git.ipfire.org Git - thirdparty/binutils-gdb.git/commit

author	Alan Modra <amodra@gmail.com>
	Wed, 12 Apr 2023 01:30:42 +0000 (11:00 +0930)
committer	Alan Modra <amodra@gmail.com>
	Wed, 12 Apr 2023 04:43:46 +0000 (14:13 +0930)
commit	93c6e8c3c14bf81020ca7571fe752250a34f5bc9
tree	4e5b252048ff1dc9da4da78862aef9e16bf8e765	tree \| snapshot
parent	32011d23a879283d845993e9358f64a6e8aefa98	commit \| diff

PR30326, uninitialised value in objdump compare_relocs

This is a fuzzing PR, with a testcase involving a SHF_ALLOC and
SHF_COMPRESSED SHT_RELA section, ie. a compressed dynamic reloc
section.  BFD doesn't handle compressed relocation sections, with most
of the code reading relocs using sh_size (often no bfd section is
created) but in the case of SHF_ALLOC dynamic relocs we had some code
using the bfd section size.  This led to a mismatch, sh_size is
compressed, size is uncompressed, and from that some uninitialised
memory.  Consistently using sh_size is enough to fix this PR, but I've
also added tests to exclude SHF_COMPRESSED reloc sections from
consideration.

PR 30362
* elf.c (bfd_section_from_shdr): Exclude reloc sections with
SHF_COMPRESSED flag from normal reloc processing.
(_bfd_elf_get_dynamic_reloc_upper_bound): Similarly exclude
SHF_COMPRESSED sections from consideration.  Use sh_size when
sizing to match slurp_relocs.
(_bfd_elf_canonicalize_dynamic_reloc): Likewise.
(_bfd_elf_get_synthetic_symtab): Use NUM_SHDR_ENTRIES to size
plt relocs.
* elf32-arm.c (elf32_arm_get_synthetic_symtab): Likewise.
* elf32-ppc.c (ppc_elf_get_synthetic_symtab): Likewise.
* elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise.
* elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise.

bfd/elf.c		diff \| blob \| blame \| history
bfd/elf32-arm.c		diff \| blob \| blame \| history
bfd/elf32-ppc.c		diff \| blob \| blame \| history
bfd/elf64-ppc.c		diff \| blob \| blame \| history
bfd/elfxx-mips.c		diff \| blob \| blame \| history