From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id B537E384BC11; Wed, 26 Oct 2022 06:58:11 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B537E384BC11
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Correct ELF reloc size sanity check
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 4d664d5711b297ca6666f529e83bb624f587df77
X-Git-Newrev: 5dcae8f603b9379ef1c5f59331987322fd4d2126
Message-Id: <20221026065811.B537E384BC11@sourceware.org>
Date: Wed, 26 Oct 2022 06:58:11 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 06:58:11 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D5dcae8f603b9=
379ef1c5f59331987322fd4d2126

commit 5dcae8f603b9379ef1c5f59331987322fd4d2126
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Oct 26 17:13:12 2022 +1030

    Correct ELF reloc size sanity check
   =20
    The external reloc size check was wrong.  Here asect is the code/data
    section, not the reloc section.  So using this_hdr gave the size of
    the code/data section.
   =20
            * elf.c (_bfd_elf_get_reloc_upper_bound): Properly get
            external size from reloc headers.

Diff:
---
 bfd/elf.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/bfd/elf.c b/bfd/elf.c
index 7cd7febcf95..81825b748d7 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -8708,15 +8708,20 @@ _bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr =
asect)
   if (asect->reloc_count !=3D 0 && !bfd_write_p (abfd))
     {
       /* Sanity check reloc section size.  */
-      struct bfd_elf_section_data *d =3D elf_section_data (asect);
-      Elf_Internal_Shdr *rel_hdr =3D &d->this_hdr;
-      bfd_size_type ext_rel_size =3D rel_hdr->sh_size;
       ufile_ptr filesize =3D bfd_get_file_size (abfd);
=20
-      if (filesize !=3D 0 && ext_rel_size > filesize)
+      if (filesize !=3D 0)
 	{
-	  bfd_set_error (bfd_error_file_truncated);
-	  return -1;
+	  struct bfd_elf_section_data *d =3D elf_section_data (asect);
+	  bfd_size_type rel_size =3D d->rel.hdr ? d->rel.hdr->sh_size : 0;
+	  bfd_size_type rela_size =3D d->rela.hdr ? d->rela.hdr->sh_size : 0;
+
+	  if (rel_size + rela_size > filesize
+	      || rel_size + rela_size < rel_size)
+	    {
+	      bfd_set_error (bfd_error_file_truncated);
+	      return -1;
+	    }
 	}
     }