Fix memory access violations triggered by running objdump on fuzzed binaries.

[deliverable/binutils-gdb.git] / bfd / elf-m10300.c

diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c
index 1dd502039b3d77f87acb90161ecdd1820336fa37..52457ed6e85d81555b8f87d40568ac10c768fec5 100644 (file)
--- a/bfd/elf-m10300.c
+++ b/bfd/elf-m10300.c
@@ -1,6 +1,5 @@
 /* Matsushita 10300 specific support for 32-bit ELF
-   Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
-   2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+   Copyright (C) 1996-2015 Free Software Foundation, Inc.
 
    This file is part of BFD, the Binary File Descriptor library.
 
@@ -807,7 +806,13 @@ mn10300_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED,
   unsigned int r_type;
 
   r_type = ELF32_R_TYPE (dst->r_info);
-  BFD_ASSERT (r_type < (unsigned int) R_MN10300_MAX);
+  if (r_type >= R_MN10300_MAX)
+    {
+      (*_bfd_error_handler) (_("%A: unrecognised MN10300 reloc number: %d"),
+                            abfd, r_type);
+      bfd_set_error (bfd_error_bad_value);
+      r_type = R_MN10300_NONE;
+    }
   cache_ptr->howto = elf_mn10300_howto_table + r_type;
 }
 
@@ -1084,6 +1089,10 @@ mn10300_elf_check_relocs (bfd *abfd,
          while (h->root.type == bfd_link_hash_indirect
                 || h->root.type == bfd_link_hash_warning)
            h = (struct elf_link_hash_entry *) h->root.u.i.link;
+
+         /* PR15323, ref flags aren't set for references in the same
+            object.  */
+         h->root.non_ir_ref = 1;
        }
 
       r_type = ELF32_R_TYPE (rel->r_info);
@@ -2007,7 +2016,7 @@ mn10300_elf_relocate_section (bfd *output_bfd,
       bfd_reloc_status_type r;
       int tls_r_type;
       bfd_boolean unresolved_reloc = FALSE;
-      bfd_boolean warned;
+      bfd_boolean warned, ignored;
       struct elf_link_hash_entry * hh;
 
       relocation = 0;
@@ -2030,7 +2039,7 @@ mn10300_elf_relocate_section (bfd *output_bfd,
          RELOC_FOR_GLOBAL_SYMBOL (info, input_bfd, input_section, rel,
                                   r_symndx, symtab_hdr, sym_hashes,
                                   hh, sec, relocation,
-                                  unresolved_reloc, warned);
+                                  unresolved_reloc, warned, ignored);
        }
       h = elf_mn10300_hash_entry (hh);
 
@@ -2676,7 +2685,7 @@ mn10300_elf_relax_section (bfd *abfd,
       /* Iterate over all the input bfds.  */
       for (input_bfd = link_info->input_bfds;
           input_bfd != NULL;
-          input_bfd = input_bfd->link_next)
+          input_bfd = input_bfd->link.next)
        {
          /* We're going to need all the symbols for each bfd.  */
          symtab_hdr = &elf_tdata (input_bfd)->symtab_hdr;
@@ -3019,7 +3028,7 @@ mn10300_elf_relax_section (bfd *abfd,
         a "call" instruction.  */
       for (input_bfd = link_info->input_bfds;
           input_bfd != NULL;
-          input_bfd = input_bfd->link_next)
+          input_bfd = input_bfd->link.next)
        {
          /* We're going to need all the local symbols for each bfd.  */
          symtab_hdr = &elf_tdata (input_bfd)->symtab_hdr;
@@ -4595,6 +4604,21 @@ _bfd_mn10300_copy_indirect_symbol (struct bfd_link_info *        info,
   _bfd_elf_link_hash_copy_indirect (info, dir, ind);
 }
 
+/* Destroy an mn10300 ELF linker hash table.  */
+
+static void
+elf32_mn10300_link_hash_table_free (bfd *obfd)
+{
+  struct elf32_mn10300_link_hash_table *ret
+    = (struct elf32_mn10300_link_hash_table *) obfd->link.hash;
+
+  obfd->link.hash = &ret->static_hash_table->root.root;
+  _bfd_elf_link_hash_table_free (obfd);
+  obfd->is_linker_output = TRUE;
+  obfd->link.hash = &ret->root.root;
+  _bfd_elf_link_hash_table_free (obfd);
+}
+
 /* Create an mn10300 ELF linker hash table.  */
 
 static struct bfd_link_hash_table *
@@ -4603,27 +4627,12 @@ elf32_mn10300_link_hash_table_create (bfd *abfd)
   struct elf32_mn10300_link_hash_table *ret;
   bfd_size_type amt = sizeof (* ret);
 
