From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id E7FEA3857B8D; Sat, 13 Aug 2022 06:52:49 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E7FEA3857B8D
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] asan: NULL dereference in som_set_reloc_info
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: cc44342012efbc20421fa91abd1f0c3000a2241a
X-Git-Newrev: 8c68d88cc44ec476125e30835f79865e8eb32358
Message-Id: <20220813065249.E7FEA3857B8D@sourceware.org>
Date: Sat, 13 Aug 2022 06:52:49 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Aug 2022 06:52:50 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D8c68d88cc44e=
c476125e30835f79865e8eb32358

commit 8c68d88cc44ec476125e30835f79865e8eb32358
Author: Alan Modra <amodra@gmail.com>
Date:   Sat Aug 13 14:05:24 2022 +0930

    asan: NULL dereference in som_set_reloc_info
   =20
            * som.c (som_set_reloc_info): Ignore non-existent previous
            fixup references.

Diff:
---
 bfd/som.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bfd/som.c b/bfd/som.c
index d33ad67561a..c22f13b5a4c 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -4978,6 +4978,11 @@ som_set_reloc_info (unsigned char *fixup,
       /* Handle a request for a previous fixup.  */
       if (*fp->format =3D=3D 'P')
 	{
+	  if (!reloc_queue[fp->D].reloc)
+	    /* The back-reference doesn't exist.  This is a broken
+	       object file, likely fuzzed.  Just ignore the fixup.  */
+	    continue;
+
 	  /* Get pointer to the beginning of the prev fixup, move
 	     the repeated fixup to the head of the queue.  */
 	  fixup =3D reloc_queue[fp->D].reloc;