From a2714d6cca1f1c7695f8dc84b49a4a51d1db86c8 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Fri, 1 May 2020 15:32:00 +0930 Subject: [PATCH] PR25900, RISC-V: null pointer dereference PR 25900 * elfnn-riscv.c (_bfd_riscv_relax_section): Check root.type before accessing root.u.def of symbols. Also check root.u.def.section is non-NULL. Reverse tests so as to make the logic positive. --- bfd/ChangeLog | 7 +++++++ bfd/elfnn-riscv.c | 11 ++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 15c77bece90..a2b0771db27 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2020-05-01 Alan Modra + + PR 25900 + * elfnn-riscv.c (_bfd_riscv_relax_section): Check root.type before + accessing root.u.def of symbols. Also check root.u.def.section + is non-NULL. Reverse tests so as to make the logic positive. + 2020-05-01 Alan Modra PR 25882 diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c index 8fcb1067fd6..473bf50f2de 100644 --- a/bfd/elfnn-riscv.c +++ b/bfd/elfnn-riscv.c @@ -4161,15 +4161,16 @@ _bfd_riscv_relax_section (bfd *abfd, asection *sec, symval = 0; sym_sec = bfd_und_section_ptr; } - else if (h->root.u.def.section->output_section == NULL - || (h->root.type != bfd_link_hash_defined - && h->root.type != bfd_link_hash_defweak)) - continue; - else + else if ((h->root.type == bfd_link_hash_defined + || h->root.type == bfd_link_hash_defweak) + && h->root.u.def.section != NULL + && h->root.u.def.section->output_section != NULL) { symval = h->root.u.def.value; sym_sec = h->root.u.def.section; } + else + continue; if (h->type != STT_FUNC) reserve_size = -- 2.30.2