From: Maciej W. Rozycki <macro@mips.com>
Date: Wed, 4 Apr 2018 01:00:49 +0000 (+0100)
Subject: PR binutils/22875: Visium/ELF: Prevent an out-of-bounds howto table access
X-Git-Tag: users/gbenson/thread_db-test/2018-05-23~473
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=707bad1b21c18cf8e570fb8df8f7c5961fb0f3a5;p=thirdparty%2Fbinutils-gdb.git

PR binutils/22875: Visium/ELF: Prevent an out-of-bounds howto table access

Prevent an out-of-bounds `visium_elf_howto_table' table access in
`visium_info_to_howto_rela' by using the size of the table rather than
R_VISIUM_max to determine the number of entries in the contiguous
regular Visium relocation range defined and described in the table.

	bfd/
	* elf32-visium.c (visium_info_to_howto_rela): Correct the range
	check for `visium_elf_howto_table' table access.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 8e1df6d0ff3..991d11b5bcf 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2018-04-04  Maciej W. Rozycki  <macro@mips.com>
+
+	* elf32-visium.c (visium_info_to_howto_rela): Correct the range
+	check for `visium_elf_howto_table' table access.
+
 2018-04-04  Maciej W. Rozycki  <macro@mips.com>
 
 	* elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range
diff --git a/bfd/elf32-visium.c b/bfd/elf32-visium.c
index 3f8d16aa97c..e8f1c4c9e4c 100644
--- a/bfd/elf32-visium.c
+++ b/bfd/elf32-visium.c
@@ -25,6 +25,7 @@
 #include "libbfd.h"
 #include "elf-bfd.h"
 #include "elf/visium.h"
+#include "libiberty.h"
 
 static bfd_reloc_status_type visium_elf_howto_parity_reloc
   (bfd *, arelent *, asymbol *, PTR, asection *, bfd *, char **);
@@ -475,7 +476,7 @@ visium_info_to_howto_rela (bfd *abfd, arelent *cache_ptr,
       break;
 
     default:
-      if (r_type >= (unsigned int) R_VISIUM_max)
+      if (r_type >= ARRAY_SIZE (visium_elf_howto_table))
 	{
 	  /* xgettext:c-format */
 	  _bfd_error_handler (_("%pB: unsupported relocation type %#x"),