From cd21f5daad4335b50366b838664ade64bec29957 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 15 Jan 2015 16:22:55 +0000
Subject: Fix memory access violations triggered by running objdump on fuzzed
 binaries.

	PR binutils/17512
	* elf-m10300.c (mn10300_info_to_howto): Replace assertion with an
	error message.  Never return an invalid howto pointer.
	* elf32-cr16.c (cr16_info_to_howto): Likewise.
	* elf32-crx.c (elf_crx_info_to_howto): Likewise.
	* elf32-i370.c (i370_elf_info_to_howto): Likewise.
	* elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
	* elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
	* elf32-mips.c (mips_elf32_rtype_to_howto): Likewise.
	* elf32-pj.c (pj_elf_info_to_howto): Likewise.
	* elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
	* elf32-spu.c (spu_elf_info_to_howto): Likewise.
	* elf32-v850.c (v850_elf_info_to_howto_rela): Likewise.
	* elf32-vax.c (rtype_to_howto): Likewise.
	* elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
	* elf64-mips.c (mips_elf64_rtype_to_howto): Likewise.
	* elfn32-mips.c (sh_elf_info_to_howto): Likewise.
	* elf32-sh.c (sh_elf_info_to_howto): Likewise.
	(sh_elf_reloc): Check that the reloc is in range.
	* reloc.c (bfd_perform_relocation): Check that the section is big
	enough for the entire reloc.
	(bfd_generic_get_relocated_section_contents): Report unexpected
	return values from perform_reloc.
---
 bfd/reloc.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'bfd/reloc.c')

diff --git a/bfd/reloc.c b/bfd/reloc.c
index 4167608..b018a3e 100644
--- a/bfd/reloc.c
+++ b/bfd/reloc.c
@@ -623,7 +623,10 @@ bfd_perform_relocation (bfd *abfd,
       /* PR 17512: file: c146ab8b.
 	 PR 17512: file: 46dff27f.
 	 Include the size of the reloc in the test for out of range addresses.  */
-      - bfd_get_reloc_size (howto))
+      - bfd_get_reloc_size (howto)
+      /* PR 17512: file: 38e53ebf
+	 Add make sure that there is enough room for the relocation to be applied.  */
+      || bfd_get_reloc_size (howto) > bfd_get_section_limit (abfd, input_section))
     return bfd_reloc_outofrange;
 
   /* Work out which section the relocation is targeted at and the
@@ -7691,7 +7694,11 @@ bfd_generic_get_relocated_section_contents (bfd *abfd,
 		  goto error_return;
 
 		default:
-		  abort ();
+		  /* PR 17512; file: 90c2a92e.
+		     Report unexpected results, without aborting.  */
+		  link_info->callbacks->einfo
+		    (_("%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"),
+		     abfd, input_section, * parent, r);
 		  break;
 		}
 
-- 
cgit v1.1