From patchwork Wed Dec 27 06:06:02 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 183423
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:6f82:b0:100:9c79:88ff with SMTP id
 tb2csp1264270dyb;
        Tue, 26 Dec 2023 22:06:17 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFc0w4+U3L4cug5Qu4lgFqxvz17lnZgqYve9MBa7hrj8PerB/b+tvFViBndULcyhaKXpbwN
X-Received: by 2002:a05:620a:4011:b0:781:3e40:148f with SMTP id
 h17-20020a05620a401100b007813e40148fmr7963310qko.108.1703657177493;
        Tue, 26 Dec 2023 22:06:17 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1703657177; cv=pass;
        d=google.com; s=arc-20160816;
        b=jF8tebLR5ZeyM4N3L5q8Gs/ruIrXE2AaCgBLWS9xH9PxE89mXmde+9jthz54uLAqKU
         0hj8fGrHGeKMJHcn0Q/QnqVEOa3tdgIrGH9OXDbnf02LmVD4H7jejj+WqAFaQSwJe2Go
         NgNQLoBXkpprYFVcptu6Y8JAXBqmLi7UMBnxmU4fNzhs0TRG8J6EGhVm37Et3eNqkNuF
         3W5UNyFor4VV8x0reF0apaNZUCruSZImuykgnK7aJmYVdAoJNzTl/VP2T7v/YHwyyW/G
         yiUqyifLTRClIuZrBKKm5rldijJ6ttT2GrhcIppHVgASSOZG6EGn/NzTFUXt9dKlj4/C
         yITQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:content-disposition
         :mime-version:message-id:subject:to:from:date:dkim-signature
         :arc-filter:dmarc-filter:delivered-to;
        bh=dgaX5BdM2u8jtAABn26854lvbGynadP4ostk1E/C8pU=;
        fh=NLxAvL/bDfPg4AGOtxqvQlND8vazkZrNzKLY8+LAbBY=;
        b=qMzmEwOtOGz5MqiD0RDMEaZWS7KpL+HaqXf3lWVLcjbJ+7aRNy8ufdkVFAOipuJrQ1
         si0j4GZfi4zENgt7yrSfe5lH+9D5njVt3oOLssUk4qwt4mE3VGGUA+odO7i/GVk4yGP2
         yOvsDi2KXl8273xiDI/laTxqkT8VRzInDN9sBsbF/maVD6GMea8SU+sJgo/MJkrHzRIF
         QOomGOivyHE7c4L09uM7R1svMtPI2ipOWrMMQleFU7U3RJdmj3HdIm083MeVSBwU7J2Z
         8v3UClLZSBW0+Rg+duSRDV8+bSZ+xNZsuj1WNH/11jjQECOiBdiqvPI0r1HpjosqL7NN
         MPRw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=I7Fxm54N;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 y9-20020a05620a25c900b0077d9473d5d1si14589454qko.255.2023.12.26.22.06.17
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 26 Dec 2023 22:06:17 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=I7Fxm54N;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 36243385843E
	for <ouuuleilei@gmail.com>; Wed, 27 Dec 2023 06:06:17 +0000 (GMT)
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-oo1-xc34.google.com (mail-oo1-xc34.google.com
 [IPv6:2607:f8b0:4864:20::c34])
 by sourceware.org (Postfix) with ESMTPS id F32303858C31
 for <binutils@sourceware.org>; Wed, 27 Dec 2023 06:06:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F32303858C31
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F32303858C31
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::c34
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703657169; cv=none;
