diff options
| author | Alan Modra <amodra@gmail.com> | 2024-02-07 12:29:12 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2024-02-07 21:29:07 +1030 |
| commit | c33ea119b1a5cca79f9efc0a6d5603667954358d (patch) | |
| tree | a47ce94882f1143149f85c94b916710cf0b1823a | |
| parent | 3ef23ee92631014b6e72e63aa0d6ecc467392546 (diff) | |
| download | binutils-c33ea119b1a5cca79f9efc0a6d5603667954358d.zip binutils-c33ea119b1a5cca79f9efc0a6d5603667954358d.tar.gz binutils-c33ea119b1a5cca79f9efc0a6d5603667954358d.tar.bz2 | |
asan: NULL dereference in _bfd_mips_final_write_processing
Fuzzed object files can easily have unexpected section names. We
don't want to segfault on objcopy of any file accepted by the mips
object_p functions. For objcopy, an assertion that "sec" is non-NULL
followed by deferencing "sec" is wrong. So too is asserting that the
section name string starts with a particular prefix, and then blithely
accessing past the assumed prefix.
* elfxx-mips.c (_bfd_mips_final_write_processing): Replace
assertions with conditionals. Don't bother testing for name
non-NULL.
| -rw-r--r-- | bfd/elfxx-mips.c | 39 |
1 files changed, 19 insertions, 20 deletions
diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c index 69dd714..b888e76 100644 --- a/bfd/elfxx-mips.c +++ b/bfd/elfxx-mips.c @@ -12529,22 +12529,24 @@ _bfd_mips_final_write_processing (bfd *abfd) case SHT_MIPS_GPTAB: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL - && startswith (name, ".gptab.")); - sec = bfd_get_section_by_name (abfd, name + sizeof ".gptab" - 1); - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_info = elf_section_data (sec)->this_idx; + if (startswith (name, ".gptab.")) + { + sec = bfd_get_section_by_name (abfd, name + sizeof ".gptab" - 1); + if (sec != NULL) + (*hdrpp)->sh_info = elf_section_data (sec)->this_idx; + } break; case SHT_MIPS_CONTENT: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL - && startswith (name, ".MIPS.content")); - sec = bfd_get_section_by_name (abfd, - name + sizeof ".MIPS.content" - 1); - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + if (startswith (name, ".MIPS.content")) + { + sec = bfd_get_section_by_name (abfd, + name + sizeof ".MIPS.content" - 1); + if (sec != NULL) + (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + } break; case SHT_MIPS_SYMBOL_LIB: @@ -12559,19 +12561,16 @@ _bfd_mips_final_write_processing (bfd *abfd) case SHT_MIPS_EVENTS: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL); if (startswith (name, ".MIPS.events")) sec = bfd_get_section_by_name (abfd, name + sizeof ".MIPS.events" - 1); + else if (startswith (name, ".MIPS.post_rel")) + sec = bfd_get_section_by_name (abfd, + name + sizeof ".MIPS.post_rel" - 1); else - { - BFD_ASSERT (startswith (name, ".MIPS.post_rel")); - sec = bfd_get_section_by_name (abfd, - (name - + sizeof ".MIPS.post_rel" - 1)); - } - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + sec = NULL; + if (sec != NULL) + (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; break; case SHT_MIPS_XHASH: |