From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com
 [IPv6:2607:f8b0:4864:20::102f])
 by sourceware.org (Postfix) with ESMTPS id A23023858C83
 for <binutils@sourceware.org>; Tue, 23 Aug 2022 09:05:55 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A23023858C83
Received: by mail-pj1-x102f.google.com with SMTP id f21so13462426pjt.2
 for <binutils@sourceware.org>; Tue, 23 Aug 2022 02:05:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc;
 bh=8uEdmcMwNZKMNyihf8+LxONDsAYjMgIqh/gKzIsB5nY=;
 b=gqFQ/X5WkHBLUGVa+APXNcUMvTWxHGDeJLXfqBkDr3lxNuNLzMuUGoNeTXYMNpxPtP
 zSZhF0J/xsRs/QpCqThBe1WofjbAaNMQbDFkSCJlO3Y09dIqLB0rOJoCk17/uQrqDQlH
 2NWo6UfW+X8qoZKIyYoJ8p34aVUAzn2NMiymNPMuWRoHDDZfRzAo7QA/rdsyOs3pytHl
 k+oRUtM0f4Bvi4nTyJyhNDZfT41RWJ9RH3+RySXnjqZU1kAdF3ZFRhsj+4D+e83m1Cl2
 AnpeoPG9SKYHcvQtcFyCabA4qDIoY8adRUd7bDOhJhoaNVe1k6+Zuc/7VCLIPN/ywkpo
 TX4w==
X-Gm-Message-State: ACgBeo33QFChdyhN+u8d2uNfHkXJkkBztzpWaxh9iGCGQ04BLPeVSr9h
 Mm+IpCiJqBXw/DRclmOZ4IdCm4kApVc=
X-Google-Smtp-Source: AA6agR6PNJcsuKPJ4WzR/W2m4KATgiSaWQ1BHO7PfgyksCgrhUYuUqNX9dGqYkY/MoDBM9HqxdGsCA==
X-Received: by 2002:a17:902:708b:b0:172:5267:ed95 with SMTP id
 z11-20020a170902708b00b001725267ed95mr23108983plk.3.1661245554447; 
 Tue, 23 Aug 2022 02:05:54 -0700 (PDT)
Received: from squeak.grove.modra.org
 ([2406:3400:51d:8cc0:bb55:31be:89dd:d0dc])
 by smtp.gmail.com with ESMTPSA id
 m1-20020a170902db0100b0016bf9437766sm1641361plx.261.2022.08.23.02.05.53
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 23 Aug 2022 02:05:53 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 5BA391142ED7; Tue, 23 Aug 2022 18:35:51 +0930 (ACST)
Date: Tue, 23 Aug 2022 18:35:51 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: Re: bfd_elf_set_group_contents assertion
Message-ID: <YwSYb4BAQtQPcffA@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3035.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2022 09:05:57 -0000

Further to commit 7744e3278b9f.

	* elf.c (bfd_elf_set_group_contents): Restrict loc in loop writing
	contents, and add another assertion.

diff --git a/bfd/elf.c b/bfd/elf.c
index 35aa45e3b90..f186a2cffe9 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -3594,6 +3594,8 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
 	    {
 	      elf_sec->rel.hdr->sh_flags |= SHF_GROUP;
 	      loc -= 4;
+	      if (loc == sec->contents)
+		break;
 	      H_PUT_32 (abfd, elf_sec->rel.idx, loc);
 	    }
 	  if (elf_sec->rela.hdr != NULL
@@ -3603,9 +3605,13 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
 	    {
 	      elf_sec->rela.hdr->sh_flags |= SHF_GROUP;
 	      loc -= 4;
+	      if (loc == sec->contents)
+		break;
 	      H_PUT_32 (abfd, elf_sec->rela.idx, loc);
 	    }
 	  loc -= 4;
+	  if (loc == sec->contents)
+	    break;
 	  H_PUT_32 (abfd, elf_sec->this_idx, loc);
 	}
       elt = elf_next_in_group (elt);
@@ -3613,12 +3619,20 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
 	break;
     }
 
-  loc -= 4;
-  if (loc != sec->contents)
+  /* We should always get here with loc == sec->contents + 4, but it is
+     possible to craft bogus SHT_GROUP sections that will cause segfaults
+     in objcopy without checking loc here and in the loop above.  */
+  if (loc == sec->contents)
+    BFD_ASSERT (0);
+  else
     {
-      BFD_ASSERT (0);
-      memset (sec->contents + 4, 0, loc - sec->contents);
-      loc = sec->contents;
+      loc -= 4;
+      if (loc != sec->contents)
+	{
+	  BFD_ASSERT (0);
+	  memset (sec->contents + 4, 0, loc - sec->contents);
+	  loc = sec->contents;
+	}
     }
 
   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);

-- 
Alan Modra
Australia Development Lab, IBM