From patchwork Tue Dec 13 02:31:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 32596 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2591100wrr; Mon, 12 Dec 2022 18:31:44 -0800 (PST) X-Google-Smtp-Source: AA0mqf4aF7Uh7K5LECkdl5oBv6nJYoJUzbEJoisde6TF5ueA+L+dHvM7Pv1Ae5J3/O1ucV0iBb+l X-Received: by 2002:a05:6402:299b:b0:468:fd17:aeb9 with SMTP id eq27-20020a056402299b00b00468fd17aeb9mr14549274edb.0.1670898704352; Mon, 12 Dec 2022 18:31:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670898704; cv=none; d=google.com; s=arc-20160816; b=YD0vPQ1DYIWsRNBS26flyOeERHe9cvCstasVtGoBA/ptJ7SmU6DR46BUrKL2RpxBdW OaQ9pNEW5GIS/Gf4/iojrMMD/jx5tiNyfqi6o645B2NvuFn2Qnal/GNWiWLEn61ZUdMV enSbP1v9SHDyL3NUhVOYLmI/n6CQEBADrCfb8kSpN5YeoTD95i+cOut0/e9TSkALYiDP +ADDpzMrlEldyTU5D/d0lHAK+M/9cPj8r1pZg0BJMPHK6YQQuCjqNmRBqcgGpXfMVCcQ hNWt3cY3eh0QDDQRaNcftXv2K0yof2bLRaKYUjQ5Uy+dRRM/NToQWcDYJT3MCUQpjMFu hI0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=PNy0OzqBQuwEkNPZtkNIO9vO3q6ocx+pZCo5uvVSfCE=; b=rnDiuPXOhQjeAdvPCRmohyWFsyFPobq6TWq1arX92Ku03rleU4fx9YZP5ZcdXksfuz BzyX1x3O7YAd/rM/nls0AAuiPxix1c2YJarXZfE7UZG7demGandbbqLUOte7VTN+q17j CWZzfoaLwkXJfOm7wW78N7+V3ODQP7v5eA6U9QccfHL9MZ4O3yA4yJvG32SfuTk+xwaz sAbIhGEH3Or/1laM0MGkBmvi/dUTJKcVi3hx0rXtfSL1OULU0Y2AU+mTbkU75xKKN8Uk 1tcX0Xi57bB7Bz3H3ymbp80OwhwZimlXwxtfP92zrlD2k2pVOzwP4bB/FaLE4qhXZz17 6vBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=kuMArzt+; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id m5-20020a056402430500b0046904a196b7si10447717edc.272.2022.12.12.18.31.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Dec 2022 18:31:44 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=kuMArzt+; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0AC8D3846989 for ; Tue, 13 Dec 2022 02:31:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0AC8D3846989 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1670898702; bh=PNy0OzqBQuwEkNPZtkNIO9vO3q6ocx+pZCo5uvVSfCE=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=kuMArzt+wo/BoXVl5NbjSTPjxp+yJWJ8aEuytXjg3AaxfS83mgoVLIqaQO2Zj+/gr Sy4lzutPpj8XUs9HsHslrD32lXjjCjuvfoKXlDDOOsMUIJPr43Y6+oWMwuqymHY9gN 5S4f7xBWJ/LQvpoRh+fZkaxXtmw0xldpuCVArcvU= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by sourceware.org (Postfix) with ESMTPS id 7EF9A38475A9 for ; Tue, 13 Dec 2022 02:31:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7EF9A38475A9 Received: by mail-pj1-x1034.google.com with SMTP id gt4so1892910pjb.1 for ; Mon, 12 Dec 2022 18:31:31 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=PNy0OzqBQuwEkNPZtkNIO9vO3q6ocx+pZCo5uvVSfCE=; b=iNK3i4iSAIUPSzVM2pN4Hhf6FxBD2o5GMVQU3zHrh74Ceo+lDFY8GIUZY0FfFT8rFj N51UAoZtcmA0CYZL9AOdgwNX+9bwNZIo7JSnOeJ33Q2HPlb0QGbZj7wIYrFbXYt1umco BJUOsavYH/aiUSW6S0VAA/hxCdIXgkEbjfwIC7zi8U3YXAlIpitTkIzUseBVkDH7U9Ji j2Fih/tAysbECW7vsuWXMUrU9Sdi0YLn6mRcYeuX7JSbNs5lNErLFGEQWZRDhiNULqm0 mNrlrfjcf9kWIgfoV9p4Zo41+rQDFPIn5gvG3Hxih6CuYJRlSXBKGJagc9gADkGX7K5P P2ng== X-Gm-Message-State: ANoB5pnEc9AbqYrr0bfhsDq3A7rXr/cVNYCEQkiJLcU3WV7bKIJ2QFMY LaHiUJtt0BdMzAnwSKMZB+3787+D5tA= X-Received: by 2002:a05:6a20:3c93:b0:a4:63fd:ef1e with SMTP id b19-20020a056a203c9300b000a463fdef1emr26892732pzj.3.1670898689967; Mon, 12 Dec 2022 18:31:29 -0800 (PST) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id x19-20020a633113000000b00478dad38eacsm5862708pgx.38.2022.12.12.18.31.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Dec 2022 18:31:29 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id B94AF11400D5; Tue, 13 Dec 2022 13:01:26 +1030 (ACDT) Date: Tue, 13 Dec 2022 13:01:26 +1030 To: binutils@sourceware.org Subject: asan: mips_hi16_list segfault in bfd_get_section_limit_octets Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3036.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752064279817519968?