This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RFA: Stop objdump crash on corrupt reloc table

From: Daniel Jacobowitz <drow at mvista dot com>
To: binutils at sources dot redhat dot com
Date: Tue, 17 Sep 2002 12:39:03 -0400
Subject: RFA: Stop objdump crash on corrupt reloc table

I'm trying to track down a woefully corrupted relocation table.  It doesn't
help that looking at it crashes objdump, though.  This fixes that; I move
bad relocations to point at *ABS* and issue an error message.  OK?

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

2002-09-17  Daniel Jacobowitz  <drow@mvista.com>

	* elfcode.h (elf_slurp_reloc_table_from_section): Add nsyms
	argument.  Check for overflow.
	(elf_slurp_reloc_table): Count symbols and pass nsyms to
	elf_slurp_reloc_table_from_section.

Index: elfcode.h
===================================================================
RCS file: /cvs/src/src/bfd/elfcode.h,v
retrieving revision 1.33
diff -u -p -r1.33 elfcode.h
--- elfcode.h	7 Jul 2002 09:10:39 -0000	1.33
+++ elfcode.h	17 Sep 2002 16:35:11 -0000
@@ -172,7 +172,7 @@ static void elf_swap_shdr_out
 
 static boolean elf_slurp_reloc_table_from_section
   PARAMS ((bfd *, asection *, Elf_Internal_Shdr *, bfd_size_type,
-	   arelent *, asymbol **, boolean));
+	   arelent *, asymbol **, bfd_size_type, boolean));
 
 static boolean elf_file_p PARAMS ((Elf_External_Ehdr *));
 
@@ -1362,13 +1362,14 @@ error_return:
 
 static boolean
 elf_slurp_reloc_table_from_section (abfd, asect, rel_hdr, reloc_count,
-				    relents, symbols, dynamic)
+				    relents, symbols, nsyms, dynamic)
      bfd *abfd;
      asection *asect;
      Elf_Internal_Shdr *rel_hdr;
      bfd_size_type reloc_count;
      arelent *relents;
      asymbol **symbols;
+     bfd_size_type nsyms;
      boolean dynamic;
 {
   struct elf_backend_data * const ebd = get_elf_backend_data (abfd);
@@ -1421,6 +1422,13 @@ elf_slurp_reloc_table_from_section (abfd
 
       if (ELF_R_SYM (rela.r_info) == 0)
 	relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+      else if (ELF_R_SYM (rela.r_info) > nsyms)
+	{
+	  (*_bfd_error_handler)
+	    (_("%s(%s): relocation %d has invalid symbol index %ld"),
+	     abfd->filename, asect->name, i, ELF_R_SYM (rela.r_info));
+	  relent->sym_ptr_ptr = bfd_abs_section.symbol_ptr_ptr;
+	}
       else
 	{
 	  asymbol **ps, *s;
@@ -1470,6 +1478,7 @@ elf_slurp_reloc_table (abfd, asect, symb
   bfd_size_type reloc_count2;
   arelent *relents;
   bfd_size_type amt;
+  bfd_size_type nsyms;
 
   if (asect->relocation != NULL)
     return true;
@@ -1510,17 +1519,22 @@ elf_slurp_reloc_table (abfd, asect, symb
   if (relents == NULL)
     return false;
 
+  /* ``symbols'' is NULL-terminated.  */
+  nsyms = 0;
+  while (symbols[nsyms] != NULL)
+    nsyms++;
+
   if (!elf_slurp_reloc_table_from_section (abfd, asect,
 					   rel_hdr, reloc_count,
 					   relents,
-					   symbols, dynamic))
+					   symbols, nsyms, dynamic))
     return false;
 
   if (rel_hdr2
       && !elf_slurp_reloc_table_from_section (abfd, asect,
 					      rel_hdr2, reloc_count2,
 					      relents + reloc_count,
-					      symbols, dynamic))
+					      symbols, nsyms, dynamic))
     return false;
 
   asect->relocation = relents;

Follow-Ups:
- Re: RFA: Stop objdump crash on corrupt reloc table
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]