From 23182ac0d832477d316547ec2a758d22b43d0837 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 10 May 2021 14:44:31 +0100 Subject: [PATCH] Fix an indirection via uninitialised memory when parsing a corrupt input file. PR 27839 * simple.c (simple_dummy_add_to_set): New function. (simple_dummy_constructor): New function. (simple_dummy_multiple_common): New function. (bfd_simple_get_relocated_section_contents): Zero out the callbacks structure, and then set the add_to_set, constructor and multiple_common fields. --- bfd/ChangeLog | 10 ++++++++++ bfd/simple.c | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 39395faff36..59cba9a22f6 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,13 @@ +2021-05-10 Nick Clifton + + PR 27839 + * simple.c (simple_dummy_add_to_set): New function. + (simple_dummy_constructor): New function. + (simple_dummy_multiple_common): New function. + (bfd_simple_get_relocated_section_contents): Zero out the + callbacks structure, and then set the add_to_set, constructor and + multiple_common fields. + 2021-05-10 Dimitar Dimitrov * elf32-pru.c (elf_backend_can_gc_sections): Define as 1. diff --git a/bfd/simple.c b/bfd/simple.c index 2e5366d6f31..3266f5b8b67 100644 --- a/bfd/simple.c +++ b/bfd/simple.c @@ -24,6 +24,35 @@ #include "libbfd.h" #include "bfdlink.h" +static void +simple_dummy_add_to_set (struct bfd_link_info * info ATTRIBUTE_UNUSED, + struct bfd_link_hash_entry *entry ATTRIBUTE_UNUSED, + bfd_reloc_code_real_type reloc ATTRIBUTE_UNUSED, + bfd *abfd ATTRIBUTE_UNUSED, + asection *sec ATTRIBUTE_UNUSED, + bfd_vma value ATTRIBUTE_UNUSED) +{ +} + +static void +simple_dummy_constructor (struct bfd_link_info * info ATTRIBUTE_UNUSED, + bool constructor ATTRIBUTE_UNUSED, + const char *name ATTRIBUTE_UNUSED, + bfd *abfd ATTRIBUTE_UNUSED, + asection *sec ATTRIBUTE_UNUSED, + bfd_vma value ATTRIBUTE_UNUSED) +{ +} + +static void +simple_dummy_multiple_common (struct bfd_link_info * info ATTRIBUTE_UNUSED, + struct bfd_link_hash_entry * entry ATTRIBUTE_UNUSED, + bfd * abfd ATTRIBUTE_UNUSED, + enum bfd_link_hash_type type ATTRIBUTE_UNUSED, + bfd_vma size ATTRIBUTE_UNUSED) +{ +} + static void simple_dummy_warning (struct bfd_link_info *link_info ATTRIBUTE_UNUSED, const char *warning ATTRIBUTE_UNUSED, @@ -208,6 +237,9 @@ bfd_simple_get_relocated_section_contents (bfd *abfd, abfd->link.next = NULL; link_info.hash = _bfd_generic_link_hash_table_create (abfd); link_info.callbacks = &callbacks; + /* Make sure that any fields not initialised below do not + result in a potential indirection via a random address. */ + memset (&callbacks, 0, sizeof callbacks); callbacks.warning = simple_dummy_warning; callbacks.undefined_symbol = simple_dummy_undefined_symbol; callbacks.reloc_overflow = simple_dummy_reloc_overflow; @@ -215,7 +247,11 @@ bfd_simple_get_relocated_section_contents (bfd *abfd, callbacks.unattached_reloc = simple_dummy_unattached_reloc; callbacks.multiple_definition = simple_dummy_multiple_definition; callbacks.einfo = simple_dummy_einfo; + callbacks.multiple_common = simple_dummy_multiple_common; + callbacks.constructor = simple_dummy_constructor; + callbacks.add_to_set = simple_dummy_add_to_set; +fprintf (stderr, "SIMPLE CALLBACKS %p\n", & callbacks); memset (&link_order, 0, sizeof (link_order)); link_order.next = NULL; link_order.type = bfd_indirect_link_order; -- 2.30.2