PR28163, Segment fault in function rl78_special_reloc
Relocation offset checks were completely missing in the rl78 backend,
allowing a relocation to write over memory anywhere. This was true
for rl78_special_reloc, a function primarily used when applying debug
relocations, and in rl78_elf_relocate_section used by the linker.
This patch fixes those problems by correcting inaccuracies in the
relocation howtos, then uses those howtos to sanity check relocation
offsets before applying relocations. In addition, the patch
implements overflow checking using the howto information rather than
the ad-hoc scheme implemented in relocate_section. I implemented the
overflow checking in rl78_special_reloc too.
* elf32-rl78.c (RL78REL, RL78_OP_REL): Add mask parameter.
(rl78_elf_howto_table): Set destination masks. Correct size and
bitsize of DIR32_REV. Correct complain_on_overflow for many relocs
as per tests in relocate_section. Add RH_SFR. Correct bitsize
for RH_SADDR. Set size to 3 and bitsize to 0 for all OP relocs.
(check_overflow): New function.
(rl78_special_reloc): Check that reloc address is within section.
Apply relocations using reloc howto. Check for overflow.
(RANGE): Delete.
(rl78_elf_relocate_section): Sanity check r_offset. Perform
overflow checking using reloc howto.
projects / binutils-gdb.git / commit