diff options
| author | Alan Modra <amodra@gmail.com> | 2021-10-24 20:27:06 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-10-24 22:05:51 +1030 |
| commit | 1ed0032b40063795d6c3ce89eab3101a8fd67569 (patch) | |
| tree | 8b934260c43ee41d117c8c9fb5e12062654b23ad /bfd/coffswap.h | |
| parent | e02812494254b70fec6fa432f7f668956711133b (diff) | |
| download | fsf-binutils-gdb-1ed0032b40063795d6c3ce89eab3101a8fd67569.zip fsf-binutils-gdb-1ed0032b40063795d6c3ce89eab3101a8fd67569.tar.gz fsf-binutils-gdb-1ed0032b40063795d6c3ce89eab3101a8fd67569.tar.bz2 | |
asan: c4x, c54x coff_canonicalize_reloc buffer overflow
Sometimes the investigation of a fuzzing bug report leads into areas
you'd rather not go. In this instance by the time I'd figured out the
real cause was a target variant that had never been properly supported
in binutils, the time needed to fix it was less than the time needed
to rip it out.
* coffcode.h (coff_set_alignment_hook): Call bfd_coff_swap_reloc_in
not coff_swap_reloc_in.
(coff_slurp_reloc_table): Likewise. Don't use RELOC type.
(ticoff0_swap_table): Use coff_swap_reloc_v0_out and
coff_swap_reloc_v0_in.
* coffswap.h (coff_swap_reloc_v0_in, coff_swap_reloc_v0_out): New.
* coff-tic54x.c (tic54x_lookup_howto): Don't abort.
* coffgen.c (coff_get_normalized_symtab): Use PTR_ADD.
* bfd-in.h (PTR_ADD, NPTR_ADD): Avoid warnings when passing an
expression.
* bfd-in2.h: Regenerate.
Diffstat (limited to 'bfd/coffswap.h')
| -rw-r--r-- | bfd/coffswap.h | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/bfd/coffswap.h b/bfd/coffswap.h index 63a0026..e0dbd04 100644 --- a/bfd/coffswap.h +++ b/bfd/coffswap.h @@ -246,6 +246,33 @@ coff_swap_reloc_out (bfd * abfd, void * src, void * dst) return bfd_coff_relsz (abfd); } +#ifdef TICOFF +static void +coff_swap_reloc_v0_in (bfd *abfd, void *src, void *dst) +{ + struct external_reloc_v0 *reloc_src = (struct external_reloc_v0 *) src; + struct internal_reloc *reloc_dst = (struct internal_reloc *) dst; + + reloc_dst->r_vaddr = GET_RELOC_VADDR (abfd, reloc_src->r_vaddr); + reloc_dst->r_symndx = H_GET_16 (abfd, reloc_src->r_symndx); + reloc_dst->r_type = H_GET_16 (abfd, reloc_src->r_type); +} + +static unsigned int +coff_swap_reloc_v0_out (bfd *abfd, void *src, void *dst) +{ + struct internal_reloc *reloc_src = (struct internal_reloc *) src; + struct external_reloc_v0 *reloc_dst = (struct external_reloc_v0 *) dst; + + PUT_RELOC_VADDR (abfd, reloc_src->r_vaddr, reloc_dst->r_vaddr); + H_PUT_16 (abfd, reloc_src->r_symndx, reloc_dst->r_symndx); + H_PUT_16 (abfd, reloc_src->r_type, reloc_dst->r_type); + SWAP_OUT_RELOC_EXTRA (abfd, reloc_src, reloc_dst); + + return bfd_coff_relsz (abfd); +} +#endif + #endif /* NO_COFF_RELOCS */ static void |