|
|
2c2fa1 |
commit cd21f5daad4335b50366b838664ade64bec29957
|
|
|
2c2fa1 |
Author: Nick Clifton <nickc@redhat.com>
|
|
|
2c2fa1 |
Date: Thu Jan 15 16:22:55 2015 +0000
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
Fix memory access violations triggered by running objdump on fuzzed binaries.
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
PR binutils/17512
|
|
|
2c2fa1 |
* elf-m10300.c (mn10300_info_to_howto): Replace assertion with an
|
|
|
2c2fa1 |
error message. Never return an invalid howto pointer.
|
|
|
2c2fa1 |
* elf32-cr16.c (cr16_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-crx.c (elf_crx_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-i370.c (i370_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-mips.c (mips_elf32_rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-pj.c (pj_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-spu.c (spu_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-v850.c (v850_elf_info_to_howto_rela): Likewise.
|
|
|
2c2fa1 |
* elf32-vax.c (rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf64-mips.c (mips_elf64_rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
* elfn32-mips.c (sh_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
* elf32-sh.c (sh_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
(sh_elf_reloc): Check that the reloc is in range.
|
|
|
2c2fa1 |
* reloc.c (bfd_perform_relocation): Check that the section is big
|
|
|
2c2fa1 |
enough for the entire reloc.
|
|
|
2c2fa1 |
(bfd_generic_get_relocated_section_contents): Report unexpected
|
|
|
2c2fa1 |
return values from perform_reloc.
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
### a/bfd/ChangeLog
|
|
|
2c2fa1 |
### b/bfd/ChangeLog
|
|
|
2c2fa1 |
## -1,5 +1,31 @@
|
|
|
2c2fa1 |
2015-01-15 Nick Clifton <nickc@redhat.com>
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
+ PR binutils/17512
|
|
|
2c2fa1 |
+ * elf-m10300.c (mn10300_info_to_howto): Replace assertion with an
|
|
|
2c2fa1 |
+ error message. Never return an invalid howto pointer.
|
|
|
2c2fa1 |
+ * elf32-cr16.c (cr16_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-crx.c (elf_crx_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-i370.c (i370_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-mips.c (mips_elf32_rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-pj.c (pj_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-spu.c (spu_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-v850.c (v850_elf_info_to_howto_rela): Likewise.
|
|
|
2c2fa1 |
+ * elf32-vax.c (rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf64-mips.c (mips_elf64_rtype_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elfn32-mips.c (sh_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ * elf32-sh.c (sh_elf_info_to_howto): Likewise.
|
|
|
2c2fa1 |
+ (sh_elf_reloc): Check that the reloc is in range.
|
|
|
2c2fa1 |
+ * reloc.c (bfd_perform_relocation): Check that the section is big
|
|
|
2c2fa1 |
+ enough for the entire reloc.
|
|
|
2c2fa1 |
+ (bfd_generic_get_relocated_section_contents): Report unexpected
|
|
|
2c2fa1 |
+ return values from perform_reloc.
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
+2015-01-15 Nick Clifton <nickc@redhat.com>
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
* elf32-msp430.c (msp430_elf_relax_section): Skip unhandled
|
|
|
2c2fa1 |
relocs. Include PC-relative adjustment for R_MSP430X_ABS16
|
|
|
2c2fa1 |
relaxation.
|
|
|
2c2fa1 |
--- a/bfd/elf-m10300.c
|
|
|
2c2fa1 |
+++ b/bfd/elf-m10300.c
|
|
|
2c2fa1 |
@@ -806,7 +806,13 @@ mn10300_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
unsigned int r_type;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_MN10300_MAX);
|
|
|
2c2fa1 |
+ if (r_type >= R_MN10300_MAX)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised MN10300 reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MN10300_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = elf_mn10300_howto_table + r_type;
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf32-cr16.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-cr16.c
|
|
|
2c2fa1 |
@@ -673,7 +673,13 @@ elf_cr16_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
unsigned int r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_CR16_MAX);
|
|
|
2c2fa1 |
+ if (r_type >= R_CR16_MAX)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised CR16 reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_CR16_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = cr16_elf_howto_table + r_type;
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf32-crx.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-crx.c
|
|
|
2c2fa1 |
@@ -423,7 +423,13 @@ elf_crx_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
unsigned int r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_CRX_MAX);
|
|
|
2c2fa1 |
+ if (r_type >= R_CRX_MAX)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised CRX reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_CRX_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = &crx_elf_howto_table[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf32-i370.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-i370.c
|
|
|
2c2fa1 |
@@ -294,12 +294,21 @@ i370_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
arelent *cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
+ unsigned int r_type;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
if (!i370_elf_howto_table[ R_I370_ADDR31 ])
|
|
|
2c2fa1 |
/* Initialize howto table. */
|
|
|
2c2fa1 |
i370_elf_howto_init ();
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (ELF32_R_TYPE (dst->r_info) < (unsigned int) R_I370_max);
|
|
|
2c2fa1 |
- cache_ptr->howto = i370_elf_howto_table[ELF32_R_TYPE (dst->r_info)];
|
|
|
2c2fa1 |
+ r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
+ if (r_type >= R_I370_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised I370 reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_I370_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
+ cache_ptr->howto = i370_elf_howto_table[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
/* Hack alert -- the following several routines look generic to me ...
