diff options
author | Alan Modra <amodra@gmail.com> | 2015-07-22 19:11:22 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2015-07-22 19:20:38 +0930 |
commit | bb854a36d192bfa6609da9e3b1342e33da445598 (patch) | |
tree | deb7c5c49f22f995a2dff19250c87ed5e5215a4b | |
parent | f945ba50bb7e11c03d850d1680b15da758300ad7 (diff) | |
download | gdb-bb854a36d192bfa6609da9e3b1342e33da445598.zip gdb-bb854a36d192bfa6609da9e3b1342e33da445598.tar.gz gdb-bb854a36d192bfa6609da9e3b1342e33da445598.tar.bz2 |
Fix ppc64 ELFv1 assertion failure
Bogus assembly can hit an assertion in opd_entry_value when the symbol
referenced by a function descriptor is undefined. Worse, the code
after the assert copies unitialised memory to return the code section.
This uninitialised pointer can later be dereferencd, possibly causing
a linker segmentation fault.
* elf64-ppc.c (opd_entry_value): Remove assertion. Instead,
return -1 if symbol referenced is not defined. Tidy.
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/elf64-ppc.c | 13 |
2 files changed, 11 insertions, 7 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 36a5b60..c7915b5 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2015-07-22 Alan Modra <amodra@gmail.com> + + * elf64-ppc.c (opd_entry_value): Remove assertion. Instead, + return -1 if symbol referenced is not defined. Tidy. + 2015-07-20 Alan Modra <amodra@gmail.com> * po/SRC-POTFILES.in: Regenerate. diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c index 468e8bf..ef08164 100644 --- a/bfd/elf64-ppc.c +++ b/bfd/elf64-ppc.c @@ -6034,14 +6034,13 @@ opd_entry_value (asection *opd_sec, if (rh != NULL) { rh = elf_follow_link (rh); - BFD_ASSERT (rh->root.type == bfd_link_hash_defined - || rh->root.type == bfd_link_hash_defweak); - val = rh->root.u.def.value; - sec = rh->root.u.def.section; - if (sec->owner != opd_bfd) + if (rh->root.type != bfd_link_hash_defined + && rh->root.type != bfd_link_hash_defweak) + break; + if (rh->root.u.def.section->owner == opd_bfd) { - sec = NULL; - val = (bfd_vma) -1; + val = rh->root.u.def.value; + sec = rh->root.u.def.section; } } } |