From nobody Mon Mar 18 21:28:45 2024
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tz7JY4g0Vz5F3FC
	for <bugs@mlmmj.nyi.freebsd.org>; Mon, 18 Mar 2024 21:28:45 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Tz7JY0TzNz4Tqh
	for <bugs@FreeBSD.org>; Mon, 18 Mar 2024 21:28:45 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710797325; a=rsa-sha256; cv=none;
	b=aMQhsrBxssorjax2Fe5M0350qMNeB/cw513GKZvNfjxfyHdUE4Fcmu1by3ztUoJ+RI0L8J
	E6hZVtlrDOXxw1yUbKv8+FHfAdB9Eur4MV+8nXgocV3nQbYbAcsu7aNrziALkLlKVoj6J0
	St852e6HwFU7AGXzbxWsD9W8ylElnSfJuZTRoOxRmQZGEE3hjGiTqODu3TRZDYMdj9cFGF
	d3IAES1mK/tYkJjplsIQYv3r0J4iJaNjrkzcmuJ5c6zDAPFSpQU+Wx8xvgOWt1VoExlfUf
	7MhlmOhkrp2dhmqXS1H2XFfipqgNYHmpYR7aXz8KT+DokPAakv65uqOpz6od/w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1710797325;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hkJVDHZKIa4fzi89zVVkPjnoPCwnVALrL1PJeRhkX+o=;
	b=rFoqYoszQWeC+2ftFuR/jro2b03/FQU1zPjrZsvahU2Fq83lu47bXbBe+XbQeNieRhLpZv
	2Lsfph/q3jaj7PDZmoLvq+aIQSqQ4/kjjb4ZBwvyNVp3t2k+6uUkJBZA/9atjYRtJsiBl7
	kuOGaGTMhsjuh6lfIV8ILWybmoWX1kviiiubMOc7FyHqE0zyS5dCdR+YB0HpbTAjy/gS3+
	+mlt+A9bsJimQ2H6bRpNPHC/wm7YMSWVMbKUUjzx5C1zbb8YuB0IHcqLYPkeq1wOfrBPr5
	GWOXt4VjGNn0ZUYlpYkm5u58dtqvr29barigcYnXPwncg2mwCMxagkrN0IBNEg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Tz7JY05xSzfrw
	for <bugs@FreeBSD.org>; Mon, 18 Mar 2024 21:28:45 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 42ILSiJO055318
	for <bugs@FreeBSD.org>; Mon, 18 Mar 2024 21:28:44 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 42ILSikl055317
	for bugs@FreeBSD.org; Mon, 18 Mar 2024 21:28:44 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 277794] llvm-objdump can reach llvm_unreachable("no symbol
 table pointer!"), causing later trouble
Date: Mon, 18 Mar 2024 21:28:45 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: rtm@lcs.mit.edu
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-277794-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277794

            Bug ID: 277794
           Summary: llvm-objdump can reach llvm_unreachable("no symbol
                    table pointer!"), causing later trouble
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: rtm@lcs.mit.edu

Created attachment 249284
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D249284&action=
=3Dedit
broken COFF file with no symbol table, can crash llvm-objdump

If llvm-objdump -x is aimed at something that looks like a COFF file,
but is damaged enough that it contains no symbol table, it will hit
one of the

  llvm_unreachable("no symbol table pointer!");

in llvm/lib/Object/COFFObjectFile.cpp. But as far as I can tell those
calls are omitted from release builds. The result is that objdump
continues and can trip over a DataRefImpl that wasn't initialized as
expected.

I've attached a demonstration. On my stock FreeBSD 14 system:

