From e6b6fad2fe4d180bcd65a1e0aabc6ba763901346 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 23 Nov 2022 22:12:30 +1030 Subject: PR22509 - Null pointer dereference on coff_slurp_reloc_table This extends the commit 4581a1c7d304 fix to more targets, which hardens BFD a little. I think the real underlying problem was the bfd_canonicalize_reloc call in load_specific_debug_section which passed a NULL for "symbols". Fix that too. PR 22509 bfd/ * aoutx.h (swap_ext_reloc_out): Gracefully handle NULL symbols. * i386lynx.c (swap_ext_reloc_out): Likewise. * pdp11.c (pdp11_aout_swap_reloc_out): Likewise. * coff-tic30.c (reloc_processing): Likewise. * coff-tic4x.c (tic4x_reloc_processing): Likewise. * coff-tic54x.c (tic54x_reloc_processing): Likewise. * coff-z80.c (reloc_processing): Likewise. * coff-z8k.c (reloc_processing): Likewise. * ecoff.c (ecoff_slurp_reloc_table): Likewise. * som.c (som_set_reloc_info): Likewise. binutils/ * objdump.c (load_specific_debug_section): Pass syms to bfd_canonicalize_reloc. --- bfd/coff-z8k.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'bfd/coff-z8k.c') diff --git a/bfd/coff-z8k.c b/bfd/coff-z8k.c index b9f6f97..974bffc 100644 --- a/bfd/coff-z8k.c +++ b/bfd/coff-z8k.c @@ -177,7 +177,7 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx == -1) + if (reloc->r_symndx == -1 || symbols == NULL) relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; -- cgit v1.1