From patchwork Wed Feb 7 12:14:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 197882 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp2182787dyb; Wed, 7 Feb 2024 04:15:08 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVGiDltmIPC974dsbwTjFx1h50GvEltBEgmaTSSc8g2kO370Y2RvufPZ8SwzsJkbzgb0btF/BuDoyLmIoT366ZMVtOJeA== X-Google-Smtp-Source: AGHT+IHjZLhejUD10wX/PVY02ek34QJKyyC37GwmCfLpj/3NiD1yOFFrVmweWjiEyZk5PHFevJ6h X-Received: by 2002:ac8:74d9:0:b0:42c:27d9:2a67 with SMTP id j25-20020ac874d9000000b0042c27d92a67mr4999846qtr.4.1707308108611; Wed, 07 Feb 2024 04:15:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707308108; cv=pass; d=google.com; s=arc-20160816; b=baJ2sWcqqwCJqDmavPCoZTZHYuVAgFfdm9Q5V0bPrU1tQS1IPC7YhvRsAAdfIIHTT2 m8Za53lj5bxvyjgnW11F5OhgvuQUB4Eutw6cP+R6jwbJPskzJRUHTQ9u/vtAgaJ2/krk GAIUxxpd1PTr6qfQ/miKvx26dAzd84Xk1Nt5ghKtZ3bEulIvQjaQIAQN164nSswLBLEU dPHsHeskzYBR3l9OrYh1VYfHC+bVhM1ymyetLeohXOPgpy4qsqNyK2Xfnqk0n3HWLQmi 3EC0mjEewSvP69J1Xj1Fx7qzHDpxd1k64qdAm8/f4gxU1RSh6FTi9YiOd6lkkzWCL6RS xP1w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-disposition :mime-version:message-id:subject:to:from:date:dkim-signature :arc-filter:dmarc-filter:delivered-to; bh=u1oK84C2+MrAa0ISY+/owNnu7bEtOntmVwJTnr+oFn8=; fh=ugAnpip2eoJf2VHoEqhAicyRYj3I7fg49M1ly3EkekE=; b=RzjxkICfymyanEZ0Q6bA4rx55EK/NPaY2O4FKjrT33ZcQuXzWLQTYpb1xzDzcQ72ZU nQFcYiz1spDQrr12kP/aDIxheVaSumNgcuiBnArfnk47e23GFmnlJbl4m0hU5cFQnOig UuWK8RicSjjbubUb1CMVkcQ71whiN7ddFMxjgyuiOasNbUrMcLbsqFBfopSNrTQlE1uv cCj6S1MDLkxvemtmG0BIo3zYoVP8535TiHRKAaGFY1NFdg2zJCeLknQXP91lGN1kArwD rfrgVWeFF0uUtbSiWVynL7bgltfguqX8lJ/zVth/6gkdXtdftwLLFi7LaxG43CCjTnyP 7vsg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=POamWyPy; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com X-Forwarded-Encrypted: i=2; AJvYcCU6NEDgVT1whbwTvek4NRYIqnblvmjamkTF3vHScb4mPKC4nIzpDN1D3dbg9Fzue0b97TAvGXoZ8P1NKsE/NyiRPiuiYA== Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d17-20020ac85d91000000b0042a73eb29a1si990643qtx.226.2024.02.07.04.15.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 04:15:08 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=POamWyPy; arc=pass (i=1); spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4988F3858010 for ; Wed, 7 Feb 2024 12:15:08 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by sourceware.org (Postfix) with ESMTPS id 6AB08385829B for ; Wed, 7 Feb 2024 12:14:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6AB08385829B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6AB08385829B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707308092; cv=none; b=Ghb0BQeW38u0nMhgB82xu9SNdpLQRshnegcnlMt0I6cK2eLYVmSLKpxFFMnBZFNtQ27upxUaSJ6pVu0kitXsQ/EfEQDqxTxsEYeUnvaO+zJMIppegbwscBba5YwhmXb1UYbABc4wq/YjTKo7xNqwneGlqj2gNVXxiSQ2oURzoD4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707308092; c=relaxed/simple; bh=Sp98qLgJnoIyKsGktS8O6HqIuAA5yZiX6kehEcV1yek=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=X5wDobywfvQzpf4Bne3yw9V4z5/yt+F6A8/Qs3/cXBJDgUj0Wt0awlwKYMZ1ryyFgCQR62Q2pm1AHfP+QuGYHOGAdtHlnisOVzrSPzQf27BB2cs1ftQSQ5dJntjWwDMGBO5nc3UyXTPPhMs9iwP54M9HPNhwPyMV5hxpp1o4hJw= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-1d71cb97937so5697465ad.3 for ; Wed, 07 Feb 2024 04:14:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707308089; x=1707912889; darn=sourceware.org; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=u1oK84C2+MrAa0ISY+/owNnu7bEtOntmVwJTnr+oFn8=; b=POamWyPyxQjpmgswi9DOYdfQNbZu8AljcJk6ddiqz9X1yiRS7ybgHF2jDc+wkvb+dU iKmi426AjOCrdHEt0wNTHdxqKxx2hcOghlJVUO5yOtYQLQcxgRgMT14gl1jUHlvyuy76 ifzYr9Yfandzxc0VCMRbx8w80SVUPC1HuazufX8irLhcL2zE2/EBUDxPqIMGiHWdDUSp p6urQB/W1ZaxfoV6TehTYPGJ1PU+jsQxa6MKBc9BGC8v3ecUMoA//3kru29tOVaGyZEs cZJofCnRCNUcoo3Xc6nicj8aFLNFNqbWWAQwV3j2NnoKusgA+0DfByGxkHGgc01Iul9i dMGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707308089; x=1707912889; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u1oK84C2+MrAa0ISY+/owNnu7bEtOntmVwJTnr+oFn8=; b=SwQjkT+tRuagYb8lNT4vPPxT7/Op3+G4BIUfQ7PlfN8oYKzh6B47LBDjOVUfsqGB2I i1gfaAXvJxSZsvc6m2NDYDNW8kJT03qJGqb4fQ7Eem71rOv8QAtlTuXPjnk5RQRrVH83 xnLRhoImMYBokxmiBGZT4PwSUCZPKi9Zn8t/yyiOxNeZN92lCpgOCNM77DUwa/nJh0lC aqNovjHY0ZisYvBDO4xtp2fXoBbnF/h0R2xCbZKHoSeUS6h9WWoqWslPuVSY6WJ7LbEM N0Q16xyy5WcSG/BLFmmcB0C3NaJVVyu4r2Tbs+5Y+pjn0CevuZQTTUXDQLO6ty5cFny7 kAAw== X-Gm-Message-State: AOJu0YzPhPzAF2I3T3PWGgkUfJmEWMBiCAvi1rISSdKwcITwpCGXKymT RP4x50+i9DRVpi5xlpzfYz5DYrCPY2RN2is9A5ZYi/hoy0B7Vr4SA64vHlra X-Received: by 2002:a17:903:2447:b0:1d8:b0d2:704 with SMTP id l7-20020a170903244700b001d8b0d20704mr5489004pls.62.1707308089054; Wed, 07 Feb 2024 04:14:49 -0800 (PST) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id s7-20020a170903320700b001d9119c89fasm1278912plh.155.2024.02.07.04.14.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 04:14:48 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id D6AB21142376; Wed, 7 Feb 2024 22:44:45 +1030 (ACDT) Date: Wed, 7 Feb 2024 22:44:45 +1030 From: Alan Modra To: binutils@sourceware.org Subject: asan: NULL dereference in _bfd_mips_final_write_processing Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3033.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_FILL_THIS_FORM_SHORT, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790242307438429902 X-GMAIL-MSGID: 1790242307438429902 Fuzzed object files can easily have unexpected section names. We don't want to segfault on objcopy of any file accepted by the mips object_p functions. For objcopy, an assertion that "sec" is non-NULL followed by deferencing "sec" is wrong. So too is asserting that the section name string starts with a particular prefix, and then blithely accessing past the assumed prefix. * elfxx-mips.c (_bfd_mips_final_write_processing): Replace assertions with conditionals. Don't bother testing for name non-NULL. diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c index 69dd71419ff..b888e7622b7 100644 --- a/bfd/elfxx-mips.c +++ b/bfd/elfxx-mips.c @@ -12529,22 +12529,24 @@ _bfd_mips_final_write_processing (bfd *abfd) case SHT_MIPS_GPTAB: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL - && startswith (name, ".gptab.")); - sec = bfd_get_section_by_name (abfd, name + sizeof ".gptab" - 1); - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_info = elf_section_data (sec)->this_idx; + if (startswith (name, ".gptab.")) + { + sec = bfd_get_section_by_name (abfd, name + sizeof ".gptab" - 1); + if (sec != NULL) + (*hdrpp)->sh_info = elf_section_data (sec)->this_idx; + } break; case SHT_MIPS_CONTENT: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL - && startswith (name, ".MIPS.content")); - sec = bfd_get_section_by_name (abfd, - name + sizeof ".MIPS.content" - 1); - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + if (startswith (name, ".MIPS.content")) + { + sec = bfd_get_section_by_name (abfd, + name + sizeof ".MIPS.content" - 1); + if (sec != NULL) + (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + } break; case SHT_MIPS_SYMBOL_LIB: @@ -12559,19 +12561,16 @@ _bfd_mips_final_write_processing (bfd *abfd) case SHT_MIPS_EVENTS: BFD_ASSERT ((*hdrpp)->bfd_section != NULL); name = bfd_section_name ((*hdrpp)->bfd_section); - BFD_ASSERT (name != NULL); if (startswith (name, ".MIPS.events")) sec = bfd_get_section_by_name (abfd, name + sizeof ".MIPS.events" - 1); + else if (startswith (name, ".MIPS.post_rel")) + sec = bfd_get_section_by_name (abfd, + name + sizeof ".MIPS.post_rel" - 1); else - { - BFD_ASSERT (startswith (name, ".MIPS.post_rel")); - sec = bfd_get_section_by_name (abfd, - (name - + sizeof ".MIPS.post_rel" - 1)); - } - BFD_ASSERT (sec != NULL); - (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; + sec = NULL; + if (sec != NULL) + (*hdrpp)->sh_link = elf_section_data (sec)->this_idx; break; case SHT_MIPS_XHASH: