diff options
author | Alan Modra <amodra@gmail.com> | 2018-12-01 21:52:37 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2018-12-01 22:13:58 +1030 |
commit | 4770fb94ee04ef767cb2c171a24168d2b5acca04 (patch) | |
tree | 2128d41a936a2e0d698695252a1b7183e1656363 | |
parent | 726bd37d6c5d5013d34023044ed7cbbb01317978 (diff) | |
download | gdb-4770fb94ee04ef767cb2c171a24168d2b5acca04.zip gdb-4770fb94ee04ef767cb2c171a24168d2b5acca04.tar.gz gdb-4770fb94ee04ef767cb2c171a24168d2b5acca04.tar.bz2 |
PR23946, illegal memory access in readelf.c:slurp_ia64_unwind_table
PR 23946
* readelf.c (slurp_ia64_unwind_table): Bounds check symbol index
on reloc.
(slurp_hppa_unwind_table): Likewise.
-rw-r--r-- | binutils/ChangeLog | 7 | ||||
-rw-r--r-- | binutils/readelf.c | 22 |
2 files changed, 27 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index ccaa9c9..612b0ed 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,12 @@ 2018-12-01 Alan Modra <amodra@gmail.com> + PR 23946 + * readelf.c (slurp_ia64_unwind_table): Bounds check symbol index + on reloc. + (slurp_hppa_unwind_table): Likewise. + +2018-12-01 Alan Modra <amodra@gmail.com> + PR 23945 * readelf.c (slurp_ia64_unwind_table): Don't call elf_ia64_reloc_type needlessly. diff --git a/binutils/readelf.c b/binutils/readelf.c index 9eb5931..9969e46 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -7597,9 +7597,9 @@ slurp_ia64_unwind_table (Filedata * filedata, for (rp = rela; rp < rela + nrelas; ++rp) { + unsigned int sym_ndx; unsigned int r_type = get_reloc_type (filedata, rp->r_info); relname = elf_ia64_reloc_type (r_type); - sym = aux->symtab + get_reloc_symindex (rp->r_info); /* PR 17531: file: 9fa67536. */ if (relname == NULL) @@ -7623,6 +7623,15 @@ slurp_ia64_unwind_table (Filedata * filedata, continue; } + sym_ndx = get_reloc_symindex (rp->r_info); + if (sym_ndx >= aux->nsyms) + { + warn (_("Skipping reloc with invalid symbol index: %u\n"), + sym_ndx); + continue; + } + sym = aux->symtab + sym_ndx; + switch (rp->r_offset / eh_addr_size % 3) { case 0: @@ -8053,9 +8062,9 @@ slurp_hppa_unwind_table (Filedata * filedata, for (rp = rela; rp < rela + nrelas; ++rp) { + unsigned int sym_ndx; unsigned int r_type = get_reloc_type (filedata, rp->r_info); relname = elf_hppa_reloc_type (r_type); - sym = aux->symtab + get_reloc_symindex (rp->r_info); if (relname == NULL) { @@ -8077,6 +8086,15 @@ slurp_hppa_unwind_table (Filedata * filedata, continue; } + sym_ndx = get_reloc_symindex (rp->r_info); + if (sym_ndx >= aux->nsyms) + { + warn (_("Skipping reloc with invalid symbol index: %u\n"), + sym_ndx); + continue; + } + sym = aux->symtab + sym_ndx; + switch ((rp->r_offset % unw_ent_size) / 4) { case 0: |