From: Nick Clifton Date: Wed, 26 Apr 2017 15:30:22 +0000 (+0100) Subject: Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative... X-Git-Tag: users/hjl/linux/release/2.28.51.0.1~1^2~45^2~51 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2;p=thirdparty%2Fbinutils-gdb.git Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses. PR binutils/21434 * reloc.c (bfd_perform_relocation): Check for a negative address in the reloc. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index c75897c2558..26b3572c5b1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-04-26 Nick Clifton + + PR binutils/21434 + * reloc.c (bfd_perform_relocation): Check for a negative address + in the reloc. + 2017-04-26 Maciej W. Rozycki PR ld/21334 diff --git a/bfd/reloc.c b/bfd/reloc.c index 27914585168..9a04022c50c 100644 --- a/bfd/reloc.c +++ b/bfd/reloc.c @@ -624,7 +624,10 @@ bfd_perform_relocation (bfd *abfd, PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */ octets = reloc_entry->address * bfd_octets_per_byte (abfd); if (octets + bfd_get_reloc_size (howto) - > bfd_get_section_limit_octets (abfd, input_section)) + > bfd_get_section_limit_octets (abfd, input_section) + /* Check for an overly large offset which + masquerades as a negative value too. */ + || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto))) return bfd_reloc_outofrange; /* Work out which section the relocation is targeted at and the