PR binutils/22875: Visium/ELF: Prevent an out-of-bounds howto table access

Prevent an out-of-bounds `visium_elf_howto_table' table access in
`visium_info_to_howto_rela' by using the size of the table rather than
R_VISIUM_max to determine the number of entries in the contiguous
regular Visium relocation range defined and described in the table.

	bfd/
	* elf32-visium.c (visium_info_to_howto_rela): Correct the range
	check for `visium_elf_howto_table' table access.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 8e1df6d..991d11b 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
 2018-04-04  Maciej W. Rozycki  <macro@mips.com>
 
+       * elf32-visium.c (visium_info_to_howto_rela): Correct the range
+       check for `visium_elf_howto_table' table access.
+
+2018-04-04  Maciej W. Rozycki  <macro@mips.com>
+
        * elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range
        check for `iq2000_elf_howto_table' table access.
 

diff --git a/bfd/elf32-visium.c b/bfd/elf32-visium.c
index 3f8d16a..e8f1c4c 100644 (file)
--- a/bfd/elf32-visium.c
+++ b/bfd/elf32-visium.c
@@ -25,6 +25,7 @@
 #include "libbfd.h"
 #include "elf-bfd.h"
 #include "elf/visium.h"
+#include "libiberty.h"
 
 static bfd_reloc_status_type visium_elf_howto_parity_reloc
   (bfd *, arelent *, asymbol *, PTR, asection *, bfd *, char **);
@@ -475,7 +476,7 @@ visium_info_to_howto_rela (bfd *abfd, arelent *cache_ptr,
       break;
 
     default:
-      if (r_type >= (unsigned int) R_VISIUM_max)
+      if (r_type >= ARRAY_SIZE (visium_elf_howto_table))
        {
          /* xgettext:c-format */
          _bfd_error_handler (_("%pB: unsupported relocation type %#x"),