This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix ppc64 ELFv1 assertion failure
- From: Alan Modra <amodra at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 22 Jul 2015 09:53:08 -0000
- Subject: [binutils-gdb] Fix ppc64 ELFv1 assertion failure
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb854a36d192bfa6609da9e3b1342e33da445598
commit bb854a36d192bfa6609da9e3b1342e33da445598
Author: Alan Modra <amodra@gmail.com>
Date: Wed Jul 22 19:11:22 2015 +0930
Fix ppc64 ELFv1 assertion failure
Bogus assembly can hit an assertion in opd_entry_value when the symbol
referenced by a function descriptor is undefined. Worse, the code
after the assert copies unitialised memory to return the code section.
This uninitialised pointer can later be dereferencd, possibly causing
a linker segmentation fault.
* elf64-ppc.c (opd_entry_value): Remove assertion. Instead,
return -1 if symbol referenced is not defined. Tidy.
Diff:
---
bfd/ChangeLog | 5 +++++
bfd/elf64-ppc.c | 13 ++++++-------
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 36a5b60..c7915b5 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2015-07-22 Alan Modra <amodra@gmail.com>
+
+ * elf64-ppc.c (opd_entry_value): Remove assertion. Instead,
+ return -1 if symbol referenced is not defined. Tidy.
+
2015-07-20 Alan Modra <amodra@gmail.com>
* po/SRC-POTFILES.in: Regenerate.
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 468e8bf..ef08164 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -6034,14 +6034,13 @@ opd_entry_value (asection *opd_sec,
if (rh != NULL)
{
rh = elf_follow_link (rh);
- BFD_ASSERT (rh->root.type == bfd_link_hash_defined
- || rh->root.type == bfd_link_hash_defweak);
- val = rh->root.u.def.value;
- sec = rh->root.u.def.section;
- if (sec->owner != opd_bfd)
+ if (rh->root.type != bfd_link_hash_defined
+ && rh->root.type != bfd_link_hash_defweak)
+ break;
+ if (rh->root.u.def.section->owner == opd_bfd)
{
- sec = NULL;
- val = (bfd_vma) -1;
+ val = rh->root.u.def.value;
+ sec = rh->root.u.def.section;
}
}
}