From 707bad1b21c18cf8e570fb8df8f7c5961fb0f3a5 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" Date: Wed, 4 Apr 2018 02:00:49 +0100 Subject: [PATCH] PR binutils/22875: Visium/ELF: Prevent an out-of-bounds howto table access Prevent an out-of-bounds `visium_elf_howto_table' table access in `visium_info_to_howto_rela' by using the size of the table rather than R_VISIUM_max to determine the number of entries in the contiguous regular Visium relocation range defined and described in the table. bfd/ * elf32-visium.c (visium_info_to_howto_rela): Correct the range check for `visium_elf_howto_table' table access. --- bfd/ChangeLog | 5 +++++ bfd/elf32-visium.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 8e1df6d..991d11b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,10 @@ 2018-04-04 Maciej W. Rozycki + * elf32-visium.c (visium_info_to_howto_rela): Correct the range + check for `visium_elf_howto_table' table access. + +2018-04-04 Maciej W. Rozycki + * elf32-iq2000.c (iq2000_info_to_howto_rela): Correct the range check for `iq2000_elf_howto_table' table access. diff --git a/bfd/elf32-visium.c b/bfd/elf32-visium.c index 3f8d16a..e8f1c4c 100644 --- a/bfd/elf32-visium.c +++ b/bfd/elf32-visium.c @@ -25,6 +25,7 @@ #include "libbfd.h" #include "elf-bfd.h" #include "elf/visium.h" +#include "libiberty.h" static bfd_reloc_status_type visium_elf_howto_parity_reloc (bfd *, arelent *, asymbol *, PTR, asection *, bfd *, char **); @@ -475,7 +476,7 @@ visium_info_to_howto_rela (bfd *abfd, arelent *cache_ptr, break; default: - if (r_type >= (unsigned int) R_VISIUM_max) + if (r_type >= ARRAY_SIZE (visium_elf_howto_table)) { /* xgettext:c-format */ _bfd_error_handler (_("%pB: unsupported relocation type %#x"), -- 2.7.4