From: Alan Modra <amodra@gmail.com>
Date: Mon, 12 Sep 2022 09:45:01 +0000 (+0930)
Subject: asan: som_set_reloc_info heap buffer overflow
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=acfd5524fa47a96bda305ea79c6b77c201930814;p=binutils-gdb.git

asan: som_set_reloc_info heap buffer overflow

Also a bugfix.  The first time the section was read, the contents
didn't supply an addend.

	* som.c (som_set_reloc_info): Sanity check offset.  Do process
	contents after reading.  Tidy section->contents after freeing.
---

diff --git a/bfd/som.c b/bfd/som.c
index 38c574a97c8..9b0a5513209 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -5251,7 +5251,9 @@ som_set_reloc_info (unsigned char *fixup,
 		      section->contents = contents;
 		      deallocate_contents = 1;
 		    }
-		  else if (rptr->addend == 0)
+		  if (rptr->addend == 0
+		      && offset - var ('L') <= section->size
+		      && section->size - (offset - var ('L')) >= 4)
 		    rptr->addend = bfd_get_32 (section->owner,
 					       (section->contents
 						+ offset - var ('L')));
@@ -5269,7 +5271,10 @@ som_set_reloc_info (unsigned char *fixup,
 	}
     }
   if (deallocate_contents)
-    free (section->contents);
+    {
+      free (section->contents);
+      section->contents = NULL;
+    }
 
   return count;