Fix memory access violations triggered by running objdump on fuzzed binaries.

PR binutils/17512 * elf-m10300.c (mn10300_info_to_howto): Replace assertion with an error message. Never return an invalid howto pointer. * elf32-cr16.c (cr16_info_to_howto): Likewise. * elf32-crx.c (elf_crx_info_to_howto): Likewise. * elf32-i370.c (i370_elf_info_to_howto): Likewise. * elf32-mcore.c (mcore_elf_info_to_howto): Likewise. * elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise. * elf32-mips.c (mips_elf32_rtype_to_howto): Likewise. * elf32-pj.c (pj_elf_info_to_howto): Likewise. * elf32-ppc.c (ppc_elf_info_to_howto): Likewise. * elf32-spu.c (spu_elf_info_to_howto): Likewise. * elf32-v850.c (v850_elf_info_to_howto_rela): Likewise. * elf32-vax.c (rtype_to_howto): Likewise. * elf64-alpha.c (elf64_alpha_info_to_howto): Likewise. * elf64-mips.c (mips_elf64_rtype_to_howto): Likewise. * elfn32-mips.c (sh_elf_info_to_howto): Likewise. * elf32-sh.c (sh_elf_info_to_howto): Likewise. (sh_elf_reloc): Check that the reloc is in range. * reloc.c (bfd_perform_relocation): Check that the section is big enough for the entire reloc. (bfd_generic_get_relocated_section_contents): Report unexpected return values from perform_reloc.
2025-12-28 18:10:46 +00:00 · 2015-01-15 16:22:55 +00:00
parent 2d071cfc66
commit cd21f5daad
18 changed files with 178 additions and 30 deletions
--- a/bfd/elfn32-mips.c
+++ b/bfd/elfn32-mips.c
@@ -3403,7 +3403,12 @@ mips_elf_n32_rtype_to_howto (unsigned int r_type, bfd_boolean rela_p)
 	  else
 	    return &elf_mips16_howto_table_rel[r_type - R_MIPS16_min];
 	}
-      BFD_ASSERT (r_type < (unsigned int) R_MIPS_max);
+      if (r_type >= R_MIPS_max)
+	{
+	  (*_bfd_error_handler) (_("unrecognised MIPS reloc number: %d"), r_type);
+	  bfd_set_error (bfd_error_bad_value);
+	  r_type = R_MIPS_NONE;
+	}
      if (rela_p)
 	return &elf_mips_howto_table_rela[r_type];
      else