diff options
| author |   Alan Modra <amodra@gmail.com> | 2021-08-06 20:48:41 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-08-06 23:06:53 +0930 |
| commit | e039f7ed8675ddc9d2aa1e60df49dbc8d2836fc7 (patch) | |
| tree | 98fb52f3477dd3ea916e8a292d40212658ea3a9a | |
| parent | PR28173, nds32_elf_howto_table index out of bounds (diff) | |
| download | binutils-gdb-e039f7ed8675ddc9d2aa1e60df49dbc8d2836fc7.tar.gz binutils-gdb-e039f7ed8675ddc9d2aa1e60df49dbc8d2836fc7.tar.bz2 binutils-gdb-e039f7ed8675ddc9d2aa1e60df49dbc8d2836fc7.zip | |
PR28175, Segment fault in coff-tic30.c reloc_processing
The obj_convert table shouldn't be accessed without first checking the
index against the table size.
PR 28175
* coff-tic30.c (reloc_processing): Sanity check reloc symbol index.
* coff-z80.c (reloc_processing): Likewise.
* coff-z8k.c (reloc_processing): Likewise.
| -rw-r--r-- | bfd/coff-tic30.c | 13 | ||||
| -rw-r--r-- | bfd/coff-z80.c | 13 | ||||
| -rw-r--r-- | bfd/coff-z8k.c | 13 |
3 files changed, 30 insertions, 9 deletions
diff --git a/bfd/coff-tic30.c b/bfd/coff-tic30.c index a3ea69e1a3f..01ca6cb2170 100644 --- a/bfd/coff-tic30.c +++ b/bfd/coff-tic30.c @@ -161,11 +161,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } diff --git a/bfd/coff-z80.c b/bfd/coff-z80.c index c0f1739dfcb..632ac0fb3cd 100644 --- a/bfd/coff-z80.c +++ b/bfd/coff-z80.c @@ -314,11 +314,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } diff --git a/bfd/coff-z8k.c b/bfd/coff-z8k.c index 6cd5d652ade..e4d4d3f1581 100644 --- a/bfd/coff-z8k.c +++ b/bfd/coff-z8k.c @@ -177,11 +177,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } |