diff options
| author | Alan Modra <amodra@gmail.com> | 2021-10-06 10:17:29 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-10-06 11:24:29 +1030 |
| commit | 0a6041ce9383338fa62acb207683780faaa8b42c (patch) | |
| tree | 1996d2e58fac46ae1ed3ea5366571d7c9223f88e /bfd/i386lynx.c | |
| parent | 55e3926e79937da55da3eaad3b15b4c099071976 (diff) | |
| download | gdb-0a6041ce9383338fa62acb207683780faaa8b42c.zip gdb-0a6041ce9383338fa62acb207683780faaa8b42c.tar.gz gdb-0a6041ce9383338fa62acb207683780faaa8b42c.tar.bz2 | |
PR28403, null pointer dereference in disassemble_bytes
Indexing of symbol and howto arrays wasn't checked in aout targets.
PR 28403
* aout-ns32k.c (MY (reloc_howto)): Sanity check howto_table index.
Make r_index unsigned.
(MY_swap_std_reloc_in): Make r_index unsigned.
* aoutx.h (MOVE_ADDRESS): Sanity check symbol r_index.
(aout_link_input_section_std): Make r_index unsigned.
(aout_link_input_section_ext): Likewise.
* i386lynx.c (MOVE_ADDRESS): Sanity check symbol r_index.
(swap_ext_reloc_in, swap_std_reloc_in): Make r_index unsigned.
* pdp11.c (MOVE_ADDRESS): Sanity check symbol r_index.
Diffstat (limited to 'bfd/i386lynx.c')
| -rw-r--r-- | bfd/i386lynx.c | 62 |
1 files changed, 32 insertions, 30 deletions
diff --git a/bfd/i386lynx.c b/bfd/i386lynx.c index c477e66..932ce17 100644 --- a/bfd/i386lynx.c +++ b/bfd/i386lynx.c @@ -282,38 +282,40 @@ NAME(lynx,swap_ext_reloc_out) (bfd *abfd, #define MOVE_ADDRESS(ad) \ if (r_extern) \ { \ - /* undefined symbol */ \ - cache_ptr->sym_ptr_ptr = symbols + r_index; \ - cache_ptr->addend = ad; \ + /* undefined symbol */ \ + if (r_index < bfd_get_symcount (abfd)) \ + cache_ptr->sym_ptr_ptr = symbols + r_index; \ + cache_ptr->addend = ad; \ } \ else \ { \ - /* defined, section relative. replace symbol with pointer to \ - symbol which points to section */ \ - switch (r_index) { \ - case N_TEXT: \ - case N_TEXT | N_EXT: \ - cache_ptr->sym_ptr_ptr = obj_textsec(abfd)->symbol_ptr_ptr; \ - cache_ptr->addend = ad - su->textsec->vma; \ - break; \ - case N_DATA: \ - case N_DATA | N_EXT: \ - cache_ptr->sym_ptr_ptr = obj_datasec(abfd)->symbol_ptr_ptr; \ - cache_ptr->addend = ad - su->datasec->vma; \ - break; \ - case N_BSS: \ - case N_BSS | N_EXT: \ - cache_ptr->sym_ptr_ptr = obj_bsssec(abfd)->symbol_ptr_ptr; \ - cache_ptr->addend = ad - su->bsssec->vma; \ - break; \ - default: \ - case N_ABS: \ - case N_ABS | N_EXT: \ - cache_ptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; \ - cache_ptr->addend = ad; \ - break; \ + /* defined, section relative. replace symbol with pointer to \ + symbol which points to section */ \ + switch (r_index) \ + { \ + case N_TEXT: \ + case N_TEXT | N_EXT: \ + cache_ptr->sym_ptr_ptr = obj_textsec(abfd)->symbol_ptr_ptr; \ + cache_ptr->addend = ad - su->textsec->vma; \ + break; \ + case N_DATA: \ + case N_DATA | N_EXT: \ + cache_ptr->sym_ptr_ptr = obj_datasec(abfd)->symbol_ptr_ptr; \ + cache_ptr->addend = ad - su->datasec->vma; \ + break; \ + case N_BSS: \ + case N_BSS | N_EXT: \ + cache_ptr->sym_ptr_ptr = obj_bsssec(abfd)->symbol_ptr_ptr; \ + cache_ptr->addend = ad - su->bsssec->vma; \ + break; \ + default: \ + case N_ABS: \ + case N_ABS | N_EXT: \ + cache_ptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; \ + cache_ptr->addend = ad; \ + break; \ + } \ } \ - } \ static void NAME(lynx,swap_ext_reloc_in) (bfd *abfd, @@ -322,7 +324,7 @@ NAME(lynx,swap_ext_reloc_in) (bfd *abfd, asymbol **symbols, bfd_size_type symcount ATTRIBUTE_UNUSED) { - int r_index; + unsigned int r_index; int r_extern; unsigned int r_type; struct aoutdata *su = &(abfd->tdata.aout_data->a); @@ -345,7 +347,7 @@ NAME(lynx,swap_std_reloc_in) (bfd *abfd, asymbol **symbols, bfd_size_type symcount ATTRIBUTE_UNUSED) { - int r_index; + unsigned int r_index; int r_extern; unsigned int r_length; int r_pcrel; |