 b=xFMPNCk0COXuXzIUiemjxk8zjHLOegFRgJDtnBz/PFDASt+HvWPYhR8C7U41U6Ig19EhsGShi+huQKQwAhg+Kh00t4rjznEtS8w7+7R4qqnCoLu8/iwzM6WVrQQvnZpTnJGcsiDKSkiwtLqBJ3DIc3v48BTJLNtke6UwzFhmCBM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1703657169; c=relaxed/simple;
 bh=RkK3SbGURGeuviY/lH2NFVVBn+Ghd2/WUSduEkKG2qU=;
 h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version;
 b=IjJwiXQhvdwIYkcUblUa8KkMzkZVyS7Mhiiz/QHwxiHocxCxpAk1nOIFMueX+YLNsjgPAj1GRNmbheki96nZE+QwB/eFG8Jxx4CXDe+9xSyck3iQS9Q4nQEn3iTZQ4n4Rv8ut+NJ3HJuxf8u1Mz42inHa9V64f016466tla1UEo=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-oo1-xc34.google.com with SMTP id
 006d021491bc7-5944d1ce0c7so1962830eaf.0
 for <binutils@sourceware.org>; Tue, 26 Dec 2023 22:06:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1703657166; x=1704261966; darn=sourceware.org;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :from:to:cc:subject:date:message-id:reply-to;
 bh=dgaX5BdM2u8jtAABn26854lvbGynadP4ostk1E/C8pU=;
 b=I7Fxm54N/d/QM+9/Hp0ROHX/RVHTLNDBRk+Z5tmocssQKz/rGMBai0BfmGzMuZ4dJE
 di0JUBtA1Iae308D9GXJ0Pg8mwkcm54jwV9BpSMcpiNFOrQFTePX5NyH/5zEaE3wiHd5
 WrsYmdtfpJKpfYogLYbehUOKuEgPsPqcsMVO1vGAaEBW0xY1eLdKb0aka+HrzLteyreC
 5M623ZEboli1Pp+bRIRylEY3QCqQNxP4huLjJ10Rr9RcsK8AFqZ2x+RaFBxQzdOayBdw
 70IC513pUntiI+Zt2h8l1WJ+jttkb335pCqP0YExJTyXpRKLoIgtJqUea02Bn1YS8pnY
 USDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1703657166; x=1704261966;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=dgaX5BdM2u8jtAABn26854lvbGynadP4ostk1E/C8pU=;
 b=ZllY4DlUPprcPTjvr264vdRWM0LlGoetj4sEF+k0mZPY0zTZVg4L0oQwgNZNOs7zMq
 gFDwCz4zKj+GUo+y4VdThenTo1lQAJ9Za9IF+07SkpCnL4oIfdauyM0e3Wo7BYXPBsLk
 0D8/fuAdIcZzHH3yCM1YJBXBkVa5K2V9xtsd9hNMUBGIvF+JJdPt7xhdLkHEbCBhl+mz
 7ZMfDbMX8ZWvHru8lkDPqD1NW1TpWWYJdtddNvY8k93YQXnnp7yLxkOlfKQl4vDJE68R
 l1DIhI6yo1jQ3bScKMXrBopEhOgojvYlXXINo5M1ktJ81gMIy7u0I6mGOMGe5+N0QHmH
 b5AQ==
X-Gm-Message-State: AOJu0YyOI+kdh1zSO2oxAmcTSA/3uZ3Pp57pAzdvcIEOCavl3OZxpG76
 41hxKPVWTet4nvNEjalDrqj02Hx6zzg=
X-Received: by 2002:a05:6358:5248:b0:174:f06b:3360 with SMTP id
 c8-20020a056358524800b00174f06b3360mr3200481rwa.62.1703657166269;
 Tue, 26 Dec 2023 22:06:06 -0800 (PST)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 x37-20020a056a000be500b006d9c16b2089sm3769905pfu.188.2023.12.26.22.06.05
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 26 Dec 2023 22:06:05 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id E09F611422F5; Wed, 27 Dec 2023 16:36:02 +1030 (ACDT)
Date: Wed, 27 Dec 2023 16:36:02 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: asan: buffer overflow in loongarch_elf_rtype_to_howto
Message-ID: <ZYu+ypVrV871UuUc@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3033.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1786414028269974095
X-GMAIL-MSGID: 1786414028269974095

