aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2018-03-17 17:49:12 +1030
committerAlan Modra <amodra@gmail.com>2018-03-21 21:42:17 +1030
commit675e28092f9d92c56c38d40d13ad5b766bdede05 (patch)
tree50e41146bc1489f10fc2e676b24beba579bc3fe3 /bfd
parentdca9fbc845f297db70dcb2202624b1497df5593c (diff)
downloadgdb-675e28092f9d92c56c38d40d13ad5b766bdede05.zip
gdb-675e28092f9d92c56c38d40d13ad5b766bdede05.tar.gz
gdb-675e28092f9d92c56c38d40d13ad5b766bdede05.tar.bz2
Don't exceed reloc array bounds
* elf64-ppc.c (ppc64_elf_relocate_section): Don't access rel[1] without first checking array bounds. * elf32-ppc.c (ppc_elf_relocate_section): Likewise.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/elf32-ppc.c6
-rw-r--r--bfd/elf64-ppc.c6
3 files changed, 14 insertions, 4 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 1850d20..6846481 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-03-21 Alan Modra <amodra@gmail.com>
+
+ * elf64-ppc.c (ppc64_elf_relocate_section): Don't access rel[1]
+ without first checking array bounds.
+ * elf32-ppc.c (ppc_elf_relocate_section): Likewise.
+
2018-03-20 H.J. Lu <hongjiu.lu@intel.com>
PR ld/22983
diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c
index 66bbf0d..182dc2a 100644
--- a/bfd/elf32-ppc.c
+++ b/bfd/elf32-ppc.c
@@ -8000,7 +8000,8 @@ ppc_elf_relocate_section (bfd *output_bfd,
break;
case R_PPC_TLSGD:
- if ((tls_mask & TLS_TLS) != 0 && (tls_mask & TLS_GD) == 0)
+ if ((tls_mask & TLS_TLS) != 0 && (tls_mask & TLS_GD) == 0
+ && rel + 1 < relend)
{
unsigned int insn2;
bfd_vma offset = rel->r_offset;
@@ -8027,7 +8028,8 @@ ppc_elf_relocate_section (bfd *output_bfd,
break;
case R_PPC_TLSLD:
- if ((tls_mask & TLS_TLS) != 0 && (tls_mask & TLS_LD) == 0)
+ if ((tls_mask & TLS_TLS) != 0 && (tls_mask & TLS_LD) == 0
+ && rel + 1 < relend)
{
unsigned int insn2;
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 889bdb0..7155aeb 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -13897,7 +13897,8 @@ ppc64_elf_relocate_section (bfd *output_bfd,
break;
case R_PPC64_TLSGD:
- if (tls_mask != 0 && (tls_mask & TLS_GD) == 0)
+ if (tls_mask != 0 && (tls_mask & TLS_GD) == 0
+ && rel + 1 < relend)
{
unsigned int insn2;
bfd_vma offset = rel->r_offset;
@@ -13931,7 +13932,8 @@ ppc64_elf_relocate_section (bfd *output_bfd,
break;
case R_PPC64_TLSLD:
- if (tls_mask != 0 && (tls_mask & TLS_LD) == 0)
+ if (tls_mask != 0 && (tls_mask & TLS_LD) == 0
+ && rel + 1 < relend)
{
unsigned int insn2;
bfd_vma offset = rel->r_offset;