From 771860451862e89df453cd3b635a00d47d602533 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 15 Mar 2023 11:44:56 +0000 Subject: [PATCH] Fix an illegal memory access when disassebling a corrupt ARM file. PR 30230 * arm-dis.c (get_sym_code_type): Check for non-ELF symbols. --- opcodes/ChangeLog | 5 +++++ opcodes/arm-dis.c | 17 ++++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index 9cf68d744b9..fb6612abfa6 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,3 +1,8 @@ +2023-03-15 Nick Clifton + + PR 30230 + * arm-dis.c (get_sym_code_type): Check for non-ELF symbols. + 2023-02-28 Richard Ball * aarch64-opc.c: Add MEC system registers. diff --git a/opcodes/arm-dis.c b/opcodes/arm-dis.c index 65155ee173e..dffbad3e525 100644 --- a/opcodes/arm-dis.c +++ b/opcodes/arm-dis.c @@ -12400,13 +12400,14 @@ find_ifthen_state (bfd_vma pc, mapping symbol. */ static int -is_mapping_symbol (struct disassemble_info *info, int n, +is_mapping_symbol (struct disassemble_info *info, + int n, enum map_type *map_type) { - const char *name; + const char *name = bfd_asymbol_name (info->symtab[n]); - name = bfd_asymbol_name (info->symtab[n]); - if (name[0] == '$' && (name[1] == 'a' || name[1] == 't' || name[1] == 'd') + if (name[0] == '$' + && (name[1] == 'a' || name[1] == 't' || name[1] == 'd') && (name[2] == 0 || name[2] == '.')) { *map_type = ((name[1] == 'a') ? MAP_ARM @@ -12443,12 +12444,18 @@ get_sym_code_type (struct disassemble_info *info, { elf_symbol_type *es; unsigned int type; + asymbol * sym; /* If the symbol is in a different section, ignore it. */ if (info->section != NULL && info->section != info->symtab[n]->section) return false; - es = *(elf_symbol_type **)(info->symtab + n); + /* PR 30230: Reject non-ELF symbols, eg synthetic ones. */ + sym = info->symtab[n]; + if (bfd_asymbol_flavour (sym) != bfd_target_elf_flavour) + return false; + + es = (elf_symbol_type *) sym; type = ELF_ST_TYPE (es->internal_elf_sym.st_info); /* If the symbol has function type then use that. */ -- 2.30.2