|
|
|
2c2fa1 |
--- a/bfd/elf32-mcore.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-mcore.c
|
|
|
2c2fa1 |
@@ -340,13 +340,22 @@ mcore_elf_info_to_howto (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
arelent * cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela * dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
+ unsigned int r_type;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
if (! mcore_elf_howto_table [R_MCORE_PCRELIMM8BY4])
|
|
|
2c2fa1 |
/* Initialize howto table if needed. */
|
|
|
2c2fa1 |
mcore_elf_howto_init ();
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (ELF32_R_TYPE (dst->r_info) < (unsigned int) R_MCORE_max);
|
|
|
2c2fa1 |
+ r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
+ if (r_type >= R_MCORE_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised MCore reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MCORE_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- cache_ptr->howto = mcore_elf_howto_table [ELF32_R_TYPE (dst->r_info)];
|
|
|
2c2fa1 |
+ cache_ptr->howto = mcore_elf_howto_table [r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
/* The RELOCATE_SECTION function is called by the ELF backend linker
|
|
|
2c2fa1 |
--- a/bfd/elf32-microblaze.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-microblaze.c
|
|
|
2c2fa1 |
@@ -643,13 +643,22 @@ microblaze_elf_info_to_howto (bfd * abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
arelent * cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela * dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
+ unsigned int r_type;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
if (!microblaze_elf_howto_table [R_MICROBLAZE_32])
|
|
|
2c2fa1 |
/* Initialize howto table if needed. */
|
|
|
2c2fa1 |
microblaze_elf_howto_init ();
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (ELF32_R_TYPE (dst->r_info) < (unsigned int) R_MICROBLAZE_max);
|
|
|
2c2fa1 |
+ r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
+ if (r_type >= R_MICROBLAZE_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised MicroBlaze reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MICROBLAZE_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- cache_ptr->howto = microblaze_elf_howto_table [ELF32_R_TYPE (dst->r_info)];
|
|
|
2c2fa1 |
+ cache_ptr->howto = microblaze_elf_howto_table [r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
/* Microblaze ELF local labels start with 'L.' or '$L', not '.L'. */
|
|
|
2c2fa1 |
--- a/bfd/elf32-mips.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-mips.c
|
|
|
2c2fa1 |
@@ -2204,7 +2204,12 @@ mips_elf32_rtype_to_howto (unsigned int r_type,
|
|
|
2c2fa1 |
return &elf_micromips_howto_table_rel[r_type - R_MICROMIPS_min];
|
|
|
2c2fa1 |
if (r_type >= R_MIPS16_min && r_type < R_MIPS16_max)
|
|
|
2c2fa1 |
return &elf_mips16_howto_table_rel[r_type - R_MIPS16_min];
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_MIPS_max);
|
|
|
2c2fa1 |
+ if (r_type >= (unsigned int) R_MIPS_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("Unrecognised MIPS reloc number: %d"), r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MIPS_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
return &elf_mips_howto_table_rel[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
--- a/bfd/elf32-pj.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-pj.c
|
|
|
2c2fa1 |
@@ -319,7 +319,13 @@ pj_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
r = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (r < (unsigned int) R_PJ_max);
|
|
|
2c2fa1 |
+ if (r >= R_PJ_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised PicoJava reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r = R_PJ_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
cache_ptr->howto = &pj_elf_howto_table[r];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
--- a/bfd/elf32-ppc.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-ppc.c
|
|
|
2c2fa1 |
@@ -2019,19 +2019,28 @@ ppc_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
arelent *cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
+ unsigned int r_type;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
/* Initialize howto table if not already done. */
|
|
|
2c2fa1 |
if (!ppc_elf_howto_table[R_PPC_ADDR32])
|
|
|
2c2fa1 |
ppc_elf_howto_init ();
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (ELF32_R_TYPE (dst->r_info) < (unsigned int) R_PPC_max);
|
|
|
2c2fa1 |
- cache_ptr->howto = ppc_elf_howto_table[ELF32_R_TYPE (dst->r_info)];
