More fixes for illegal memory accesses triggered by running objdump on fuzzed binaries.

[deliverable/binutils-gdb.git] / bfd / elf32-cr16.c

diff --git a/bfd/elf32-cr16.c b/bfd/elf32-cr16.c
index 6dadcc1d9eab31f8237fd5a4f3da0892e46e921b..047d720575d00468b64a15388487c9dc35b6dbc4 100644 (file)
--- a/bfd/elf32-cr16.c
+++ b/bfd/elf32-cr16.c
@@ -1,5 +1,5 @@
 /* BFD back-end for National Semiconductor's CR16 ELF
-   Copyright (C) 2007-2014 Free Software Foundation, Inc.
+   Copyright (C) 2007-2015 Free Software Foundation, Inc.
    Written by M R Swami Reddy.
 
    This file is part of BFD, the Binary File Descriptor library.
@@ -115,8 +115,8 @@ static reloc_howto_type cr16_elf_howto_table[] =
 {
   HOWTO (R_CR16_NONE,              /* type */
          0,                        /* rightshift */
-         2,                        /* size */
-         32,                       /* bitsize */
+         3,                        /* size */
+         0,                        /* bitsize */
          FALSE,                    /* pc_relative */
          0,                        /* bitpos */
          complain_overflow_dont,   /* complain_on_overflow */
@@ -673,7 +673,13 @@ elf_cr16_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr,
 {
   unsigned int r_type = ELF32_R_TYPE (dst->r_info);
 
-  BFD_ASSERT (r_type < (unsigned int) R_CR16_MAX);
+  if (r_type >= R_CR16_MAX)
+    {
+      (*_bfd_error_handler) (_("%B: unrecognised CR16 reloc number: %d"),
+                            abfd, r_type);
+      bfd_set_error (bfd_error_bad_value);
+      r_type = R_CR16_NONE;
+    }
   cache_ptr->howto = cr16_elf_howto_table + r_type;
 }