From cd21f5daad4335b50366b838664ade64bec29957 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 15 Jan 2015 16:22:55 +0000 Subject: Fix memory access violations triggered by running objdump on fuzzed binaries. PR binutils/17512 * elf-m10300.c (mn10300_info_to_howto): Replace assertion with an error message. Never return an invalid howto pointer. * elf32-cr16.c (cr16_info_to_howto): Likewise. * elf32-crx.c (elf_crx_info_to_howto): Likewise. * elf32-i370.c (i370_elf_info_to_howto): Likewise. * elf32-mcore.c (mcore_elf_info_to_howto): Likewise. * elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise. * elf32-mips.c (mips_elf32_rtype_to_howto): Likewise. * elf32-pj.c (pj_elf_info_to_howto): Likewise. * elf32-ppc.c (ppc_elf_info_to_howto): Likewise. * elf32-spu.c (spu_elf_info_to_howto): Likewise. * elf32-v850.c (v850_elf_info_to_howto_rela): Likewise. * elf32-vax.c (rtype_to_howto): Likewise. * elf64-alpha.c (elf64_alpha_info_to_howto): Likewise. * elf64-mips.c (mips_elf64_rtype_to_howto): Likewise. * elfn32-mips.c (sh_elf_info_to_howto): Likewise. * elf32-sh.c (sh_elf_info_to_howto): Likewise. (sh_elf_reloc): Check that the reloc is in range. * reloc.c (bfd_perform_relocation): Check that the section is big enough for the entire reloc. (bfd_generic_get_relocated_section_contents): Report unexpected return values from perform_reloc. --- bfd/elf-m10300.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'bfd/elf-m10300.c') diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c index 6a18b44..52457ed 100644 --- a/bfd/elf-m10300.c +++ b/bfd/elf-m10300.c @@ -806,7 +806,13 @@ mn10300_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, unsigned int r_type; r_type = ELF32_R_TYPE (dst->r_info); - BFD_ASSERT (r_type < (unsigned int) R_MN10300_MAX); + if (r_type >= R_MN10300_MAX) + { + (*_bfd_error_handler) (_("%A: unrecognised MN10300 reloc number: %d"), + abfd, r_type); + bfd_set_error (bfd_error_bad_value); + r_type = R_MN10300_NONE; + } cache_ptr->howto = elf_mn10300_howto_table + r_type; } -- cgit v1.1