|
|
|
2c2fa1 |
+ r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
+ if (r_type >= R_PPC_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised PPC reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_PPC_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
+ cache_ptr->howto = ppc_elf_howto_table[r_type];
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
/* Just because the above assert didn't trigger doesn't mean that
|
|
|
2c2fa1 |
ELF32_R_TYPE (dst->r_info) is necessarily a valid relocation. */
|
|
|
2c2fa1 |
if (!cache_ptr->howto)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
(*_bfd_error_handler) (_("%B: invalid relocation type %d"),
|
|
|
2c2fa1 |
- abfd, ELF32_R_TYPE (dst->r_info));
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
cache_ptr->howto = ppc_elf_howto_table[R_PPC_NONE];
|
|
|
2c2fa1 |
--- a/bfd/elf32-sh.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-sh.c
|
|
|
2c2fa1 |
@@ -255,6 +255,13 @@ sh_elf_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol_in,
|
|
|
2c2fa1 |
&& bfd_is_und_section (symbol_in->section))
|
|
|
2c2fa1 |
return bfd_reloc_undefined;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
+ /* PR 17512: file: 9891ca98. */
|
|
|
2c2fa1 |
+ if (addr > bfd_get_section_limit (abfd, input_section)
|
|
|
2c2fa1 |
+ - bfd_get_reloc_size (reloc_entry->howto)
|
|
|
2c2fa1 |
+ || bfd_get_reloc_size (reloc_entry->howto)
|
|
|
2c2fa1 |
+ > bfd_get_section_limit (abfd, input_section))
|
|
|
2c2fa1 |
+ return bfd_reloc_outofrange;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
if (bfd_is_com_section (symbol_in->section))
|
|
|
2c2fa1 |
sym_value = 0;
|
|
|
2c2fa1 |
else
|
|
|
2c2fa1 |
@@ -474,13 +481,19 @@ sh_elf_info_to_howto (bfd *abfd, arelent *cache_ptr, Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
r = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
- BFD_ASSERT (r < (unsigned int) R_SH_max);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC || r > R_SH_LAST_INVALID_RELOC);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC_2 || r > R_SH_LAST_INVALID_RELOC_2);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC_3 || r > R_SH_LAST_INVALID_RELOC_3);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC_4 || r > R_SH_LAST_INVALID_RELOC_4);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC_5 || r > R_SH_LAST_INVALID_RELOC_5);
|
|
|
2c2fa1 |
- BFD_ASSERT (r < R_SH_FIRST_INVALID_RELOC_6 || r > R_SH_LAST_INVALID_RELOC_6);
|
|
|
2c2fa1 |
+ if (r >= R_SH_max
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC && r <= R_SH_LAST_INVALID_RELOC)
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC_2 && r <= R_SH_LAST_INVALID_RELOC_2)
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC_3 && r <= R_SH_LAST_INVALID_RELOC_3)
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC_4 && r <= R_SH_LAST_INVALID_RELOC_4)
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC_5 && r <= R_SH_LAST_INVALID_RELOC_5)
|
|
|
2c2fa1 |
+ || (r >= R_SH_FIRST_INVALID_RELOC_6 && r <= R_SH_LAST_INVALID_RELOC_6))
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised SH reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r = R_SH_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
cache_ptr->howto = get_howto_table (abfd) + r;
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
--- a/bfd/elf32-spu.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-spu.c
|
|
|
2c2fa1 |
@@ -151,7 +151,14 @@ spu_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
enum elf_spu_reloc_type r_type;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
r_type = (enum elf_spu_reloc_type) ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < R_SPU_max);
|
|
|
2c2fa1 |
+ /* PR 17512: file: 90c2a92e. */
|
|
|
2c2fa1 |
+ if (r_type >= R_SPU_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised SPU reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_SPU_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = &elf_howto_table[(int) r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf32-v850.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-v850.c
|
|
|
2c2fa1 |
@@ -1914,7 +1914,11 @@ v850_elf_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED,
|
|
|
2c2fa1 |
unsigned int r_type;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_V850_max);
|
|
|
2c2fa1 |
+ if (r_type >= (unsigned int) R_V850_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ _bfd_error_handler (_("%A: invalid V850 reloc number: %d"), abfd, r_type);
