zld crashes while expanding response-files
Closed this issue · 10 comments
This is a weird one and happens to be a bug in ld64 too. In a peculiar case when the arguments align just perfectly getOption fails with an EXC_BAD_ACCESS because the buffer is empty.
// ResponseFiles.cpp
static char* get_option(char** buf)
{
char* p = NULL; // beginning of option
char* q = NULL; // end of option
while (buf && *buf && *(*buf)) {
// ^__________ // Here
char c = *(*buf);
// whitespaceCrash:
0 zld 0x000000010f214362 get_option(char**) + 66 (ResponseFiles.cpp:302)
1 zld 0x000000010f2140a7 expand_at(string_list*, string_list*, int*) + 983 (ResponseFiles.cpp:233)
2 zld 0x000000010f213b72 ExpandResponseFiles(int*, char***) + 178 (ResponseFiles.cpp:89)
3 zld 0x000000010f1c99d5 Options::expandResponseFiles(int&, char const**&) + 53 (Options.cpp:6400)
4 zld 0x000000010f1c9364 Options::Options(int, char const**) + 2868 (Options.cpp:216)
5 zld 0x000000010f1da213 Options::Options(int, char const**) + 35 (Options.cpp:215)
6 zld 0x000000010f21ab55 main + 757 (ld.cpp:1535)
7 libdyld.dylib 0x00007fff205baf5d start + 1
You should be able to reproduce this by using the attached response file
response_crash.txt
Can you still repro this in the newest Xcode's ld64? I thought it was fixed in 12.4 or so
Yes, I can repro this on ld64 shipped in Xcode 12.5.1
I mis-remembered, it's closed with Xcode 13 FB8923072
without digging too deep into this, would this fix it? it seems to fix that particular file at least
- for (char* arg = get_option(&p); arg; arg = get_option(&p)) {
+ for (char* arg = get_option(&p); arg && (p - addr) < sb.st_size; arg = get_option(&p)) {
Agreed. I think your fix should be enough.
@keith: I can still reproduce this in Xcode 13 Beta 3 ld64-609.8. I couldn't find the repro case for https://reviews.llvm.org/D92357. Maybe this one is a different bug?
Could be, do you have a minimal case I can use?
There is a response_crash.txt file attached with the summary.
#91 (comment)
closing, let me know if this issue comes up again