Fix ppc64 ELFv1 assertion failure

Bogus assembly can hit an assertion in opd_entry_value when the symbol
referenced by a function descriptor is undefined.  Worse, the code
after the assert copies unitialised memory to return the code section.
This uninitialised pointer can later be dereferencd, possibly causing
a linker segmentation fault.

	* elf64-ppc.c (opd_entry_value): Remove assertion.  Instead,
	return -1 if symbol referenced is not defined.  Tidy.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 36a5b60..c7915b5 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2015-07-22  Alan Modra  <amodra@gmail.com>
+
+       * elf64-ppc.c (opd_entry_value): Remove assertion.  Instead,
+       return -1 if symbol referenced is not defined.  Tidy.
+
 2015-07-20  Alan Modra  <amodra@gmail.com>
 
        * po/SRC-POTFILES.in: Regenerate.

diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 468e8bf..ef08164 100644 (file)
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -6034,14 +6034,13 @@ opd_entry_value (asection *opd_sec,
                  if (rh != NULL)
                    {
                      rh = elf_follow_link (rh);
-                     BFD_ASSERT (rh->root.type == bfd_link_hash_defined
-                                 || rh->root.type == bfd_link_hash_defweak);
-                     val = rh->root.u.def.value;
-                     sec = rh->root.u.def.section;
-                     if (sec->owner != opd_bfd)
+                     if (rh->root.type != bfd_link_hash_defined
+                         && rh->root.type != bfd_link_hash_defweak)
+                       break;
+                     if (rh->root.u.def.section->owner == opd_bfd)
                        {
-                         sec = NULL;
-                         val = (bfd_vma) -1;
+                         val = rh->root.u.def.value;
+                         sec = rh->root.u.def.section;
                        }
                    }
                }