Fix illegal memory access triggered by an attempt to disassemble a corrupt RISC-V binary.

PR 28303 * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of range relocs.
author: Nick Clifton <nickc@redhat.com> 2021-09-07 09:44:17 +0100
committer: Nick Clifton <nickc@redhat.com> 2021-09-07 09:44:17 +0100
commit: 3f1a2892e1fea343880b276474cb44db3abcaa9a (patch)
tree: e11dc9e68b1a50e11e3e2e8aad6e804764ee8dd0 /bfd/elfxx-riscv.c
parent: 5d2deb81fa143e592414fd987c2899c839eb433e (diff)
download: gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.zip
gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.tar.gz
gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/bfd/elfxx-riscv.c b/bfd/elfxx-riscv.c
index 2b8f60c..ddcf872 100644
--- a/bfd/elfxx-riscv.c
+++ b/bfd/elfxx-riscv.c
@@ -1002,6 +1002,13 @@ riscv_elf_add_sub_reloc (bfd *abfd,
 
   relocation = symbol->value + symbol->section->output_section->vma
     + symbol->section->output_offset + reloc_entry->addend;
+
+  bfd_size_type octets = reloc_entry->address
+    * bfd_octets_per_byte (abfd, input_section);
+  if (!bfd_reloc_offset_in_range (reloc_entry->howto, abfd,
+				  input_section, octets))
+    return bfd_reloc_outofrange;
+
   bfd_vma old_value = bfd_get (howto->bitsize, abfd,
 			       data + reloc_entry->address);
author	Nick Clifton <nickc@redhat.com>	2021-09-07 09:44:17 +0100
committer	Nick Clifton <nickc@redhat.com>	2021-09-07 09:44:17 +0100
commit	3f1a2892e1fea343880b276474cb44db3abcaa9a (patch)
tree	e11dc9e68b1a50e11e3e2e8aad6e804764ee8dd0 /bfd/elfxx-riscv.c
parent	5d2deb81fa143e592414fd987c2899c839eb433e (diff)
download	gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.zip gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.tar.gz gdb-3f1a2892e1fea343880b276474cb44db3abcaa9a.tar.bz2