search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.42k stars 12.16k forks source link

ELF file with symbol table containing incorrect section entry size causes llvm-objdump to crash #55969

Open Alan-Jowett opened 2 years ago

Alan-Jowett commented 2 years ago

crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e.zip

> llvm-objdump --syms crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e

crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e: file format elf64-bpf

SYMBOL TABLE:
LLVM ERROR: Invalid data was encountered while parsing the file
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.      Program arguments: llvm-objdump --syms crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e
 #0 0x00007ff74bcfc596 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x49c596 (C:\Program Files\LLVM\bin\llvm-objdump.exe+0x49c596)
 #1 0x00007ff74bcfc596
 #2 0x00007ff74bcfc596 (C:\Program Files\LLVM\bin\llvm-objdump.exe+0x49c596)
 #3 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x467572 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x46759a
 #4 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0xc2eb C:\Program Files\LLVM\bin\llvm-objdump.exe 0x421a10
 #5 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x41025a C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4220e4
 #6 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x72ba C:\Program Files\LLVM\bin\llvm-objdump.exe 0x71c0
 #7 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x127bb C:\Program Files\LLVM\bin\llvm-objdump.exe 0x85f3
 #8 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x61aeb0 (C:\Windows\System32\ucrtbase.dll+0x71881)
 #9 0x00007ffcc9c81881
#10 0x00007ffcc9c81881 (C:\Windows\System32\ucrtbase.dll+0x71881)
0x00007FF74BCFC596 (0x00001A6BFE214974 0x00007FF74BCFD00D 0x0000000000000016 0x00007FF74BCFC590)
0x00007FFCC9C81881 (0x000000D5D2B8E501 0x0000000000000000 0x0000000000000000 0x000000D5D2B8E500), raise() + 0x1E1 bytes(s)
0x00007FFCC9C82851 (0x0000000000000003 0x000000D500000003 0x0000000000000000 0x000000D5D2B8E670), abort() + 0x31 bytes(s)
0x00007FF74BCC7572 (0x000000010000001B 0x00007FF74BC700EB 0x0000000000000001 0x000000D5D2B8EB10)
0x00007FF74BCC759A (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FF74B86C2EB (0x0000000000000008 0x000000D5D2B8E6F0 0x0000000000000001 0x0000000000000000)
0x00007FF74BC81A10 (0x00007FF74C949CB8 0x000000D5D2B8E790 0x000000000000000E 0x0000000000000100)
0x00007FF74BC7025A (0x0000000000000002 0x00007FFCC979169A 0x0000000000000000 0x0000000000000000)
0x00007FF74BC820E4 (0x0000000000000000 0x00007FF74BE7DF63 0x0000000000000002 0x00007FF700000002)
0x00007FF74B8672BA (0x000000D5D2B8EAD0 0x00007FFCC9D00E40 0x0000000000000000 0x00007FFCC9C22690)
0x00007FF74B8671C0 (0x0000000000000000 0x0000023AD0DA1080 0x0000023AD0BD0000 0x0000023AD0DA0000)
0x00007FF74B8727BB (0x0000023AD0BD4DC0 0x0000000000000010 0x0000023AD0BE6698 0x00007FFCC9C1FDE6)
0x00007FF74B8685F3 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FF74BE7AEB0 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FFCCA227034 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), BaseThreadInitThunk() + 0x14 bytes(s)
0x00007FFCCC022651 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), RtlUserThreadStart() + 0x21 bytes(s)

This was found when attempting to use llvm-objdump to better understand this crash: https://github.com/microsoft/ebpf-for-windows/issues/1191

llvmbot commented 2 years ago

@llvm/issue-subscribers-tools-llvm-objdump

Alan-Jowett commented 2 years ago 
LLVM (http://llvm.org/):
  LLVM version 11.0.1
  Optimized build.
  Default target: x86_64-pc-windows-msvc
  Host CPU: skylake-avx512
EugeneZelenko commented 2 years ago

Could you please try 14 or main?

tbaederr commented 2 years ago

Can't reproduce locally with llvm-objdump 13.0.0:

/home/tbaeder/Downloads/crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e: file format elf64-bpf

SYMBOL TABLE:
bin/llvm-objdump: error: '/home/tbaeder/Downloads/crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e': section [index 27] has invalid sh_entsize: expected 24, but got 1
Alan-Jowett commented 2 years ago

Slightly different behavior on LLVM version 14:

C:\artifacts>llvm-objdump --version
LLVM (http://llvm.org/):
  LLVM version 14.0.0
  Optimized build.
  Default target: x86_64-pc-windows-msvc
  Host CPU: skylake-avx512

It detects the invalid symbol table, which is good.

