[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug gold/14097] Gold doesn't check R_X86_64_RELATIVE64 addend overflow
|
From: |
hjl.tools at gmail dot com |
|
Subject: |
[Bug gold/14097] Gold doesn't check R_X86_64_RELATIVE64 addend overflow |
|
Date: |
Fri, 11 May 2012 12:04:09 +0000 |
http://sourceware.org/bugzilla/show_bug.cgi?id=14097
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> 2012-05-11 12:04:09
UTC ---
Addend overflow can be seen in
template<bool dynamic, int size, bool big_endian>
void
Output_reloc<elfcpp::SHT_RELA, dynamic, size, big_endian>::write(
unsigned char* pov) const
{
elfcpp::Rela_write<size, big_endian> orel(pov);
this->rel_.write_rel(&orel);
Addend addend = this->addend_;
if (this->rel_.is_target_specific())
addend = parameters->target().reloc_addend(this->rel_.target_arg(),
this->rel_.type(), addend);
else if (this->rel_.is_symbolless())
addend = this->rel_.symbol_value(addend);
else if (this->rel_.is_local_section_symbol())
addend = this->rel_.local_section_offset(addend);
orel.put_r_addend(addend);
}
1213 else if (this->rel_.is_symbolless())
(gdb)
1214 addend = this->rel_.symbol_value(addend);
(gdb)
1217 orel.put_r_addend(addend);
(gdb) p/x addend
$15 = 0x8000013f
(gdb) p/x this->addend_
$16 = 0x7fffffff
(gdb)
Its sign changed. This is OK for any other ELF32 relocations.
But R_X86_64_RELATIVE64 is an ELF32 relocation applied to a 64-bit
field. Its addend can't change sign.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.