From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Oe19=4C=gmail.com=amodra@sourceware.org>
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630])
	by sourceware.org (Postfix) with ESMTPS id 4F28538432F2
	for <binutils@sourceware.org>; Sun,  4 Dec 2022 21:52:50 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4F28538432F2
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pl1-x630.google.com with SMTP id k7so9175892pll.6
        for <binutils@sourceware.org>; Sun, 04 Dec 2022 13:52:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=/qJ3LLzwFBJKi9tRmZbi+6eC82Skt/MGkFdUV7RK6qQ=;
        b=jw7eVVStbc50vGFrJ5tdDLBsZyThJqUN28o+BA8s3gLixqMgwLpcYZkB9i7EKgk5mh
         khqEZzESq3IGdQayFF5ed08iRkw3MZZWh24ZgH6c70oAIyQQFuv2PJNObhpg1MTQNLdA
         eWY61cJ6/YX/G8eLLvjvt2HJWlpMCMqADobtDQEPoc/v4rSm/uJNhGdu8he75RuY8Zvi
         WOwYbyPyQt1n3VqIkDGXHuE1G8PVOG6btdrfcRjg/KANlpS7qx6g1B/eypQKYb2BHxay
         F2mJC09aIieEiRL3ChLYE3m6Mg/e5Y+IC+tp0MMsMyujPn2+3KvUGFsksypooXgsMR/u
         lEtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=/qJ3LLzwFBJKi9tRmZbi+6eC82Skt/MGkFdUV7RK6qQ=;
        b=eDlOGwE7iElRSzQ9S8+JyiXHYIESrz9LbSzk0pIiY2bNdPsNk3xvfpGjEeIEop3fF8
         EDO56lCFZRX0VgC+T4BkdUJAglQ99MVcgsBcF7WwzjCZt0IqTnWOD6bqRlupQkTR0d4P
         4z4gIsfGuZuiRCNfOfCEvrmACaX71Pwk1GpORXMTHhBQIiuujTIhnKctvVXU+fc7mmpu
         JoWeX/sGhV3+/dVNsyYPJmPlf3VZD22Hu5ZK6Do2kqAhr9Ely6oobQnwY/uTobWUxq2L
         pXSuSY/o/h8J3NHb3fwA7Jn1sF75J/l/AICPaH1g6UpYMgyErnT7ca0wUY8tn+zdgSjj
         iq/g==
X-Gm-Message-State: ANoB5pkV1EW0wVF07Pt/G/1LFv5AhcVL+Iy0qnHIJlem2Pyeq91v7RIw
	/7K6RNzmy/DwLGQVnl98YrLrGexisLE=
X-Google-Smtp-Source: AA0mqf5414voApSUj5u+jlgxTeADsB49PSXIalc7GplFzvfBFAF+IJrBfXELVaVnXPbYomdx+W0Row==
X-Received: by 2002:a17:90a:6d62:b0:219:4ee5:ccc9 with SMTP id z89-20020a17090a6d6200b002194ee5ccc9mr30215434pjj.63.1670190768952;
        Sun, 04 Dec 2022 13:52:48 -0800 (PST)
Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:5a8:d2a4:2872:fda9])
        by smtp.gmail.com with ESMTPSA id o13-20020a170902778d00b00176ba091cd3sm9129924pll.196.2022.12.04.13.52.48
        for <binutils@sourceware.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 04 Dec 2022 13:52:48 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
	id 1AE601142D17; Mon,  5 Dec 2022 08:22:46 +1030 (ACDT)
Date: Mon, 5 Dec 2022 08:22:46 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PR29846, segmentation fault in objdump.c compare_symbols
Message-ID: <Y40WrrfotDOwKqZb@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3035.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

Fixes a fuzzed object file problem where plt relocs were manipulated
in such a way that two synthetic symbols were generated at the same
plt location.  Won't occur in real object files.

	PR 29846
	PR 20337
	* objdump.c (compare_symbols): Test symbol flags to exclude
	section and synthetic symbols before attempting to check flavour.

diff --git a/binutils/objdump.c b/binutils/objdump.c
index e8481b2d928..d95c8b68bf0 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -1222,20 +1222,17 @@ compare_symbols (const void *ap, const void *bp)
 	return 1;
     }
 
-  if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
+  /* Sort larger size ELF symbols before smaller.  See PR20337.  */
+  bfd_vma asz = 0;
+  if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+      && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
+    asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+  bfd_vma bsz = 0;
+  if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
       && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
-    {
-      bfd_vma asz, bsz;
-
-      asz = 0;
-      if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
-	asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
-      bsz = 0;
-      if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
-	bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
-      if (asz != bsz)
-	return asz > bsz ? -1 : 1;
-    }
+    bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+  if (asz != bsz)
+    return asz > bsz ? -1 : 1;
 
   /* Symbols that start with '.' might be section names, so sort them
      after symbols that don't start with '.'.  */

-- 
Alan Modra
Australia Development Lab, IBM