[COFF] Invalid symbol table entry in compiled Windows exectuable file, rejected by Golang PE/COFF parser

[mmk2147483647]

After upgrading Clang/LLVM from 20.1.8 to 21.1.1 in MSYS2 on Windows 11,
CGO stops working with the following error messages:

# runtime/cgo
cgo: cannot parse $WORK\b003\_cgo_.o as ELF, Mach-O, PE or XCOFF

offset 0 is before the start of string table

It turns out that invalid COFF file is produced by LLVM.

Some entries in symbol table have their 8 bytes of name field being all zero,
which corresponds to an invalid 0 offset to the string table.

The problem can be easily reproduced by a simple hello world program.

#include <stdio.h>

int main() {
  printf("Hello World\n");
}

clang -o hello.exe hello.c

The compiled executable runs successfully,
but objdump will expose the problem.

When objdump sees the invalid symbol names with offset 0,
it reads a string from the 4-byte header of the string table (which contains the size of the string table),
essentially reinterprets an integer into a string and outputs that string,
exposing the problem.

objdump.exe -t hello.exe

hello.exe:      file format coff-x86-64

SYMBOL TABLE:
[ 0](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 .refptr._MINGW_INSTALL_DEBUG_MATHERR
...
[35](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000015c0 _cexit
[36](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000878 ﾓ
...
[57](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001630 malloc
[58](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000908 ﾓ

[59](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001650 strlen
[60](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000918 ﾓ

[61](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001640 memcpy
[62](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000830 ﾓ
...
[67](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001620 exit
[68](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x000008c8 ﾓ
...
[145](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000016e0 abort
[146](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x000008c0 ﾓ
...
[192](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000017f0 strncmp
[193](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000920 ﾓ

objdump.exe -d hello.exe

...
00000001400025c0 <_cexit>:
1400025c0: ff 25 b2 12 00 00           	jmpq	*0x12b2(%rip)           # 0x140003878 <ﾓ
 # >
...
0000000140002650 <strlen>:
140002650: ff 25 c2 12 00 00           	jmpq	*0x12c2(%rip)           # 0x140003918 <ﾓ
 # >
...
00000001400026e0 <abort>:
1400026e0: ff 25 da 11 00 00           	jmpq	*0x11da(%rip)           # 0x1400038c0 <ﾓ
 # >
...
00000001400027f0 <strncmp>:
1400027f0: ff 25 2a 11 00 00            jmpq    *0x112a(%rip)           # 0x140003920 <ﾓ
 # >
...

[llvmbot]

@llvm/issue-subscribers-lld-coff

Author: 熊熊研究所 (mmk2147483647)

After upgrading Clang/LLVM from 20.1.8 to 21.1.1 in MSYS2 on Windows 11, CGO stops working with the following error messages:

# runtime/cgo
cgo: cannot parse $WORK\b003\_cgo_.o as ELF, Mach-O, PE or XCOFF

offset 0 is before the start of string table

It turns out that invalid COFF file is produced by LLVM.

Some entries in symbol table have their 8 bytes of name field being all zero,
which corresponds to an invalid 0 offset to the string table.

The problem can be easily reproduced by a simple hello world program.

#include <stdio.h>

int main() {
  printf("Hello World\n");
}

clang -o hello.exe hello.c

The compiled executable runs successfully,
but objdump will expose the problem.

When objdump sees the invalid symbol names with offset 0,
it reads a string from the 4-byte header of the string table (which contains the size of the string table),
essentially reinterprets an integer into a string and outputs that string,
exposing the problem.

objdump.exe -t hello.exe

hello.exe:      file format coff-x86-64

SYMBOL TABLE:
[ 0](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 .refptr._MINGW_INSTALL_DEBUG_MATHERR
...
[35](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000015c0 _cexit
[36](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000878 ﾓ
...
[57](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001630 malloc
[58](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000908 ﾓ

[59](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001650 strlen
[60](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000918 ﾓ

[61](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001640 memcpy
[62](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000830 ﾓ
...
[67](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x00001620 exit
[68](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x000008c8 ﾓ
...
[145](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000016e0 abort
[146](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x000008c0 ﾓ
...
[192](sec  1)(fl 0x00)(ty  20)(scl   2) (nx 0) 0x000017f0 strncmp
[193](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000920 ﾓ

objdump.exe -d hello.exe

...
00000001400025c0 <_cexit>:
1400025c0: ff 25 b2 12 00 00           	jmpq	*0x12b2(%rip)           # 0x140003878 <ﾓ
 # >
...
0000000140002650 <strlen>:
140002650: ff 25 c2 12 00 00           	jmpq	*0x12c2(%rip)           # 0x140003918 <ﾓ
 # >
...
00000001400026e0 <abort>:
1400026e0: ff 25 da 11 00 00           	jmpq	*0x11da(%rip)           # 0x1400038c0 <ﾓ
 # >
...
00000001400027f0 <strncmp>:
1400027f0: ff 25 2a 11 00 00            jmpq    *0x112a(%rip)           # 0x140003920 <ﾓ
 # >
...

[mstorsjo]

This was actually fixed just a few days ago, see #160694. The fix will most probably be in LLVM 21.1.3 in two weeks.