[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/28306] nm-new: null pointer dereference in bfd_getl16
From: |
cvs-commit at gcc dot gnu.org |
Subject: |
[Bug binutils/28306] nm-new: null pointer dereference in bfd_getl16 |
Date: |
Fri, 09 Dec 2022 11:09:15 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=28306
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Alan Modra <amodra@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=73425813c1b6286fd589fcf0ef9335e8240137a9
commit 73425813c1b6286fd589fcf0ef9335e8240137a9
Author: Alan Modra <amodra@gmail.com>
Date: Fri Dec 9 17:58:58 2022 +1030
PR28306, segfault in _bfd_mips_elf_reloc_unshuffle
Access to section data during relocation processing should be bounds
checked, as it is in bfd_perform_relocation. bfd_perform_relocation
does these checks after any special_function is called. So a reloc
special_function needs to do its own bounds checking before accessing
section data. This patch adds many such checks to the mips backend.
Checking mips relocs is not without some difficulty. See the comment
in _bfd_mips_reloc_offset_in_range. In a multitple reloc sequence
applied to the same location, relocs that may appear somewhere other
than the last one of the sequence need to be treated specially since
they apply to the addend for the next relocation rather than the
section contents. If the addend is in the section then it needs to be
checked but not when the addend is in the reloc. check_inplace
handles this situation. _bfd_mips_reloc_offset_in_range with
check_shuffle handles the case where contents are shuffled before
applying the relocation.
PR 28306
* elf32-mips.c (_bfd_mips_elf32_gprel16_reloc): Check reloc
address using _bfd_mips_reloc_offset_in_range.
(gprel32_with_gp, mips16_gprel_reloc): Likewise.
* elf64-mips.c (mips_elf64_gprel32_reloc): Likewise.
(mips16_gprel_reloc): Likewise.
* elfn32-mips.c (mips16_gprel_reloc): Likewise.
(gprel32_with_gp): Check reloc address using
bfd_reloc_offset_in_range.
* elfxx-mips.h (enum reloc_check): Define.
(_bfd_mips_reloc_offset_in_range): Declare.
* elfxx-mips.c (needs_shuffle): New function.
(_bfd_mips_elf_reloc_unshuffle, _bfd_mips_elf_reloc_shuffle): Use
it.
(_bfd_mips_reloc_offset_in_range): New function.
(_bfd_mips_elf_gprel16_with_gp): Move reloc address checks to
partial_inplace handling. Use bfd_reloc_offset_in_range.
(_bfd_mips_elf_lo16_reloc): Check reloc address using
bfd_reloc_offset_in_range.
(_bfd_mips_elf_generic_reloc): Check reloc address using
_bfd_mips_reloc_offset_in_range.
(mips_elf_calculate_relocation): Check reloc address before calling
mips_elf_nullify_got_load.
(_bfd_mips_elf_check_relocs): Likewise.
(mips_elf_read_rel_addend): Add sec param, check reloc address
before reading. Adjust callers.
(mips_elf_add_lo16_rel_addend): Add sec param, adjust callers.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/28306] nm-new: null pointer dereference in bfd_getl16,
cvs-commit at gcc dot gnu.org <=