git.ipfire.org Git - thirdparty/binutils-gdb.git/commit

author	Alan Modra <amodra@gmail.com>
	Thu, 30 Oct 2025 05:56:57 +0000 (16:26 +1030)
committer	Alan Modra <amodra@gmail.com>
	Thu, 30 Oct 2025 05:56:57 +0000 (16:26 +1030)
commit	4b738eecc008099574fb8263b2e1fac758eedf02
tree	92a8a586ea2303c47967c85ae2000a08f6d1cae6	tree \| snapshot
parent	8b99ca44515b2b56f1492786e23522e4abbe8a96	commit \| diff

Sanity check elf_sym_hashes indexing

I'm a little surprised we haven't already had fuzzing reports of
indexing off the end of sym_hashes.  The idea here is to preempt such
bugs.  One wrinkle is that ppc64 can't leave a zero symtab_hdr when
setting up sym_hashes for the fake stub bfd.

* elf-bfd.h (struct elf_reloc_cookie): Add "num_sym".
(_bfd_elf_get_link_hash_entry): Update declaration.
* elf-eh-frame.c (find_merged_cie): Sanity check reloc symbol
index.
* elf64-ppc.c (use_global_in_relocs): Fake up symtab_hdr for
stub bfd.
* elflink.c (_bfd_elf_get_link_hash_entry): Add "num_sym"
param.  Check symndx against it.  Update all calls.
(set_symbol_value): Add "num_sym" param and update all calls.
(elf_link_input_bfd): Add "num_syms" var and use for above.
(init_reloc_cookie): Set "cookie->num_syms".
* elf64-x86-64.c (elf_x86_64_scan_relocs): Pass symtab number
of entries to _bfd_elf_get_link_hash_entry.
* elfxx-x86.c (_bfd_x86_elf_check_relocs): Likewise.
(_bfd_x86_elf_link_relax_section): Likewise.

bfd/elf-bfd.h		diff \| blob \| blame \| history
bfd/elf-eh-frame.c		diff \| blob \| blame \| history
bfd/elf64-ppc.c		diff \| blob \| blame \| history
bfd/elf64-x86-64.c		diff \| blob \| blame \| history
bfd/elflink.c		diff \| blob \| blame \| history
bfd/elfxx-x86.c		diff \| blob \| blame \| history