projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a379e75)
PR28175, Segment fault in coff-tic30.c reloc_processing
authorAlan Modra <amodra@gmail.com>
Fri, 6 Aug 2021 11:18:41 +0000 (20:48 +0930)
committerAlan Modra <amodra@gmail.com>
Fri, 6 Aug 2021 13:36:53 +0000 (23:06 +0930)
The obj_convert table shouldn't be accessed without first checking the
index against the table size.

PR 28175
* coff-tic30.c (reloc_processing): Sanity check reloc symbol index.
* coff-z80.c (reloc_processing): Likewise.
* coff-z8k.c (reloc_processing): Likewise.

bfd/coff-tic30.c patch | blob | history
bfd/coff-z80.c patch | blob | history
bfd/coff-z8k.c patch | blob | history

diff --git a/bfd/coff-tic30.c b/bfd/coff-tic30.c
index a3ea69e1a3f819aebb7ed854128deae6a37b3e78..01ca6cb2170bd7bc955d865939a087a184b2f634 100644 (file)
--- a/bfd/coff-tic30.c
+++ b/bfd/coff-tic30.c
@@ -161,11 +161,18 @@ reloc_processing (arelent *relent,
   relent->address = reloc->r_vaddr;
   rtype2howto (relent, reloc);
 
-  if (reloc->r_symndx > 0)
+  if (reloc->r_symndx == -1)
+    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+  else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd))
     relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx];
   else
-    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
-
+    {
+      _bfd_error_handler
+       /* xgettext:c-format */
+       (_("%pB: warning: illegal symbol index %ld in relocs"),
+        abfd, reloc->r_symndx);
+      relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+    }
   relent->addend = reloc->r_offset;
   relent->address -= section->vma;
 }
diff --git a/bfd/coff-z80.c b/bfd/coff-z80.c
index c0f1739dfcb6616f8f2ad4935bae0879558ca985..632ac0fb3cdbda3c33e11aa5bf364b3a25ba96d3 100644 (file)
--- a/bfd/coff-z80.c
+++ b/bfd/coff-z80.c
@@ -314,11 +314,18 @@ reloc_processing (arelent *relent,
   relent->address = reloc->r_vaddr;
   rtype2howto (relent, reloc);
 
-  if (reloc->r_symndx > 0)
+  if (reloc->r_symndx == -1)
+    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+  else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd))
     relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx];
   else
-    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
-
+    {
+      _bfd_error_handler
+       /* xgettext:c-format */
+       (_("%pB: warning: illegal symbol index %ld in relocs"),
+        abfd, reloc->r_symndx);
+      relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+    }
   relent->addend = reloc->r_offset;
   relent->address -= section->vma;
 }
diff --git a/bfd/coff-z8k.c b/bfd/coff-z8k.c
index 6cd5d652adefda6c2cced252f0935ec4ccf3aacb..e4d4d3f15813872334c0522855e8415154caa3fc 100644 (file)
--- a/bfd/coff-z8k.c
+++ b/bfd/coff-z8k.c
@@ -177,11 +177,18 @@ reloc_processing (arelent *relent,
   relent->address = reloc->r_vaddr;
   rtype2howto (relent, reloc);
 
-  if (reloc->r_symndx > 0)
+  if (reloc->r_symndx == -1)
+    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+  else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd))
     relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx];
   else
-    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
-
+    {
+      _bfd_error_handler
+       /* xgettext:c-format */
+       (_("%pB: warning: illegal symbol index %ld in relocs"),
+        abfd, reloc->r_symndx);
+      relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+    }
   relent->addend = reloc->r_offset;
   relent->address -= section->vma;
 }