diff options
| author | Alan Modra <amodra@gmail.com> | 2023-03-06 20:29:42 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-03-06 20:42:01 +1030 |
| commit | a1f4d06969bed2fd4747784d569bfaeb4b50dc80 (patch) | |
| tree | 15d7daef7c01b982bcfb003421d102107bde7198 /bfd | |
| parent | 889d15d574a8c43c44dc0983343897e47874a2b6 (diff) | |
| download | binutils-a1f4d06969bed2fd4747784d569bfaeb4b50dc80.zip binutils-a1f4d06969bed2fd4747784d569bfaeb4b50dc80.tar.gz binutils-a1f4d06969bed2fd4747784d569bfaeb4b50dc80.tar.bz2 | |
macho null dereference read
The main problem here was not returning -1 from canonicalize_symtab on
an error, leaving the vector of relocs only partly initialised and one
with a null sym_ptr_ptr.
* mach-o.c (bfd_mach_o_canonicalize_symtab): Return -1 on error,
not 0.
(bfd_mach_o_pre_canonicalize_one_reloc): Init sym_ptr_ptr to
undefined section sym.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/mach-o.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/bfd/mach-o.c b/bfd/mach-o.c index a910e11..0a91095 100644 --- a/bfd/mach-o.c +++ b/bfd/mach-o.c @@ -919,7 +919,7 @@ bfd_mach_o_canonicalize_symtab (bfd *abfd, asymbol **alocation) { _bfd_error_handler (_("bfd_mach_o_canonicalize_symtab: unable to load symbols")); - return 0; + return -1; } BFD_ASSERT (sym->symbols != NULL); @@ -1554,7 +1554,7 @@ bfd_mach_o_pre_canonicalize_one_reloc (bfd *abfd, bfd_vma addr; addr = bfd_get_32 (abfd, raw->r_address); - res->sym_ptr_ptr = NULL; + res->sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr; res->addend = 0; if (addr & BFD_MACH_O_SR_SCATTERED) @@ -1572,7 +1572,7 @@ bfd_mach_o_pre_canonicalize_one_reloc (bfd *abfd, end of the data for the section (e.g. in a calculation of section data length). At present, the symbol will end up associated with the following section or, if it falls within alignment padding, as - null - which will assert later. */ + the undefined section symbol. */ for (j = 0; j < mdata->nsects; j++) { bfd_mach_o_section *sect = mdata->sections[j]; |