From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1062) id 2126038425B9; Sun, 4 Dec 2022 21:53:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2126038425B9 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Alan Modra To: bfd-cvs@sourceware.org Subject: [binutils-gdb] PR29846, segmentation fault in objdump.c compare_symbols X-Act-Checkin: binutils-gdb X-Git-Author: Alan Modra X-Git-Refname: refs/heads/master X-Git-Oldrev: 2fa250529bb42e00433528c763d2bef245787ed1 X-Git-Newrev: 3d3af4ba39e892b1c544d667ca241846bc3df386 Message-Id: <20221204215326.2126038425B9@sourceware.org> Date: Sun, 4 Dec 2022 21:53:26 +0000 (GMT) X-BeenThere: binutils-cvs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils-cvs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Dec 2022 21:53:26 -0000 https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D3d3af4ba39e8= 92b1c544d667ca241846bc3df386 commit 3d3af4ba39e892b1c544d667ca241846bc3df386 Author: Alan Modra Date: Sun Dec 4 22:15:40 2022 +1030 PR29846, segmentation fault in objdump.c compare_symbols =20 Fixes a fuzzed object file problem where plt relocs were manipulated in such a way that two synthetic symbols were generated at the same plt location. Won't occur in real object files. =20 PR 29846 PR 20337 * objdump.c (compare_symbols): Test symbol flags to exclude section and synthetic symbols before attempting to check flavou= r. Diff: --- binutils/objdump.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/binutils/objdump.c b/binutils/objdump.c index e8481b2d928..d95c8b68bf0 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -1222,20 +1222,17 @@ compare_symbols (const void *ap, const void *bp) return 1; } =20 - if (bfd_get_flavour (bfd_asymbol_bfd (a)) =3D=3D bfd_target_elf_flavour + /* Sort larger size ELF symbols before smaller. See PR20337. */ + bfd_vma asz =3D 0; + if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) =3D=3D 0 + && bfd_get_flavour (bfd_asymbol_bfd (a)) =3D=3D bfd_target_elf_flavo= ur) + asz =3D ((elf_symbol_type *) a)->internal_elf_sym.st_size; + bfd_vma bsz =3D 0; + if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) =3D=3D 0 && bfd_get_flavour (bfd_asymbol_bfd (b)) =3D=3D bfd_target_elf_flavo= ur) - { - bfd_vma asz, bsz; - - asz =3D 0; - if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) =3D=3D 0) - asz =3D ((elf_symbol_type *) a)->internal_elf_sym.st_size; - bsz =3D 0; - if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) =3D=3D 0) - bsz =3D ((elf_symbol_type *) b)->internal_elf_sym.st_size; - if (asz !=3D bsz) - return asz > bsz ? -1 : 1; - } + bsz =3D ((elf_symbol_type *) b)->internal_elf_sym.st_size; + if (asz !=3D bsz) + return asz > bsz ? -1 : 1; =20 /* Symbols that start with '.' might be section names, so sort them after symbols that don't start with '.'. */