Ubuntu
binutils package

[trusty/arm64] binutils segfaults on bash gettext configure test

Bug #1644363 reported by Adam Conrad
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
binutils (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned

Bug Description

On arm64, the bash gettext configure test causes binutils to segv:

configure:8453: gcc -o conftest -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=
format-security -Wall -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -static conftest.c
>&5
conftest.c: In function 'main':
conftest.c:116:8: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 return (int) gettext ("") + (int) ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_domain_bindings
        ^
conftest.c:116:29: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 return (int) gettext ("") + (int) ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_domain_bindings
                             ^
collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped
configure:8453: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "bash"
| #define PACKAGE_TARNAME "bash"
| #define PACKAGE_VERSION "4.3-release"
| #define PACKAGE_STRING "bash 4.3-release"
| #define PACKAGE_BUGREPORT "<email address hidden>"
| #define PACKAGE_URL ""
| #define ALIAS 1
| #define PUSHD_AND_POPD 1
| #define RESTRICTED_SHELL 1
| #define PROCESS_SUBSTITUTION 1
| #define PROMPT_STRING_DECODE 1
| #define SELECT_COMMAND 1
| #define HELP_BUILTIN 1
| #define ARRAY_VARS 1
| #define DPAREN_ARITHMETIC 1
| #define BRACE_EXPANSION 1
| #define COMMAND_TIMING 1
| #define EXTENDED_GLOB 1
| #define EXTGLOB_DEFAULT 0
| #define COND_COMMAND 1
| #define COND_REGEXP 1
| #define COPROCESS_SUPPORT 1
| #define ARITH_FOR_COMMAND 1
| #define NETWORK_REDIRECTIONS 1
| #define PROGRAMMABLE_COMPLETION 1
| #define DEBUGGER 1
| #define CASEMOD_ATTRS 1
| #define CASEMOD_EXPANSIONS 1
| #define GLOBASCII_DEFAULT 0
| #define MEMSCRAMBLE 1
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define __EXTENSIONS__ 1
| #define _ALL_SOURCE 1
| #define _GNU_SOURCE 1
| #define _POSIX_PTHREAD_SEMANTICS 1
| #define _TANDEM_SOURCE 1
| #define READLINE 1
| #define HISTORY 1
| #define BANG_HISTORY 1
| #define _GNU_SOURCE 1
| #define HAVE_STRINGIZE 1
| #define HAVE_LONG_DOUBLE_WIDER 1
| #define HAVE_LONG_DOUBLE 1
| #define PROTOTYPES 1
| #define __PROTOTYPES 1
| #define restrict __restrict
| #define HAVE_ALLOCA_H 1
| #define HAVE_ALLOCA 1
| #define HAVE_STDLIB_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_SYS_PARAM_H 1
| #define HAVE_SYS_TIME_H 1
| #define HAVE_GETPAGESIZE 1
| #define HAVE_MMAP 1
| #define INTDIV0_RAISES_SIGFPE 0
| #define HAVE_INTTYPES_H_WITH_UINTMAX 1
| #define HAVE_STDINT_H_WITH_UINTMAX 1
| #define HAVE_UNSIGNED_LONG_LONG 1
| #define HAVE_UINTMAX_T 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_ARGZ_H 1
| #define HAVE_LIMITS_H 1
| #define HAVE_LOCALE_H 1
| #define HAVE_NL_TYPES_H 1
| #define HAVE_MALLOC_H 1
| #define HAVE_STDDEF_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_SYS_PARAM_H 1
| #define HAVE_FEOF_UNLOCKED 1
| #define HAVE_FGETS_UNLOCKED 1
| #define HAVE_GETC_UNLOCKED 1
| #define HAVE_GETCWD 1
| #define HAVE_GETEGID 1
| #define HAVE_GETEUID 1
| #define HAVE_GETGID 1
| #define HAVE_GETUID 1
| #define HAVE_MEMPCPY 1
| #define HAVE_MUNMAP 1
| #define HAVE_PUTENV 1
| #define HAVE_SETENV 1
| #define HAVE_SETLOCALE 1
| #define HAVE_LOCALECONV 1
| #define HAVE_STPCPY 1
| #define HAVE_STRCASECMP 1
| #define HAVE_STRDUP 1
| #define HAVE_STRTOUL 1
| #define HAVE_TSEARCH 1
| #define HAVE___ARGZ_COUNT 1
| #define HAVE___ARGZ_STRINGIFY 1
| #define HAVE___ARGZ_NEXT 1
| #define HAVE___FSETLOCKING 1
| #define HAVE_ICONV 1
| #define ICONV_CONST
| #define HAVE_LANGINFO_CODESET 1
| #define HAVE_LC_MESSAGES 1
| /* end confdefs.h. */
| #include <libintl.h>
| extern int _nl_msg_cat_cntr;
| extern int *_nl_domain_bindings;
| int
| main ()
| {
| bindtextdomain ("", "");
| return (int) gettext ("") + (int) ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_domain_bindings
| ;
| return 0;
| }
configure:8461: result: no

[Test case]
Build bash SRU, it should find system gettext, and compile properly.

[Regression Potential]
ld will stop crashing in some cases, which could potentially change some dependencies for SRUs (if their configure test failed due to an ld crash).

See original description
Revision history for this message
Adam Conrad (adconrad) wrote :

ii binutils 2.24-5ubuntu14.1 arm64 GNU assembler, linker and binary utilities
ii gcc-4.8 4.8.4-2ubuntu1~14.04.3 arm64 GNU C compiler
ii libc6:arm64 2.19-0ubuntu6.9 arm64 Embedded GNU C Library: Shared libraries
ii libc6-dev:arm64 2.19-0ubuntu6.9 arm64 Embedded GNU C Library: Development Libraries and Header Files

Revision history for this message
Adam Conrad (adconrad) wrote :

Note that only the static build sees this segv, the non-static build works fine.