-  ret = bfd_malloc (amt);
+  ret = bfd_zmalloc (amt);
   if (ret == NULL)
     return NULL;
 
-  if (!_bfd_elf_link_hash_table_init (&ret->root, abfd,
-                                     elf32_mn10300_link_hash_newfunc,
-                                     sizeof (struct elf32_mn10300_link_hash_entry),
-                                     MN10300_ELF_DATA))
-    {
-      free (ret);
-      return NULL;
-    }
-
-  ret->flags = 0;
-  ret->tls_ldm_got.refcount = 0;
-  ret->tls_ldm_got.offset = -1;
-  ret->tls_ldm_got.got_allocated = 0;
-  ret->tls_ldm_got.rel_emitted = 0;
-
   amt = sizeof (struct elf_link_hash_table);
-  ret->static_hash_table = bfd_malloc (amt);
+  ret->static_hash_table = bfd_zmalloc (amt);
   if (ret->static_hash_table == NULL)
     {
       free (ret);
@@ -4639,21 +4648,25 @@ elf32_mn10300_link_hash_table_create (bfd *abfd)
       free (ret);
       return NULL;
     }
-  return & ret->root.root;
-}
 
-/* Free an mn10300 ELF linker hash table.  */
+  abfd->is_linker_output = FALSE;
+  abfd->link.hash = NULL;
+  if (!_bfd_elf_link_hash_table_init (&ret->root, abfd,
+                                     elf32_mn10300_link_hash_newfunc,
+                                     sizeof (struct elf32_mn10300_link_hash_entry),
+                                     MN10300_ELF_DATA))
+    {
+      abfd->is_linker_output = TRUE;
+      abfd->link.hash = &ret->static_hash_table->root.root;
+      _bfd_elf_link_hash_table_free (abfd);
+      free (ret);
+      return NULL;
+    }
+  ret->root.root.hash_table_free = elf32_mn10300_link_hash_table_free;
 
-static void
-elf32_mn10300_link_hash_table_free (struct bfd_link_hash_table *hash)
-{
-  struct elf32_mn10300_link_hash_table *ret
-    = (struct elf32_mn10300_link_hash_table *) hash;
+  ret->tls_ldm_got.offset = -1;
 
-  _bfd_generic_link_hash_table_free
-    ((struct bfd_link_hash_table *) ret->static_hash_table);
-  _bfd_generic_link_hash_table_free
-    ((struct bfd_link_hash_table *) ret);
+  return & ret->root.root;
 }
 
 static unsigned long
@@ -5017,7 +5030,7 @@ _bfd_mn10300_elf_adjust_dynamic_symbol (struct bfd_link_info * info,
       h->needs_copy = 1;
     }
 
-  return _bfd_elf_adjust_dynamic_copy (h, s);
+  return _bfd_elf_adjust_dynamic_copy (info, h, s);
 }
 
 /* Set the sizes of the dynamic sections.  */
@@ -5536,7 +5549,9 @@ _bfd_mn10300_elf_finish_dynamic_sections (bfd * output_bfd,
    properly.  */
 
 static enum elf_reloc_type_class
-_bfd_mn10300_elf_reloc_type_class (const Elf_Internal_Rela *rela)
+_bfd_mn10300_elf_reloc_type_class (const struct bfd_link_info *info ATTRIBUTE_UNUSED,
+                                  const asection *rel_sec ATTRIBUTE_UNUSED,
+                                  const Elf_Internal_Rela *rela)
 {
   switch ((int) ELF32_R_TYPE (rela->r_info))
     {
@@ -5559,7 +5574,7 @@ mn10300_elf_mkobject (bfd *abfd)
 #define bfd_elf32_mkobject     mn10300_elf_mkobject
 
 #ifndef ELF_ARCH
-#define TARGET_LITTLE_SYM      bfd_elf32_mn10300_vec
+#define TARGET_LITTLE_SYM      mn10300_elf32_vec
 #define TARGET_LITTLE_NAME     "elf32-mn10300"
 #define ELF_ARCH               bfd_arch_mn10300
 #define ELF_TARGET_ID          MN10300_ELF_DATA
@@ -5580,8 +5595,6 @@ mn10300_elf_mkobject (bfd *abfd)
                                mn10300_elf_get_relocated_section_contents
 #define bfd_elf32_bfd_link_hash_table_create \
                                elf32_mn10300_link_hash_table_create
-#define bfd_elf32_bfd_link_hash_table_free \
-                               elf32_mn10300_link_hash_table_free
 
 #ifndef elf_symbol_leading_char
 #define elf_symbol_leading_char '_'