Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 470055

Summary: Various SEGVs and ABRTs on binutils testcases
Product: Red Hat Enterprise Linux 5 Reporter: Petr Muller <pmuller>
Component: elfutilsAssignee: Roland McGrath <roland>
Status: CLOSED DEFERRED QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.3CC: drepper, ohudlick
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-04-22 00:27:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 476136    
Bug Blocks:    
Attachments:
Description Flags
corrupt_dwarf testcase
none
strings.072 testcase
none
try.out testcase none

Description Petr Muller 2008-11-05 14:51:28 UTC 
Description of problem:
For testing binutils, I have gathered a collection of various crashers, which I use for regression testing. As part of testing errata for rhel5.3, I ported this testsuite for elfutils, and few of the crashers do indeed crash various elfutils too. 

Version-Release number of selected component (if applicable):
elfutils-0.137-3.el5 (RHEL5.3) on all architecture

How reproducible:
always

Steps to Reproduce:
1. $ eu-nm ./corrupt_dwarf
Segmentation fault

2. $ eu-nm -D ./strings.072
Segmentation fault

3. $ eu-strip -o xxx ./try.out
*** glibc detected *** eu-strip: munmap_chunk(): invalid pointer: 0x00007f3c95545010 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3872478228]
/usr/lib64/libelf.so.1(elf_end+0x28d)[0x387f40477d]
eu-strip[0x40584d]
eu-strip[0x405a74]
/lib64/libc.so.6(__libc_start_main+0xfa)[0x387241e32a]
eu-strip[0x401ee9]
======= Memory map: ========
00400000-00409000 r-xp 00000000 fd:00 130003                             /usr/bin/eu-strip
00608000-0060b000 rw-p 00008000 fd:00 130003                             /usr/bin/eu-strip
00969000-00992000 rw-p 00969000 00:00 0                                  [heap]
3871200000-387121d000 r-xp 00000000 fd:00 16389                          /lib64/ld-2.8.so
387141c000-387141d000 r--p 0001c000 fd:00 16389                          /lib64/ld-2.8.so
387141d000-387141e000 rw-p 0001d000 fd:00 16389                          /lib64/ld-2.8.so
3872400000-3872562000 r-xp 00000000 fd:00 16396                          /lib64/libc-2.8.so
3872562000-3872762000 ---p 00162000 fd:00 16396                          /lib64/libc-2.8.so
3872762000-3872766000 r--p 00162000 fd:00 16396                          /lib64/libc-2.8.so
3872766000-3872767000 rw-p 00166000 fd:00 16396                          /lib64/libc-2.8.so
3872767000-387276c000 rw-p 3872767000 00:00 0 
3872c00000-3872c02000 r-xp 00000000 fd:00 16404                          /lib64/libdl-2.8.so
3872c02000-3872e02000 ---p 00002000 fd:00 16404                          /lib64/libdl-2.8.so
3872e02000-3872e03000 r--p 00002000 fd:00 16404                          /lib64/libdl-2.8.so
3872e03000-3872e04000 rw-p 00003000 fd:00 16404                          /lib64/libdl-2.8.so
387ec00000-387ec16000 r-xp 00000000 fd:00 16518                          /lib64/libgcc_s-4.3.0-20080428.so.1
387ec16000-387ee15000 ---p 00016000 fd:00 16518                          /lib64/libgcc_s-4.3.0-20080428.so.1
387ee15000-387ee16000 rw-p 00015000 fd:00 16518                          /lib64/libgcc_s-4.3.0-20080428.so.1
387f400000-387f413000 r-xp 00000000 fd:00 128512                         /usr/lib64/libelf-0.135.so
387f413000-387f612000 ---p 00013000 fd:00 128512                         /usr/lib64/libelf-0.135.so
387f612000-387f613000 r--p 00012000 fd:00 128512                         /usr/lib64/libelf-0.135.so
387f613000-387f614000 rw-p 00013000 fd:00 128512                         /usr/lib64/libelf-0.135.so
7f3c954ae000-7f3c95545000 rw-s 00000000 fd:03 2310609                    /home/afri/tmp/xxx
7f3c95545000-7f3c955b2000 rw-p 7f3c95545000 00:00 0 
7f3c955b2000-7f3c9a163000 r--p 00000000 fd:00 125178                     /usr/lib/locale/locale-archive
7f3c9a163000-7f3c9a165000 rw-p 7f3c9a163000 00:00 0 
7f3c9a17f000-7f3c9a181000 rw-p 7f3c9a17f000 00:00 0 
7fffa216b000-7fffa2180000 rw-p 7ffffffea000 00:00 0                      [stack]
7fffa21fe000-7fffa21ff000 r-xp 7fffa21fe000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted
  
Actual results:
signalled

Expected results:
not signalled
Comment 1 Petr Muller 2008-11-05 14:52:24 UTC 
Created attachment 322581 [details]
corrupt_dwarf testcase
Comment 2 Petr Muller 2008-11-05 14:53:30 UTC 
Created attachment 322582 [details]
strings.072 testcase
Comment 3 Petr Muller 2008-11-05 14:54:07 UTC 
Created attachment 322583 [details]
try.out testcase
Comment 4 Roland McGrath 2009-04-15 10:04:35 UTC 
This was fixed upstream and in Fedora in 0.138.  It can be in the next RHEL5 elfutils package update to get a slot.