Submit #495407: GNU ld 2.43 illegal read access with --no-undefined --orphan-handling -wrdinfo

TitleGNU ld 2.43 illegal read access with --no-undefined --orphan-handling -wrd
Description**Description** A segv can occur in ld (part of binutils 2.43) when using the --no-undefined --orphan-handling discard -w -r -d options with a specially crafted input file. This issue leads to memory corruption (illegal memory read access) and crashes. **Affected Version** GNU ld (GNU Binutils) 2.43 **Steps to Reproduce** Build binutils 2.43 with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make -j). Run the following command: ./binutils-2.43/bins/bin/ld --no-undefined --orphan-handling discard -w -r -d /tmp/poc ./binutils-2.43/bins/bin/ld: warning: /tmp/poc has a section extending past end of file ./binutils-2.43/bins/bin/ld: /tmp/poc: invalid string offset 512 >= 414 for section `.strtab' AddressSanitizer:DEADLYSIGNAL ================================================================= ==487477==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x55f81815a1a9 bp 0x7fff4627a220 sp 0x7fff4627a030 T0) ==487477==The signal is caused by a READ memory access. ==487477==Hint: address points to the zero page. #0 0x55f81815a1a9 in bfd_elf_reloc_symbol_deleted_p ./binutils-2.43/bfd/elflink.c:15103:19 #1 0x55f81818c270 in _bfd_elf_discard_section_eh_frame ./binutils-2.43/bfd/elf-eh-frame.c:1519:14 #2 0x55f81815af15 in bfd_elf_discard_info ./binutils-2.43/bfd/elflink.c:15203:8 #3 0x55f817f5189a in gldelf_x86_64_after_allocation ./binutils-2.43/ld/eelf_x86_64.c:146:21 #4 0x55f817f37036 in ldemul_after_allocation ./binutils-2.43/ld/ldemul.c:90:3 #5 0x55f817ef8dc0 in lang_process ./binutils-2.43/ld/ldlang.c:8473:3 #6 0x55f817f2234c in main ./binutils-2.43/ld/./ldmain.c:529:3 #7 0x7fbfc1ba4082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #8 0x55f817dfa6bd in _start (./binutils-2.43/bins/bin/ld+0x15a6bd) (BuildId: d9731e405748db264b62c84ded760ba4f068cb0a) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ./binutils-2.43/bfd/elflink.c:15103:19 in bfd_elf_reloc_symbol_deleted_p ==487477==ABORTING ** Env ** Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal
Source⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=32644
User
 wenjusun (UID 80422)
Submission02/05/2025 02:30 PM (4 months ago)
Moderation02/10/2025 12:03 PM (5 days later)
StatusAccepted
VulDB Entry295086 [GNU Binutils 2.43 ld bfd/elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!