diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-11-28 13:20:31 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-11-28 13:20:31 +0000 |
| commit | b23dc97fe237a1d9e850d7cbeee066183a00630b (patch) | |
| tree | 20c22c6c0f5c79582c14669cbe3f34fe0304f210 /bfd/coff-arm.c | |
| parent | 6c6bc899302deb7c9b14f71da79c0fffc992204e (diff) | |
| download | gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.zip gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.gz gdb-b23dc97fe237a1d9e850d7cbeee066183a00630b.tar.bz2 | |
Fix a memory access violation when attempting to parse a corrupt COFF binary with a relocation that points beyond the end of the section to be relocated.users/ARM/embedded-gdb-master-2017q4users/ARM/embedded-binutils-master-2017q4
PR 22506
* reloc.c (reloc_offset_in_range): Rename to
bfd_reloc_offset_in_range and export.
(bfd_perform_relocation): Rename function invocation.
(bfd_install_relocation): Likewise.
(bfd_final_link_relocate): Likewise.
* bfd-in2.h: Regenerate.
* coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
* coff-i386.c (coff_i386_reloc): Likewise.
* coff-i860.c (coff_i860_reloc): Likewise.
* coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
* coff-m88k.c (m88k_special_reloc): Likewise.
* coff-mips.c (mips_reflo_reloc): Likewise.
* coff-x86_64.c (coff_amd64_reloc): Likewise.
Diffstat (limited to 'bfd/coff-arm.c')
| -rw-r--r-- | bfd/coff-arm.c | 65 |
1 files changed, 35 insertions, 30 deletions
diff --git a/bfd/coff-arm.c b/bfd/coff-arm.c index 8a2fe1a..1e66cbc 100644 --- a/bfd/coff-arm.c +++ b/bfd/coff-arm.c @@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd, x = ((x & ~howto->dst_mask) \ | (((x & howto->src_mask) + diff) & howto->dst_mask)) - if (diff != 0) - { - reloc_howto_type *howto = reloc_entry->howto; - unsigned char *addr = (unsigned char *) data + reloc_entry->address; + if (diff != 0) + { + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; - switch (howto->size) - { - case 0: - { - char x = bfd_get_8 (abfd, addr); - DOIT (x); - bfd_put_8 (abfd, x, addr); - } - break; + if (! bfd_reloc_offset_in_range (howto, abfd, input_section, + reloc_entry->address + * bfd_octets_per_byte (abfd))) + return bfd_reloc_outofrange; - case 1: - { - short x = bfd_get_16 (abfd, addr); - DOIT (x); - bfd_put_16 (abfd, (bfd_vma) x, addr); - } - break; + switch (howto->size) + { + case 0: + { + char x = bfd_get_8 (abfd, addr); + DOIT (x); + bfd_put_8 (abfd, x, addr); + } + break; - case 2: - { - long x = bfd_get_32 (abfd, addr); - DOIT (x); - bfd_put_32 (abfd, (bfd_vma) x, addr); - } - break; + case 1: + { + short x = bfd_get_16 (abfd, addr); + DOIT (x); + bfd_put_16 (abfd, (bfd_vma) x, addr); + } + break; - default: - abort (); + case 2: + { + long x = bfd_get_32 (abfd, addr); + DOIT (x); + bfd_put_32 (abfd, (bfd_vma) x, addr); } - } + break; + + default: + abort (); + } + } /* Now let bfd_perform_relocation finish everything up. */ return bfd_reloc_continue; |