|
|
|
2c2fa1 |
+ r_type = 0;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = &v850_elf_howto_table[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf32-vax.c
|
|
|
2c2fa1 |
+++ b/bfd/elf32-vax.c
|
|
|
2c2fa1 |
@@ -283,8 +283,17 @@ static void
|
|
|
2c2fa1 |
rtype_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
- BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_VAX_max);
|
|
|
2c2fa1 |
- cache_ptr->howto = &howto_table[ELF32_R_TYPE(dst->r_info)];
|
|
|
2c2fa1 |
+ unsigned int r_type;
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
+ r_type = ELF32_R_TYPE (dst->r_info);
|
|
|
2c2fa1 |
+ if (r_type >= R_VAX_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised VAX reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_VAX_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
+ cache_ptr->howto = &howto_table[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
#define elf_info_to_howto rtype_to_howto
|
|
|
2c2fa1 |
--- a/bfd/elf64-alpha.c
|
|
|
2c2fa1 |
+++ b/bfd/elf64-alpha.c
|
|
|
2c2fa1 |
@@ -1105,7 +1105,14 @@ elf64_alpha_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
|
|
|
2c2fa1 |
Elf_Internal_Rela *dst)
|
|
|
2c2fa1 |
{
|
|
|
2c2fa1 |
unsigned r_type = ELF64_R_TYPE(dst->r_info);
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_ALPHA_max);
|
|
|
2c2fa1 |
+
|
|
|
2c2fa1 |
+ if (r_type >= R_ALPHA_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("%A: unrecognised Alpha reloc number: %d"),
|
|
|
2c2fa1 |
+ abfd, r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_ALPHA_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
cache_ptr->howto = &elf64_alpha_howto_table[r_type];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
--- a/bfd/elf64-mips.c
|
|
|
2c2fa1 |
+++ b/bfd/elf64-mips.c
|
|
|
2c2fa1 |
@@ -3585,7 +3585,12 @@ mips_elf64_rtype_to_howto (unsigned int r_type, bfd_boolean rela_p)
|
|
|
2c2fa1 |
else
|
|
|
2c2fa1 |
return &mips16_elf64_howto_table_rel[r_type - R_MIPS16_min];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_MIPS_max);
|
|
|
2c2fa1 |
+ if (r_type >= R_MIPS_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("unrecognised MIPS reloc number: %d"), r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MIPS_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
if (rela_p)
|
|
|
2c2fa1 |
return &mips_elf64_howto_table_rela[r_type];
|
|
|
2c2fa1 |
else
|
|
|
2c2fa1 |
--- a/bfd/elfn32-mips.c
|
|
|
2c2fa1 |
+++ b/bfd/elfn32-mips.c
|
|
|
2c2fa1 |
@@ -3403,7 +3403,12 @@ mips_elf_n32_rtype_to_howto (unsigned int r_type, bfd_boolean rela_p)
|
|
|
2c2fa1 |
else
|
|
|
2c2fa1 |
return &elf_mips16_howto_table_rel[r_type - R_MIPS16_min];
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
- BFD_ASSERT (r_type < (unsigned int) R_MIPS_max);
|
|
|
2c2fa1 |
+ if (r_type >= R_MIPS_max)
|
|
|
2c2fa1 |
+ {
|
|
|
2c2fa1 |
+ (*_bfd_error_handler) (_("unrecognised MIPS reloc number: %d"), r_type);
|
|
|
2c2fa1 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
2c2fa1 |
+ r_type = R_MIPS_NONE;
|
|
|
2c2fa1 |
+ }
|
|
|
2c2fa1 |
if (rela_p)
|
|
|
2c2fa1 |
return &elf_mips_howto_table_rela[r_type];
|
|
|
2c2fa1 |
else
|
|
|
2c2fa1 |
--- a/bfd/reloc.c
|
|
|
2c2fa1 |
+++ b/bfd/reloc.c
|
|
|
2c2fa1 |
@@ -623,7 +623,10 @@ bfd_perform_relocation (bfd *abfd,
|
|
|
2c2fa1 |
/* PR 17512: file: c146ab8b.
|
|
|
2c2fa1 |
PR 17512: file: 46dff27f.
|
|
|
2c2fa1 |
Include the size of the reloc in the test for out of range addresses. */
|
|
|
2c2fa1 |
- - bfd_get_reloc_size (howto))
|
|
|
2c2fa1 |
+ - bfd_get_reloc_size (howto)
|
|
|
2c2fa1 |
+ /* PR 17512: file: 38e53ebf
|
|
|
2c2fa1 |
+ Add make sure that there is enough room for the relocation to be applied. */
|
|
|
2c2fa1 |
+ || bfd_get_reloc_size (howto) > bfd_get_section_limit (abfd, input_section))
|
|
|
2c2fa1 |
return bfd_reloc_outofrange;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
/* Work out which section the relocation is targeted at and the
|
|
|
2c2fa1 |
@@ -7691,7 +7694,11 @@ bfd_generic_get_relocated_section_contents (bfd *abfd,
|
|
|
2c2fa1 |
goto error_return;
|
|
|
2c2fa1 |
|
|
|
2c2fa1 |
default:
|
|
|
2c2fa1 |
- abort ();
|
|
|
2c2fa1 |
+ /* PR 17512; file: 90c2a92e.
|
|
|
2c2fa1 |
+ Report unexpected results, without aborting. */
|
|
|
2c2fa1 |
+ link_info->callbacks->einfo
|
|
|
2c2fa1 |
+ (_("%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"),
|
|
|
2c2fa1 |
+ abfd, input_section, * parent, r);
|
|
|
2c2fa1 |
break;
|
|
|
2c2fa1 |
}
|
|
|
2c2fa1 |
|