aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2020-11-23 14:07:02 +0000
committerNick Clifton <nickc@redhat.com>2020-11-23 14:07:02 +0000
commitf60742b2a1988d276c77d5c1011143f320d9b4cb (patch)
tree1d6169dbfb83984efad1a4bbdac29c562650433b /bfd
parentcbf097d7b024fad33d13cc43ff0d35f2e0b11898 (diff)
downloadgdb-f60742b2a1988d276c77d5c1011143f320d9b4cb.zip
gdb-f60742b2a1988d276c77d5c1011143f320d9b4cb.tar.gz
gdb-f60742b2a1988d276c77d5c1011143f320d9b4cb.tar.bz2
Fix an illegal memory access when accessing corrupt dynamic secondary relocations.
PR 26931 * elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to slurp_secondary_relocs field. (_bfd_elf_slurp_secondary_reloc_section): Update prototype. * elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new parameter. Compute number of symbols based upon the new parameter. * elfcode.h (elf_slurp_reloc_table): Pass dynamic as new parameter.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog12
-rw-r--r--bfd/elf-bfd.h4
-rw-r--r--bfd/elf.c13
-rw-r--r--bfd/elfcode.h2
4 files changed, 23 insertions, 8 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 6a552c7..d47d518 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,15 @@
+2020-11-23 Nick Clifton <nickc@redhat.com>
+
+ PR 26931
+ * elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to
+ slurp_secondary_relocs field.
+ (_bfd_elf_slurp_secondary_reloc_section): Update prototype.
+ * elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new
+ parameter. Compute number of symbols based upon the new
+ parameter.
+ * elfcode.h (elf_slurp_reloc_table): Pass dynamic as new
+ parameter.
+
2020-11-23 H.J. Lu <hongjiu.lu@intel.com>
PR ld/26918
diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
index ffb75f7..e8455d1 100644
--- a/bfd/elf-bfd.h
+++ b/bfd/elf-bfd.h
@@ -1571,7 +1571,7 @@ struct elf_backend_data
const char *, unsigned int);
/* Called when after loading the normal relocs for a section. */
- bfd_boolean (*slurp_secondary_relocs) (bfd *, asection *, asymbol **);
+ bfd_boolean (*slurp_secondary_relocs) (bfd *, asection *, asymbol **, bfd_boolean);
/* Called after writing the normal relocs for a section. */
bfd_boolean (*write_secondary_relocs) (bfd *, asection *);
@@ -2919,7 +2919,7 @@ extern bfd_boolean is_debuginfo_file (bfd *);
extern bfd_boolean _bfd_elf_init_secondary_reloc_section
(bfd *, Elf_Internal_Shdr *, const char *, unsigned int);
extern bfd_boolean _bfd_elf_slurp_secondary_reloc_section
- (bfd *, asection *, asymbol **);
+ (bfd *, asection *, asymbol **, bfd_boolean);
extern bfd_boolean _bfd_elf_copy_special_section_fields
(const bfd *, bfd *, const Elf_Internal_Shdr *, Elf_Internal_Shdr *);
extern bfd_boolean _bfd_elf_write_secondary_reloc_section
diff --git a/bfd/elf.c b/bfd/elf.c
index 9624df7..dbff0f2 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -12560,9 +12560,10 @@ _bfd_elf_init_secondary_reloc_section (bfd * abfd,
/* Read in any secondary relocs associated with SEC. */
bfd_boolean
-_bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
- asection * sec,
- asymbol ** symbols)
+_bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
+ asection * sec,
+ asymbol ** symbols,
+ bfd_boolean dynamic)
{
const struct elf_backend_data * const ebd = get_elf_backend_data (abfd);
asection * relsec;
@@ -12641,7 +12642,10 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
continue;
}
- symcount = bfd_get_symcount (abfd);
+ if (dynamic)
+ symcount = bfd_get_dynamic_symcount (abfd);
+ else
+ symcount = bfd_get_symcount (abfd);
for (i = 0, internal_reloc = internal_relocs,
native_reloc = native_relocs;
@@ -12688,7 +12692,6 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd,
asymbol **ps;
ps = symbols + r_sym (rela.r_info) - 1;
-
internal_reloc->sym_ptr_ptr = ps;
/* Make sure that this symbol is not removed by strip. */
(*ps)->flags |= BSF_KEEP;
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index 606ff64..c7da8f6 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -1603,7 +1603,7 @@ elf_slurp_reloc_table (bfd *abfd,
symbols, dynamic))
return FALSE;
- if (!bed->slurp_secondary_relocs (abfd, asect, symbols))
+ if (!bed->slurp_secondary_relocs (abfd, asect, symbols, dynamic))
return FALSE;
asect->relocation = relents;