[committed, PATCH] x86: Check valid PLT sections before checking dynamic relocations

[committed, PATCH] x86: Check valid PLT sections before checking dynamic relocations

[H.J. Lu]

Update x86 get_synthetic_symtab to check valid PLT sections before
checking dynamic relocations and free invalid PLT section contents.

	* elf32-i386.c (elf_i386_get_synthetic_symtab): Check valid PLT
	sections before checking dynamic relocations and free invalid
	PLT section contents.
	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
---
 bfd/ChangeLog      |  7 +++++++
 bfd/elf32-i386.c   | 25 ++++++++++++++-----------
 bfd/elf64-x86-64.c | 25 ++++++++++++++-----------
 3 files changed, 35 insertions(+), 22 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 351fe834cb..21b01b7f39 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-08-29  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* elf32-i386.c (elf_i386_get_synthetic_symtab): Check valid PLT
+	sections before checking dynamic relocations and free invalid
+	PLT section contents.
+	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
+
 2017-08-28  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* elf-bfd.h (_bfd_elf_ifunc_get_synthetic_symtab): Removed.
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 05ba2c3b15..31ef02a568 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -6326,16 +6326,6 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
   if (relsize <= 0)
     return -1;
 
-  dynrelbuf = (arelent **) bfd_malloc (relsize);
-  if (dynrelbuf == NULL)
-    return -1;
-
-  dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf,
-						dynsyms);
-
-  /* Sort the relocs by address.  */
-  qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs);
-
   non_lazy_plt = NULL;
   /* Silence GCC 6.  */
   lazy_plt = NULL;
@@ -6447,7 +6437,10 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
 	}
 
       if (plt_type == plt_unknown)
-	continue;
+	{
+	  free (plt_contents);
+	  continue;
+	}
 
       plts[j].sec = plt;
       plts[j].type = plt_type;
@@ -6487,6 +6480,16 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
   if (count == 0)
     return -1;
 
+  dynrelbuf = (arelent **) bfd_malloc (relsize);
+  if (dynrelbuf == NULL)
+    return -1;
+
+  dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf,
+						dynsyms);
+
+  /* Sort the relocs by address.  */
+  qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs);
+
   size = count * sizeof (asymbol);
 
   /* Allocate space for @plt suffixes.  */
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 25ce295c17..ba7c5953c3 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -6722,16 +6722,6 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
   if (relsize <= 0)
     return -1;
 
-  dynrelbuf = (arelent **) bfd_malloc (relsize);
-  if (dynrelbuf == NULL)
-    return -1;
-
-  dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf,
-						dynsyms);
-
-  /* Sort the relocs by address.  */
-  qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs);
-
   if (get_elf_x86_64_backend_data (abfd)->os == is_normal)
     {
       lazy_plt = &elf_x86_64_lazy_plt;
@@ -6842,7 +6832,10 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
 	}
 
       if (plt_type == plt_unknown)
-	continue;
+	{
+	  free (plt_contents);
+	  continue;
+	}
 
       plts[j].sec = plt;
       plts[j].type = plt_type;
@@ -6879,6 +6872,16 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
   if (count == 0)
     return -1;
 
+  dynrelbuf = (arelent **) bfd_malloc (relsize);
+  if (dynrelbuf == NULL)
+    return -1;
+
+  dynrelcount = bfd_canonicalize_dynamic_reloc (abfd, dynrelbuf,
+						dynsyms);
+
+  /* Sort the relocs by address.  */
+  qsort (dynrelbuf, dynrelcount, sizeof (arelent *), compare_relocs);
+
   size = count * sizeof (asymbol);
 
   /* Allocate space for @plt suffixes.  */
-- 
2.13.5