PR28307, segfault in ppc64_elf_toc64_reloc

Adds missing bfd_reloc_offset_in_range checks to various relocation special_functions. PR 28307 * elf32-ppc.c (ppc_elf_addr16_ha_reloc): Range check reloc offset. * elf64-ppc.c (ppc64_elf_ha_reloc, ppc64_elf_brtaken_reloc): Likewise. (ppc64_elf_toc64_reloc, ppc64_elf_prefix_reloc): Likewise.
author: Alan Modra <amodra@gmail.com> 2021-09-06 22:23:15 +0930
committer: Alan Modra <amodra@gmail.com> 2021-09-07 10:41:29 +0930
commit: b54509b84488023954f6974229b24fe6c993742b (patch)
tree: abcbcdba27d2d4f5ddf767ea0c073609af32b01a /bfd/elf32-ppc.c
parent: b4d9dd5c3576a8d6b1a59b11f8af1a3a2abd5fdc (diff)
download: gdb-b54509b84488023954f6974229b24fe6c993742b.zip
gdb-b54509b84488023954f6974229b24fe6c993742b.tar.gz
gdb-b54509b84488023954f6974229b24fe6c993742b.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c
index 93fbadf..dd45da9 100644
--- a/bfd/elf32-ppc.c
+++ b/bfd/elf32-ppc.c
@@ -959,6 +959,10 @@ ppc_elf_addr16_ha_reloc (bfd *abfd,
   value >>= 16;
 
   octets = reloc_entry->address * OCTETS_PER_BYTE (abfd, input_section);
+  if (!bfd_reloc_offset_in_range (reloc_entry->howto, abfd,
+				  input_section, octets))
+    return bfd_reloc_outofrange;
+
   insn = bfd_get_32 (abfd, (bfd_byte *) data + octets);
   insn &= ~0x1fffc1;
   insn |= (value & 0xffc1) | ((value & 0x3e) << 15);
author	Alan Modra <amodra@gmail.com>	2021-09-06 22:23:15 +0930
committer	Alan Modra <amodra@gmail.com>	2021-09-07 10:41:29 +0930
commit	b54509b84488023954f6974229b24fe6c993742b (patch)
tree	abcbcdba27d2d4f5ddf767ea0c073609af32b01a /bfd/elf32-ppc.c
parent	b4d9dd5c3576a8d6b1a59b11f8af1a3a2abd5fdc (diff)
download	gdb-b54509b84488023954f6974229b24fe6c993742b.zip gdb-b54509b84488023954f6974229b24fe6c993742b.tar.gz gdb-b54509b84488023954f6974229b24fe6c993742b.tar.bz2