Ubuntu
binutils package

Branch instruction with no operand causes gas to segfault on armel

Bug #396049 reported by Dave Martin
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
binutils
Fix Released
Medium
binutils (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Binary package hint: binutils

Affects: 2.19.51.20090622-0ubuntu1 (karmic)
Does not affect: 2.19.1-0ubuntu3 (jaunty)

An input file consisting of a single "b" character (with or without newline) is sufficient to reproduce the error. However, "beq" also works.

I haven't been able to determine whether the parsing of any other instructions is affected; "mov" with no operands causes gas to generate an error message normally, for example.

Tags: armel

Related branches

lp:ubuntu/lucid/binutils
Revision history for this message
Dave Martin (dave-martin-arm) wrote :

This bug may affect upstream, but I've not been able to check yet.

Revision history for this message
Matthias Klose (doko) wrote :

may be caused by:

2009-05-05 Ramana Radhakrishnan <email address hidden>

        * config/tc-arm.h: Fix typo in comment.
        (ARM_IS_FUNC): New macro.
        (MD_APPLY_SYM_VALUE): Define.

        * config/tc-arm.c (do_blx): Retain BFD_RELOC_ARM_PCREL_BLX for
        all versions of EABI.
        (relax_branch): Do not relax for branches to ARM functions.
        (md_pcrel_from_section): Set up base correctly for
        BFD_RELOC_THUMB_PCREL_BLX, BFD_RELOC_THUMB_PCREL_CALL,
        BFD_RELOC_THUMB_PCREL_BRANCH23, BFD_RELOC_ARM_PCREL_BLX
        BFD_RELOC_ARM_PCREL_CALL.
        (md_apply_fix): Flip bl to blx where possible.
        Flip blx to bl where possible.
        (arm_force_relocation): Force relocations for
        BFD_RELOC_ARM_PCREL_JUMP, BFD_RELOC_ARM_PCREL_JUMP,
        BFD_RELOC_ARM_PCREL_BLX, BFD_RELOC_THUMB_PCREL_BLX,
        BFD_RELOC_THUMB_PCREL_BRANCH20, BFD_RELOC_THUMB_PCREL_BRANCH23,
        BFD_RELOC_THUMB_PCREL_BRANCH25.
        (arm_apply_sym_value): New function.

Changed in binutils (Ubuntu):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Matthias Klose (doko) wrote :

Program received signal SIGSEGV, Segmentation fault.
symbol_get_tc (s=0x0) at ../../gas/symbols.c:2699
2699 if (LOCAL_SYMBOL_CHECK (s))
(gdb) bt
#0 symbol_get_tc (s=0x0) at ../../gas/symbols.c:2699
#1 0x0003d624 in arm_force_relocation (fixp=0x8f410) at ../../gas/config/tc-arm.c:20811
#2 0x0003da1c in md_pcrel_from_section (fixP=0x8f410, seg=0xa26a0) at ../../gas/config/tc-arm.c:18871
#3 0x0002c498 in fix_segment (abfd=<value optimized out>, sec=0xa26a0, xxx=<value optimized out>)
    at ../../gas/write.c:1011
#4 0x40067108 in bfd_map_over_sections (abfd=0x8d130, operation=0x2c26c <fix_segment>,
    user_storage=0x0) at ../../bfd/section.c:1232
#5 0x0002b90c in write_object_file () at ../../gas/write.c:1735
#6 0x0000cec8 in main (argc=578264, argv=0xbe9c3814) at ../../gas/as.c:1232

Revision history for this message
In , Matthias Klose (doko) wrote :

[forwarded from https://launchpad.net/bugs/396049]

Seen with 2.19.51.20090713, not 2.19.1-0ubuntu3:

An input file consisting of a single "b" character (with or without newline) is
sufficient to reproduce the error. However, "beq" also works.

I haven't been able to determine whether the parsing of any other instructions
is affected; "mov" with no operands causes gas to generate an error message
normally, for example.

