From 8c51f2f291a5459e1eabd000b2c52e5de52b4c56 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 26 Aug 2020 17:43:39 +0100 Subject: Fix sanitization problems in the BFD library when running the linker testsuite for the AVR target. PR 26433 * elf32-avr.c (avr_final_link_relocate): Fix undefined shift behaviour. (avr_elf32_load_records_from_section): Use bfd_get_16 and bfd_get_32 to load values from potentially unaligned pointers. --- bfd/ChangeLog | 6 ++++++ bfd/elf32-avr.c | 14 +++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 9a59177..6460364 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,11 @@ 2020-08-26 Nick Clifton + PR 26433 + * elf32-avr.c (avr_final_link_relocate): Fix undefined shift + behaviour. + (avr_elf32_load_records_from_section): Use bfd_get_16 and + bfd_get_32 to load values from potentially unaligned pointers. + PR 26416 * elf64-alpha.c (elf64_alpha_relax_tls_get_addr): Test for and ignore local symbols. diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c index 9adf627..afb38b2 100644 --- a/bfd/elf32-avr.c +++ b/bfd/elf32-avr.c @@ -1052,7 +1052,7 @@ avr_final_link_relocate (reloc_howto_type * howto, if (srel > ((1 << 7) - 1) || (srel < - (1 << 7))) return bfd_reloc_overflow; x = bfd_get_16 (input_bfd, contents); - x = (x & 0xfc07) | (((srel >> 1) << 3) & 0x3f8); + x = (x & 0xfc07) | (((srel >> 1) * 8) & 0x3f8); bfd_put_16 (input_bfd, x, contents); break; @@ -4039,7 +4039,7 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec) ptr++; flags = *((bfd_byte *) ptr); ptr++; - record_count = *((uint16_t *) ptr); + record_count = bfd_get_16 (abfd, ptr); ptr+=2; BFD_ASSERT (ptr - contents == AVR_PROPERTY_SECTION_HEADER_SIZE); @@ -4106,7 +4106,7 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec) } } - address = *((uint32_t *) ptr); + address = bfd_get_32 (abfd, ptr); ptr += 4; size -= 4; @@ -4148,7 +4148,7 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec) /* Just a 4-byte fill to load. */ if (size < 4) goto load_failed; - r_list->records [i].data.org.fill = *((uint32_t *) ptr); + r_list->records [i].data.org.fill = bfd_get_32 (abfd, ptr); ptr += 4; size -= 4; break; @@ -4156,7 +4156,7 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec) /* Just a 4-byte alignment to load. */ if (size < 4) goto load_failed; - r_list->records [i].data.align.bytes = *((uint32_t *) ptr); + r_list->records [i].data.align.bytes = bfd_get_32 (abfd, ptr); ptr += 4; size -= 4; /* Just initialise PRECEDING_DELETED field, this field is @@ -4167,9 +4167,9 @@ avr_elf32_load_records_from_section (bfd *abfd, asection *sec) /* A 4-byte alignment, and a 4-byte fill to load. */ if (size < 8) goto load_failed; - r_list->records [i].data.align.bytes = *((uint32_t *) ptr); + r_list->records [i].data.align.bytes = bfd_get_32 (abfd, ptr); ptr += 4; - r_list->records [i].data.align.fill = *((uint32_t *) ptr); + r_list->records [i].data.align.fill = bfd_get_32 (abfd, ptr); ptr += 4; size -= 8; /* Just initialise PRECEDING_DELETED field, this field is -- cgit v1.1