Fix illegal memory access triggered by an attempt to disassemble a corrupt RISC-V...

author Nick Clifton <nickc@redhat.com>

Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)

committer Nick Clifton <nickc@redhat.com>

Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)
author Nick Clifton <nickc@redhat.com>
Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)
committer Nick Clifton <nickc@redhat.com>
Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 6d551303637cc37851343a47eaa3093eeac43d90..4e53a1f38dcb47637da4468254e852c0a5ff4d14 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2021-09-07  Nick Clifton  <nickc@redhat.com>
+
+       PR 28303
+       * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of
+       range relocs.
+
  2021-08-10  Nick Clifton  <nickc@redhat.com>
  
         * po/sr.po: Updated Serbian translation.
diff --git a/bfd/elfxx-riscv.c b/bfd/elfxx-riscv.c

index 2b8f60caf3286476ea698468e1230dd07836e412..ddcf872d63c3315301b8be819d78b257362afdfd 100644 (file)
--- a/bfd/elfxx-riscv.c
+++ b/bfd/elfxx-riscv.c
@@ -1002,6 +1002,13 @@ riscv_elf_add_sub_reloc (bfd *abfd,
  
    relocation = symbol->value + symbol->section->output_section->vma
      + symbol->section->output_offset + reloc_entry->addend;
+
+  bfd_size_type octets = reloc_entry->address
+    * bfd_octets_per_byte (abfd, input_section);
+  if (!bfd_reloc_offset_in_range (reloc_entry->howto, abfd,
+                                 input_section, octets))
+    return bfd_reloc_outofrange;
+
    bfd_vma old_value = bfd_get (howto->bitsize, abfd,
                                data + reloc_entry->address);
author	Nick Clifton <nickc@redhat.com>
	Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 7 Sep 2021 08:44:17 +0000 (09:44 +0100)
bfd/ChangeLog		patch \| blob \| history
bfd/elfxx-riscv.c		patch \| blob \| history