This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
COFF buffer overflow in mark_relocs
- From: Alan Modra <amodra at gmail dot com>
- To: binutils at sourceware dot org
- Date: Fri, 15 Jul 2016 19:09:09 +0930
- Subject: COFF buffer overflow in mark_relocs
- Authentication-results: sourceware.org; auth=none
Found when playing with i386-coff absolute relocs.
* cofflink.c (mark_relocs): Exclude relocs with -1 r_symndx
from marking sym_indices.
diff --git a/bfd/cofflink.c b/bfd/cofflink.c
index bcdf778..0f6ef59 100644
--- a/bfd/cofflink.c
+++ b/bfd/cofflink.c
@@ -1398,7 +1398,8 @@ mark_relocs (struct coff_final_link_info *flaginfo, bfd *input_bfd)
in the relocation table. This will then be picked up in the
skip/don't-skip pass. */
for (; irel < irelend; irel++)
- flaginfo->sym_indices[ irel->r_symndx ] = -1;
+ if ((unsigned long) irel->r_symndx < obj_raw_syment_count (input_bfd))
+ flaginfo->sym_indices[irel->r_symndx] = -1;
}
}
--
Alan Modra
Australia Development Lab, IBM