The following program demonstrates this problem: ==============< test1.c >================== #include <stdio.h> void f(void); void g(void); void f(void) { printf("in f()\n"); g(); printf("back in f()\n"); } ==============< test2.c >================== #include <stdio.h> void f(void); void real_g(void) { printf("in real_g()\n"); } int main() { real_g(); f(); } ============== end ================== $ gcc -Os -c test1.c $ gcc -O2 -flto -c test2.c $ gcc -O2 test1.o test2.o -o test -Wl,--defsym,g=real_g $ ./test in real_g() in f() Segmentation fault (core dumped) The segfault is caused because there is no real_g symbol and g has been resolved to NULL. 0000000000401146 <f>: 401146: 50 push %rax 401147: bf 15 20 40 00 mov $0x402015,%edi 40114c: e8 df fe ff ff callq 401030 <puts@plt> 401151: e8 aa ee bf ff callq 0 <g> <---------------- oops! 401156: bf 10 20 40 00 mov $0x402010,%edi 40115b: 5a pop %rdx 40115c: e9 cf fe ff ff jmpq 401030 <puts@plt> 401161: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 401168: 00 00 00 40116b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) Seen on Fedora 32 (gcc 10.1.1, binutils 2.34) and Ubuntu 18.04 (gcc 7.5.0, binutils 2.30)
It is a binutils bug. Please open a binutils bug at https://sourceware.org/bugzilla/enter_bug.cgi
Reported to binutils bugzilla: https://sourceware.org/bugzilla/show_bug.cgi?id=26163