Program received signal SIGSEGV, Segmentation fault.
symbol_get_tc (s=0x0) at ../../gas/symbols.c:2699
2699 if (LOCAL_SYMBOL_CHECK (s))
(gdb) bt
#0 symbol_get_tc (s=0x0) at ../../gas/symbols.c:2699
#1 0x0003d624 in arm_force_relocation (fixp=0x8f410) at
../../gas/config/tc-arm.c:20811
#2 0x0003da1c in md_pcrel_from_section (fixP=0x8f410, seg=0xa26a0) at
../../gas/config/tc-arm.c:18871
#3 0x0002c498 in fix_segment (abfd=<value optimized out>, sec=0xa26a0,
xxx=<value optimized out>)
    at ../../gas/write.c:1011
#4 0x40067108 in bfd_map_over_sections (abfd=0x8d130, operation=0x2c26c
<fix_segment>,
    user_storage=0x0) at ../../bfd/section.c:1232
#5 0x0002b90c in write_object_file () at ../../gas/write.c:1735
#6 0x0000cec8 in main (argc=578264, argv=0xbe9c3814) at ../../gas/as.c:1232

Related to?

2009-05-05 Ramana Radhakrishnan <email address hidden>

        * config/tc-arm.h: Fix typo in comment.
        (ARM_IS_FUNC): New macro.
        (MD_APPLY_SYM_VALUE): Define.

        * config/tc-arm.c (do_blx): Retain BFD_RELOC_ARM_PCREL_BLX for
        all versions of EABI.
        (relax_branch): Do not relax for branches to ARM functions.
        (md_pcrel_from_section): Set up base correctly for
        BFD_RELOC_THUMB_PCREL_BLX, BFD_RELOC_THUMB_PCREL_CALL,
        BFD_RELOC_THUMB_PCREL_BRANCH23, BFD_RELOC_ARM_PCREL_BLX
        BFD_RELOC_ARM_PCREL_CALL.
        (md_apply_fix): Flip bl to blx where possible.
        Flip blx to bl where possible.
        (arm_force_relocation): Force relocations for
        BFD_RELOC_ARM_PCREL_JUMP, BFD_RELOC_ARM_PCREL_JUMP,
        BFD_RELOC_ARM_PCREL_BLX, BFD_RELOC_THUMB_PCREL_BLX,
        BFD_RELOC_THUMB_PCREL_BRANCH20, BFD_RELOC_THUMB_PCREL_BRANCH23,
        BFD_RELOC_THUMB_PCREL_BRANCH25.
        (arm_apply_sym_value): New function.

Revision history for this message
In , Matthias Klose (doko) wrote :

works with 2.19.51.20090423, fails with 2.19.51.20090508

Bug Watch Updater (bug-watch-updater)
Changed in binutils:
status: Unknown → Confirmed
Revision history for this message
In , Nickc (nickc) wrote :

Created attachment 4053
Handle NULL pointers in xxx_IS_FUNC macros

Revision history for this message
In , Nickc (nickc) wrote :

Hi Matthias,

  Thanks for reporting this bug. I will be applying the uploaded patches to the
sources in order to fix it.

Cheers
  Nick

gas/ChangeLog
2009-07-14 Nick Clifton <email address hidden>

 PR 10387
 * config/tc-arm.h (THUMB_IS_FUNC): Handle a NULL pointer.
 (ARM_IS_FUNC): Likewise.

Revision history for this message
In , Cvs-commit (cvs-commit) wrote :

Subject: Bug 10387

CVSROOT: /cvs/src
Module name: src
Changes by: <email address hidden> 2009-07-14 15:38:21

Modified files:
 gas : ChangeLog
 gas/config : tc-arm.h

Log message:
 PR 10387
 * config/tc-arm.h (THUMB_IS_FUNC): Handle a NULL pointer.
 (ARM_IS_FUNC): Likewise.

Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/src/gas/ChangeLog.diff?cvsroot=src&r1=1.3847&r2=1.3848
http://sources.redhat.com/cgi-bin/cvsweb.cgi/src/gas/config/tc-arm.h.diff?cvsroot=src&r1=1.51&r2=1.52

Bug Watch Updater (bug-watch-updater)
Changed in binutils:
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package binutils - 2.19.51.20090714-0ubuntu1

---------------
binutils (2.19.51.20090714-0ubuntu1) karmic; urgency=low

  * Snapshot, taken from the trunk 20090714.
    - Fix PR gas/10387 (branch instruction with no operand causes gas
      to segfault on armel). LP: #396049.
    - 128_arm_eabi_align64.dpatch: Remove, integrated upstream.
  * debian/*.shlibs: Update to the version from the trunk.

 -- Matthias Klose <email address hidden> Tue, 14 Jul 2009 12:48:09 -0400

Changed in binutils (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in binutils:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.