From patchwork Wed Nov 23 12:29:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 24943 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2756539wrr; Wed, 23 Nov 2022 04:30:23 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Wut93da2j0Hl92617QY54bI+Q38pIEBYj8Vt2ETL87jzC8Wt7/cZFyH35pmLMnyrvj+JX X-Received: by 2002:a05:6402:114f:b0:462:1e07:1dd7 with SMTP id g15-20020a056402114f00b004621e071dd7mr25684808edw.293.1669206623629; Wed, 23 Nov 2022 04:30:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669206623; cv=none; d=google.com; s=arc-20160816; b=wKxZuo2RViTqxrY3UHkGD4JQUIkgrXqgP3f5TbPwshCavAX+nrEUZHpPNKc53LFJdO hnhuUZ4ZudgA64F2Y2V5v4pObh34UBj1W0Rt8s5+PzV9Ltd4C2mlZitOjA7hKfCnB32N 3VhNo9KdU4jK8lDM3AOyBpgs8goUBHfPTEv9oJZWSGtIo6P82UiVczkPEODbxexnKXQJ E47B+402El+0xYPR+2TWt1Q7Gw/41OspAyMM0+3Sj2T6hhefdRrDPDRS+lBkfcRmDE/N X/+1RuhKMxuxxZq5aOFoV9OYKSO/g08apBGei5l68zm4VuK2IXt8gSbkyQSJVHkuxpPQ pZgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=ZdpquaBss51PdwdSNJJ1lnBif9OrROE79PAm15mNjGI=; b=aOpLweB8+qN23awKLQdnGG68aVoMMhhKjYZjtzAGxJR3X4hRQF8BrEB/3omOoHUJnx n2hcq3FKDL5K6Oxt1Z7KCCNrg4qczov/yPBaNs2pgwOcYFa5BqE08ZvRIk1FjtT6GWDF f2W/tA5L3ra4Bf0XApgT/QyrkvofBqxAq3Eie4JINVPxAyj4DZE7C5ejZnFs92d12X94 0EPasOatJC9JAs+bfVksL+rb+d5ZGhXGQO1wnLxELSDnUXsiMsakrU8EKIjyMB9U63SD 1KkToQ5+0WWe8pieFzeNVzPJhfKR+5jSHNz0R4PWWK8P3QyMuoLZGmTXo7rEqgPh6KPN 4qLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=ba263ukp; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id m3-20020a056402430300b004637e16cfa3si2233edc.598.2022.11.23.04.30.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Nov 2022 04:30:23 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=ba263ukp; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E11E93858033 for ; Wed, 23 Nov 2022 12:29:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E11E93858033 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1669206577; bh=ZdpquaBss51PdwdSNJJ1lnBif9OrROE79PAm15mNjGI=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=ba263ukp40qhGMHBkGAcWK3eTT49VTHr2VOuf70dok1WC1juJuja4EEc+mCXH0If4 URfpJ6lqELD+tP0DuXEwyh1NIw1Q8jDxVFdV/D+vWc9VTWbLF4tq7I2GW9MSLAMqwI yHnm2/087+4R4/5RKQKURVGuAcIyxqC+rzDbXV2k= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 143D6384F6DC for ; Wed, 23 Nov 2022 12:29:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 143D6384F6DC Received: by mail-pl1-x635.google.com with SMTP id g10so16476441plo.11 for ; Wed, 23 Nov 2022 04:29:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZdpquaBss51PdwdSNJJ1lnBif9OrROE79PAm15mNjGI=; b=mtEI44sFo73Ta3/ZfeVNKJP7bDAiCUfgw73F+d+dMJ9U07r0jIEpbLmDnWXrnohFFi O2ap76dX1SEEubAT0ol5h17AKzcVT0VaES7GCpjccJKtVzkL5eCs595O5dgiVCr+DqmQ +vYyg2shGG9RY0vXH+J/fWnUgsOKB8T2X3aAlaaUut/svcAeEFPXrwYkT4gaKpf+IUGc MWiZNgSNX0sRL9Ye+99CR2XMeJ0rSSGKFD71PNZUpd3SH+uEaGjW/NI/ZctrsRvggv18 6j6s6o9PiMHMwc8sGE71LxyvuJdcXc7/0+0cQhoQtTo7UqRQWyUYk5LEUCzd4YzCcdVQ KONg== X-Gm-Message-State: ANoB5pkbh81vfa1oZooE/FuxvoS8374a8+YS2w77XYxQAvVp3gtlOjLM qXuRN/STKYUGXu2lNUgurtGRhZi7YdM= X-Received: by 2002:a17:90a:a589:b0:217:b6d1:968 with SMTP id b9-20020a17090aa58900b00217b6d10968mr37352212pjq.52.1669206552460; Wed, 23 Nov 2022 04:29:12 -0800 (PST) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:55f0:77c:a420:4ce5]) by smtp.gmail.com with ESMTPSA id l3-20020a622503000000b0056bf4f8d542sm12568660pfl.74.2022.11.23.04.29.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Nov 2022 04:29:11 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 8564F1142D3F; Wed, 23 Nov 2022 22:59:09 +1030 (ACDT) Date: Wed, 23 Nov 2022 22:59:09 +1030 To: binutils@sourceware.org Subject: PR22509 - Null pointer dereference on coff_slurp_reloc_table Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3035.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750290004524349909?= X-GMAIL-MSGID: =?utf-8?q?1750290004524349909?= This extends the commit 4581a1c7d304 fix to more targets, which hardens BFD a little. I think the real underlying problem was the bfd_canonicalize_reloc call in load_specific_debug_section which passed a NULL for "symbols". Fix that too. PR 22509 bfd/ * aoutx.h (swap_ext_reloc_out): Gracefully handle NULL symbols. * i386lynx.c (swap_ext_reloc_out): Likewise. * pdp11.c (pdp11_aout_swap_reloc_out): Likewise. * coff-tic30.c (reloc_processing): Likewise. * coff-tic4x.c (tic4x_reloc_processing): Likewise. * coff-tic54x.c (tic54x_reloc_processing): Likewise. * coff-z80.c (reloc_processing): Likewise. * coff-z8k.c (reloc_processing): Likewise. * ecoff.c (ecoff_slurp_reloc_table): Likewise. * som.c (som_set_reloc_info): Likewise. binutils/ * objdump.c (load_specific_debug_section): Pass syms to bfd_canonicalize_reloc. diff --git a/bfd/aoutx.h b/bfd/aoutx.h index 61ea9f7ce04..38e30431589 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -2122,8 +2122,10 @@ NAME (aout, swap_ext_reloc_out) (bfd *abfd, if (r_extern) \ { \ /* Undefined symbol. */ \ - if (r_index < bfd_get_symcount (abfd)) \ + if (symbols != NULL && r_index < bfd_get_symcount (abfd)) \ cache_ptr->sym_ptr_ptr = symbols + r_index; \ + else \ + cache_ptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; \ cache_ptr->addend = ad; \ } \ else \ diff --git a/bfd/coff-tic30.c b/bfd/coff-tic30.c index 874fd79f3fa..fcc85754068 100644 --- a/bfd/coff-tic30.c +++ b/bfd/coff-tic30.c @@ -161,7 +161,7 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx == -1) + if (reloc->r_symndx == -1 || symbols == NULL) relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; diff --git a/bfd/coff-tic4x.c b/bfd/coff-tic4x.c index 02013e1655f..be295259915 100644 --- a/bfd/coff-tic4x.c +++ b/bfd/coff-tic4x.c @@ -219,7 +219,7 @@ tic4x_reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; - if (reloc->r_symndx != -1) + if (reloc->r_symndx != -1 && symbols != NULL) { if (reloc->r_symndx < 0 || reloc->r_symndx >= obj_conv_table_size (abfd)) { diff --git a/bfd/coff-tic54x.c b/bfd/coff-tic54x.c index 8b493584503..9ec4b2064c3 100644 --- a/bfd/coff-tic54x.c +++ b/bfd/coff-tic54x.c @@ -357,7 +357,7 @@ tic54x_reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; - if (reloc->r_symndx != -1) + if (reloc->r_symndx != -1 && symbols != NULL) { if (reloc->r_symndx < 0 || reloc->r_symndx >= obj_conv_table_size (abfd)) { diff --git a/bfd/coff-z80.c b/bfd/coff-z80.c index ba0f2609bf0..7fb2f137331 100644 --- a/bfd/coff-z80.c +++ b/bfd/coff-z80.c @@ -314,7 +314,7 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx == -1) + if (reloc->r_symndx == -1 || symbols == NULL) relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; diff --git a/bfd/coff-z8k.c b/bfd/coff-z8k.c index b9f6f9773ad..974bffc9a6f 100644 --- a/bfd/coff-z8k.c +++ b/bfd/coff-z8k.c @@ -177,7 +177,7 @@ reloc_processing (arelent *relent, relent->address = reloc->r_vaddr; rtype2howto (relent, reloc); - if (reloc->r_symndx == -1) + if (reloc->r_symndx == -1 || symbols == NULL) relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; else if (reloc->r_symndx >= 0 && reloc->r_symndx < obj_conv_table_size (abfd)) relent->sym_ptr_ptr = symbols + obj_convert (abfd)[reloc->r_symndx]; diff --git a/bfd/ecoff.c b/bfd/ecoff.c index a4edf7a2e6c..2d26b855e4c 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -1612,7 +1612,8 @@ ecoff_slurp_reloc_table (bfd *abfd, if (intern.r_extern) { /* r_symndx is an index into the external symbols. */ - if (intern.r_symndx >= 0 + if (symbols != NULL + && intern.r_symndx >= 0 && (intern.r_symndx < (ecoff_data (abfd)->debug_info.symbolic_header.iextMax))) rptr->sym_ptr_ptr = symbols + intern.r_symndx; diff --git a/bfd/i386lynx.c b/bfd/i386lynx.c index 5df3d19ffe0..acc38d24438 100644 --- a/bfd/i386lynx.c +++ b/bfd/i386lynx.c @@ -283,8 +283,10 @@ NAME(lynx,swap_ext_reloc_out) (bfd *abfd, if (r_extern) \ { \ /* undefined symbol */ \ - if (r_index < bfd_get_symcount (abfd)) \ + if (symbols != NULL && r_index < bfd_get_symcount (abfd)) \ cache_ptr->sym_ptr_ptr = symbols + r_index; \ + else \ + cache_ptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; \ cache_ptr->addend = ad; \ } \ else \ diff --git a/bfd/pdp11.c b/bfd/pdp11.c index de9c8690e20..806e0e12a61 100644 --- a/bfd/pdp11.c +++ b/bfd/pdp11.c @@ -1861,8 +1861,10 @@ pdp11_aout_swap_reloc_out (bfd *abfd, arelent *g, bfd_byte *natptr) if (r_extern) \ { \ /* Undefined symbol. */ \ - if (r_index < bfd_get_symcount (abfd)) \ + if (symbols != NULL && r_index < bfd_get_symcount (abfd)) \ cache_ptr->sym_ptr_ptr = symbols + r_index; \ + else \ + cache_ptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr; \ cache_ptr->addend = ad; \ } \ else \ diff --git a/bfd/som.c b/bfd/som.c index 7a5ee35f0e2..3e89c937b5e 100644 --- a/bfd/som.c +++ b/bfd/som.c @@ -5099,7 +5099,7 @@ som_set_reloc_info (unsigned char *fixup, /* A symbol to use in the relocation. Make a note of this if we are not just counting. */ case 'S': - if (! just_count && (unsigned int) c < symcount) + if (!just_count && symbols != NULL && (unsigned int) c < symcount) rptr->sym_ptr_ptr = &symbols[c]; break; /* Argument relocation bits for a function call. */ diff --git a/binutils/objdump.c b/binutils/objdump.c index 61a18746fde..9b27ce73a87 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -4238,7 +4238,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, relocs = (arelent **) xmalloc (reloc_size); - reloc_count = bfd_canonicalize_reloc (abfd, sec, relocs, NULL); + reloc_count = bfd_canonicalize_reloc (abfd, sec, relocs, syms); if (reloc_count <= 0) free (relocs); else