= X-GMAIL-MSGID: =?utf-8?q?1752064279817519968?= static variables like mips_hi16_list are nasty for applications using bfd. It is possible when opening and closing bfds with mis-matched hi/lo relocs to leave a stale section pointer on the list. That can cause a segfault if multiple bfds are being processed. Tidying the list when closing is sufficient to stop this happening (and fixes small memory leaks). This patch goes further and moves mips_hi16_list to where it belongs in the bfd tdata. * elf32-mips.c (bfd_elf32_close_and_cleanup(: Define. * elf64-mips.c (bfd_elf64_close_and_cleanup): Define. * elfn32-mips.c (bfd_elf32_close_and_cleanup(: Define. * elfxx-mips.c (struct mips_hi16): Move earlier. (mips_hi16_list): Move to.. (struct mips_elf_obj_tdata): ..here. (_bfd_mips_elf_close_and_cleanup): New function. (_bfd_mips_elf_hi16_reloc, _bfd_mips_elf_lo16_reloc), (_bfd_elf_mips_get_relocated_section_contents): Adjust uses of mips_hi16_list. * elfxx-mips.h (_bfd_mips_elf_close_and_cleanup): Declare. diff --git a/bfd/elf32-mips.c b/bfd/elf32-mips.c index be28d1a3b1c..0ffa9017d7b 100644 --- a/bfd/elf32-mips.c +++ b/bfd/elf32-mips.c @@ -2599,6 +2599,7 @@ static const struct ecoff_debug_swap mips_elf32_ecoff_debug_swap = { _bfd_mips_elf_print_private_bfd_data #define bfd_elf32_bfd_relax_section _bfd_mips_elf_relax_section #define bfd_elf32_mkobject _bfd_mips_elf_mkobject +#define bfd_elf32_close_and_cleanup _bfd_mips_elf_close_and_cleanup /* Support for SGI-ish mips targets. */ #define TARGET_LITTLE_SYM mips_elf32_le_vec diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c index 419d9bc6dbd..9b0120b8167 100644 --- a/bfd/elf64-mips.c +++ b/bfd/elf64-mips.c @@ -4815,6 +4815,7 @@ const struct elf_size_info mips_elf64_size_info = #define bfd_elf64_get_dynamic_reloc_upper_bound mips_elf64_get_dynamic_reloc_upper_bound #define bfd_elf64_mkobject _bfd_mips_elf_mkobject +#define bfd_elf64_close_and_cleanup _bfd_mips_elf_close_and_cleanup /* The SGI style (n)64 NewABI. */ #define TARGET_LITTLE_SYM mips_elf64_le_vec diff --git a/bfd/elfn32-mips.c b/bfd/elfn32-mips.c index d222d1a5d15..452a2a7b74b 100644 --- a/bfd/elfn32-mips.c +++ b/bfd/elfn32-mips.c @@ -4197,6 +4197,7 @@ static const struct ecoff_debug_swap mips_elf32_ecoff_debug_swap = { #define bfd_elf32_bfd_print_private_bfd_data \ _bfd_mips_elf_print_private_bfd_data #define bfd_elf32_mkobject mips_elf_n32_mkobject +#define bfd_elf32_close_and_cleanup _bfd_mips_elf_close_and_cleanup /* Support for SGI-ish mips targets using n32 ABI. */ diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c index 618fb43540c..f77ccde8409 100644 --- a/bfd/elfxx-mips.c +++ b/bfd/elfxx-mips.c @@ -549,6 +549,19 @@ struct mips_htab_traverse_info bool error; }; +/* Used to store a REL high-part relocation such as R_MIPS_HI16 or + R_MIPS_GOT16. REL is the relocation, INPUT_SECTION is the section + that contains the relocation field and DATA points to the start of + INPUT_SECTION. */ + +struct mips_hi16 +{ + struct mips_hi16 *next; + bfd_byte *data; + asection *input_section; + arelent rel; +}; + /* MIPS ELF private object data. */ struct mips_elf_obj_tdata @@ -584,6 +597,8 @@ struct mips_elf_obj_tdata asymbol *elf_text_symbol; asection *elf_data_section; asection *elf_text_section; + + struct mips_hi16 *mips_hi16_list; }; /* Get MIPS ELF private object data from BFD's tdata. */ @@ -1365,6 +1380,23 @@ _bfd_mips_elf_mkobject (bfd *abfd) MIPS_ELF_DATA); } +bool +_bfd_mips_elf_close_and_cleanup (bfd *abfd) +{ + struct mips_elf_obj_tdata *tdata = mips_elf_tdata (abfd); + if (tdata != NULL && bfd_get_format (abfd) == bfd_object) + { + BFD_ASSERT (tdata->root.object_id == MIPS_ELF_DATA); + while (tdata->mips_hi16_list != NULL) + { + struct mips_hi16 *hi = tdata->mips_hi16_list; + tdata->mips_hi16_list = hi->next; + free (hi); + } + } + return _bfd_elf_close_and_cleanup (abfd); +} + bool _bfd_mips_elf_new_section_hook (bfd *abfd, asection *sec) { @@ -2481,23 +2513,6 @@ _bfd_mips_elf_gprel16_with_gp (bfd *abfd, asymbol *symbol, return bfd_reloc_ok; } -/* Used to store a REL high-part relocation such as R_MIPS_HI16 or - R_MIPS_GOT16. REL is the relocation, INPUT_SECTION is the section - that contains the relocation field and DATA points to the start of - INPUT_SECTION. */ - -struct mips_hi16 -{ - struct mips_hi16 *next; - bfd_byte *data; - asection *input_section; - arelent rel; -}; - -/* FIXME: This should not be a static variable. */ - -static struct mips_hi16 *mips_hi16_list; - /* A howto special_function for REL *HI16 relocations. We can only calculate the correct value once we've seen the partnering *LO16 relocation, so just save the information for later. @@ -2508,12 +2523,13 @@ static struct mips_hi16 *mips_hi16_list; simplies the relocation handling in gcc. */ bfd_reloc_status_type -_bfd_mips_elf_hi16_reloc (bfd *abfd ATTRIBUTE_UNUSED, arelent *reloc_entry, +_bfd_mips_elf_hi16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol ATTRIBUTE_UNUSED, void *data, asection *input_section, bfd *output_bfd, char **error_message ATTRIBUTE_UNUSED) { struct mips_hi16 *n; + struct mips_elf_obj_tdata *tdata; if (reloc_entry->address > bfd_get_section_limit (abfd, input_section)) return bfd_reloc_outofrange; @@ -2522,11 +2538,12 @@ _bfd_mips_elf_hi16_reloc (bfd *abfd ATTRIBUTE_UNUSED, arelent *reloc_entry, if (n == NULL) return bfd_reloc_outofrange; - n->next = mips_hi16_list; + tdata = mips_elf_tdata (abfd); + n->next = tdata->mips_hi16_list; n->data = data; n->input_section = input_section; n->rel = *reloc_entry; - mips_hi16_list = n; + tdata->mips_hi16_list = n; if (output_bfd != NULL) reloc_entry->address += input_section->output_offset; @@ -2566,6 +2583,7 @@ _bfd_mips_elf_lo16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, { bfd_vma vallo; bfd_byte *location = (bfd_byte *) data + reloc_entry->address; + struct mips_elf_obj_tdata *tdata; if (!bfd_reloc_offset_in_range (reloc_entry->howto, abfd, input_section, reloc_entry->address)) @@ -2577,12 +2595,13 @@ _bfd_mips_elf_lo16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, _bfd_mips_elf_reloc_shuffle (abfd, reloc_entry->howto->type, false, location); - while (mips_hi16_list != NULL) + tdata = mips_elf_tdata (abfd); + while (tdata->mips_hi16_list != NULL) { bfd_reloc_status_type ret; struct mips_hi16 *hi; - hi = mips_hi16_list; + hi = tdata->mips_hi16_list; /* R_MIPS*_GOT16 relocations are something of a special case. We want to install the addend in the same way as for a R_MIPS*_HI16 @@ -2606,7 +2625,7 @@ _bfd_mips_elf_lo16_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, if (ret != bfd_reloc_ok) return ret; - mips_hi16_list = hi->next; + tdata->mips_hi16_list = hi->next; free (hi); } @@ -13294,12 +13313,14 @@ _bfd_elf_mips_get_relocated_section_contents reloc_vector = (arelent **) bfd_malloc (reloc_size); if (reloc_vector == NULL) { + struct mips_elf_obj_tdata *tdata; struct mips_hi16 **hip, *hi; error_return: /* If we are going to return an error, remove entries on mips_hi16_list that point into this section's data. Data will typically be freed on return from this function. */ - hip = &mips_hi16_list; + tdata = mips_elf_tdata (abfd); + hip = &tdata->mips_hi16_list; while ((hi = *hip) != NULL) { if (hi->input_section == input_section) diff --git a/bfd/elfxx-mips.h b/bfd/elfxx-mips.h index 6b22fdab3ae..7d40808496d 100644 --- a/bfd/elfxx-mips.h +++ b/bfd/elfxx-mips.h @@ -31,6 +31,8 @@ enum reloc_check extern bool _bfd_mips_elf_mkobject (bfd *); +extern bool _bfd_mips_elf_close_and_cleanup + (bfd *); extern bool _bfd_mips_elf_new_section_hook (bfd *, asection *); extern void _bfd_mips_elf_symbol_processing