From 0cc919dc6abede5e61b9d8234028fba879166088 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" Date: Wed, 4 Apr 2018 02:00:49 +0100 Subject: PR binutils/22875: IQ2000/ELF: Prevent an out-of-bounds howto table access Prevent an out-of-bounds `iq2000_elf_howto_table' table access in `iq2000_info_to_howto_rela' by using the size of the table rather than R_IQ2000_max to determine the number of entries in the contiguous regular IQ2000 relocation range defined and described in the table. bfd/ * elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range check for `iq2000_elf_howto_table' table access. --- bfd/ChangeLog | 5 +++++ bfd/elf32-iq2000.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 072ad98..8e1df6d 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,10 @@ 2018-04-04 Maciej W. Rozycki + * elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range + check for `iq2000_elf_howto_table' table access. + +2018-04-04 Maciej W. Rozycki + * elf32-frv.c (frv_info_to_howto_rela): Correct the range check for `elf32_frv_howto_table' table access. diff --git a/bfd/elf32-iq2000.c b/bfd/elf32-iq2000.c index d1ce3c8..e616766 100644 --- a/bfd/elf32-iq2000.c +++ b/bfd/elf32-iq2000.c @@ -22,6 +22,7 @@ #include "libbfd.h" #include "elf-bfd.h" #include "elf/iq2000.h" +#include "libiberty.h" /* Forward declarations. */ @@ -435,7 +436,7 @@ iq2000_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, break; default: - if (r_type >= (unsigned int) R_IQ2000_max) + if (r_type >= ARRAY_SIZE (iq2000_elf_howto_table)) { /* xgettext:c-format */ _bfd_error_handler (_("%pB: unsupported relocation type %#x"), -- cgit v1.1