You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was testing some changes that would optionally enable building kernels (fiwix, linux) and related tools (lwext4, kexec) in chroot/bwrap builds, when tcc crashed while building lwext4.
The core dump as-is was not very useful, so I added the -g flag in sysa/tcc-0.9.27/tcc-0.9.27.kaem, so tcc 0.9.27 is built with debuginfo.
After that, I got the following:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x08064f8a in fill_local_got_entries () at tccelf.c:1362
1362 for_each_elem(s1->got->reloc, 0, rel, ElfW_Rel) {
(gdb) bt
#0 0x08064f8a in fill_local_got_entries () at tccelf.c:1362
#1 0x080672c4 in elf_output_file () at tccelf.c:2223
#2 0x0806732b in tcc_output_file () at tccelf.c:2243
#3 0x0807852f in main () at tcc.c:354
/* See put_got_entry for a description. This is the second stage where GOT references to local defined symbols are rewritten. */staticvoidfill_local_got_entries(TCCState*s1)
{
ElfW_Rel*rel;
for_each_elem(s1->got->reloc, 0, rel, ElfW_Rel) {
if (ELFW(R_TYPE)(rel->r_info) ==R_RELATIVE) {
intsym_index=ELFW(R_SYM) (rel->r_info);
ElfW(Sym) *sym=&((ElfW(Sym) *) symtab_section->data)[sym_index];
structsym_attr*attr=get_sym_attr(s1, sym_index, 0);
unsignedoffset=attr->got_offset;
if (offset!=rel->r_offset-s1->got->sh_addr)
tcc_error_noabort("huh");
rel->r_info=ELFW(R_INFO)(0, R_RELATIVE);
#ifSHT_RELX==SHT_RELArel->r_addend=sym->st_value;
#else/* All our REL architectures also happen to be 32bit LE. */write32le(s1->got->data+offset, sym->st_value);
#endif
}
}
}
and the for_each_elem macro:
/* Browse each elem of type <type> in section <sec> starting at elem <startoff> using variable <elem> */#definefor_each_elem(sec, startoff, elem, type) \
for (elem = (type *) sec->data + startoff; \
elem < (type *) (sec->data + sec->data_offset); elem++)
It looks like the crash happens because s1->got->reloc is a NULL pointer.
s1->got and s1->got->reloc are both pointers to a Section
/* section definition */typedefstructSection {
unsigned longdata_offset; /* current data offset */unsigned char*data; /* section data */unsigned longdata_allocated; /* used for realloc() handling */intsh_name; /* elf section name (only used during output) */intsh_num; /* elf section number */intsh_type; /* elf section type */intsh_flags; /* elf section flags */intsh_info; /* elf section info */intsh_addralign; /* elf section alignment */intsh_entsize; /* elf entry size */unsigned longsh_size; /* section size (only used during output) */addr_tsh_addr; /* address at which the section is relocated */unsigned longsh_offset; /* file offset */intnb_hashed_syms; /* used to resize the hash table */structSection*link; /* link to another section */structSection*reloc; /* corresponding section for relocation, if any */structSection*hash; /* hash table for symbols */structSection*prev; /* previous section on section stack */charname[1]; /* section name */
} Section;
That's all I figured out for now, I will look more into it later.
The text was updated successfully, but these errors were encountered:
My first guess is that builder-hex0 does not have virtual memory, so the segfault is not trapped and tcc simply carries on. Although at that point tcc has entered the realm of undefined behavior, it is apparently able to produce a working executable.
I included a fix/workaround for this as part of #282, which consist of checking for null pointer, although I am not sure if it is legit for that pointer to be null.
I was testing some changes that would optionally enable building kernels (fiwix, linux) and related tools (lwext4, kexec) in chroot/bwrap builds, when tcc crashed while building lwext4.
Output
The core dump as-is was not very useful, so I added the
-g
flag insysa/tcc-0.9.27/tcc-0.9.27.kaem
, so tcc 0.9.27 is built with debuginfo.After that, I got the following:
and
This is the function that crashes:
and the
for_each_elem
macro:It looks like the crash happens because
s1->got->reloc
is a NULL pointer.s1->got
ands1->got->reloc
are both pointers to aSection
That's all I figured out for now, I will look more into it later.
The text was updated successfully, but these errors were encountered: