Re: PR28420, ecoff fuzzing failures

Re: PR28420, ecoff fuzzing failures

[Alan Modra]

sym_ptr_ptr NULL results in segfaults.

	PR 28420
	* ecoff.c (ecoff_slurp_reloc_table): Don't leave sym_ptr_ptr NULL.

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 7539fadbeca..c660af13265 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -1606,7 +1606,7 @@ ecoff_slurp_reloc_table (bfd *abfd,
       (*backend->swap_reloc_in) (abfd,
 				 external_relocs + i * external_reloc_size,
 				 &intern);
-      rptr->sym_ptr_ptr = NULL;
+      rptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
       rptr->addend = 0;
 
       if (intern.r_extern)
@@ -1617,9 +1617,6 @@ ecoff_slurp_reloc_table (bfd *abfd,
 		  < (ecoff_data (abfd)->debug_info.symbolic_header.iextMax)))
 	    rptr->sym_ptr_ptr = symbols + intern.r_symndx;
 	}
-      else if (intern.r_symndx == RELOC_SECTION_NONE
-	       || intern.r_symndx == RELOC_SECTION_ABS)
-	rptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
       else
 	{
 	  const char *sec_name;

-- 
Alan Modra
Australia Development Lab, IBM

PR28420, ecoff fuzzing failures

[Alan Modra]

	PR 28420
	* coff-mips.c (mips_adjust_reloc_in): Replace abort with error
	message and return.
	* ecoff.c (ecoff_slurp_reloc_table): Remove assertion and aborts,
	instead handle errors gracefully.

diff --git a/bfd/coff-mips.c b/bfd/coff-mips.c
index 963ab249119..075dd0bdbae 100644
--- a/bfd/coff-mips.c
+++ b/bfd/coff-mips.c
@@ -351,7 +351,14 @@ mips_adjust_reloc_in (bfd *abfd,
 		      arelent *rptr)
 {
   if (intern->r_type > MIPS_R_PCREL16)
-    abort ();
+    {
+      /* xgettext:c-format */
+      _bfd_error_handler (_("%pB: unsupported relocation type %#x"),
+			  abfd, intern->r_type);
+      bfd_set_error (bfd_error_bad_value);
+      rptr->howto  = NULL;
+      return;
+    }
 
   if (! intern->r_extern
       && (intern->r_type == MIPS_R_GPREL
diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 7844a50b39d..7539fadbeca 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -1606,23 +1606,20 @@ ecoff_slurp_reloc_table (bfd *abfd,
       (*backend->swap_reloc_in) (abfd,
 				 external_relocs + i * external_reloc_size,
 				 &intern);
+      rptr->sym_ptr_ptr = NULL;
+      rptr->addend = 0;
 
       if (intern.r_extern)
 	{
 	  /* r_symndx is an index into the external symbols.  */
-	  BFD_ASSERT (intern.r_symndx >= 0
-		      && (intern.r_symndx
-			  < (ecoff_data (abfd)
-			     ->debug_info.symbolic_header.iextMax)));
-	  rptr->sym_ptr_ptr = symbols + intern.r_symndx;
-	  rptr->addend = 0;
+	  if (intern.r_symndx >= 0
+	      && (intern.r_symndx
+		  < (ecoff_data (abfd)->debug_info.symbolic_header.iextMax)))
+	    rptr->sym_ptr_ptr = symbols + intern.r_symndx;
 	}
       else if (intern.r_symndx == RELOC_SECTION_NONE
 	       || intern.r_symndx == RELOC_SECTION_ABS)
-	{
-	  rptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
-	  rptr->addend = 0;
-	}
+	rptr->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
       else
 	{
 	  const char *sec_name;
@@ -1645,15 +1642,20 @@ ecoff_slurp_reloc_table (bfd *abfd,
 	    case RELOC_SECTION_FINI:  sec_name = _FINI;  break;
 	    case RELOC_SECTION_LITA:  sec_name = _LITA;  break;
 	    case RELOC_SECTION_RCONST: sec_name = _RCONST; break;
-	    default: abort ();
+	    default:
+	      sec_name = NULL;
+	      break;
 	    }
 
-	  sec = bfd_get_section_by_name (abfd, sec_name);
-	  if (sec == NULL)
-	    abort ();
-	  rptr->sym_ptr_ptr = sec->symbol_ptr_ptr;
-
-	  rptr->addend = - bfd_section_vma (sec);
+	  if (sec_name != NULL)
+	    {
+	      sec = bfd_get_section_by_name (abfd, sec_name);
+	      if (sec != NULL)
+		{
+		  rptr->sym_ptr_ptr = sec->symbol_ptr_ptr;
+		  rptr->addend = - bfd_section_vma (sec);
+		}
+	    }
 	}
 
       rptr->address = intern.r_vaddr - bfd_section_vma (section);

-- 
Alan Modra
Australia Development Lab, IBM