This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH, binutils-gdb, ARM] Assert we don't access htab->stub_group out of range
- From: Thomas Preudhomme <thomas dot preudhomme at foss dot arm dot com>
- To: binutils at sourceware dot org
- Date: Tue, 29 Mar 2016 15:57:01 +0100
- Subject: [PATCH, binutils-gdb, ARM] Assert we don't access htab->stub_group out of range
- Authentication-results: sourceware.org; auth=none
Hi,
The Secure Gateway veneers used to transition from non secure code to secure
code on ARMv8-M targets use b.w for the branch. It is therefore possible that
the destination be out of range. When this happens, arm_type_of_stub in the
elf32_arm_final_link_relocate call to relocate the Secure Gateway veneer
determines that another veneer is needed and calls elf32_arm_get_stub_entry to
see if any already exist. However, this will unconditionally access the entry
in htab->stub_group corresponding to the ARMv8-M Secure Gateway veneer
although it's passed the end of the array.
This patch adds assert to catch this error and other unguarded access to htab-
>stub_group. The patch applies *after* the ARMv8-M patchset but I'm glad to
resequence it before if asked.
ChangeLog entry is as follows:
2016-03-24 Thomas Preud'homme <thomas.preudhomme@arm.com>
* elf32-arm.c (elf32_arm_get_stub_entry): Assert that we don't access
passed the end of htab->stub_group array.
(elf32_arm_create_or_find_stub_sec): Likewise.
(elf32_arm_create_stub): Likewise.
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index
be1d7224148f95bf097bb3fea63de2081f93aab9..d6afa9b4a8e6a2808c1fb3942366a58179aa3940
100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -4138,6 +4138,7 @@ elf32_arm_get_stub_entry (const asection *input_section,
Stub names need to include a section id, as there may well be
more than one stub used to reach say, printf, and we need to
distinguish between them. */
+ BFD_ASSERT (input_section->id <= htab->top_id);
id_sec = htab->stub_group[input_section->id].link_sec;
if (h != NULL && h->stub_cache != NULL
@@ -4295,6 +4296,7 @@ elf32_arm_create_or_find_stub_sec (asection **link_sec_p,
asection *section,
}
else
{
+ BFD_ASSERT (section->id <= htab->top_id);
link_sec = htab->stub_group[section->id].link_sec;
BFD_ASSERT (link_sec != NULL);
stub_sec_p = &htab->stub_group[section->id].stub_sec;
@@ -5404,6 +5406,7 @@ elf32_arm_create_stub (struct elf32_arm_link_hash_table
*htab,
{
BFD_ASSERT (irela);
BFD_ASSERT (section);
+ BFD_ASSERT (section->id <= htab->top_id);
/* Support for grouping stub sections. */
id_sec = htab->stub_group[section->id].link_sec;
Testsuite when run for arm-none-eabi targets shows no regression.
Is this ok for trunk?
Best regards,
Thomas