Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 622500 - =sys-devel/binutils-2.28-r2 on ia64 fails to build gcc (both on ia64 and ~ia64)
Summary: =sys-devel/binutils-2.28-r2 on ia64 fails to build gcc (both on ia64 and ~ia64)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: IA64 Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL: https://sourceware.org/bugzilla/show_...
Whiteboard:
Keywords: PATCH
Depends on:
Blocks: CVE-2017-6965, CVE-2017-6966, CVE-2017-6969
  Show dependency tree
 
Reported: 2017-06-23 07:46 UTC by Sergei Trofimovich (RETIRED)
Modified: 2017-08-19 10:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch (binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch,1.95 KB, patch)
2017-06-23 21:34 UTC, Sergei Trofimovich (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-23 07:46:08 UTC
Example from ~ia64 (build failure on sys-devel/gcc-6.3.0)
Build fails as:

make[3]: Leaving directory '/var/tmp/portage/sys-devel/gcc-6.3.0/work/build'
Comparing stages 2 and 3
warning: gcc/cc1-checksum.o differs
warning: gcc/cc1plus-checksum.o differs
strip(14295): unaligned access to 0x600000000002c5d2, ip=0x20000000001405f0
strip(14297): unaligned access to 0x600000000002c5d2, ip=0x20000000001405f0
Bootstrap comparison failure!
gcc/sel-sched-ir.o differs
gcc/c/c-decl.o differs
gcc/c-family/c-common.o differs
gcc/fortran/trans-decl.o differs
gcc/tree-ssa-loop-ivopts.o differs
gcc/ipa-cp.o differs
gcc/tree-ssa-pre.o differs
gcc/fold-const.o differs
gcc/cp/tree.o differs
gcc/cp/name-lookup.o differs
gcc/cp/decl.o differs
gcc/cp/pt.o differs
gcc/cp/class.o differs
gcc/cp/semantics.o differs
gcc/haifa-sched.o differs
gcc/emit-rtl.o differs
gcc/omp-low.o differs
gcc/dwarf2out.o differs

It looks like new strip does not handle debugging info cleanly.
I'll try to look at what exactly compare stage does.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-23 08:26:56 UTC
And compare-debug fails because 'strip' SIGSEGVs on both stage2 and stage3 binaries:

guppy build # bash -x /var/tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/contrib/compare-debug stage2-gcc/dwarf2out.o stage3-gcc/dwarf2out.o                                                  
+ rm='rm -f'
+ case $1 in
+ test 2 '!=' 2
+ test '!' -f stage2-gcc/dwarf2out.o
+ test '!' -f stage3-gcc/dwarf2out.o
+ suf1=stripped
+ test -f stage2-gcc/dwarf2out.o.stripped
+ suf2=stripped
+ test -f stage3-gcc/dwarf2out.o.stripped
+ trap 'rm -f "$1.$suf1" "$2.$suf2"' 0 1 2 15
+ case `uname -s` in
++ uname -s
+ cp stage2-gcc/dwarf2out.o stage2-gcc/dwarf2out.o.stripped
+ strip stage2-gcc/dwarf2out.o.stripped
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 13
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 19
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 22
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 25
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 29
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 32
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 35
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 38
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 41
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 44
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 49
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 52
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 56
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 59
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 62
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 65
strip: stage2-gcc/sthBJTp4: Failed to find link section for section 68
/var/tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/contrib/compare-debug: line 60:  7022 Segmentation fault      strip "$1.$suf1"
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-23 08:45:18 UTC
Reproducible on cross-ia64 toolchain as well.

Here is the exact object file generated by gcc: http://dev.gentoo.org/~slyfox/bugs/622500-ia64-strip/dwarf2out.o

Here is the backtrace:
$ gdb -q --args ia64-unknown-linux-gnu-strip dwarf2out.o
Reading symbols from ia64-unknown-linux-gnu-strip...Reading symbols from /usr/lib64/debug//usr/x86_64-pc-linux-gnu/ia64-unknown-linux-gnu/inutils-bin/2.28/strip.debug...done.
done.
(gdb) run
Starting program: /usr/bin/ia64-unknown-linux-gnu-strip dwarf2out.o
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 13
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 19
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 22
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 25
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 29
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 32
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 35
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 38
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 41
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 44
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 49
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 52
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 56
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 59
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 62
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 65
/usr/bin/ia64-unknown-linux-gnu-strip: stIrODgt: Failed to find link section for section 68

