Fix a potential illegal memory access when testing for a special LTO symbol name.

bfd	* linker.c (_bfd_generic_link_add_one_symbol): Test for a NULL
	name before checking to see if the symbol is __gnu_lto_slim.
	* archive.c (_bfd_compute_and_write_armap): Likewise.
binutils
	* nm.c (filter_symbols): Test for a NULL name before checking to
	see if the symbol is __gnu_lto_slim.
	* objcopy.c (filter_symbols): Likewise.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 2a08ff7cfb4b8a3a1a160c48d46d0139091fb5a0..d539dbbf572d58a21addc379a62415c2b84af104 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2021-10-19  Nick Clifton  <nickc@redhat.com>
+
+       * linker.c (_bfd_generic_link_add_one_symbol): Test for a NULL
+       name before checking to see if the symbol is __gnu_lto_slim.
+       * archive.c (_bfd_compute_and_write_armap): Likewise.
+
 2021-09-27  Nick Alcock  <nick.alcock@oracle.com>
 
        * configure: Regenerate.

diff --git a/bfd/archive.c b/bfd/archive.c
index 2ac680ddc176d1223b428dfeee81148a9d3bcfc7..dc173560130288d0e81926c3aa824d06fa27dc31 100644 (file)
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -2357,7 +2357,8 @@ _bfd_compute_and_write_armap (bfd *arch, unsigned int elength)
                          map = new_map;
                        }
 
-                     if (syms[src_count]->name[0] == '_'
+                     if (syms[src_count]->name != NULL
+                         && syms[src_count]->name[0] == '_'
                          && syms[src_count]->name[1] == '_'
                          && strcmp (syms[src_count]->name
                                     + (syms[src_count]->name[2] == '_'),

diff --git a/bfd/linker.c b/bfd/linker.c
index f8257ea11b44be2d35ab57e9dfed547c4404ff3c..3019daea3a50e74b4ae5dcda4e35b10c72b42f30 100644 (file)
--- a/bfd/linker.c
+++ b/bfd/linker.c
@@ -1420,6 +1420,7 @@ _bfd_generic_link_add_one_symbol (struct bfd_link_info *info,
     {
       row = COMMON_ROW;
       if (!bfd_link_relocatable (info)
+         && name != NULL
          && name[0] == '_'
          && name[1] == '_'
          && strcmp (name + (name[2] == '_'), "__gnu_lto_slim") == 0)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 0d5e4a0f2a0360c6d2149e54fce6b99664a0bda3..192de3cda953aef1d4f88693a5bead512ff45dab 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-10-19  Nick Clifton  <nickc@redhat.com>
+
+       * nm.c (filter_symbols): Test for a NULL name before checking to
+       see if the symbol is __gnu_lto_slim.
+       * objcopy.c (filter_symbols): Likewise.
+
 2021-09-30  Nick Clifton  <nickc@redhat.com>
 
        * objcopy.c (filter_symbols): Fail if attempting to dredefine

diff --git a/binutils/nm.c b/binutils/nm.c
index 82ccec6801c5c32d51d9e1645ecbe8b83004b0fb..7606956c92a54e9358557ae5fa9ae6bae566e255 100644 (file)
--- a/binutils/nm.c
+++ b/binutils/nm.c
@@ -544,7 +544,8 @@ filter_symbols (bfd *abfd, bool is_dynamic, void *minisyms,
       if (sym == NULL)
        bfd_fatal (bfd_get_filename (abfd));
 
-      if (sym->name[0] == '_'
+      if (sym->name != NULL
+         && sym->name[0] == '_'
          && sym->name[1] == '_'
          && strcmp (sym->name + (sym->name[2] == '_'), "__gnu_lto_slim") == 0
          && report_plugin_err)

diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 75fd89d338bb96aab1d0d91378c74ba3592246f7..0e7400fe4cb7046fa704f207816616e623de65af 100644 (file)
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -1542,7 +1542,8 @@ filter_symbols (bfd *abfd, bfd *obfd, asymbol **osyms,
        {
          char *new_name;
 
-         if (name[0] == '_'
+         if (name != NULL
+             && name[0] == '_'
              && name[1] == '_'
              && strcmp (name + (name[2] == '_'), "__gnu_lto_slim") == 0)
            {