Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1006223: binutils-avr: "stack smashing detected" error in ld while linking with Map-file specified

28 views
Skip to first unread message

Max A. Dednev

unread,
Feb 21, 2022, 10:40:04 AM2/21/22
to
Package: binutils-avr
Version: 2.26.20160125+Atmel3.6.2-3
Severity: important
Tags: patch
X-Debbugs-Cc: mde...@yandex.ru

Dear Maintainer,

binutils-avr ld crashes with error "*** stack smashing detected ***:
terminated" if map-file generation is enabled with -Map=mapfile.map command
line option.

Example compilation log:

--- LOG start ---
avr-gcc (GCC) 5.4.0
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


Compiling: main.c
avr-gcc -c -mmcu=atmega64 -I. -gstabs -DF_CPU=SYSTEM_CLOCK -Os -Wall -Wstrict-
prototypes -Wa,-adhlns=main.lst -std=gnu99 main.c -o main.o

Linking: atmega64.elf
avr-gcc -mmcu=atmega64 -I. -gstabs -DF_CPU=SYSTEM_CLOCK -Os -Wall -Wstrict-
prototypes -Wa,-adhlns=main.o -std=gnu99 main.o --output atmega64.elf
-Wl,-Map=atmega64.map,--cref -lm
collect2: fatal error: ld terminated with signal 6 [Аварийный останов]
compilation terminated.
*** stack smashing detected ***: terminated
make: *** [makefile:391: atmega64.elf] Ошибка 1
--- LOG end ---

I've found, that stack overflow is in ldmain.c add_archive_element() function
at sprintf() call. Proposed patch is:

Index: binutils-avr-2.26.20160125+Atmel3.6.2/binutils/ld/ldmain.c
===================================================================
--- binutils-avr-2.26.20160125+Atmel3.6.2.orig/binutils/ld/ldmain.c
2020-01-12 11:11:48.000000000 +0300
+++ binutils-avr-2.26.20160125+Atmel3.6.2/binutils/ld/ldmain.c 2022-02-21
17:36:14.889230109 +0300
@@ -846,11 +846,8 @@

if (! header_printed)
{
- char buf[100];
-
- sprintf (buf, _("Archive member included "
- "to satisfy reference by file (symbol)\n\n"));
- minfo ("%s", buf);
+ minfo (_("Archive member included "
+ "to satisfy reference by file (symbol)\n\n"));
header_printed = TRUE;
}


-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-0.bpo.3-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages binutils-avr depends on:
ii libc6 2.31-13+deb11u2
ii zlib1g 1:1.2.11.dfsg-2

binutils-avr recommends no packages.

Versions of packages binutils-avr suggests:
ii binutils 2.35.2-2

001-ldmain-stackoverflow-fix.patch

Max A. Dednev

unread,
Feb 21, 2022, 11:10:05 AM2/21/22
to
Package version (2.26.20160125+Atmel3.6.2-3) patch level was incremented
by me while building patched version.
So, the original package version with bug reported is
2.26.20160125+Atmel3.6.2-2

--
Max A. Dednev

Sergey Vlasov

unread,
Mar 18, 2023, 12:40:05 PM3/18/23
to
Looks like the upstream fix for this issue is
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1273da0414a2f2a31288749a17fe44cbef615ab5
(it also fixes another problematic place with similar code).

Also the bug cannot be reproduced in locales like en_US.UTF-8 and
appears only when some longer translations are used (e.g., in the
ru_RU.UTF-8 locale).

--
Sergey Vlasov
0 new messages