|
|
01917d |
commit 5860e3f883597cf6b8a937547015394edc1e8784
|
|
|
01917d |
Author: Nick Clifton <nickc@redhat.com>
|
|
|
01917d |
Date: Mon Dec 22 20:59:00 2014 +0000
|
|
|
01917d |
|
|
|
01917d |
More fixes for memory access violations exposed by fuzzed binaries.
|
|
|
01917d |
|
|
|
01917d |
PR binutils/17512
|
|
|
01917d |
* archive.c (do_slurp_bsd_armap): Return if the parsed_size is
|
|
|
01917d |
zero.
|
|
|
01917d |
(bfd_slurp_armap): Zero terminate the name.
|
|
|
01917d |
(bfd_generic_stat_arch_elt): If there is no header, fail.
|
|
|
01917d |
* elf32-arc.c (arc_info_to_howto_rel): Replace BFD_ASSERT with
|
|
|
01917d |
error message.
|
|
|
01917d |
* elf32-avr.c (avr_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-cris.c (cris_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-d10v.c (d10v_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-d30v.c (d30v_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-dlx.c (dlx_rtype_to_howto): Likewise.
|
|
|
01917d |
* elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-fr30.c (fr30_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-frv.c (frv_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-lm32.c (lm32_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-m32c.c (m32c_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-m32r.c (m32r_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-mep.c (mep_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-metag.c (metag_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-moxie.c (moxie_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-msp430.c (msp430_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-mt.c (mt_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-nds32.c (nds32_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-or1k.c (or1k_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-rl78.c (rl78_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-rx.c (rx_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-v850.c (v850_elf_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-visium.c (visium_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf32-xgate.c (xgate_info_to_howto_rel): Likewise.
|
|
|
01917d |
* elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf64-mmix.c (mmix_info_to_howto_rela): Likewise.
|
|
|
01917d |
* elf64-x86-64.c (elf_x86_64_reloc_type_lookup): Likewise.
|
|
|
01917d |
* elfnn-aarch64.c (elfNN_aarch64_bfd_reloc_from_type): Likewise.
|
|
|
01917d |
* elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Add range
|
|
|
01917d |
checking of reloc symbol index.
|
|
|
01917d |
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
|
|
|
01917d |
been provided then set the reloc's symbol to undefined.
|
|
|
01917d |
* reloc.c (bfd_generic_get_relocated_section_contents): Add range
|
|
|
01917d |
checking of the reloc to be applied.
|
|
|
01917d |
* versados.c (process_otr): Add more range checks.
|
|
|
01917d |
(versados_canonicalize_reloc): If the section is unknown, set the
|
|
|
01917d |
symbol to undefined.
|
|
|
01917d |
* vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
|
|
|
01917d |
(alpha_vms_object_p): Likewise.
|
|
|
01917d |
|
|
|
01917d |
### a/bfd/ChangeLog
|
|
|
01917d |
### b/bfd/ChangeLog
|
|
|
01917d |
## -1,3 +1,57 @@
|
|
|
01917d |
+2014-12-22 Nick Clifton <nickc@redhat.com>
|
|
|
01917d |
+
|
|
|
01917d |
+ PR binutils/17512
|
|
|
01917d |
+ * archive.c (do_slurp_bsd_armap): Return if the parsed_size is
|
|
|
01917d |
+ zero.
|
|
|
01917d |
+ (bfd_slurp_armap): Zero terminate the name.
|
|
|
01917d |
+ (bfd_generic_stat_arch_elt): If there is no header, fail.
|
|
|
01917d |
+ * elf32-arc.c (arc_info_to_howto_rel): Replace BFD_ASSERT with
|
|
|
01917d |
+ error message.
|
|
|
01917d |
+ * elf32-avr.c (avr_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-cris.c (cris_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-d10v.c (d10v_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-d30v.c (d30v_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-dlx.c (dlx_rtype_to_howto): Likewise.