Seen when running ld-loongarch-elf/tlsdesc-dso test.
elfxx-loongarch.c:1844:32: runtime error: index 125 out of bounds for
type 'loongarch_reloc_howto_type [124]'

So either the loongarch_howto_table needs three more
LOONGARCH_EMPTY_HOWTO entries, or loongarch_elf_rtype_to_howto should
be testing for r_type < ARRAY_SIZE (loongarch_howto_table).  I figure
it's worth wasting a little more space to get faster lookup.

	* elfxx-loongarch.c (loongarch_howto_table): Add
	LOONGARCH_EMPTY_HOWTO entries for 121..123.
	(loongarch_elf_rtype_to_howto): Don't support slow lookup.
	Assert exact table size and r_type indexing.  Omit return cast.
	(loongarch_reloc_name_lookup): Omit assertion and return cast.
	(loongarch_reloc_type_lookup): Likewise.

diff --git a/bfd/elfxx-loongarch.c b/bfd/elfxx-loongarch.c
index 310e6d62dc0..4fe8cbff14c 100644
--- a/bfd/elfxx-loongarch.c
+++ b/bfd/elfxx-loongarch.c
@@ -1776,6 +1776,10 @@ static loongarch_reloc_howto_type loongarch_howto_table[] =
 	 NULL,					/* adjust_reloc_bits.  */
 	 "desc_call"),				/* larch_reloc_type_name.  */
 
+  LOONGARCH_EMPTY_HOWTO (121),
+  LOONGARCH_EMPTY_HOWTO (122),
+  LOONGARCH_EMPTY_HOWTO (123),
+
   /* For pcaddi, ld_pc_hi20 + ld_pc_lo12 can relax to ld_pcrel20_s2.  */
   LOONGARCH_HOWTO (R_LARCH_TLS_LD_PCREL20_S2,	/* type (124).  */
 	 2,					/* rightshift.  */
@@ -1834,19 +1838,11 @@ static loongarch_reloc_howto_type loongarch_howto_table[] =
 reloc_howto_type *
 loongarch_elf_rtype_to_howto (bfd *abfd, unsigned int r_type)
 {
-  if(r_type < R_LARCH_count)
+  if (r_type < R_LARCH_count)
     {
-      /* For search table fast.  */
-      /*
       BFD_ASSERT (ARRAY_SIZE (loongarch_howto_table) == R_LARCH_count);
-      */
-
-      if (loongarch_howto_table[r_type].howto.type == r_type)
-	return (reloc_howto_type *)&loongarch_howto_table[r_type];
-
-      for (size_t i = 0; i < ARRAY_SIZE (loongarch_howto_table); i++)
-	if (loongarch_howto_table[i].howto.type == r_type)
-	  return (reloc_howto_type *)&loongarch_howto_table[i];
+      BFD_ASSERT (loongarch_howto_table[r_type].howto.type == r_type);
+      return &loongarch_howto_table[r_type].howto;
     }
 
   (*_bfd_error_handler) (_("%pB: unsupported relocation type %#x"),
@@ -1858,19 +1854,14 @@ loongarch_elf_rtype_to_howto (bfd *abfd, unsigned int r_type)
 reloc_howto_type *
 loongarch_reloc_name_lookup (bfd *abfd ATTRIBUTE_UNUSED, const char *r_name)
 {
-  /*
-  BFD_ASSERT (ARRAY_SIZE (loongarch_howto_table) == R_LARCH_count);
-  */
-
   for (size_t i = 0; i < ARRAY_SIZE (loongarch_howto_table); i++)
     if (loongarch_howto_table[i].howto.name
 	&& strcasecmp (loongarch_howto_table[i].howto.name, r_name) == 0)
-      return (reloc_howto_type *)&loongarch_howto_table[i];
+      return &loongarch_howto_table[i].howto;
 
   (*_bfd_error_handler) (_("%pB: unsupported relocation type %s"),
 			 abfd, r_name);
   bfd_set_error (bfd_error_bad_value);
-
   return NULL;
 }
 
@@ -1888,20 +1879,19 @@ loongarch_reloc_type_lookup (bfd *abfd ATTRIBUTE_UNUSED,
     {
       BFD_ASSERT (BFD_RELOC_LARCH_RELAX - BFD_RELOC_LARCH_B16
 		  == R_LARCH_RELAX - R_LARCH_B16);
-      loongarch_reloc_howto_type *ht = NULL;
+      loongarch_reloc_howto_type *ht;
       ht = &loongarch_howto_table[code - BFD_RELOC_LARCH_B16 + R_LARCH_B16];
       BFD_ASSERT (ht->bfd_type == code);
-      return (reloc_howto_type *)ht;
+      return &ht->howto;
     }
 
   for (size_t i = 0; i < ARRAY_SIZE (loongarch_howto_table); i++)
     if (loongarch_howto_table[i].bfd_type == code)
-      return (reloc_howto_type *)&loongarch_howto_table[i];
+      return &loongarch_howto_table[i].howto;
 
   (*_bfd_error_handler) (_("%pB: unsupported bfd relocation type %#x"),
 			 abfd, code);
   bfd_set_error (bfd_error_bad_value);
-
   return NULL;
 }