aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2022-12-04 22:15:40 +1030
committerAlan Modra <amodra@gmail.com>2022-12-04 22:32:20 +1030
commit3d3af4ba39e892b1c544d667ca241846bc3df386 (patch)
tree52aa9ab7856c17a6ec366a91b8f92b5f2687d5c3 /binutils
parent2fa250529bb42e00433528c763d2bef245787ed1 (diff)
downloadbinutils-3d3af4ba39e892b1c544d667ca241846bc3df386.zip
binutils-3d3af4ba39e892b1c544d667ca241846bc3df386.tar.gz
binutils-3d3af4ba39e892b1c544d667ca241846bc3df386.tar.bz2
PR29846, segmentation fault in objdump.c compare_symbols
Fixes a fuzzed object file problem where plt relocs were manipulated in such a way that two synthetic symbols were generated at the same plt location. Won't occur in real object files. PR 29846 PR 20337 * objdump.c (compare_symbols): Test symbol flags to exclude section and synthetic symbols before attempting to check flavour.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/objdump.c23
1 files changed, 10 insertions, 13 deletions
diff --git a/binutils/objdump.c b/binutils/objdump.c
index e8481b2..d95c8b6 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -1222,20 +1222,17 @@ compare_symbols (const void *ap, const void *bp)
return 1;
}
- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
+ /* Sort larger size ELF symbols before smaller. See PR20337. */
+ bfd_vma asz = 0;
+ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
+ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+ bfd_vma bsz = 0;
+ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
&& bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
- {
- bfd_vma asz, bsz;
-
- asz = 0;
- if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
- bsz = 0;
- if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
- if (asz != bsz)
- return asz > bsz ? -1 : 1;
- }
+ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+ if (asz != bsz)
+ return asz > bsz ? -1 : 1;
/* Symbols that start with '.' might be section names, so sort them
after symbols that don't start with '.'. */