* [PATCH] Fix read beyond array bound
@ 2009-09-06 13:31 Andreas Schwab
2009-09-06 14:32 ` Andreas Schwab
2009-09-07 13:22 ` Nick Clifton
0 siblings, 2 replies; 3+ messages in thread
From: Andreas Schwab @ 2009-09-06 13:31 UTC (permalink / raw)
To: binutils
Instead of returning a reference beyond the array bounds, use R_68K_NONE
if the reloc index is out of range.
Andreas.
2009-09-06 Andreas Schwab <schwab@linux-m68k.org>
* elf32-m68k.c (rtype_to_howto): If the reloc index is out of
range call the bfd error hander and use R_68K_NONE instead.
Index: bfd/elf32-m68k.c
===================================================================
RCS file: /cvs/src/src/bfd/elf32-m68k.c,v
retrieving revision 1.115
diff -u -a -p -r1.115 elf32-m68k.c
--- bfd/elf32-m68k.c 29 Aug 2009 22:10:58 -0000 1.115
+++ bfd/elf32-m68k.c 6 Sep 2009 13:27:27 -0000
@@ -374,13 +374,17 @@ static reloc_howto_type howto_table[] =
};
static void
-rtype_to_howto (abfd, cache_ptr, dst)
- bfd *abfd ATTRIBUTE_UNUSED;
- arelent *cache_ptr;
- Elf_Internal_Rela *dst;
+rtype_to_howto (bfd *abfd, arelent *cache_ptr, Elf_Internal_Rela *dst)
{
- BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_68K_max);
- cache_ptr->howto = &howto_table[ELF32_R_TYPE(dst->r_info)];
+ unsigned int indx = ELF32_R_TYPE (dst->r_info);
+
+ if (indx >= (unsigned int) R_68K_max)
+ {
+ (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
+ abfd, (int) indx);
+ indx = R_68K_NONE;
+ }
+ cache_ptr->howto = &howto_table[indx];
}
#define elf_info_to_howto rtype_to_howto
@@ -4744,6 +4748,8 @@ elf_m68k_plt_sym_val (bfd_vma i, const a
#define TARGET_BIG_NAME "elf32-m68k"
#define ELF_MACHINE_CODE EM_68K
#define ELF_MAXPAGESIZE 0x2000
+#define ELF_COMMONPAGESIZE 0x1000
+
#define elf_backend_create_dynamic_sections \
_bfd_elf_create_dynamic_sections
#define bfd_elf32_bfd_link_hash_table_create \
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Fix read beyond array bound
2009-09-06 13:31 [PATCH] Fix read beyond array bound Andreas Schwab
@ 2009-09-06 14:32 ` Andreas Schwab
2009-09-07 13:22 ` Nick Clifton
1 sibling, 0 replies; 3+ messages in thread
From: Andreas Schwab @ 2009-09-06 14:32 UTC (permalink / raw)
To: binutils
> @@ -4744,6 +4748,8 @@ elf_m68k_plt_sym_val (bfd_vma i, const a
> #define TARGET_BIG_NAME "elf32-m68k"
> #define ELF_MACHINE_CODE EM_68K
> #define ELF_MAXPAGESIZE 0x2000
> +#define ELF_COMMONPAGESIZE 0x1000
> +
> #define elf_backend_create_dynamic_sections \
> _bfd_elf_create_dynamic_sections
> #define bfd_elf32_bfd_link_hash_table_create \
Of course, this hunk wasn't meant to be included.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Fix read beyond array bound
2009-09-06 13:31 [PATCH] Fix read beyond array bound Andreas Schwab
2009-09-06 14:32 ` Andreas Schwab
@ 2009-09-07 13:22 ` Nick Clifton
1 sibling, 0 replies; 3+ messages in thread
From: Nick Clifton @ 2009-09-07 13:22 UTC (permalink / raw)
To: Andreas Schwab; +Cc: binutils
Hi Andreas,
> 2009-09-06 Andreas Schwab <schwab@linux-m68k.org>
>
> * elf32-m68k.c (rtype_to_howto): If the reloc index is out of
> range call the bfd error hander and use R_68K_NONE instead.
Approved - please apply.
Cheers
Nick
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-09-07 13:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-09-06 13:31 [PATCH] Fix read beyond array bound Andreas Schwab
2009-09-06 14:32 ` Andreas Schwab
2009-09-07 13:22 ` Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).