Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in llvm::MCAssembler::registerSymbol() #90

Open
ekse opened this issue May 24, 2016 · 1 comment
Open

Crash in llvm::MCAssembler::registerSymbol() #90

ekse opened this issue May 24, 2016 · 1 comment
Labels
bug

Comments

@ekse
Copy link
Contributor

ekse commented May 24, 2016

The following input crashes kstool

kstool ppc64 (echo "bN3XeGVadMzMzMzMdAd3YyYmJiYmJgYmJv///4AmJiYmBCYmcv9///8xDS50EHdVbVgNLszMzMzMzMzMc2IDbVgfbDENk3QQeDENRw0udBB3Y20+DS50ZXh0AMzMzMx0B3djJiYmJiYmBiYm////gCYmJiYmJiYmJiYm////gCYmJiYmJiYmJiYmJiYmAXExDS50B3djbQ==" | base64 -d)

input content:

00000000  6c dd d7 78 65 5a 74 cc  cc cc cc cc 74 07 77 63  |l..xeZt.....t.wc|
00000010  26 26 26 26 26 26 06 26  26 ff ff ff 80 26 26 26  |&&&&&&.&&....&&&|
00000020  26 04 26 26 72 ff 7f ff  ff 31 0d 2e 74 10 77 55  |&.&&r....1..t.wU|
00000030  6d 58 0d 2e cc cc cc cc  cc cc cc cc 73 62 03 6d  |mX..........sb.m|
00000040  58 1f 6c 31 0d 93 74 10  78 31 0d 47 0d 2e 74 10  |X.l1..t.x1.G..t.|
00000050  77 63 6d 3e 0d 2e 74 65  78 74 00 cc cc cc cc 74  |wcm>..text.....t|
00000060  07 77 63 26 26 26 26 26  26 06 26 26 ff ff ff 80  |.wc&&&&&&.&&....|
00000070  26 26 26 26 26 26 26 26  26 26 26 ff ff ff 80 26  |&&&&&&&&&&&....&|
00000080  26 26 26 26 26 26 26 26  26 26 26 26 26 01 71 31  |&&&&&&&&&&&&&.q1|
00000090  0d 2e 74 07 77 63 6d                              |..t.wcm|

This crash is related to ELF section parsing and goes away when applying #81. The address of Symbol is set to 0x80000000 which seems to be a default value when looking at the backtrace. The program crashes when trying to call isRegistered() for that symbol.

360 void MCAssembler::registerSymbol(const MCSymbol &Symbol, bool *Created) {
361   bool New = !Symbol.isRegistered();

gdb-peda$ p Symbol
$1 = (const llvm::MCSymbol &) @0x80000000: <error reading variable>

backtrace

#0  llvm::MCSymbol::isRegistered (this=0x80000000) at ../llvm/include/llvm/MC/MCSymbol.h:206
#1  0x000000000047b225 in llvm::MCAssembler::registerSymbol (this=0xe7e5a0, Symbol=..., Created=0x0) at ../llvm/lib/MC/MCAssembler.cpp:361
#2  0x0000000000471f1b in llvm::MCELFStreamer::ChangeSection (this=0xe7e410, Section=0xe83030, Subsection=0x0) at ../llvm/lib/MC/MCELFStreamer.cpp:149
#3  0x00000000004ed2f1 in llvm::MCStreamer::SwitchSection (this=0xe7e410, Section=0xe83030, Subsection=0x0) at ../llvm/lib/MC/MCStreamer.cpp:729
#4  0x00000000004df963 in (anonymous namespace)::DarwinAsmParser::parseSectionSwitch (this=0xe7f640, Segment=0x801178 "__TEXT", Section=0x80118a "__text", TAA=0x80000000, Align=0x0, StubSize=0x0)
    at ../llvm/lib/MC/MCParser/DarwinAsmParser.cpp:393
#5  0x00000000004e2937 in (anonymous namespace)::DarwinAsmParser::parseSectionDirectiveText (this=0xe7f640) at ../llvm/lib/MC/MCParser/DarwinAsmParser.cpp:361
#6  0x00000000004e29e9 in llvm::MCAsmParserExtension::HandleDirective<(anonymous namespace)::DarwinAsmParser, &(anonymous namespace)::DarwinAsmParser::parseSectionDirectiveText> (Target=0xe7f640, Directive=..., DirectiveLoc=...)
    at ../llvm/include/llvm/MC/MCParser/MCAsmParserExtension.h:38
#7  0x00000000004ae9a5 in (anonymous namespace)::AsmParser::parseStatement (this=0xe7f1a0, Info=..., SI=0x0, Address=@0x7fffffffcdb0: 0x0) at ../llvm/lib/MC/MCParser/AsmParser.cpp:1619
#8  0x00000000004a3c9c in (anonymous namespace)::AsmParser::Run (this=0xe7f1a0, NoInitialTextSection=0x0, Address=0x0, NoFinalize=0x0) at ../llvm/lib/MC/MCParser/AsmParser.cpp:705
#9  0x000000000046e003 in ks_asm (ks=0xe775e0, 
    assembly=0x7fffffffdaf0 "l\335\327xeZt\314\314\314\314\314t\awc&&&&&&\006&&\377\377\377\200&&&&\004&&r\377\177\377\377\061\r.t\020wUmX\r.\314\314\314\314\314\314\314\314sb\003mX\037l1\r\223t\020x1\rG\r.t\020wcm>\r.text", 
    address=0x0, insn=0x7fffffffdc30, insn_size=0x7fffffffdc28, stat_count=0x7fffffffdc38) at ../llvm/keystone/ks.cpp:551
#10 0x000000000046b740 in main (argc=0x2, argv=0x7fffffffdd58) at ../kstool/kstool-stdin.cpp:214
#11 0x00007ffff718d830 in __libc_start_main (main=0x46b020 <main(int, char**)>, argc=0x2, argv=0x7fffffffdd58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdd48) at ../csu/libc-start.c:291
#12 0x000000000046af49 in _start ()
@aquynh aquynh added the bug label May 26, 2016
@aquynh
Copy link
Member

aquynh commented May 27, 2016

cool, we are going to merge that #81 soon, after clearing some outstanding issue. thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ekse @aquynh