|
|
|
01917d |
+ * elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-fr30.c (fr30_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-frv.c (frv_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-lm32.c (lm32_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-m32c.c (m32c_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-m32r.c (m32r_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-mep.c (mep_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-metag.c (metag_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-moxie.c (moxie_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-msp430.c (msp430_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-mt.c (mt_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-nds32.c (nds32_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-or1k.c (or1k_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-rl78.c (rl78_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-rx.c (rx_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-v850.c (v850_elf_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-visium.c (visium_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf32-xgate.c (xgate_info_to_howto_rel): Likewise.
|
|
|
01917d |
+ * elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf64-mmix.c (mmix_info_to_howto_rela): Likewise.
|
|
|
01917d |
+ * elf64-x86-64.c (elf_x86_64_reloc_type_lookup): Likewise.
|
|
|
01917d |
+ * elfnn-aarch64.c (elfNN_aarch64_bfd_reloc_from_type): Likewise.
|
|
|
01917d |
+ * elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Add range
|
|
|
01917d |
+ checking of reloc symbol index.
|
|
|
01917d |
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
|
|
|
01917d |
+ been provided then set the reloc's symbol to undefined.
|
|
|
01917d |
+ * reloc.c (bfd_generic_get_relocated_section_contents): Add range
|
|
|
01917d |
+ checking of the reloc to be applied.
|
|
|
01917d |
+ * versados.c (process_otr): Add more range checks.
|
|
|
01917d |
+ (versados_canonicalize_reloc): If the section is unknown, set the
|
|
|
01917d |
+ symbol to undefined.
|
|
|
01917d |
+ * vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
|
|
|
01917d |
+ (alpha_vms_object_p): Likewise.
|
|
|
01917d |
+
|
|
|
01917d |
2014-12-18 Richard Henderson <rth@redhat.com>
|
|
|
01917d |
|
|
|
01917d |
* elf32-ppc.c (ELF_COMMONPAGESIZE): Set to 64k.
|
|
|
01917d |
--- a/bfd/archive.c
|
|
|
01917d |
+++ b/bfd/archive.c
|
|
|
01917d |
@@ -902,6 +902,9 @@ do_slurp_bsd_armap (bfd *abfd)
|
|
|
01917d |
return FALSE;
|
|
|
01917d |
parsed_size = mapdata->parsed_size;
|
|
|
01917d |
free (mapdata);
|
|
|
01917d |
+ /* PR 17512: file: 883ff754. */
|
|
|
01917d |
+ if (parsed_size == 0)
|
|
|
01917d |
+ return FALSE;
|
|
|
01917d |
|
|
|
01917d |
raw_armap = (bfd_byte *) bfd_zalloc (abfd, parsed_size);
|
|
|
01917d |
if (raw_armap == NULL)
|
|
|
01917d |
@@ -917,7 +920,6 @@ do_slurp_bsd_armap (bfd *abfd)
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
ardata->symdef_count = H_GET_32 (abfd, raw_armap) / BSD_SYMDEF_SIZE;
|
|
|
01917d |
-
|
|
|
01917d |
if (ardata->symdef_count * BSD_SYMDEF_SIZE >
|
|
|
01917d |
parsed_size - BSD_SYMDEF_COUNT_SIZE)
|
|
|
01917d |
{
|
|
|
01917d |
@@ -1138,6 +1140,7 @@ bfd_slurp_armap (bfd *abfd)
|
|
|
01917d |
return FALSE;
|
|
|
01917d |
if (bfd_seek (abfd, -(file_ptr) (sizeof (hdr) + 20), SEEK_CUR) != 0)
|
|
|
01917d |
return FALSE;
|
|
|
01917d |
+ extname[20] = 0;
|
|
|
01917d |
if (CONST_STRNEQ (extname, "__.SYMDEF SORTED")
|
|
|
01917d |
|| CONST_STRNEQ (extname, "__.SYMDEF"))
|
|
|
01917d |
return do_slurp_bsd_armap (abfd);
|
|
|
01917d |
@@ -1971,7 +1974,9 @@ bfd_generic_stat_arch_elt (bfd *abfd, struct stat *buf)
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
