https://sourceware.org/bugzilla/show_bug.cgi?id=34327

--- Comment #1 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Alan Modra <[email protected]>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4a60f8f3278769d1c813b049fd648adc246fddb7

commit 4a60f8f3278769d1c813b049fd648adc246fddb7
Author: Alan Modra <[email protected]>
Date:   Thu Jul 2 10:48:34 2026 +0930

    PR 34327 Out of bounds accesses in reloc special functions.

    As per the PR, s12z lacked any reloc offset sanity checking, the
    others all just checked that the offset started within the section
    rather than checking the field was contained in the section.

    Using the proper check for mmix exposed a problem in the howto table,
    present since the initial mmix commit.  The R_MMIX_BASE_PLUS_OFFSET
    field is actually two bytes, located at the reloc address.  Making it
    an eight byte field is just wrong, as doing that indicates the field
    is at the reloc address plus six bytes for a big-endian target.
    Presumably this was done for overlow reporting, which is properly done
    by appropriately setting complain_on_overflow.

            * elf32-d30v.c (bfd_elf_d30v_reloc, bfd_elf_d30v_reloc_21): Use
            bfd_reloc_offset_in_range
            * elf32-s12z.c (opru18_reloc): Likewise.
            * elf32-spu.c (spu_elf_rel9): Likewise.
            * elf32-xstormy16.c (xstormy16_elf_24_reloc): Likewise.
            * elf32-visium.c (visium_elf_howto_parity_reloc): Likewise.
            Remove unnecessary casts too.
            * elf64-s390.c (s390_elf_ldisp_reloc): Likewise.
            * elfxx-sparc.c (init_insn_reloc): Likewise.
            * elf64-mmix.c (mmix_elf_reloc): Likewise.  Remove unnecessary
            variable too.
            (elf_mmix_howto_table[R_MMIX_BASE_PLUS_OFFSET]): Correct size,
            bitsize and complain_on_overflow.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to