From: Nick Clifton Date: Tue, 7 Sep 2021 10:47:08 +0000 (+0100) Subject: Fix an illegal memory access triggered by an atempt to disassemble a corrupt xtensa... X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=9dc2f26777b07f9e5aa3220f7a680987ef79e75e;p=binutils-gdb.git Fix an illegal memory access triggered by an atempt to disassemble a corrupt xtensa binary. PR 28305 * elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range reloc. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 4e53a1f38dc..499e33634bb 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,9 @@ 2021-09-07 Nick Clifton + PR 28305 + * elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range + reloc. + PR 28303 * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of range relocs. diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c index 7c5fb558bfb..59f3dd55251 100644 --- a/bfd/elf32-xtensa.c +++ b/bfd/elf32-xtensa.c @@ -1968,6 +1968,8 @@ elf_xtensa_do_reloc (reloc_howto_type *howto, return bfd_reloc_dangerous; } + if (input_size <= address) + return bfd_reloc_outofrange; /* Read the instruction into a buffer and decode the opcode. */ xtensa_insnbuf_from_chars (isa, ibuff, contents + address, input_size - address); diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c index f6a153895fa..d92d9b8d817 100644 --- a/bfd/xtensa-isa.c +++ b/bfd/xtensa-isa.c @@ -227,7 +227,6 @@ xtensa_insnbuf_from_chars (xtensa_isa isa, } } - /* ISA information. */