From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26058 invoked by alias); 8 Feb 2011 03:02:07 -0000 Received: (qmail 26049 invoked by uid 22791); 8 Feb 2011 03:02:06 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Received: from mail-pw0-f41.google.com (HELO mail-pw0-f41.google.com) (209.85.160.41) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 08 Feb 2011 03:02:00 +0000 Received: by pwj8 with SMTP id 8so1522722pwj.0 for ; Mon, 07 Feb 2011 19:01:58 -0800 (PST) Received: by 10.142.218.5 with SMTP id q5mr13393128wfg.264.1297134118604; Mon, 07 Feb 2011 19:01:58 -0800 (PST) Received: from bubble.grove.modra.org ([115.187.252.19]) by mx.google.com with ESMTPS id b11sm6864540wff.21.2011.02.07.19.01.56 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 07 Feb 2011 19:01:58 -0800 (PST) Received: by bubble.grove.modra.org (Postfix, from userid 1000) id C72D716EA013; Tue, 8 Feb 2011 13:31:51 +1030 (CST) Date: Tue, 08 Feb 2011 03:02:00 -0000 From: Alan Modra To: binutils@sourceware.org Subject: PowerPC64 toc edit segfault Message-ID: <20110208030151.GM9489@bubble.grove.modra.org> Mail-Followup-To: binutils@sourceware.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-IsSubscribed: yes Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2011-02/txt/msg00067.txt.bz2 This fixes an oversight in the PowerPC64 linker TOC editing code, that can lead to a segfault. An input object file may have a non-empty .toc section but no references to the .toc entries. Odd, but possible. Most likely with user assembly, but might also occur due to compiler bugs. Applied mainline and branch. * elf64-ppc.c (ppc64_elf_edit_toc): Don't segfault on NULL local_syms when looking for local symbols in .toc. Index: bfd/elf64-ppc.c =================================================================== RCS file: /cvs/src/src/bfd/elf64-ppc.c,v retrieving revision 1.340 diff -u -p -r1.340 elf64-ppc.c --- bfd/elf64-ppc.c 31 Jan 2011 22:38:26 -0000 1.340 +++ bfd/elf64-ppc.c 8 Feb 2011 01:33:46 -0000 @@ -8372,34 +8372,35 @@ ppc64_elf_edit_toc (struct bfd_link_info /* We shouldn't have local or global symbols defined in the TOC, but handle them anyway. */ - for (sym = local_syms; - sym < local_syms + symtab_hdr->sh_info; - ++sym) - if (sym->st_value != 0 - && bfd_section_from_elf_index (ibfd, sym->st_shndx) == toc) - { - unsigned long i; + if (local_syms != NULL) + for (sym = local_syms; + sym < local_syms + symtab_hdr->sh_info; + ++sym) + if (sym->st_value != 0 + && bfd_section_from_elf_index (ibfd, sym->st_shndx) == toc) + { + unsigned long i; - if (sym->st_value > toc->rawsize) - i = toc->rawsize >> 3; - else - i = sym->st_value >> 3; + if (sym->st_value > toc->rawsize) + i = toc->rawsize >> 3; + else + i = sym->st_value >> 3; - if ((skip[i] & (ref_from_discarded | can_optimize)) != 0) - { - if (local_toc_syms) - (*_bfd_error_handler) - (_("%s defined on removed toc entry"), - bfd_elf_sym_name (ibfd, symtab_hdr, sym, NULL)); - do - ++i; - while ((skip[i] & (ref_from_discarded | can_optimize))); - sym->st_value = (bfd_vma) i << 3; - } + if ((skip[i] & (ref_from_discarded | can_optimize)) != 0) + { + if (local_toc_syms) + (*_bfd_error_handler) + (_("%s defined on removed toc entry"), + bfd_elf_sym_name (ibfd, symtab_hdr, sym, NULL)); + do + ++i; + while ((skip[i] & (ref_from_discarded | can_optimize))); + sym->st_value = (bfd_vma) i << 3; + } - sym->st_value -= skip[i]; - symtab_hdr->contents = (unsigned char *) local_syms; - } + sym->st_value -= skip[i]; + symtab_hdr->contents = (unsigned char *) local_syms; + } /* Adjust any global syms defined in this toc input section. */ if (toc_inf.global_toc_syms) -- Alan Modra Australia Development Lab, IBM