This is the mail archive of the mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH, binutils-gdb, ARM] Assert we don't access htab->stub_group out of range


The Secure Gateway veneers used to transition from non secure code to secure 
code on ARMv8-M targets use b.w for the branch. It is therefore possible that 
the destination be out of range. When this happens, arm_type_of_stub in the 
elf32_arm_final_link_relocate call to relocate the Secure Gateway veneer 
determines that another veneer is needed and calls elf32_arm_get_stub_entry to 
see if any already exist. However, this will unconditionally access the entry 
in htab->stub_group corresponding to the ARMv8-M Secure Gateway veneer 
although it's passed the end of the array.

This patch adds assert to catch this error and other unguarded access to htab-
>stub_group. The patch applies *after* the ARMv8-M patchset but I'm glad to 
resequence it before if asked.

ChangeLog entry is as follows:

2016-03-24  Thomas Preud'homme  <>

        * elf32-arm.c (elf32_arm_get_stub_entry): Assert that we don't access
        passed the end of htab->stub_group array.
        (elf32_arm_create_or_find_stub_sec): Likewise.
        (elf32_arm_create_stub): Likewise.

diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -4138,6 +4138,7 @@ elf32_arm_get_stub_entry (const asection *input_section,
      Stub names need to include a section id, as there may well be
      more than one stub used to reach say, printf, and we need to
      distinguish between them.  */
+  BFD_ASSERT (input_section->id <= htab->top_id);
   id_sec = htab->stub_group[input_section->id].link_sec;
   if (h != NULL && h->stub_cache != NULL
@@ -4295,6 +4296,7 @@ elf32_arm_create_or_find_stub_sec (asection **link_sec_p, 
asection *section,
+      BFD_ASSERT (section->id <= htab->top_id);
       link_sec = htab->stub_group[section->id].link_sec;
       BFD_ASSERT (link_sec != NULL);
       stub_sec_p = &htab->stub_group[section->id].stub_sec;
@@ -5404,6 +5406,7 @@ elf32_arm_create_stub (struct elf32_arm_link_hash_table 
       BFD_ASSERT (irela);
       BFD_ASSERT (section);
+      BFD_ASSERT (section->id <= htab->top_id);
       /* Support for grouping stub sections.  */
       id_sec = htab->stub_group[section->id].link_sec;

Testsuite when run for arm-none-eabi targets shows no regression.

Is this ok for trunk?

Best regards,


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]