diff options
| author | Alan Modra <amodra@gmail.com> | 2023-04-12 11:00:42 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-04-12 14:13:46 +0930 |
| commit | 93c6e8c3c14bf81020ca7571fe752250a34f5bc9 (patch) | |
| tree | 4e5b252048ff1dc9da4da78862aef9e16bf8e765 /ld | |
| parent | 32011d23a879283d845993e9358f64a6e8aefa98 (diff) | |
| download | binutils-gdb-93c6e8c3c14bf81020ca7571fe752250a34f5bc9.tar.gz | |
PR30326, uninitialised value in objdump compare_relocs
This is a fuzzing PR, with a testcase involving a SHF_ALLOC and
SHF_COMPRESSED SHT_RELA section, ie. a compressed dynamic reloc
section. BFD doesn't handle compressed relocation sections, with most
of the code reading relocs using sh_size (often no bfd section is
created) but in the case of SHF_ALLOC dynamic relocs we had some code
using the bfd section size. This led to a mismatch, sh_size is
compressed, size is uncompressed, and from that some uninitialised
memory. Consistently using sh_size is enough to fix this PR, but I've
also added tests to exclude SHF_COMPRESSED reloc sections from
consideration.
PR 30362
* elf.c (bfd_section_from_shdr): Exclude reloc sections with
SHF_COMPRESSED flag from normal reloc processing.
(_bfd_elf_get_dynamic_reloc_upper_bound): Similarly exclude
SHF_COMPRESSED sections from consideration. Use sh_size when
sizing to match slurp_relocs.
(_bfd_elf_canonicalize_dynamic_reloc): Likewise.
(_bfd_elf_get_synthetic_symtab): Use NUM_SHDR_ENTRIES to size
plt relocs.
* elf32-arm.c (elf32_arm_get_synthetic_symtab): Likewise.
* elf32-ppc.c (ppc_elf_get_synthetic_symtab): Likewise.
* elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise.
* elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise.
Diffstat (limited to 'ld')
0 files changed, 0 insertions, 0 deletions