From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com
 [IPv6:2607:f8b0:4864:20::52c])
 by sourceware.org (Postfix) with ESMTPS id 6CA583857C41
 for <binutils@sourceware.org>; Tue, 25 Aug 2020 13:27:13 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 6CA583857C41
Received: by mail-pg1-x52c.google.com with SMTP id m34so6815976pgl.11
 for <binutils@sourceware.org>; Tue, 25 Aug 2020 06:27:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition:user-agent;
 bh=kFDx/xIL1Hvg+2T7V7jq19o3iFY2DfrqKKFcj80JoAc=;
 b=KC+LJccSHxSvx0x62kTvxiJEZ4zRVjlsERu+JsWZttvtmZZQwTUtOzNkjWS0N2VV8R
 OcuZ+6CDA01ti1q3GRX58F+hshSZz1HevmLir4A5ep1bjHaHqvsqfp3lc2WRGEShZQx0
 k7MOVIakDTZ6fx1jlWcJIpeMiEDREH/OpKDpUn18BoVcmo5iUeZYf/UvyGLbEtarZ6IW
 3n0aChiV58wiLucVCIuwfHN5y3K0SJ8QOSEnNJG/TLtVRH6IxGBC/ZKhzJ1WWPn1Z9zZ
 3NKCYR0rgsWL+AhodEJFURwR0TZ3kZDPdrABsIlQZr7hc7d6j7lgqwHqDzt7+j0HmUQG
 G4Zw==
X-Gm-Message-State: AOAM533QiiWWrcQ+VH4kuimpGSwiMFllpQIomgkuNtnZzKVjGvl/50Rz
 MmvEdw9mP8JAJ0r7GS+7YNTboTadxEgScw==
X-Google-Smtp-Source: ABdhPJzWstVEhJvdTFb6cF4z6MzAERgRW/0dI2etZ/b5oVoc83zC8m4/rfat/3cSvTQohoc3Bb9oNQ==
X-Received: by 2002:a17:902:7d84:: with SMTP id
 a4mr7836337plm.44.1598362032213; 
 Tue, 25 Aug 2020 06:27:12 -0700 (PDT)
Received: from bubble.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158])
 by smtp.gmail.com with ESMTPSA id y7sm5625361pfm.68.2020.08.25.06.27.10
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 25 Aug 2020 06:27:11 -0700 (PDT)
Received: by bubble.grove.modra.org (Postfix, from userid 1000)
 id AF23F81506; Tue, 25 Aug 2020 22:57:07 +0930 (ACST)
Date: Tue, 25 Aug 2020 22:57:07 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PR26422, ASAN: elf32_arm_final_link_relocate elf32-arm.c:10351
Message-ID: <20200825132707.GT15695@bubble.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2020 13:27:14 -0000

Always reading 32 bits in order to extract addends from instruction
fields is wrong when the field size is smaller.  It also leads to
reading past the end of the section.  This patch tidies that by
reading the proper field size, which allows some later refetching of
addends to disappear.

	PR 26422
	* elf32-arm.c (elf32_arm_final_link_relocate): Use the appropriate
	bfd_get_x size function to read addends out of fields.  Apply
	rightshift adjustment too.  Don't apply the now unnecessary
	howto->size shift to branch REL addends.  Don't refetch R_ARM_ABS8
	and R_ARM_ABS16 addends.  Don't refetch thumb branch addends.
	Correct R_ARM_THM_JUMP6 addend.

diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index 66930c0c7d..8fec76e4e1 100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -10348,16 +10348,22 @@ elf32_arm_final_link_relocate (reloc_howto_type *	    howto,
 
   if (globals->use_rel)
     {
-      addend = bfd_get_32 (input_bfd, hit_data) & howto->src_mask;
+      bfd_vma sign;
 
-      if (addend & ((howto->src_mask + 1) >> 1))
+      switch (howto->size)
 	{
-	  signed_addend = -1;
-	  signed_addend &= ~ howto->src_mask;
-	  signed_addend |= addend;
+	case 0: addend = bfd_get_8 (input_bfd, hit_data); break;
+	case 1: addend = bfd_get_16 (input_bfd, hit_data); break;
+	case 2: addend = bfd_get_32 (input_bfd, hit_data); break;
+	default: addend = 0; break;
 	}
-      else
-	signed_addend = addend;
+      /* Note: the addend and signed_addend calculated here are
+	 incorrect for any split field.  */
+      addend &= howto->src_mask;
+      sign = howto->src_mask & ~(howto->src_mask >> 1);
+      signed_addend = (addend ^ sign) - sign;
+      signed_addend = (bfd_vma) signed_addend << howto->rightshift;
+      addend <<= howto->rightshift;
     }
   else
     addend = signed_addend = rel->r_addend;
@@ -10752,11 +10758,7 @@ elf32_arm_final_link_relocate (reloc_howto_type *	    howto,
 	  value -= (input_section->output_section->vma
 		    + input_section->output_offset);
 	  value -= rel->r_offset;
-	  if (globals->use_rel)
-	    value += (signed_addend << howto->size);
-	  else
-	    /* RELA addends do not have to be adjusted by howto->size.  */
-	    value += signed_addend;
+	  value += signed_addend;
 
 	  signed_addend = value;
 	  signed_addend >>= howto->rightshift;
@@ -10860,9 +10862,6 @@ elf32_arm_final_link_relocate (reloc_howto_type *	    howto,
       return bfd_reloc_ok;
 
     case R_ARM_ABS8:
-      /* PR 16202: Refectch the addend using the correct size.  */
-      if (globals->use_rel)
-	addend = bfd_get_8 (input_bfd, hit_data);
       value += addend;
 
       /* There is no way to tell whether the user intended to use a signed or
@@ -10875,9 +10874,6 @@ elf32_arm_final_link_relocate (reloc_howto_type *	    howto,
       return bfd_reloc_ok;
 
     case R_ARM_ABS16:
-      /* PR 16202: Refectch the addend using the correct size.  */
-      if (globals->use_rel)
-	addend = bfd_get_16 (input_bfd, hit_data);
       value += addend;
 
       /* See comment for R_ARM_ABS8.  */
@@ -11356,25 +11352,12 @@ elf32_arm_final_link_relocate (reloc_howto_type *	    howto,
 
 	/* CZB cannot jump backward.  */
 	if (r_type == R_ARM_THM_JUMP6)
-	  reloc_signed_min = 0;
-
-	if (globals->use_rel)
 	  {
-	    /* Need to refetch addend.  */
-	    addend = bfd_get_16 (input_bfd, hit_data) & howto->src_mask;
-	    if (addend & ((howto->src_mask + 1) >> 1))
-	      {
-		signed_addend = -1;
-		signed_addend &= ~ howto->src_mask;
-		signed_addend |= addend;
-	      }
-	    else
-	      signed_addend = addend;
-	    /* The value in the insn has been right shifted.  We need to
-	       undo this, so that we can perform the address calculation
-	       in terms of bytes.  */
-	    signed_addend <<= howto->rightshift;
+	    reloc_signed_min = 0;
+	    if (globals->use_rel)
+	      signed_addend = ((addend & 0x200) >> 3) | ((addend & 0xf8) >> 2);
 	  }
+
 	relocation = value + signed_addend;
 
 	relocation -= (input_section->output_section->vma

-- 
Alan Modra
Australia Development Lab, IBM