hdr = arch_hdr (abfd);
|
|
|
01917d |
-
|
|
|
01917d |
+ /* PR 17512: file: 3d9e9fe9. */
|
|
|
01917d |
+ if (hdr == NULL)
|
|
|
01917d |
+ return -1;
|
|
|
01917d |
#define foo(arelt, stelt, size) \
|
|
|
01917d |
buf->stelt = strtol (hdr->arelt, &aloser, size); \
|
|
|
01917d |
if (aloser == hdr->arelt) \
|
|
|
01917d |
--- a/bfd/elf32-arc.c
|
|
|
01917d |
+++ b/bfd/elf32-arc.c
|
|
|
01917d |
@@ -172,7 +172,11 @@ arc_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_ARC_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_ARC_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid ARC reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_arc_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-avr.c
|
|
|
01917d |
+++ b/bfd/elf32-avr.c
|
|
|
01917d |
@@ -859,7 +859,11 @@ avr_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_AVR_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_AVR_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid AVR reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_avr_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-cr16c.c
|
|
|
01917d |
+++ b/bfd/elf32-cr16c.c
|
|
|
01917d |
@@ -180,7 +180,11 @@ elf_cr16c_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
{
|
|
|
01917d |
unsigned int r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) RINDEX_16C_MAX);
|
|
|
01917d |
+ if (r_type >= RINDEX_16C_MAX)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A; invalid CR16C reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-cris.c
|
|
|
01917d |
+++ b/bfd/elf32-cris.c
|
|
|
01917d |
@@ -461,7 +461,11 @@ cris_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
enum elf_cris_reloc_type r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_CRIS_max);
|
|
|
01917d |
+ if (r_type >= R_CRIS_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid CRIS reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & cris_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-d10v.c
|
|
|
01917d |
+++ b/bfd/elf32-d10v.c
|
|
|
01917d |
@@ -228,7 +228,11 @@ d10v_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_D10V_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_D10V_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid D10V reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_d10v_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-d30v.c
|
|
|
01917d |
+++ b/bfd/elf32-d30v.c
|
|
|
01917d |
@@ -516,7 +516,11 @@ d30v_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_D30V_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_D30V_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid D30V reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_d30v_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
@@ -530,7 +534,11 @@ d30v_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_D30V_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_D30V_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid D30V reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_d30v_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-dlx.c
|
|
|
01917d |
+++ b/bfd/elf32-dlx.c
|
|
|
01917d |
@@ -546,7 +546,11 @@ dlx_rtype_to_howto (unsigned int r_type)
|
|
|
01917d |
case R_DLX_RELOC_16_LO:
|
|
|
01917d |
return & elf_dlx_reloc_16_lo;
|
|
|
01917d |
default:
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_DLX_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_DLX_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("Invalid DLX reloc number: %d"), r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
return & dlx_elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
}
|
|
|
01917d |
--- a/bfd/elf32-epiphany.c
|
|
|
01917d |
+++ b/bfd/elf32-epiphany.c
|
|
|
01917d |
