From: Nick Clifton Date: Tue, 7 Sep 2021 08:44:17 +0000 (+0100) Subject: Fix illegal memory access triggered by an attempt to disassemble a corrupt RISC-V... X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=3f1a2892e1fea343880b276474cb44db3abcaa9a;p=binutils-gdb.git Fix illegal memory access triggered by an attempt to disassemble a corrupt RISC-V binary. PR 28303 * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of range relocs. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6d551303637..4e53a1f38dc 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-09-07 Nick Clifton + + PR 28303 + * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of + range relocs. + 2021-08-10 Nick Clifton * po/sr.po: Updated Serbian translation. diff --git a/bfd/elfxx-riscv.c b/bfd/elfxx-riscv.c index 2b8f60caf32..ddcf872d63c 100644 --- a/bfd/elfxx-riscv.c +++ b/bfd/elfxx-riscv.c @@ -1002,6 +1002,13 @@ riscv_elf_add_sub_reloc (bfd *abfd, relocation = symbol->value + symbol->section->output_section->vma + symbol->section->output_offset + reloc_entry->addend; + + bfd_size_type octets = reloc_entry->address + * bfd_octets_per_byte (abfd, input_section); + if (!bfd_reloc_offset_in_range (reloc_entry->howto, abfd, + input_section, octets)) + return bfd_reloc_outofrange; + bfd_vma old_value = bfd_get (howto->bitsize, abfd, data + reloc_entry->address);