Program received signal SIGSEGV, Segmentation fault.
0x00007f2606fd701d in section_match (b=0x555555794370, a=0x84000804c0420080)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1258
1258        && a->sh_entsize   == b->sh_entsize
(gdb) bt
#0  0x00007f2606fd701d in section_match (b=0x555555794370, a=0x84000804c0420080)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1258
#1  find_link (iheader=0x555555794370, hint=<optimized out>, obfd=<optimized out>)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1278
#2  0x00007f2606fd71a6 in copy_special_section_fields (ibfd=ibfd@entry=0x55555578dc70, obfd=obfd@entry=0x5555557cb780, 
    iheader=0x555555794460, oheader=oheader@entry=0x5555557db170, secnum=secnum@entry=71)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1359
#3  0x00007f2606fd8f22 in _bfd_elf_copy_private_bfd_data (ibfd=0x55555578dc70, obfd=0x5555557cb780)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1481
#4  0x000055555555fb7c in copy_object (ibfd=<optimized out>, obfd=<optimized out>, input_arch=<optimized out>)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/binutils/objcopy.c:2517
#5  0x0000555555560e46 in copy_file (input_filename=0x7fffffffd6b6 "dwarf2out.o", output_filename=0x55555578cf00 "stIrODgt", 
    input_target=<optimized out>, output_target=<optimized out>, input_arch=0x0)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/binutils/objcopy.c:2879
#6  0x000055555555b926 in strip_main (argv=<optimized out>, argc=<optimized out>)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/binutils/objcopy.c:3791
#7  main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/binutils/objcopy.c:4891
(gdb) bt full
#0  0x00007f2606fd701d in section_match (b=0x555555794370, a=0x84000804c0420080)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1258
No locals.
#1  find_link (iheader=0x555555794370, hint=<optimized out>, obfd=<optimized out>)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1278
        oheaders = 0x55555581cb20
        i = <optimized out>
#2  0x00007f2606fd71a6 in copy_special_section_fields (ibfd=ibfd@entry=0x55555578dc70, obfd=obfd@entry=0x5555557cb780, 
    iheader=0x555555794460, oheader=oheader@entry=0x5555557db170, secnum=secnum@entry=71)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1359
        bed = <optimized out>
        iheaders = <optimized out>
        changed = 0
        sh_link = <optimized out>
#3  0x00007f2606fd8f22 in _bfd_elf_copy_private_bfd_data (ibfd=0x55555578dc70, obfd=0x5555557cb780)
    at /usr/src/debug/cross-ia64-unknown-linux-gnu/binutils-2.28-r2/binutils-2.28/bfd/elf.c:1481
        iheader = <optimized out>
        j = 164
        oheader = 0x5555557db170
        iheaders = <optimized out>
        oheaders = <optimized out>
        bed = <optimized out>
        i = 71
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-23 21:34:59 UTC
Created attachment 477738 [details, diff]
binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch

And we have a workaround!

Looks like binutils has a 'hint' optimisation to resolve
section type to section number in output file in 'find_link()'
function.

somehow 'strip' breaks that hint. My guess is that when
sections are discarded array of output sections shrinks
(instead of leaving discarded elements to cintain NULL
pinters).

binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch
adds a workaround to check for hint array size before dereferencing
it out-of-bounds. The fix allowed to build gcc-6.3.0 on ~ia64.

Will poke at binutils a bit more for a proper fix
and will try to propose it upstream.
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-24 17:29:32 UTC
Reported upstream as https://sourceware.org/bugzilla/show_bug.cgi?id=21669
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-25 07:19:14 UTC
Patch made it's way upstream as https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=5cc4ca837deac7dc962d8a3741aa120c50ab41da
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-06-30 07:24:25 UTC
toolchain@, can we get this fix into this release or cut a next ~arch release so we could fast-track it for ia64@ at least?
Comment 7 Matthias Maier gentoo-dev 2017-08-02 00:13:25 UTC
Patch applied in 2.28.1



commit cf5003fe2fc3b45f366d0a3c6fdf834ed9d54321
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Tue Aug 1 19:05:14 2017 -0500

    sys-devel/binutils: version bump to 2.28.1, patchset 1.0
    
    Includes fixes for bugs #622036 #622500 #622886 #624524 #624702
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.3
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-08-19 10:19:39 UTC
binutils-2.28.1 is stable on ia64 and can build gcc without issues.