PR28162, segment fault in mips_elf_assign_gp

For the testcase in the PR, _bfd_mips_elf32_gprel16_reloc is passed a
NULL output_bfd.  As expected for reloc special functions if called by
objdump or when final linking.  The function attempts to find the
output by
  output_bfd = symbol->section->output_section->owner;
That makes some sense, since when handling a gp-relative reloc we need
the relevant gp to which the symbol is relative.  Possibly the gp
value can be one for a shared library?  But that doesn't seem useful
or supported by the various abi docs and won't work as written.
Symbols defined in shared libraries have section->output_section
NULL, and what's more the code in mips_elf_assign_gp isn't set up to
look at shared library symbols.

Also, if the symbol is a SHN_ABS one the owner of *ABS* section is
NULL, which will result in the testcase segfault.  The only gp to
which an absolute symbol can be relative is the linker output bfd when
linking, or the input bfd when not.  This patch arranges to do that
for all gp-relative reloc symbols.

	* elf32-mips.c (_bfd_mips_elf32_gprel16_reloc): Don't use the
	section symbol to find the output bfd, use input_section.
	(mips_elf_gprel32_reloc, mips16_gprel_reloc): Likewise.
	* elf64-mips.c (mips_elf64_gprel16_reloc): Likewise.
	(mips_elf64_literal_reloc, mips_elf64_gprel32_reloc): Likewise.
	(mips16_gprel_reloc): Likewise.

diff --git a/bfd/elf32-mips.c b/bfd/elf32-mips.c
index 1e645c66787651bdb35a8ac42c5b9d92ff59f3bd..f8467de478b050201992fc359443cdf6ed1dc1a9 100644 (file)
--- a/bfd/elf32-mips.c
+++ b/bfd/elf32-mips.c
@@ -1783,7 +1783,7 @@ _bfd_mips_elf32_gprel16_reloc (bfd *abfd, arelent *reloc_entry,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf_final_gp (output_bfd, symbol, relocatable, error_message,
@@ -1830,7 +1830,7 @@ mips_elf_gprel32_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf_final_gp (output_bfd, symbol, relocatable,
@@ -1949,7 +1949,7 @@ mips16_gprel_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf_final_gp (output_bfd, symbol, relocatable, error_message,

diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c
index 876e4f867c291e309581f16f0b8f0c6b82f630cc..b94adf129534597964410e5b2f2b90df993acfb6 100644 (file)
--- a/bfd/elf64-mips.c
+++ b/bfd/elf64-mips.c
@@ -3483,7 +3483,7 @@ mips_elf64_gprel16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message,
@@ -3523,7 +3523,7 @@ mips_elf64_literal_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message,
@@ -3565,7 +3565,7 @@ mips_elf64_gprel32_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf64_final_gp (output_bfd, symbol, relocatable,
@@ -3654,7 +3654,7 @@ mips16_gprel_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
   else
     {
       relocatable = false;
-      output_bfd = symbol->section->output_section->owner;
+      output_bfd = input_section->output_section->owner;
     }
 
   ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message,