Submit #495402: GNU ld 2.43 illegal read access with --gc-sections --no-print-gc-sections -winfo

TitleGNU ld 2.43 illegal read access with --gc-sections --no-print-gc-sections -w
Description**Description** A segv can occur in ld (part of binutils 2.43) when using the --gc-sections --no-print-gc-sections -w options with a specially crafted input file. This issue leads to memory corruption (illegal memory read access) and crashes. **Affected Version** GNU ld (GNU Binutils) 2.43 **Steps to Reproduce** Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make -j). Run the following command: ./binutils-2.43/bins/bin/ld --gc-sections --no-print-gc-sections -w /tmp/poc ./binutils-2.43/bins/bin/ld: /tmp/poc symbol number 45 references nonexistent SHT_SYMTAB_SHNDX section AddressSanitizer:DEADLYSIGNAL ================================================================= ==486332==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x55735179a445 bp 0x7ffdcb9d5190 sp 0x7ffdcb9d4fb0 T0) ==486332==The signal is caused by a READ memory access. ==486332==Hint: address points to the zero page. #0 0x55735179a445 in _bfd_elf_gc_mark_rsec ./binutils-2.43/bfd/elflink.c:14031:11 #1 0x55735179ac90 in _bfd_elf_gc_mark_reloc ./binutils-2.43/bfd/elflink.c:14091:10 #2 0x55735179b474 in _bfd_elf_gc_mark ./binutils-2.43/bfd/elflink.c:14143:11 #3 0x55735179ae30 in _bfd_elf_gc_mark_reloc ./binutils-2.43/bfd/elflink.c:14099:14 #4 0x55735179b474 in _bfd_elf_gc_mark ./binutils-2.43/bfd/elflink.c:14143:11 #5 0x55735179ae30 in _bfd_elf_gc_mark_reloc ./binutils-2.43/bfd/elflink.c:14099:14 #6 0x55735179b474 in _bfd_elf_gc_mark ./binutils-2.43/bfd/elflink.c:14143:11 #7 0x5573517a08fc in bfd_elf_gc_sections ./binutils-2.43/bfd/elflink.c:14719:11 #8 0x557351549b0d in lang_gc_sections ./binutils-2.43/ld/ldlang.c:7763:5 #9 0x55735154378b in lang_process ./binutils-2.43/ld/ldlang.c:8378:3 #10 0x55735156d34c in main ./binutils-2.43/ld/./ldmain.c:529:3 #11 0x7fc0629db082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #12 0x5573514456bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd) (BuildId: d9731e405748db264b62c84ded760ba4f068cb0a) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/elflink.c:14031:11 in _bfd_elf_gc_mark_rsec ==486332==ABORTING ** Env ** Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal
Source⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=32643
User
 wenjusun (UID 80422)
Submission02/05/2025 02:14 PM (1 Year ago)
Moderation02/10/2025 12:01 PM (5 days later)
StatusAccepted
VulDB entry295084 [GNU Binutils 2.43 ld bfd/elflink.c _bfd_elf_gc_mark_rsec memory corruption]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!