From 8ee54925b48985e8e7102221e698bf50b800dd81 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 29 Oct 2020 20:13:00 +0000 Subject: [PATCH] Fix an illegal memory access problem when processing secondary relocs for architectures which support both REL and RELA relocs. PR 26809 * elf.c (_bfd_elf_slurp_secondary_reloc_section): Use the correct sized reloc reading function. (_bfd_elf_write_secondary_reloc_section): Use the correct sized reloc writing function. --- bfd/ChangeLog | 8 ++++++++ bfd/elf.c | 30 +++++++++++++++++++++++++----- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 30bd85d1a9d..24a81c89ab2 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,11 @@ +2020-10-29 Nick Clifton + + PR 26809 + * elf.c (_bfd_elf_slurp_secondary_reloc_section): Use the correct + sized reloc reading function. + (_bfd_elf_write_secondary_reloc_section): Use the correct sized + reloc writing function. + 2020-10-28 Nick Clifton PR 26774 diff --git a/bfd/elf.c b/bfd/elf.c index 9d7cbd52e02..549f661b9d8 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -12632,7 +12632,10 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, bfd_boolean res; Elf_Internal_Rela rela; - ebd->s->swap_reloca_in (abfd, native_reloc, & rela); + if (entsize == ebd->s->sizeof_rel) + ebd->s->swap_reloc_in (abfd, native_reloc, & rela); + else /* entsize == ebd->s->sizeof_rela */ + ebd->s->swap_reloca_in (abfd, native_reloc, & rela); /* The address of an ELF reloc is section relative for an object file, and absolute for an executable file or shared library. @@ -12823,6 +12826,7 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec) int last_sym_idx; unsigned int reloc_count; unsigned int idx; + unsigned int entsize; arelent * src_irel; bfd_byte * dst_rela; @@ -12837,7 +12841,8 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec) continue; } - if (hdr->sh_entsize == 0) + entsize = hdr->sh_entsize; + if (entsize == 0) { _bfd_error_handler /* xgettext:c-format */ @@ -12847,8 +12852,19 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec) result = FALSE; continue; } + else if (entsize != ebd->s->sizeof_rel + && entsize != ebd->s->sizeof_rela) + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB(%pA): error: secondary reloc section has non-standard sized entries"), + abfd, relsec); + bfd_set_error (bfd_error_bad_value); + result = FALSE; + continue; + } - reloc_count = hdr->sh_size / hdr->sh_entsize; + reloc_count = hdr->sh_size / entsize; if (reloc_count <= 0) { _bfd_error_handler @@ -12883,7 +12899,7 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec) continue; } - for (idx = 0; idx < reloc_count; idx++, dst_rela += hdr->sh_entsize) + for (idx = 0; idx < reloc_count; idx++, dst_rela += entsize) { Elf_Internal_Rela src_rela; arelent *ptr; @@ -12959,7 +12975,11 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec) else src_rela.r_info = r_info (n, ptr->howto->type); src_rela.r_addend = ptr->addend; - ebd->s->swap_reloca_out (abfd, &src_rela, dst_rela); + + if (entsize == ebd->s->sizeof_rel) + ebd->s->swap_reloc_out (abfd, &src_rela, dst_rela); + else /* entsize == ebd->s->sizeof_rela */ + ebd->s->swap_reloca_out (abfd, &src_rela, dst_rela); } } } -- 2.30.2