From 37c0b6ee65941d54fa8064c21b39f97fdc318156 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 29 Aug 2017 10:40:03 -0700 Subject: [PATCH] x86: Check valid PLT sections before checking dynamic relocations Update x86 get_synthetic_symtab to check valid PLT sections before checking dynamic relocations and free invalid PLT section contents. * elf32-i386.c (elf_i386_get_synthetic_symtab): Check valid PLT sections before checking dynamic relocations and free invalid PLT section contents. * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. --- bfd/ChangeLog | 7 +++++++ bfd/elf32-i386.c | 25 ++++++++++++++----------- bfd/elf64-x86-64.c | 25 ++++++++++++++----------- 3 files changed, 35 insertions(+), 22 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 351fe834cba..21b01b7f398 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2017-08-29 H.J. Lu + + * elf32-i386.c (elf_i386_get_synthetic_symtab): Check valid PLT + sections before checking dynamic relocations and free invalid + PLT section contents. + * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. + 2017-08-28 H.J. Lu * elf-bfd.h (_bfd_elf_ifunc_get_synthetic_symtab): Removed. diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index 05ba2c3b15b..31ef02a568e 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -6326,16 +6326,6 @@ elf_i386_get_synthetic_symtab (bfd *abfd, if (relsize <= 0) return -1; - dynrelbuf = (arelent **) bfd_malloc (relsize); - if (dynrelbuf == NULL) - return -1; - - dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf, - dynsyms); - - /* Sort the relocs by address. */ - qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs); - non_lazy_plt = NULL; /* Silence GCC 6. */ lazy_plt = NULL; @@ -6447,7 +6437,10 @@ elf_i386_get_synthetic_symtab (bfd *abfd, } if (plt_type == plt_unknown) - continue; + { + free (plt_contents); + continue; + } plts[j].sec = plt; plts[j].type = plt_type; @@ -6487,6 +6480,16 @@ elf_i386_get_synthetic_symtab (bfd *abfd, if (count == 0) return -1; + dynrelbuf = (arelent **) bfd_malloc (relsize); + if (dynrelbuf == NULL) + return -1; + + dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf, + dynsyms); + + /* Sort the relocs by address. */ + qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs); + size = count * sizeof (asymbol); /* Allocate space for @plt suffixes. */ diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index 25ce295c178..ba7c5953c3c 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -6722,16 +6722,6 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, if (relsize <= 0) return -1; - dynrelbuf = (arelent **) bfd_malloc (relsize); - if (dynrelbuf == NULL) - return -1; - - dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf, - dynsyms); - - /* Sort the relocs by address. */ - qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs); - if (get_elf_x86_64_backend_data (abfd)->os == is_normal) { lazy_plt = &elf_x86_64_lazy_plt; @@ -6842,7 +6832,10 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, } if (plt_type == plt_unknown) - continue; + { + free (plt_contents); + continue; + } plts[j].sec = plt; plts[j].type = plt_type; @@ -6879,6 +6872,16 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, if (count == 0) return -1; + dynrelbuf = (arelent **) bfd_malloc (relsize); + if (dynrelbuf == NULL) + return -1; + + dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf, + dynsyms); + + /* Sort the relocs by address. */ + qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs); + size = count * sizeof (asymbol); /* Allocate space for @plt suffixes. */ -- 2.30.2