Fix an indirection via uninitialised memory when parsing a corrupt input file.

	PR 27839
	* simple.c (simple_dummy_add_to_set): New function.
	(simple_dummy_constructor): New function.
	(simple_dummy_multiple_common): New function.
	(bfd_simple_get_relocated_section_contents): Zero out the
	callbacks structure, and then set the add_to_set, constructor and
	multiple_common fields.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 39395faff36d81628070be9cc4b0354464b23c3e..59cba9a22f6f46b80514615ec2c4cb55bb384df5 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,13 @@
+2021-05-10  Nick Clifton  <nickc@redhat.com>
+
+       PR 27839
+       * simple.c (simple_dummy_add_to_set): New function.
+       (simple_dummy_constructor): New function.
+       (simple_dummy_multiple_common): New function.
+       (bfd_simple_get_relocated_section_contents): Zero out the
+       callbacks structure, and then set the add_to_set, constructor and
+       multiple_common fields.
+
 2021-05-10  Dimitar Dimitrov  <dimitar@dinux.eu>
 
        * elf32-pru.c (elf_backend_can_gc_sections): Define as 1.

diff --git a/bfd/simple.c b/bfd/simple.c
index 2e5366d6f318f3d219bb498d8c0c3cff4312115e..3266f5b8b6781cb82f8df017a2b160a292860e41 100644 (file)
--- a/bfd/simple.c
+++ b/bfd/simple.c
@@ -24,6 +24,35 @@
 #include "libbfd.h"
 #include "bfdlink.h"
 
+static void
+simple_dummy_add_to_set (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+                        struct bfd_link_hash_entry *entry ATTRIBUTE_UNUSED,
+                        bfd_reloc_code_real_type reloc ATTRIBUTE_UNUSED,
+                        bfd *abfd ATTRIBUTE_UNUSED,
+                        asection *sec ATTRIBUTE_UNUSED,
+                        bfd_vma value ATTRIBUTE_UNUSED)
+{
+}
+
+static  void
+simple_dummy_constructor (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+                         bool constructor ATTRIBUTE_UNUSED,
+                         const char *name ATTRIBUTE_UNUSED,
+                         bfd *abfd ATTRIBUTE_UNUSED,
+                         asection *sec ATTRIBUTE_UNUSED,
+                         bfd_vma value ATTRIBUTE_UNUSED)
+{
+}
+
+static void
+simple_dummy_multiple_common (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+                             struct bfd_link_hash_entry * entry ATTRIBUTE_UNUSED,
+                             bfd * abfd ATTRIBUTE_UNUSED,
+                             enum bfd_link_hash_type type ATTRIBUTE_UNUSED,
+                             bfd_vma size ATTRIBUTE_UNUSED)
+{
+}
+
 static void
 simple_dummy_warning (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
                      const char *warning ATTRIBUTE_UNUSED,
@@ -208,6 +237,9 @@ bfd_simple_get_relocated_section_contents (bfd *abfd,
   abfd->link.next = NULL;
   link_info.hash = _bfd_generic_link_hash_table_create (abfd);
   link_info.callbacks = &callbacks;
+  /* Make sure that any fields not initialised below do not
+     result in a potential indirection via a random address.  */
+  memset (&callbacks, 0, sizeof callbacks);
   callbacks.warning = simple_dummy_warning;
   callbacks.undefined_symbol = simple_dummy_undefined_symbol;
   callbacks.reloc_overflow = simple_dummy_reloc_overflow;
@@ -215,7 +247,11 @@ bfd_simple_get_relocated_section_contents (bfd *abfd,
   callbacks.unattached_reloc = simple_dummy_unattached_reloc;
   callbacks.multiple_definition = simple_dummy_multiple_definition;
   callbacks.einfo = simple_dummy_einfo;
+  callbacks.multiple_common = simple_dummy_multiple_common;
+  callbacks.constructor = simple_dummy_constructor;
+  callbacks.add_to_set = simple_dummy_add_to_set;
 
+fprintf (stderr, "SIMPLE CALLBACKS %p\n", & callbacks);
   memset (&link_order, 0, sizeof (link_order));
   link_order.next = NULL;
   link_order.type = bfd_indirect_link_order;