bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gas/26542] New: R_MIPS_16 operates on a 32-bit field


From: amodra at gmail dot com
Subject: [Bug gas/26542] New: R_MIPS_16 operates on a 32-bit field
Date: Thu, 27 Aug 2020 01:10:52 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=26542

            Bug ID: 26542
           Summary: R_MIPS_16 operates on a 32-bit field
           Product: binutils
           Version: 2.36 (HEAD)
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: amodra at gmail dot com
  Target Milestone: ---

R_MIPS_16 has size=2 in reloc howto.  This would seem to disagree with the mips
ABI which says the field is 16 bits.  Using the wrong size leads to an asan
error when running the ld testsuite for mipstx39-elf

Executing on host: sh -c {./ld-new -z norelro 
-L/home/alan/src/binutils-gdb/ld/testsuite/ld-mips-elf  -Tdata 0x10000 -e 0 -o
tmpdir/dump tmpdir/reloc-localoverflow.o  2>&1}  /dev/null dump.tmp (timeout =
300)
spawn [open ...]
=================================================================
==12034==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62100001c902 at pc 0x561697b97d27 bp 0x7fffe8f6a220 sp 0x7fffe8f6a210
READ of size 1 at 0x62100001c902 thread T0
    #0 0x561697b97d26 in bfd_getb32
/home/alan/src/binutils-gdb/bfd/libbfd.c:631
    #1 0x561697c12b46 in mips_elf_read_rel_addend
/home/alan/src/binutils-gdb/bfd/elfxx-mips.c:8169

Correcting the size won't affect little-endian mips targets, but it would
affect anyone who is currently using R_MIPS_16 on a big-endian target since
defining the reloc as it is means on big-endian the field is at offset+2.

cat > short.s <<\EOF
 .data
 .short forword
 .short ext
 .short 0
forword:
EOF
gas/as-new -o short.o short.s
ld/ld-new -o short short.o --defsym ext=123 -Tdata=0x1000
binutils/objdump -s short

short:     file format elf32-bigmips

Contents of section .data:
 1000 00001000 007b                        .....{

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]