator bool /usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:559:17 #12 0x0000000000dd74c4 getCOFFRelocationValueString /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/COFFDump.cpp:627:8 #13 0x0000000000e5f893 getRelocationValueString /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:0:12 #14 0x0000000000e5f22f getPtr /usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:270:42 #15 0x0000000000e5f22f operator bool /usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:233:16 #16 0x0000000000e5f22f printRelocations /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:2235= :19 #17 0x0000000000e6a596 dumpObject /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:2831= :7 #18 0x0000000000e654b0 dumpInput /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:0:5 #19 0x0000000000e654b0 for_each<std::__1::__wrap_iter<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > *>, void (*)(llvm::StringRef)> /usr/obj/usr/src/amd64.amd64/tmp/usr/include/c++/v1/__algorithm/for_each.h:= 26:5 #20 0x0000000000e654b0 for_each<std::__1::vector<std::__1::basic_string<cha= r, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char= >, std::__1::allocator<char> > > > &, void (*)(llvm::StringRef)> /usr/src/contrib/llvm-project/llvm/include/llvm/ADT/STLExtras.h:1731:10 #21 0x0000000000e654b0 main /usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:3248= :3 #22 0x00000008273280aa __libc_start1 /usr/src/lib/libc/csu/libc_start1.c:15= 7:2 Abort (core dumped) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277794-227>