From 1ed0032b40063795d6c3ce89eab3101a8fd67569 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sun, 24 Oct 2021 20:27:06 +1030 Subject: asan: c4x, c54x coff_canonicalize_reloc buffer overflow Sometimes the investigation of a fuzzing bug report leads into areas you'd rather not go. In this instance by the time I'd figured out the real cause was a target variant that had never been properly supported in binutils, the time needed to fix it was less than the time needed to rip it out. * coffcode.h (coff_set_alignment_hook): Call bfd_coff_swap_reloc_in not coff_swap_reloc_in. (coff_slurp_reloc_table): Likewise. Don't use RELOC type. (ticoff0_swap_table): Use coff_swap_reloc_v0_out and coff_swap_reloc_v0_in. * coffswap.h (coff_swap_reloc_v0_in, coff_swap_reloc_v0_out): New. * coff-tic54x.c (tic54x_lookup_howto): Don't abort. * coffgen.c (coff_get_normalized_symtab): Use PTR_ADD. * bfd-in.h (PTR_ADD, NPTR_ADD): Avoid warnings when passing an expression. * bfd-in2.h: Regenerate. --- bfd/bfd-in2.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'bfd/bfd-in2.h') diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h index 91888ef..669f250 100644 --- a/bfd/bfd-in2.h +++ b/bfd/bfd-in2.h @@ -121,9 +121,9 @@ typedef struct bfd bfd; #endif /* Silence "applying zero offset to null pointer" UBSAN warnings. */ -#define PTR_ADD(P,A) ((A) ? (P) + (A) : (P)) +#define PTR_ADD(P,A) ((A) != 0 ? (P) + (A) : (P)) /* Also prevent non-zero offsets from being applied to a null pointer. */ -#define NPTR_ADD(P,A) ((P) ? (P) + (A) : (P)) +#define NPTR_ADD(P,A) ((P) != NULL ? (P) + (A) : (P)) #ifdef BFD64 -- cgit v1.1