git.ipfire.org Git - thirdparty/binutils-gdb.git/commit

author	Alan Modra <amodra@gmail.com>
	Sun, 5 Oct 2025 22:38:26 +0000 (09:08 +1030)
committer	Alan Modra <amodra@gmail.com>
	Mon, 6 Oct 2025 03:01:31 +0000 (13:31 +1030)
commit	236cf2bf6089ba627723303bc530f7aa33640ab7
tree	3df19db8a436bdd59f9e874b45c029d0a3092557	tree
parent	f2a3ccf127fe2e84c58a483bd919276aa74bb8df	commit \| diff

readelf reloc range check

A fuzzed object file hit this sanitizer error.
readelf.c:16764:9: runtime error: pointer index expression with base
0x6dd4491e1590 overflowed to 0xe7af96d4491e17a1

The same could occur in any of the IN_RANGE reloc checks, where the
reloc address is calculated as "start + r_offset" then compared
against "start" and "end".  So don't do that.  Compare r_offset
against the memory size, first.

* readelf.c (IN_RANGE): Delete.
(in_range): New inline funcion.
(target_specific_reloc_handling): Replace "end" param with
"size".  Update uses.  Replace IN_RANGE with in_range.
(apply_relocations): Delete "end" variable.  Update
target_specific_reloc_handling calls and replace IN_RANGE.
Avoid pointer overflow.