@@ -370,6 +370,11 @@ epiphany_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_EPIPHANY_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid Epiphany reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & epiphany_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-fr30.c
|
|
|
01917d |
+++ b/bfd/elf32-fr30.c
|
|
|
01917d |
@@ -375,7 +375,11 @@ fr30_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_FR30_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_FR30_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid FR30 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & fr30_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-frv.c
|
|
|
01917d |
+++ b/bfd/elf32-frv.c
|
|
|
01917d |
@@ -2557,6 +2557,11 @@ frv_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
break;
|
|
|
01917d |
|
|
|
01917d |
default:
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_FRV_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid FRV reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & elf32_frv_howto_table [r_type];
|
|
|
01917d |
break;
|
|
|
01917d |
}
|
|
|
01917d |
--- a/bfd/elf32-i960.c
|
|
|
01917d |
+++ b/bfd/elf32-i960.c
|
|
|
01917d |
@@ -132,7 +132,13 @@ elf32_i960_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
enum elf_i960_reloc_type type;
|
|
|
01917d |
|
|
|
01917d |
type = (enum elf_i960_reloc_type) ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (type < R_960_max);
|
|
|
01917d |
+
|
|
|
01917d |
+ /* PR 17521: file: 9609b8d6. */
|
|
|
01917d |
+ if (type >= R_960_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A; invalid i960 reloc number: %d"), abfd, type);
|
|
|
01917d |
+ type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
|
|
|
01917d |
cache_ptr->howto = &elf_howto_table[(int) type];
|
|
|
01917d |
}
|
|
|
01917d |
--- a/bfd/elf32-ip2k.c
|
|
|
01917d |
+++ b/bfd/elf32-ip2k.c
|
|
|
01917d |
@@ -1239,6 +1239,11 @@ ip2k_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_IP2K_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid IP2K reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & ip2k_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-iq2000.c
|
|
|
01917d |
+++ b/bfd/elf32-iq2000.c
|
|
|
01917d |
@@ -435,6 +435,11 @@ iq2000_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
break;
|
|
|
01917d |
|
|
|
01917d |
default:
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_IQ2000_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid IQ2000 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & iq2000_elf_howto_table [r_type];
|
|
|
01917d |
break;
|
|
|
01917d |
}
|
|
|
01917d |
--- a/bfd/elf32-lm32.c
|
|
|
01917d |
+++ b/bfd/elf32-lm32.c
|
|
|
01917d |
@@ -588,7 +588,11 @@ lm32_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_LM32_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_LM32_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid LM32 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &lm32_elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-m32c.c
|
|
|
01917d |
+++ b/bfd/elf32-m32c.c
|
|
|
01917d |
@@ -297,7 +297,11 @@ m32c_info_to_howto_rela
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_M32C_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_M32C_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid M32C reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & m32c_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-m32r.c
|
|
|
01917d |
+++ b/bfd/elf32-m32r.c
|
|
|
01917d |
@@ -1280,7 +1280,11 @@ m32r_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (ELF32_R_TYPE(dst->r_info) <= (unsigned int) R_M32R_GNU_VTENTRY);
|
|
|
01917d |
+ if (r_type > (unsigned int) R_M32R_GNU_VTENTRY)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid M32R reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &m32r_elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-m68hc11.c
