From 6ecc36f7b7a29952579a49dc3d90f6871c6ab238 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Tue, 23 Aug 2022 18:24:36 +0930 Subject: Re: bfd_elf_set_group_contents assertion Further to commit 7744e3278b9f. * elf.c (bfd_elf_set_group_contents): Restrict loc in loop writing contents, and add another assertion. --- bfd/elf.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/bfd/elf.c b/bfd/elf.c index 35aa45e..f186a2c 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -3594,6 +3594,8 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) { elf_sec->rel.hdr->sh_flags |= SHF_GROUP; loc -= 4; + if (loc == sec->contents) + break; H_PUT_32 (abfd, elf_sec->rel.idx, loc); } if (elf_sec->rela.hdr != NULL @@ -3603,9 +3605,13 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) { elf_sec->rela.hdr->sh_flags |= SHF_GROUP; loc -= 4; + if (loc == sec->contents) + break; H_PUT_32 (abfd, elf_sec->rela.idx, loc); } loc -= 4; + if (loc == sec->contents) + break; H_PUT_32 (abfd, elf_sec->this_idx, loc); } elt = elf_next_in_group (elt); @@ -3613,12 +3619,20 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) break; } - loc -= 4; - if (loc != sec->contents) + /* We should always get here with loc == sec->contents + 4, but it is + possible to craft bogus SHT_GROUP sections that will cause segfaults + in objcopy without checking loc here and in the loop above. */ + if (loc == sec->contents) + BFD_ASSERT (0); + else { - BFD_ASSERT (0); - memset (sec->contents + 4, 0, loc - sec->contents); - loc = sec->contents; + loc -= 4; + if (loc != sec->contents) + { + BFD_ASSERT (0); + memset (sec->contents + 4, 0, loc - sec->contents); + loc = sec->contents; + } } H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); -- cgit v1.1