# objdump --version
LLVM (http://llvm.org/):
  LLVM version 16.0.6
  Optimized build.
...
# objdump -x objdump3d.exe
...
RELOCATION RECORDS FOR []:
OFFSET   TYPE                     VALUE
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include =
the
crash backtrace.
Stack dump:
0.      Program arguments: objdump -x objdump3d.exe
 #0 0x00000000010300f1 (/usr/bin/objdump+0x10300f1)
 #1 0x000000000102e625 (/usr/bin/objdump+0x102e625)
 #2 0x00000000010307de (/usr/bin/objdump+0x10307de)
 #3 0x00000008249ef53f (/lib/libthr.so.3+0x1a53f)
 #4 0x00000008249eeafb (/lib/libthr.so.3+0x19afb)
 #5 0x00000008224542d3 ([vdso]+0x2d3)
 #6 0x0000000000de0562 (/usr/bin/objdump+0xde0562)
 #7 0x0000000000c59ce0 (/usr/bin/objdump+0xc59ce0)
 #8 0x0000000000cd61bf (/usr/bin/objdump+0xcd61bf)
 #9 0x0000000000cd5c11 (/usr/bin/objdump+0xcd5c11)
#10 0x0000000000ce0b9a (/usr/bin/objdump+0xce0b9a)
#11 0x0000000000cdbf3a (/usr/bin/objdump+0xcdbf3a)
#12 0x0000000827690afa __libc_start1 (/lib/libc.so.7+0x84afa)
Segmentation fault (core dumped)

On a CURRENT system the assertion is triggered:

# objdump --version
LLVM (http://llvm.org/):
  LLVM version 17.0.6
  Optimized build with assertions.
...
# objdump -x objdump3d.exe
...
RELOCATION RECORDS FOR []:
OFFSET   TYPE                     VALUE
no symbol table pointer!
UNREACHABLE executed at
/usr/src/contrib/llvm-project/llvm/lib/Object/COFFObjectFile.cpp:1300!
PLEASE submit a bug report to https://bugs.freebsd.org/submit/ and include =
the
crash backtrace.
Stack dump:
0.      Program arguments: objdump -x objdump3d.exe
 #0 0x0000000001230c41 PrintStackTrace
/usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:602:13
 #1 0x000000000122f0b5 RunSignalHandlers
/usr/src/contrib/llvm-project/llvm/lib/Support/Signals.cpp:105:18
 #2 0x0000000001231365 SignalHandler
/usr/src/contrib/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
 #3 0x00000008243d95ff handle_signal /usr/src/lib/libthr/thread/thr_sig.c:0=
:3
 #4 0x00000008243d8bbb thr_sighandler
/usr/src/lib/libthr/thread/thr_sig.c:244:1
 #5 0x0000000821ee52d3 ([vdso]+0x2d3)
 #6 0x000000082928b35a thr_kill
/usr/obj/usr/src/amd64.amd64/lib/libsys/thr_kill.S:4:0
 #7 0x0000000827353014 _raise /usr/src/lib/libc/gen/raise.c:0:10
 #8 0x0000000827406589 abort /usr/src/lib/libc/stdlib/abort.c:67:17
 #9 0x000000000121537b (/usr/bin/objdump+0x121537b)
#10 0x0000000000f81059 (/usr/bin/objdump+0xf81059)
#11 0x0000000000dd74c4 operator bool
/usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:559:17
#12 0x0000000000dd74c4 getCOFFRelocationValueString
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/COFFDump.cpp:627:8
#13 0x0000000000e5f893 getRelocationValueString
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:0:12
#14 0x0000000000e5f22f getPtr
/usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:270:42
#15 0x0000000000e5f22f operator bool
/usr/src/contrib/llvm-project/llvm/include/llvm/Support/Error.h:233:16
#16 0x0000000000e5f22f printRelocations
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:2235=
:19
#17 0x0000000000e6a596 dumpObject
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:2831=
:7
#18 0x0000000000e654b0 dumpInput
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:0:5
#19 0x0000000000e654b0
for_each<std::__1::__wrap_iter<std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> > *>, void
(*)(llvm::StringRef)>
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/c++/v1/__algorithm/for_each.h:=
26:5
#20 0x0000000000e654b0 for_each<std::__1::vector<std::__1::basic_string<cha=
r,
std::__1::char_traits<char>, std::__1::allocator<char> >,
std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char=
>,
std::__1::allocator<char> > > > &, void (*)(llvm::StringRef)>
/usr/src/contrib/llvm-project/llvm/include/llvm/ADT/STLExtras.h:1731:10
#21 0x0000000000e654b0 main
/usr/src/contrib/llvm-project/llvm/tools/llvm-objdump/llvm-objdump.cpp:3248=
:3
#22 0x00000008273280aa __libc_start1 /usr/src/lib/libc/csu/libc_start1.c:15=
7:2
Abort (core dumped)

--=20
You are receiving this mail because:
You are the assignee for the bug.=