|
|
|
01917d |
+++ b/bfd/elf32-m68hc11.c
|
|
|
01917d |
@@ -384,7 +384,11 @@ m68hc11_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_M68HC11_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_M68HC11_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid M68HC11 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_m68hc11_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-m68hc12.c
|
|
|
01917d |
+++ b/bfd/elf32-m68hc12.c
|
|
|
01917d |
@@ -504,7 +504,11 @@ m68hc11_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_M68HC11_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_M68HC11_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid M68HC12 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_m68hc11_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-mep.c
|
|
|
01917d |
+++ b/bfd/elf32-mep.c
|
|
|
01917d |
@@ -400,6 +400,11 @@ mep_info_to_howto_rela
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
+ if (r_type >= R_MEP_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid MEP reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & mep_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-metag.c
|
|
|
01917d |
+++ b/bfd/elf32-metag.c
|
|
|
01917d |
@@ -896,7 +896,11 @@ metag_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_METAG_MAX);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_METAG_MAX)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid METAG reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & elf_metag_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-moxie.c
|
|
|
01917d |
+++ b/bfd/elf32-moxie.c
|
|
|
01917d |
@@ -131,7 +131,11 @@ moxie_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_MOXIE_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_MOXIE_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid Moxie reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & moxie_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
#--- a/bfd/elf32-msp430.c
|
|
|
01917d |
#+++ b/bfd/elf32-msp430.c
|
|
|
01917d |
#@@ -617,12 +617,20 @@ msp430_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
#
|
|
|
01917d |
# if (uses_msp430x_relocs (abfd))
|
|
|
01917d |
# {
|
|
|
01917d |
#- BFD_ASSERT (r_type < (unsigned int) R_MSP430x_max);
|
|
|
01917d |
#+ if (r_type >= (unsigned int) R_MSP430x_max)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("%A: invalid MSP430X reloc number: %d"), abfd, r_type);
|
|
|
01917d |
#+ r_type = 0;
|
|
|
01917d |
#+ }
|
|
|
01917d |
# cache_ptr->howto = elf_msp430x_howto_table + r_type;
|
|
|
01917d |
# return;
|
|
|
01917d |
# }
|
|
|
01917d |
#
|
|
|
01917d |
#- BFD_ASSERT (r_type < (unsigned int) R_MSP430_max);
|
|
|
01917d |
#+ if (r_type >= (unsigned int) R_MSP430_max)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("%A: invalid MSP430 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
#+ r_type = 0;
|
|
|
01917d |
#+ }
|
|
|
01917d |
# cache_ptr->howto = &elf_msp430_howto_table[r_type];
|
|
|
01917d |
# }
|
|
|
01917d |
#
|
|
|
01917d |
--- a/bfd/elf32-mt.c
|
|
|
01917d |
+++ b/bfd/elf32-mt.c
|
|
|
01917d |
@@ -236,6 +236,11 @@ mt_info_to_howto_rela
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_MT_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid MT reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = & mt_elf_howto_table [r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
#--- a/bfd/elf32-nds32.c
|
|
|
01917d |
#+++ b/bfd/elf32-nds32.c
|
|
|
01917d |
#@@ -2965,7 +2965,11 @@ nds32_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
01917d |
# enum elf_nds32_reloc_type r_type;
|
|
|
01917d |
#
|
|
|
01917d |
# r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
#- BFD_ASSERT (ELF32_R_TYPE (dst->r_info) <= R_NDS32_GNU_VTENTRY);
