https://sourceware.org/bugzilla/show_bug.cgi?id=34327
--- Comment #1 from Sourceware Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <[email protected]>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4a60f8f3278769d1c813b049fd648adc246fddb7 commit 4a60f8f3278769d1c813b049fd648adc246fddb7 Author: Alan Modra <[email protected]> Date: Thu Jul 2 10:48:34 2026 +0930 PR 34327 Out of bounds accesses in reloc special functions. As per the PR, s12z lacked any reloc offset sanity checking, the others all just checked that the offset started within the section rather than checking the field was contained in the section. Using the proper check for mmix exposed a problem in the howto table, present since the initial mmix commit. The R_MMIX_BASE_PLUS_OFFSET field is actually two bytes, located at the reloc address. Making it an eight byte field is just wrong, as doing that indicates the field is at the reloc address plus six bytes for a big-endian target. Presumably this was done for overlow reporting, which is properly done by appropriately setting complain_on_overflow. * elf32-d30v.c (bfd_elf_d30v_reloc, bfd_elf_d30v_reloc_21): Use bfd_reloc_offset_in_range * elf32-s12z.c (opru18_reloc): Likewise. * elf32-spu.c (spu_elf_rel9): Likewise. * elf32-xstormy16.c (xstormy16_elf_24_reloc): Likewise. * elf32-visium.c (visium_elf_howto_parity_reloc): Likewise. Remove unnecessary casts too. * elf64-s390.c (s390_elf_ldisp_reloc): Likewise. * elfxx-sparc.c (init_insn_reloc): Likewise. * elf64-mmix.c (mmix_elf_reloc): Likewise. Remove unnecessary variable too. (elf_mmix_howto_table[R_MMIX_BASE_PLUS_OFFSET]): Correct size, bitsize and complain_on_overflow. -- You are receiving this mail because: You are on the CC list for the bug.
