PR22887, null pointer dereference in aout_32_swap_std_reloc_out

author Alan Modra <amodra@gmail.com>

Wed, 28 Feb 2018 11:39:50 +0000 (22:09 +1030)

committer Alan Modra <amodra@gmail.com>

Wed, 28 Feb 2018 11:50:35 +0000 (22:20 +1030)
author Alan Modra <amodra@gmail.com>
Wed, 28 Feb 2018 11:39:50 +0000 (22:09 +1030)
committer Alan Modra <amodra@gmail.com>
Wed, 28 Feb 2018 11:50:35 +0000 (22:20 +1030)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 76a6499f6a251e629ee326655cec0f0818d82410..42cc700ce7cf367e39a37124bd749ba50e3abe56 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2018-02-28  Alan Modra  <amodra@gmail.com>
+
+       PR 22887
+       * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
  2018-02-28  Nick Clifton  <nickc@redhat.com>
  
         PR 22894
diff --git a/bfd/aoutx.h b/bfd/aoutx.h

index 4cadbfbd2fad64e0417c37bb316e3b63f202b3ae..525e5603ec90c296e086091327aa0c472cf06e41 100644 (file)
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -2289,10 +2289,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abfd,
    if (r_baserel)
      r_extern = 1;
  
-  if (r_extern && r_index > symcount)
+  if (r_extern && r_index >= symcount)
      {
        /* We could arrange to return an error, but it might be useful
-        to see the file even if it is bad.  */
+        to see the file even if it is bad.  FIXME: Of course this
+        means that objdump -r *doesn't* see the actual reloc, and
+        objcopy silently writes a different reloc.  */
        r_extern = 0;
        r_index = N_ABS;
      }
author	Alan Modra <amodra@gmail.com>
	Wed, 28 Feb 2018 11:39:50 +0000 (22:09 +1030)
committer	Alan Modra <amodra@gmail.com>
	Wed, 28 Feb 2018 11:50:35 +0000 (22:20 +1030)
bfd/ChangeLog		patch \| blob \| history
bfd/aoutx.h		patch \| blob \| history