|
|
|
01917d |
#+ if (r_type > R_NDS32_GNU_VTENTRY)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("%A: invalid NDS32 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
#+ r_type = 0;
|
|
|
01917d |
#+ }
|
|
|
01917d |
# cache_ptr->howto = bfd_elf32_bfd_reloc_type_table_lookup (r_type);
|
|
|
01917d |
# }
|
|
|
01917d |
#
|
|
|
01917d |
#--- a/bfd/elf32-or1k.c
|
|
|
01917d |
#+++ b/bfd/elf32-or1k.c
|
|
|
01917d |
#@@ -738,7 +738,11 @@ or1k_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
# unsigned int r_type;
|
|
|
01917d |
#
|
|
|
01917d |
# r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
#- BFD_ASSERT (r_type < (unsigned int) R_OR1K_max);
|
|
|
01917d |
#+ if (r_type >= (unsigned int) R_OR1K_max)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("%A: invalid OR1K reloc number: %d"), abfd, r_type);
|
|
|
01917d |
#+ r_type = 0;
|
|
|
01917d |
#+ }
|
|
|
01917d |
# cache_ptr->howto = & or1k_elf_howto_table[r_type];
|
|
|
01917d |
# }
|
|
|
01917d |
#
|
|
|
01917d |
--- a/bfd/elf32-rl78.c
|
|
|
01917d |
+++ b/bfd/elf32-rl78.c
|
|
|
01917d |
@@ -276,7 +276,11 @@ rl78_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_RL78_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_RL78_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid RL78 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = rl78_elf_howto_table + r_type;
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-rx.c
|
|
|
01917d |
+++ b/bfd/elf32-rx.c
|
|
|
01917d |
@@ -307,7 +307,11 @@ rx_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_RX_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_RX_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid RX reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = rx_elf_howto_table + r_type;
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-v850.c
|
|
|
01917d |
+++ b/bfd/elf32-v850.c
|
|
|
01917d |
@@ -1896,7 +1896,11 @@ v850_elf_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_V850_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_V850_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid V850 reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &v850_elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
#--- a/bfd/elf32-visium.c
|
|
|
01917d |
#+++ b/bfd/elf32-visium.c
|
|
|
01917d |
#@@ -501,6 +501,11 @@ visium_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
01917d |
# break;
|
|
|
01917d |
#
|
|
|
01917d |
# default:
|
|
|
01917d |
#+ if (r_type >= (unsigned int) R_VISIUM_max)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("%A: invalid Visium reloc number: %d"), abfd, r_type);
|
|
|
01917d |
#+ r_type = 0;
|
|
|
01917d |
#+ }
|
|
|
01917d |
# cache_ptr->howto = &visium_elf_howto_table[r_type];
|
|
|
01917d |
# break;
|
|
|
01917d |
# }
|
|
|
01917d |
--- a/bfd/elf32-xgate.c
|
|
|
01917d |
+++ b/bfd/elf32-xgate.c
|
|
|
01917d |
@@ -422,7 +422,11 @@ xgate_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT(r_type < (unsigned int) R_XGATE_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_XGATE_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid XGate reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_xgate_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf32-xtensa.c
|
|
|
01917d |
+++ b/bfd/elf32-xtensa.c
|
|
|
01917d |
@@ -479,7 +479,11 @@ elf_xtensa_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
{
|
|
|
01917d |
unsigned int r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
01917d |
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_XTENSA_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_XTENSA_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid XTENSA reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf64-mmix.c
|
|
|
01917d |
