This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[committed] MIPS/LD: Fix a segfault from ELF `e_flags' access with non-ELF output BFD

From: "Maciej W. Rozycki" <macro at imgtec dot com>
To: <binutils at sourceware dot org>
Cc: Tristan Gingold <gingold at adacore dot com>
Date: Fri, 7 Jul 2017 18:04:46 +0100
Subject: [committed] MIPS/LD: Fix a segfault from ELF `e_flags' access with non-ELF output BFD
Authentication-results: sourceware.org; auth=none

Fix a commit 861fb55ab50a ("Defer allocation of R_MIPS_REL32 GOT 
slots"), <https://sourceware.org/ml/binutils/2008-08/msg00096.html>, 
regression and a more recent:

FAIL: ld-unique/pr21529

new LD test case failure, observed with all the relevant MIPS targets 
whenever the linker is invoked with one or more ELF inputs and the 
output format set to `binary'.

The culprit is a segmentation fault caused in `mips_before_allocation' 
by a null pointer dereference, where an attempt is made to access the 
ELF file header's `e_flags' member, for the purpose of determining 
whether to produce a PLT and copy relocations, without first checking 
that the output BFD is ELF.  The `e_flags' member is stored in BFD's 
private data pointed to by `tdep', which in the case of the `binary' BFD 
is null, causing the segmentation fault.  With other non-ELF BFDs such 
as SREC `tdep' is not null and consequently no crash may happen and in 
that case random data will be interpreted as it was `e_flags'.

Disable the access to `e_flags' then and all the associated checks and 
consequently never produce a PLT and copy relocations if output is not a 
MIPS ELF BFD, matching `_bfd_mips_elf_merge_private_bfd_data' that does 
not process `e_flags' in that case either and therefore does not let us 
decide here anyway if all the input objects included in the link are 
suitable for use with a PLT and copy relocations.

	ld/
	* emultempl/mipself.em (mips_before_allocation): Avoid ELF
	processing if not MIPS ELF.
	* testsuite/ld-mips-elf/binary.d: New test.
	* testsuite/ld-mips-elf/binary.ld: New test linker script.
	* testsuite/ld-mips-elf/binary.s: New test source.
	* testsuite/ld-mips-elf/mips-elf.exp: Run the new test.
---
Hi,

 Committed to master.  This is a very old bug, however with an obvious 
fix, so backported to 2.29 as well.

  Maciej

binutils-ld-non-elf-plt.diff
Index: binutils/ld/emultempl/mipself.em
===================================================================
--- binutils.orig/ld/emultempl/mipself.em	2017-07-07 03:14:58.924010678 +0100
+++ binutils/ld/emultempl/mipself.em	2017-07-07 03:15:01.855327265 +0100
@@ -214,13 +214,16 @@ mips_create_output_section_statements (v
 static void
 mips_before_allocation (void)
 {
-  flagword flags;
+  if (is_mips_elf (link_info.output_bfd))
+    {
+      flagword flags;
 
-  flags = elf_elfheader (link_info.output_bfd)->e_flags;
-  if (!bfd_link_pic (&link_info)
-      && !link_info.nocopyreloc
-      && (flags & (EF_MIPS_PIC | EF_MIPS_CPIC)) == EF_MIPS_CPIC)
-    _bfd_mips_elf_use_plts_and_copy_relocs (&link_info);
+      flags = elf_elfheader (link_info.output_bfd)->e_flags;
+      if (!bfd_link_pic (&link_info)
+	  && !link_info.nocopyreloc
+	  && (flags & (EF_MIPS_PIC | EF_MIPS_CPIC)) == EF_MIPS_CPIC)
+	_bfd_mips_elf_use_plts_and_copy_relocs (&link_info);
+    }
 
   gld${EMULATION_NAME}_before_allocation ();
 }
Index: binutils/ld/testsuite/ld-mips-elf/binary.d
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ binutils/ld/testsuite/ld-mips-elf/binary.d	2017-07-07 03:15:01.879045625 +0100
@@ -0,0 +1,8 @@
+#objdump: -b binary -s
+#name: MIPS link ELF into binary output format
+#ld: -r --oformat=binary -T binary.ld
+
+.*: +file format binary
+
+Contents of section \.data:
+ 0000 61626364 65666768 696a6b6c 6d6e6f70  abcdefghijklmnop
Index: binutils/ld/testsuite/ld-mips-elf/binary.ld
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ binutils/ld/testsuite/ld-mips-elf/binary.ld	2017-07-07 03:15:01.904581830 +0100
@@ -0,0 +1,5 @@
+SECTIONS
+{
+  .data : { *(.data) }
+  /DISCARD/ : { *(*) }
+}
Index: binutils/ld/testsuite/ld-mips-elf/binary.s
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ binutils/ld/testsuite/ld-mips-elf/binary.s	2017-07-07 04:49:43.697731505 +0100
@@ -0,0 +1,2 @@
+	.data
+	.ascii	"abcdefghijklmnop"
Index: binutils/ld/testsuite/ld-mips-elf/mips-elf.exp
===================================================================
--- binutils.orig/ld/testsuite/ld-mips-elf/mips-elf.exp	2017-07-07 03:14:58.946670877 +0100
+++ binutils/ld/testsuite/ld-mips-elf/mips-elf.exp	2017-07-07 03:15:01.926901199 +0100
@@ -1213,3 +1213,6 @@ run_ld_link_tests [list \
 	"relax-offset-umips"]]
 rename prune_warnings ""
 rename mips_old_prune_warnings prune_warnings
+
+# Verify that we can link ELF input into the `binary' output format.
+run_dump_test "binary"

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]