From 0613c3306cc709f950731d87accbfac02b17a787 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 4 Aug 2021 18:32:28 +0930 Subject: PR28162, segment fault in mips_elf_assign_gp For the testcase in the PR, _bfd_mips_elf32_gprel16_reloc is passed a NULL output_bfd. As expected for reloc special functions if called by objdump or when final linking. The function attempts to find the output by output_bfd = symbol->section->output_section->owner; That makes some sense, since when handling a gp-relative reloc we need the relevant gp to which the symbol is relative. Possibly the gp value can be one for a shared library? But that doesn't seem useful or supported by the various abi docs and won't work as written. Symbols defined in shared libraries have section->output_section NULL, and what's more the code in mips_elf_assign_gp isn't set up to look at shared library symbols. Also, if the symbol is a SHN_ABS one the owner of *ABS* section is NULL, which will result in the testcase segfault. The only gp to which an absolute symbol can be relative is the linker output bfd when linking, or the input bfd when not. This patch arranges to do that for all gp-relative reloc symbols. * elf32-mips.c (_bfd_mips_elf32_gprel16_reloc): Don't use the section symbol to find the output bfd, use input_section. (mips_elf_gprel32_reloc, mips16_gprel_reloc): Likewise. * elf64-mips.c (mips_elf64_gprel16_reloc): Likewise. (mips_elf64_literal_reloc, mips_elf64_gprel32_reloc): Likewise. (mips16_gprel_reloc): Likewise. --- bfd/elf32-mips.c | 6 +++--- bfd/elf64-mips.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'bfd') diff --git a/bfd/elf32-mips.c b/bfd/elf32-mips.c index 1e645c6..f8467de 100644 --- a/bfd/elf32-mips.c +++ b/bfd/elf32-mips.c @@ -1783,7 +1783,7 @@ _bfd_mips_elf32_gprel16_reloc (bfd *abfd, arelent *reloc_entry, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf_final_gp (output_bfd, symbol, relocatable, error_message, @@ -1830,7 +1830,7 @@ mips_elf_gprel32_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf_final_gp (output_bfd, symbol, relocatable, @@ -1949,7 +1949,7 @@ mips16_gprel_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf_final_gp (output_bfd, symbol, relocatable, error_message, diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c index 876e4f8..b94adf1 100644 --- a/bfd/elf64-mips.c +++ b/bfd/elf64-mips.c @@ -3483,7 +3483,7 @@ mips_elf64_gprel16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message, @@ -3523,7 +3523,7 @@ mips_elf64_literal_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message, @@ -3565,7 +3565,7 @@ mips_elf64_gprel32_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, @@ -3654,7 +3654,7 @@ mips16_gprel_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, else { relocatable = false; - output_bfd = symbol->section->output_section->owner; + output_bfd = input_section->output_section->owner; } ret = mips_elf64_final_gp (output_bfd, symbol, relocatable, error_message, -- cgit v1.1