+++ b/bfd/elf64-mmix.c
|
|
|
01917d |
@@ -1259,7 +1259,11 @@ mmix_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
01917d |
unsigned int r_type;
|
|
|
01917d |
|
|
|
01917d |
r_type = ELF64_R_TYPE (dst->r_info);
|
|
|
01917d |
- BFD_ASSERT (r_type < (unsigned int) R_MMIX_max);
|
|
|
01917d |
+ if (r_type >= (unsigned int) R_MMIX_max)
|
|
|
01917d |
+ {
|
|
|
01917d |
+ _bfd_error_handler (_("%A: invalid MMIX reloc number: %d"), abfd, r_type);
|
|
|
01917d |
+ r_type = 0;
|
|
|
01917d |
+ }
|
|
|
01917d |
cache_ptr->howto = &elf_mmix_howto_table[r_type];
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
--- a/bfd/elf64-sparc.c
|
|
|
01917d |
+++ b/bfd/elf64-sparc.c
|
|
|
01917d |
@@ -97,7 +97,9 @@ elf64_sparc_slurp_one_reloc_table (bfd *abfd, asection *asect,
|
|
|
01917d |
else
|
|
|
01917d |
relent->address = rela.r_offset - asect->vma;
|
|
|
01917d |
|
|
|
01917d |
- if (ELF64_R_SYM (rela.r_info) == STN_UNDEF)
|
|
|
01917d |
+ if (ELF64_R_SYM (rela.r_info) == STN_UNDEF
|
|
|
01917d |
+ /* PR 17512: file: 996185f8. */
|
|
|
01917d |
+ || ELF64_R_SYM (rela.r_info) > bfd_get_symcount (abfd))
|
|
|
01917d |
relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
|
|
|
01917d |
else
|
|
|
01917d |
{
|
|
|
01917d |
--- a/bfd/elf64-x86-64.c
|
|
|
01917d |
+++ b/bfd/elf64-x86-64.c
|
|
|
01917d |
@@ -302,7 +302,7 @@ elf_x86_64_reloc_type_lookup (bfd *abfd,
|
|
|
01917d |
return elf_x86_64_rtype_to_howto (abfd,
|
|
|
01917d |
x86_64_reloc_map[i].elf_reloc_val);
|
|
|
01917d |
}
|
|
|
01917d |
- return 0;
|
|
|
01917d |
+ return NULL;
|
|
|
01917d |
}
|
|
|
01917d |
|
|
|
01917d |
static reloc_howto_type *
|
|
|
01917d |
#--- a/bfd/elfnn-aarch64.c
|
|
|
01917d |
#+++ b/bfd/elfnn-aarch64.c
|
|
|
01917d |
#@@ -1431,6 +1431,14 @@ elfNN_aarch64_bfd_reloc_from_type (unsigned int r_type)
|
|
|
01917d |
# if (r_type == R_AARCH64_NONE || r_type == R_AARCH64_NULL)
|
|
|
01917d |
# return BFD_RELOC_AARCH64_NONE;
|
|
|
01917d |
#
|
|
|
01917d |
#+ /* PR 17512: file: b371e70a. */
|
|
|
01917d |
#+ if (r_type >= R_AARCH64_end)
|
|
|
01917d |
#+ {
|
|
|
01917d |
#+ _bfd_error_handler (_("Invalid AArch64 reloc number: %d"), r_type);
|
|
|
01917d |
#+ bfd_set_error (bfd_error_bad_value);
|
|
|
01917d |
#+ return BFD_RELOC_AARCH64_NONE;
|
|
|
01917d |
#+ }
|
|
|
01917d |
#+
|
|
|
01917d |
# return BFD_RELOC_AARCH64_RELOC_START + offsets[r_type];
|
|
|
01917d |
# }
|
|
|
01917d |
#
|
|
|
01917d |
#--- a/bfd/mach-o.c
|
|
|
01917d |
#+++ b/bfd/mach-o.c
|
|
|
01917d |
#@@ -1352,6 +1352,8 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
|
|
|
01917d |
# /* PR 17512: file: 8396-1185-0.004. */
|
|
|
01917d |
# if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd))
|
|
|
01917d |
# sym = bfd_und_section_ptr->symbol_ptr_ptr;
|
|
|
01917d |
#+ else if (syms == NULL)
|
|
|
01917d |
#+ sym = bfd_und_section_ptr->symbol_ptr_ptr;
|
|
|
01917d |
# else
|
|
|
01917d |
# /* An external symbol number. */
|
|
|
01917d |
# sym = syms + num;
|
|
|
01917d |
--- a/bfd/reloc.c
|
|
|
01917d |
+++ b/bfd/reloc.c
|
|
|
01917d |
@@ -7623,6 +7623,10 @@ bfd_generic_get_relocated_section_contents (bfd *abfd,
|
|
|
01917d |
(*parent)->howto = &none_howto;
|
|
|
01917d |
r = bfd_reloc_ok;
|
|
|
01917d |
}
|
|
|
01917d |
+ /* PR 17512: file: c146ab8b. */
|
|
|
01917d |
+ else if ((*parent)->address * bfd_octets_per_byte (abfd)
|
|
|
01917d |
+ >= bfd_get_section_size (input_section))
|
|
|
01917d |
+ r = bfd_reloc_outofrange;
|
|
|
01917d |
else
|
|
|
01917d |
r = bfd_perform_relocation (input_bfd,
|
|
|
01917d |
*parent,
|
|
|
01917d |
#--- a/bfd/versados.c
|
|
|
01917d |
#+++ b/bfd/versados.c
|
|
|
01917d |
#@@ -373,10 +373,17 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
|
|
|
01917d |
# | (otr->map[3] << 0);
|