C:\artifacts>llvm-objdump --syms crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e

crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e: file format elf64-bpf

SYMBOL TABLE:
llvm-objdump.exe: error: 'crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e': section [index 27] has invalid sh_entsize: expected 24, but got 1

But it still crashes when doing a "-Sl" dump.

error: failed to compute symbol address: section [index 27] has invalid sh_entsize: expected 24, but got 1
error: failed to compute symbol address: section [index 27] has invalid sh_entsize: expected 24, but got 1
error: failed to compute symbol address: section [index 27] has invalid sh_entsize: expected 24, but got 1
error: failed to compute symbol address: section [index 27] has invalid sh_entsize: expected 24, but got 1
LLVM ERROR: section [index 27] has invalid sh_entsize: expected 24, but got 1

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: llvm-objdump -Sl crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e
 #0 0x00007ff69f29fbe6 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4cfbe6 (C:\Program Files\LLVM\bin\llvm-objdump.exe+0x4cfbe6)
 #1 0x00007ff69f29fbe6
 #2 0x00007ff69f29fbe6 (C:\Program Files\LLVM\bin\llvm-objdump.exe+0x4cfbe6)
 #3 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x49dbe2 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x47b5c1
 #4 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4254f1 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x7368b0
 #5 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4ec8b3 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4ebbc6
 #6 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4ebef8 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4eb804
 #7 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x4eb7ba C:\Program Files\LLVM\bin\llvm-objdump.exe 0x2eb87
 #8 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0xbd0d C:\Program Files\LLVM\bin\llvm-objdump.exe 0x1ecad
 #9 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x18897 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x9a05
#10 0x00007ffcc9c81881 C:\Program Files\LLVM\bin\llvm-objdump.exe 0x741784 (C:\Windows\System32\ucrtbase.dll+0x71881)
#11 0x00007ffcc9c81881
#12 0x00007ffcc9c81881 (C:\Windows\System32\ucrtbase.dll+0x71881)
0x00007FF69F29FBE6 (0x00002EB15AD3F407 0x0000006BA00002A2 0x0000000000000016 0x00007FF69F29FBE0)
0x00007FFCC9C81881 (0x0000000002F10001 0x0000006B00000000 0x0000000000000000 0x0000006BD358BEC0), raise() + 0x1E1 bytes(s)
0x00007FFCC9C82851 (0x0000B0F000000003 0x0000000000000003 0x0000006BD358BF40 0x0000006B00000000), abort() + 0x31 bytes(s)
0x00007FF69F26DBE2 (0x0000000000000000 0x0000B0F01A9F0000 0x0000000000000000 0x0000000000004CC8)
0x00007FF69F24B5C1 (0x0000000000000006 0x00007FFCCBFFB3C7 0x000001CD030E0000 0x000001CD00000000)
0x00007FF69F1F54F1 (0x0000000300000019 0x000001CD02F39320 0x0000000000000019 0x000001CD02F39320)
0x00007FF69F5068B0 (0x000001CD04924C0C 0x0000000000000006 0x000001CD049253C8 0x000001CD02F39320)
0x00007FF69F2BC8B3 (0x0000000000000000 0x000001CD049253C8 0x000001CD02F39320 0x00007FFCCBFD00E8)
0x00007FF69F2BBBC6 (0x0000000000000000 0x000001CD02F12660 0x00007FF6A02EB03E 0x000001CD02F127F0)
0x00007FF69F2BBEF8 (0x0000000000000001 0x0000006BD358C558 0x0000000000000000 0x00007FFCCC00E4D0)
0x00007FF69F2BB804 (0x0000000000000000 0x00007FFC00000000 0x00007FF600000000 0x0000000000000006)
0x00007FF69F2BB7BA (0x00007FF600000008 0x0000006BD358C808 0x0000006B00000004 0x0000000000000004)
0x00007FF69EDFEB87 (0x0000000000000000 0x000000000000001C 0x000000000000007F 0x0000006BD358CD58)
0x00007FF69EDDBD0D (0x0000000000001112 0x0000000000000000 0x0000000000000000 0x00007FFC00000000)
0x00007FF69EDEECAD (0x000001CD02F334B0 0x0000000000000000 0x00007FF6A02E443D 0x0000000000000002)
0x00007FF69EDE8897 (0x000001CD02F2EAB0 0x00007FFCCBFF47B1 0x000000000000000B 0x0000000000000000)
0x00007FF69EDD9A05 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FF69F511784 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FFCCA227034 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), BaseThreadInitThunk() + 0x14 bytes(s)
0x00007FFCCC022651 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), RtlUserThreadStart() + 0x21 bytes(s)

Full log from output of llvm-objdump -Sl crash-5ed2f6c25a8e8828689e28c5021b1da46f277d4e log.txt