From f60742b2a1988d276c77d5c1011143f320d9b4cb Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 23 Nov 2020 14:07:02 +0000 Subject: [PATCH] Fix an illegal memory access when accessing corrupt dynamic secondary relocations. PR 26931 * elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to slurp_secondary_relocs field. (_bfd_elf_slurp_secondary_reloc_section): Update prototype. * elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new parameter. Compute number of symbols based upon the new parameter. * elfcode.h (elf_slurp_reloc_table): Pass dynamic as new parameter. --- bfd/ChangeLog | 12 ++++++++++++ bfd/elf-bfd.h | 4 ++-- bfd/elf.c | 13 ++++++++----- bfd/elfcode.h | 2 +- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6a552c701b..d47d518a2a 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,15 @@ +2020-11-23 Nick Clifton + + PR 26931 + * elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to + slurp_secondary_relocs field. + (_bfd_elf_slurp_secondary_reloc_section): Update prototype. + * elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new + parameter. Compute number of symbols based upon the new + parameter. + * elfcode.h (elf_slurp_reloc_table): Pass dynamic as new + parameter. + 2020-11-23 H.J. Lu PR ld/26918 diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h index ffb75f7919..e8455d1486 100644 --- a/bfd/elf-bfd.h +++ b/bfd/elf-bfd.h @@ -1571,7 +1571,7 @@ struct elf_backend_data const char *, unsigned int); /* Called when after loading the normal relocs for a section. */ - bfd_boolean (*slurp_secondary_relocs) (bfd *, asection *, asymbol **); + bfd_boolean (*slurp_secondary_relocs) (bfd *, asection *, asymbol **, bfd_boolean); /* Called after writing the normal relocs for a section. */ bfd_boolean (*write_secondary_relocs) (bfd *, asection *); @@ -2919,7 +2919,7 @@ extern bfd_boolean is_debuginfo_file (bfd *); extern bfd_boolean _bfd_elf_init_secondary_reloc_section (bfd *, Elf_Internal_Shdr *, const char *, unsigned int); extern bfd_boolean _bfd_elf_slurp_secondary_reloc_section - (bfd *, asection *, asymbol **); + (bfd *, asection *, asymbol **, bfd_boolean); extern bfd_boolean _bfd_elf_copy_special_section_fields (const bfd *, bfd *, const Elf_Internal_Shdr *, Elf_Internal_Shdr *); extern bfd_boolean _bfd_elf_write_secondary_reloc_section diff --git a/bfd/elf.c b/bfd/elf.c index 9624df7271..dbff0f24c8 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -12560,9 +12560,10 @@ _bfd_elf_init_secondary_reloc_section (bfd * abfd, /* Read in any secondary relocs associated with SEC. */ bfd_boolean -_bfd_elf_slurp_secondary_reloc_section (bfd * abfd, - asection * sec, - asymbol ** symbols) +_bfd_elf_slurp_secondary_reloc_section (bfd * abfd, + asection * sec, + asymbol ** symbols, + bfd_boolean dynamic) { const struct elf_backend_data * const ebd = get_elf_backend_data (abfd); asection * relsec; @@ -12641,7 +12642,10 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, continue; } - symcount = bfd_get_symcount (abfd); + if (dynamic) + symcount = bfd_get_dynamic_symcount (abfd); + else + symcount = bfd_get_symcount (abfd); for (i = 0, internal_reloc = internal_relocs, native_reloc = native_relocs; @@ -12688,7 +12692,6 @@ _bfd_elf_slurp_secondary_reloc_section (bfd * abfd, asymbol **ps; ps = symbols + r_sym (rela.r_info) - 1; - internal_reloc->sym_ptr_ptr = ps; /* Make sure that this symbol is not removed by strip. */ (*ps)->flags |= BSF_KEEP; diff --git a/bfd/elfcode.h b/bfd/elfcode.h index 606ff64fd4..c7da8f6c07 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -1603,7 +1603,7 @@ elf_slurp_reloc_table (bfd *abfd, symbols, dynamic)) return FALSE; - if (!bed->slurp_secondary_relocs (abfd, asect, symbols)) + if (!bed->slurp_secondary_relocs (abfd, asect, symbols, dynamic)) return FALSE; asect->relocation = relents; -- 2.34.1