|
|
01917d |
#
|
|
|
01917d |
# struct esdid *esdid = &EDATA (abfd, otr->esdid - 1);
|
|
|
01917d |
#- unsigned char *contents = esdid->contents;
|
|
|
01917d |
#+ unsigned char *contents;
|
|
|
01917d |
# bfd_boolean need_contents = FALSE;
|
|
|
01917d |
#- unsigned int dst_idx = esdid->pc;
|
|
|
01917d |
#-
|
|
|
01917d |
#+ unsigned int dst_idx;
|
|
|
01917d |
#+
|
|
|
01917d |
#+ /* PR 17512: file: ac7da425. */
|
|
|
01917d |
#+ if (otr->esdid == 0)
|
|
|
01917d |
#+ return;
|
|
|
01917d |
#+
|
|
|
01917d |
#+ contents = esdid->contents;
|
|
|
01917d |
#+ dst_idx = esdid->pc;
|
|
|
01917d |
#+
|
|
|
01917d |
# for (shift = ((unsigned long) 1 << 31); shift && srcp < endp; shift >>= 1)
|
|
|
01917d |
# {
|
|
|
01917d |
# if (bits & shift)
|
|
|
01917d |
#@@ -399,7 +406,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
|
|
|
01917d |
#
|
|
|
01917d |
# if (pass == 1)
|
|
|
01917d |
# need_contents = TRUE;
|
|
|
01917d |
#- else if (contents)
|
|
|
01917d |
#+ else if (contents && dst_idx < esdid->section->size - sizeinwords * 2)
|
|
|
01917d |
# for (j = 0; j < sizeinwords * 2; j++)
|
|
|
01917d |
# {
|
|
|
01917d |
# contents[dst_idx + (sizeinwords * 2) - j - 1] = val;
|
|
|
01917d |
#@@ -421,10 +428,13 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
|
|
|
01917d |
# }
|
|
|
01917d |
# else
|
|
|
01917d |
# {
|
|
|
01917d |
#- arelent *n =
|
|
|
01917d |
#- EDATA (abfd, otr->esdid - 1).section->relocation + rn;
|
|
|
01917d |
#- n->address = dst_idx;
|
|
|
01917d |
#+ arelent *n;
|
|
|
01917d |
#
|
|
|
01917d |
#+ /* PR 17512: file: 54f733e0. */
|
|
|
01917d |
#+ if (EDATA (abfd, otr->esdid - 1).section == NULL)
|
|
|
01917d |
#+ continue;
|
|
|
01917d |
#+ n = EDATA (abfd, otr->esdid - 1).section->relocation + rn;
|
|
|
01917d |
#+ n->address = dst_idx;
|
|
|
01917d |
# n->sym_ptr_ptr = (asymbol **) (size_t) id;
|
|
|
01917d |
# n->addend = 0;
|
|
|
01917d |
# n->howto = versados_howto_table + ((j & 1) * 2) + (sizeinwords - 1);
|
|
|
01917d |
#@@ -798,7 +808,11 @@ versados_canonicalize_reloc (bfd *abfd,
|
|
|
01917d |
# /* Section relative thing. */
|
|
|
01917d |
# struct esdid *e = &EDATA (abfd, esdid - 1);
|
|
|
01917d |
#
|
|
|
01917d |
#- src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr;
|
|
|
01917d |
#+ /* PR 17512: file:cd92277c. */
|
|
|
01917d |
#+ if (e->section)
|
|
|
01917d |
#+ src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr;
|
|
|
01917d |
#+ else
|
|
|
01917d |
#+ src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr;
|
|
|
01917d |
# }
|
|
|
01917d |
# /* PR 17512: file:3757-2936-0.004. */
|
|
|
01917d |
# else if ((unsigned) (esdid - ES_BASE) >= bfd_get_symcount (abfd))
|
|
|
01917d |
--- a/bfd/vms-alpha.c
|
|
|
01917d |
+++ b/bfd/vms-alpha.c
|
|
|
01917d |
@@ -521,9 +521,11 @@ _bfd_vms_slurp_eisd (bfd *abfd, unsigned int offset)
|
|
|
01917d |
asection *section;
|
|
|
01917d |
flagword bfd_flags;
|
|
|
01917d |
|
|
|
01917d |
+ /* PR 17512: file: 3d9e9fe9. */
|
|
|
01917d |
+ if (offset >= PRIV (recrd.rec_size))
|
|
|
01917d |
+ return FALSE;
|
|
|
01917d |
eisd = (struct vms_eisd *)(PRIV (recrd.rec) + offset);
|
|
|
01917d |
rec_size = bfd_getl32 (eisd->eisdsize);
|
|
|
01917d |
-
|
|
|
01917d |
if (rec_size == 0)
|
|
|
01917d |
break;
|
|
|
01917d |
|
|
|
01917d |
@@ -2527,6 +2529,9 @@ alpha_vms_object_p (bfd *abfd)
|
|
|
01917d |
/* Reset the record pointer. */
|
|
|
01917d |
PRIV (recrd.rec) = buf;
|
|
|
01917d |
|
|
|
01917d |
+ /* PR 17512: file: 7d7c57c2. */
|
|
|
01917d |
+ if (PRIV (recrd.rec_size) < sizeof (struct vms_eihd))
|
|
|
01917d |
+ goto error_ret;
|
|
|
01917d |
vms_debug2 ((2, "file type is image\n"));
|
|
|
01917d |
|
|
|
01917d |
if (_bfd_vms_slurp_eihd (abfd, &eisd_offset, &eihs_offset) != TRUE)
|