Revision history for this message
Adam Conrad (adconrad) wrote :

Also, this didn't happen in the release pocket, so it's a regression in an SRU of binutils (or gcc feeding it garbage, possibly).

Changed in binutils (Ubuntu):
status: New → Invalid
Changed in binutils (Ubuntu Trusty):
status: New → Confirmed
Revision history for this message
Adam Conrad (adconrad) wrote :

A failed build tree with config.log (successful in build-bash, failed in build-static) can be found by people with rugby access at rugby:~adconrad/bash-4.3

Revision history for this message
Matthias Klose (doko) wrote :

https://launchpad.net/ubuntu/+source/binutils/2.24-5ubuntu14.1
is a no change rebuild of 2.24-5ubuntu14, moving the binutils update from the updates pocket to the security pocket. Successful test rebuild results for bash using binutils 2.24-5ubuntu14 can be found at
https://launchpad.net/ubuntu/+archive/test-rebuild-20151218/+sourcepub/5784628/+listing-archive-extra

Revision history for this message
Matthias Klose (doko) wrote :

(gdb) run
Starting program: /usr/bin/ld --build-id --as-needed -Bstatic -dynamic-linker /lib/ld-linux-aarch64.so.1 -X -z relro /usr/lib/gcc/aarch64-linux-gnu/4.8/../../../aarch64-linux-gnu/crt1.o /usr/lib/gcc/aarch64-linux-gnu/4.8/../../../aarch64-linux-gnu/crti.o /usr/lib/gcc/aarch64-linux-gnu/4.8/crtbeginT.o -L/usr/lib/gcc/aarch64-linux-gnu/4.8 -L/usr/lib/gcc/aarch64-linux-gnu/4.8/../../../aarch64-linux-gnu -L/usr/lib/gcc/aarch64-linux-gnu/4.8/../../../../lib -L/lib/aarch64-linux-gnu -L/lib/../lib -L/usr/lib/aarch64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/aarch64-linux-gnu/4.8/../../.. foo.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/aarch64-linux-gnu/4.8/crtend.o /usr/lib/gcc/aarch64-linux-gnu/4.8/../../../aarch64-linux-gnu/crtn.o

Program received signal SIGSEGV, Segmentation fault.
0x0000ffffb7f8bfe8 in iterative_hash () from /usr/lib/libbfd-2.24-system.so
(gdb) bt
#0 0x0000ffffb7f8bfe8 in iterative_hash () from /usr/lib/libbfd-2.24-system.so
#1 0x0000ffffb7f5cf40 in _bfd_elf_discard_section_eh_frame () from /usr/lib/libbfd-2.24-system.so
#2 0x0000ffffb7f59464 in bfd_elf_discard_info () from /usr/lib/libbfd-2.24-system.so
#3 0x0000000000422e54 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) quit

Revision history for this message
Matthias Klose (doko) wrote :

downgrading eglibc to 2.19-0ubuntu6.6 doesn't show the segfault

Revision history for this message
Matthias Klose (doko) wrote :

2.19-0ubuntu6.8 doesn't show it either

Revision history for this message
Julian Andres Klode (juliank) wrote :

https://git.busybox.net/buildroot/commit/?id=4210c49357b216705a85734293023d8d5683bb49 mentions iterative_hash() crashes in ld and the fix for that being https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=99d190fac4d2aab238cfc798dc5c28ab41456882 in ld.

Revision history for this message
Julian Andres Klode (juliank) wrote :

I applied the patch and uploaded it to https://launchpad.net/~juliank/+archive/ubuntu/lp1644363+1422795/+packages to build. I'll upload bash there once that's done to see if it helps.

Julian Andres Klode (juliank)
description: updated
Julian Andres Klode (juliank)
Changed in binutils (Ubuntu Trusty):
status: Confirmed → Fix Committed
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted binutils into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/binutils/2.24-5ubuntu14.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Changed in eglibc (Ubuntu):
status: New → Invalid
Changed in eglibc (Ubuntu Trusty):
status: New → Invalid
Revision history for this message
Adam Conrad (adconrad) wrote :

A note to whoever releases this: it was built in the security-proposed PPA so it can be released to both updates *and* security, to fix a regression in the security pocket.

Revision history for this message
Julian Andres Klode (juliank) wrote :

As we can see in https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.6/+build/11220608, the bash package built successfully with this new binutils:

Get:51 http://ftpmaster.internal/ubuntu/ trusty-proposed/main binutils arm64 2.24-5ubuntu14.2 [1050 kB]

thus marking as verification-done.

tags: added: verification-done
removed: verification-needed
Mathew Hodson (mhodson)
Changed in binutils (Ubuntu Trusty):
importance: Undecided → High
Changed in binutils (Ubuntu):
importance: Undecided → High
status: Invalid → Fix Released
no longer affects: eglibc (Ubuntu Trusty)
no longer affects: eglibc (Ubuntu)
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for binutils has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package binutils - 2.24-5ubuntu14.2

---------------
binutils (2.24-5ubuntu14.2) trusty; urgency=medium

  * 002-dont-segv-on-initial-instructions-overflow.patch:
    Fix ld crash on arm64 (LP: #1644363)

 -- Julian Andres Klode <email address hidden> Tue, 25 Apr 2017 17:02:10 +0200

Changed in binutils (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.