Fix a memory access violation when attempting to parse a corrupt COFF binary with a relocation that points beyond the end of the section to be relocated.users/ARM/embedded-gdb-master-2017q4 users/ARM/embedded-binutils-master-2017q4

PR 22506 * reloc.c (reloc_offset_in_range): Rename to bfd_reloc_offset_in_range and export. (bfd_perform_relocation): Rename function invocation. (bfd_install_relocation): Likewise. (bfd_final_link_relocate): Likewise. * bfd-in2.h: Regenerate. * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. * coff-i386.c (coff_i386_reloc): Likewise. * coff-i860.c (coff_i860_reloc): Likewise. * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. * coff-m88k.c (m88k_special_reloc): Likewise. * coff-mips.c (mips_reflo_reloc): Likewise. * coff-x86_64.c (coff_amd64_reloc): Likewise.
author: Nick Clifton <nickc@redhat.com> 2017-11-28 13:20:31 +0000
committer: Nick Clifton <nickc@redhat.com> 2017-11-28 13:20:31 +0000
commit: b23dc97fe237a1d9e850d7cbeee066183a00630b (patch)
tree: 20c22c6c0f5c79582c14669cbe3f34fe0304f210 /bfd/coff-arm.c
parent: 6c6bc899302deb7c9b14f71da79c0fffc992204e (diff)
download: fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.zip
fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.gz
fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.bz2
1 files changed, 35 insertions, 30 deletions
diff --git a/bfd/coff-arm.c b/bfd/coff-arm.c
index 8a2fe1a..1e66cbc 100644
--- a/bfd/coff-arm.c
+++ b/bfd/coff-arm.c
@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd,
   x = ((x & ~howto->dst_mask)					\
        | (((x & howto->src_mask) + diff) & howto->dst_mask))
 
-    if (diff != 0)
-      {
-	reloc_howto_type *howto = reloc_entry->howto;
-	unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+  if (diff != 0)
+    {
+      reloc_howto_type *howto = reloc_entry->howto;
+      unsigned char *addr = (unsigned char *) data + reloc_entry->address;
 
-	switch (howto->size)
-	  {
-	  case 0:
-	    {
-	      char x = bfd_get_8 (abfd, addr);
-	      DOIT (x);
-	      bfd_put_8 (abfd, x, addr);
-	    }
-	    break;
+      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
+				       reloc_entry->address
+				       * bfd_octets_per_byte (abfd)))
+	return bfd_reloc_outofrange;
 
-	  case 1:
-	    {
-	      short x = bfd_get_16 (abfd, addr);
-	      DOIT (x);
-	      bfd_put_16 (abfd, (bfd_vma) x, addr);
-	    }
-	    break;
+      switch (howto->size)
+	{
+	case 0:
+	  {
+	    char x = bfd_get_8 (abfd, addr);
+	    DOIT (x);
+	    bfd_put_8 (abfd, x, addr);
+	  }
+	  break;
 
-	  case 2:
-	    {
-	      long x = bfd_get_32 (abfd, addr);
-	      DOIT (x);
-	      bfd_put_32 (abfd, (bfd_vma) x, addr);
-	    }
-	    break;
+	case 1:
+	  {
+	    short x = bfd_get_16 (abfd, addr);
+	    DOIT (x);
+	    bfd_put_16 (abfd, (bfd_vma) x, addr);
+	  }
+	  break;
 
-	  default:
-	    abort ();
+	case 2:
+	  {
+	    long x = bfd_get_32 (abfd, addr);
+	    DOIT (x);
+	    bfd_put_32 (abfd, (bfd_vma) x, addr);
 	  }
-      }
+	  break;
+
+	default:
+	  abort ();
+	}
+    }
 
   /* Now let bfd_perform_relocation finish everything up.  */
   return bfd_reloc_continue;
author	Nick Clifton <nickc@redhat.com>	2017-11-28 13:20:31 +0000
committer	Nick Clifton <nickc@redhat.com>	2017-11-28 13:20:31 +0000
commit	b23dc97fe237a1d9e850d7cbeee066183a00630b (patch)
tree	20c22c6c0f5c79582c14669cbe3f34fe0304f210 /bfd/coff-arm.c
parent	6c6bc899302deb7c9b14f71da79c0fffc992204e (diff)
download	fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.zip fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.gz fsf-binutils-gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.bz2