From e039f7ed8675ddc9d2aa1e60df49dbc8d2836fc7 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Fri, 6 Aug 2021 20:48:41 +0930 Subject: [PATCH] PR28175, Segment fault in coff-tic30.c reloc_processing The obj_convert table shouldn't be accessed without first checking the index against the table size. PR 28175 * coff-tic30.c (reloc_processing): Sanity check reloc symbol index. * coff-z80.c (reloc_processing): Likewise. * coff-z8k.c (reloc_processing): Likewise. --- bfd/coff-tic30.c | 13 ++++++++++--- bfd/coff-z80.c | 13 ++++++++++--- bfd/coff-z8k.c | 13 ++++++++++--- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/bfd/coff-tic30.c b/bfd/coff-tic30.c index a3ea69e1a3f..01ca6cb2170 100644 --- a/bfd/coff-tic30.c +++ b/bfd/coff-tic30.c @@ -161,11 +161,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } diff --git a/bfd/coff-z80.c b/bfd/coff-z80.c index c0f1739dfcb..632ac0fb3cd 100644 --- a/bfd/coff-z80.c +++ b/bfd/coff-z80.c @@ -314,11 +314,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } diff --git a/bfd/coff-z8k.c b/bfd/coff-z8k.c index 6cd5d652ade..e4d4d3f1581 100644 --- a/bfd/coff-z8k.c +++ b/bfd/coff-z8k.c @@ -177,11 +177,18 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx > 0) + if (reloc->r_symndx == -1) + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; else - relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; - + { + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: illegal symbol index %ld in relocs"), + abfd, reloc->r_symndx); + relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; + } relent->addend = reloc->r_offset; relent->address -= section->vma; } -- 2.30.2