diff options
| -rw-r--r-- | binutils/ChangeLog | 7 | ||||
| -rw-r--r-- | binutils/readelf.c | 22 |
2 files changed, 27 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index ccaa9c9..612b0ed 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,12 @@ 2018-12-01 Alan Modra <amodra@gmail.com> + PR 23946 + * readelf.c (slurp_ia64_unwind_table): Bounds check symbol index + on reloc. + (slurp_hppa_unwind_table): Likewise. + +2018-12-01 Alan Modra <amodra@gmail.com> + PR 23945 * readelf.c (slurp_ia64_unwind_table): Don't call elf_ia64_reloc_type needlessly. diff --git a/binutils/readelf.c b/binutils/readelf.c index 9eb5931..9969e46 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -7597,9 +7597,9 @@ slurp_ia64_unwind_table (Filedata * filedata, for (rp = rela; rp < rela + nrelas; ++rp) { + unsigned int sym_ndx; unsigned int r_type = get_reloc_type (filedata, rp->r_info); relname = elf_ia64_reloc_type (r_type); - sym = aux->symtab + get_reloc_symindex (rp->r_info); /* PR 17531: file: 9fa67536. */ if (relname == NULL) @@ -7623,6 +7623,15 @@ slurp_ia64_unwind_table (Filedata * filedata, continue; } + sym_ndx = get_reloc_symindex (rp->r_info); + if (sym_ndx >= aux->nsyms) + { + warn (_("Skipping reloc with invalid symbol index: %u\n"), + sym_ndx); + continue; + } + sym = aux->symtab + sym_ndx; + switch (rp->r_offset / eh_addr_size % 3) { case 0: @@ -8053,9 +8062,9 @@ slurp_hppa_unwind_table (Filedata * filedata, for (rp = rela; rp < rela + nrelas; ++rp) { + unsigned int sym_ndx; unsigned int r_type = get_reloc_type (filedata, rp->r_info); relname = elf_hppa_reloc_type (r_type); - sym = aux->symtab + get_reloc_symindex (rp->r_info); if (relname == NULL) { @@ -8077,6 +8086,15 @@ slurp_hppa_unwind_table (Filedata * filedata, continue; } + sym_ndx = get_reloc_symindex (rp->r_info); + if (sym_ndx >= aux->nsyms) + { + warn (_("Skipping reloc with invalid symbol index: %u\n"), + sym_ndx); + continue; + } + sym = aux->symtab + sym_ndx; + switch ((rp->r_offset % unw_ent_size) / 4) { case 0: |