307941 – sys-devel/binutils-2.16.1: buffer overflow detected in mips64-unknown-linux-gnu-ar

Bug 307941 - sys-devel/binutils-2.16.1: buffer overflow detected in mips64-unknown-linux-gnu-ar

Summary: sys-devel/binutils-2.16.1: buffer overflow detected in mips64-unknown-linux-g...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Development (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-03-05 21:48 UTC by Alexey Dobriyan
Modified:	2010-07-06 14:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
cross-mips64-unknown-linux-gnu-info.log (cross-mips64-unknown-linux-gnu-info.log,10.47 KB, text/plain) 2010-03-05 21:49 UTC, Alexey Dobriyan	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Dobriyan 2010-03-05 21:48:18 UTC

Can't build mips cross-compiler due to buffer overflow detection triggering.
Steps to reproduce:

        crossdev -p -v -S -s1 --without-headers -t mips64

[ebuild  N    ] cross-mips64-unknown-linux-gnu/gcc-4.1.2  USE="(multilib) nocxx nptl (-altivec) -bootstrap -build -d -doc -fortran -gcj -gtk -hardened -libffi -mudflap -multislot (-n32) (-n64) -nls -objc -objc++ -objc-gc -test -vanilla" 0 kB [1]

======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x2b341e443867]
/lib/libc.so.6[0x2b341e441680]
/lib/libc.so.6[0x2b341e440979]
/lib/libc.so.6(_IO_default_xsputn+0x85)[0x2b341e3cef25]
/lib/libc.so.6(_IO_padn+0xca)[0x2b341e3c285a]
/lib/libc.so.6(_IO_vfprintf+0x29a7)[0x2b341e3a2097]
/lib/libc.so.6(__vsprintf_chk+0x9d)[0x2b341e440a1d]
/lib/libc.so.6(__sprintf_chk+0x80)[0x2b341e440960]
/usr/x86_64-pc-linux-gnu/mips64-unknown-linux-gnu/lib/libbfd-2.16.1.so(coff_write_armap+0x68)[0x2b341e0da9d8]
/usr/x86_64-pc-linux-gnu/mips64-unknown-linux-gnu/lib/libbfd-2.16.1.so(_bfd_compute_and_write_armap+0x356)[0x2b341e0d8eb6]
/usr/x86_64-pc-linux-gnu/mips64-unknown-linux-gnu/lib/libbfd-2.16.1.so(_bfd_write_archive_contents+0x3cf)[0x2b341e0db46f]
/usr/x86_64-pc-linux-gnu/mips64-unknown-linux-gnu/lib/libbfd-2.16.1.so(bfd_close+0x7f)[0x2b341e0e236f]
mips64-unknown-linux-gnu-ar[0x403ffd]
mips64-unknown-linux-gnu-ar[0x4044b6]
mips64-unknown-linux-gnu-ar[0x404ab7]
/lib/libc.so.6(__libc_start_main+0xe6)[0x2b341e37ba26]
mips64-unknown-linux-gnu-ar[0x401fe9]


(gdb) bt
#0  0x00002b06a6f27315 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00002b06a6f28811 in *__GI_abort () at abort.c:88
#2  0x00002b06a6f63158 in __libc_message (do_abort=2, fmt=0x2b06a70141b7 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00002b06a6fdb867 in *__GI___fortify_fail (msg=0x2b06a7014177 "buffer overflow detected") at fortify_fail.c:32
#4  0x00002b06a6fd9680 in *__GI___chk_fail () at chk_fail.c:29
#5  0x00002b06a6fd8979 in _IO_str_chk_overflow (fp=0x2b09, c=11017) at vsprintf_chk.c:35
#6  0x00002b06a6f66f25 in _IO_default_xsputn (f=0x7fff7acb7500, data=<value optimized out>, n=6) at genops.c:485
#7  0x00002b06a6f5a85a in _IO_padn (fp=0x7fff7acb7500, pad=<value optimized out>, count=7) at iopadn.c:68
#8  0x00002b06a6f3a097 in _IO_vfprintf_internal (s=0x7fff7acb7500, format=<value optimized out>, ap=0x7fff7acb7630) at vfprintf.c:1592
#9  0x00002b06a6fd8a1d in ___vsprintf_chk (s=0x7fff7acb7760 "106      ", flags=1, slen=10, format=0x2b06a6cc8c6c "%-10d", args=0x7fff7acb7630) at vsprintf_chk.c:87
#10 0x00002b06a6fd8960 in ___sprintf_chk (s=0x2b09 <Address 0x2b09 out of bounds>, flags=11017, slen=6, format=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>) at sprintf_chk.c:33
#11 0x00002b06a6c729d8 in sprintf (arch=0x178ecc0, elength=200, map=0x179bcc0, symbol_count=5, stridx=<value optimized out>) at /usr/include/bits/stdio2.h:34
#12 coff_write_armap (arch=0x178ecc0, elength=200, map=0x179bcc0, symbol_count=5, stridx=<value optimized out>)
    at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/bfd/archive.c:2071
#13 0x00002b06a6c70eb6 in _bfd_compute_and_write_armap (arch=0x178ecc0, elength=<value optimized out>)
    at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/bfd/archive.c:1860
#14 0x00002b06a6c7346f in _bfd_write_archive_contents (arch=0x178ecc0)
    at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/bfd/archive.c:1652
#15 0x00002b06a6c7a36f in bfd_close (abfd=0x2b09) at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/bfd/opncls.c:596
#16 0x0000000000403ffd in write_archive (iarch=0x176e1c0) at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/binutils/ar.c:950
#17 0x00000000004044b6 in replace_members (arch=0x176e1c0, files_to_move=0x7fff7acb9cf0, quick=0)
    at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/binutils/ar.c:1189
#18 0x0000000000404ab7 in main (argc=<value optimized out>, argv=0x7fff7acb9c68)
    at /var/tmp/cross/mips64-unknown-linux-gnu/portage/cross-mips64-unknown-linux-gnu/binutils-2.16.1-r3/work/binutils-2.16.1/binutils/ar.c:660

Coredumps exist, if anyone want them: 1.5-9 MB in size

Comment 1 Alexey Dobriyan 2010-03-05 21:49:14 UTC

Created attachment 222217 [details]
cross-mips64-unknown-linux-gnu-info.log

Comment 2 Matt Turner gentoo-dev

2010-07-06 14:34:44 UTC

I think this is toolchain's bug.

Comment 3 SpanKY gentoo-dev

2010-07-06 14:46:06 UTC

not interested in bugs in binutils-2.16.  upgrade to 2.20.