diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-15 16:22:55 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-15 16:22:55 +0000 |
| commit | cd21f5daad4335b50366b838664ade64bec29957 (patch) | |
| tree | 51f091bb808e6350a6c63a77cd8a4d5db16769e4 /bfd/elf32-ppc.c | |
| parent | 2d071cfc6614b4ec30fa4ef8b8af5bdf2c177858 (diff) | |
| download | gdb-cd21f5daad4335b50366b838664ade64bec29957.zip gdb-cd21f5daad4335b50366b838664ade64bec29957.tar.gz gdb-cd21f5daad4335b50366b838664ade64bec29957.tar.bz2 | |
Fix memory access violations triggered by running objdump on fuzzed binaries.
PR binutils/17512
* elf-m10300.c (mn10300_info_to_howto): Replace assertion with an
error message. Never return an invalid howto pointer.
* elf32-cr16.c (cr16_info_to_howto): Likewise.
* elf32-crx.c (elf_crx_info_to_howto): Likewise.
* elf32-i370.c (i370_elf_info_to_howto): Likewise.
* elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
* elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
* elf32-mips.c (mips_elf32_rtype_to_howto): Likewise.
* elf32-pj.c (pj_elf_info_to_howto): Likewise.
* elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
* elf32-spu.c (spu_elf_info_to_howto): Likewise.
* elf32-v850.c (v850_elf_info_to_howto_rela): Likewise.
* elf32-vax.c (rtype_to_howto): Likewise.
* elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
* elf64-mips.c (mips_elf64_rtype_to_howto): Likewise.
* elfn32-mips.c (sh_elf_info_to_howto): Likewise.
* elf32-sh.c (sh_elf_info_to_howto): Likewise.
(sh_elf_reloc): Check that the reloc is in range.
* reloc.c (bfd_perform_relocation): Check that the section is big
enough for the entire reloc.
(bfd_generic_get_relocated_section_contents): Report unexpected
return values from perform_reloc.
Diffstat (limited to 'bfd/elf32-ppc.c')
| -rw-r--r-- | bfd/elf32-ppc.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index a17ff12..2a0bdd3 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -2019,19 +2019,28 @@ ppc_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, Elf_Internal_Rela *dst) { + unsigned int r_type; + /* Initialize howto table if not already done. */ if (!ppc_elf_howto_table[R_PPC_ADDR32]) ppc_elf_howto_init (); - BFD_ASSERT (ELF32_R_TYPE (dst->r_info) < (unsigned int) R_PPC_max); - cache_ptr->howto = ppc_elf_howto_table[ELF32_R_TYPE (dst->r_info)]; + r_type = ELF32_R_TYPE (dst->r_info); + if (r_type >= R_PPC_max) + { + (*_bfd_error_handler) (_("%A: unrecognised PPC reloc number: %d"), + abfd, r_type); + bfd_set_error (bfd_error_bad_value); + r_type = R_PPC_NONE; + } + cache_ptr->howto = ppc_elf_howto_table[r_type]; /* Just because the above assert didn't trigger doesn't mean that ELF32_R_TYPE (dst->r_info) is necessarily a valid relocation. */ if (!cache_ptr->howto) { (*_bfd_error_handler) (_("%B: invalid relocation type %d"), - abfd, ELF32_R_TYPE (dst->r_info)); + abfd, r_type); bfd_set_error (bfd_error_bad_value); cache_ptr->howto = ppc_elf_howto_table[R_PPC_NONE]; |