Fix an illegal memory access when accessing corrupt dynamic secondary relocations.

PR 26931 * elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to slurp_secondary_relocs field. (_bfd_elf_slurp_secondary_reloc_section): Update prototype. * elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new parameter. Compute number of symbols based upon the new parameter. * elfcode.h (elf_slurp_reloc_table): Pass dynamic as new parameter.
2020-11-23 14:07:02 +00:00
parent cbf097d7b0
commit f60742b2a1
4 changed files with 23 additions and 8 deletions
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -12560,9 +12560,10 @@ _bfd_elf_init_secondary_reloc_section (bfd * abfd,
 /* Read in any secondary relocs associated with SEC.  */

 bfd_boolean
-_bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
-					asection * sec,
-					asymbol ** symbols)
+_bfd_elf_slurp_secondary_reloc_section (bfd *       abfd,
+					asection *  sec,
+					asymbol **  symbols,
+					bfd_boolean dynamic)
 {
  const struct elf_backend_data * const ebd = get_elf_backend_data (abfd);
  asection * relsec;
@@ -12641,7 +12642,10 @@ _bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
 	      continue;
 	    }

-	  symcount = bfd_get_symcount (abfd);
+	  if (dynamic)
+	    symcount = bfd_get_dynamic_symcount (abfd);
+	  else
+	    symcount = bfd_get_symcount (abfd);

 	  for (i = 0, internal_reloc = internal_relocs,
 		 native_reloc = native_relocs;
@@ -12688,7 +12692,6 @@ _bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
 		  asymbol **ps;

 		  ps = symbols + r_sym (rela.r_info) - 1;
-
 		  internal_reloc->sym_ptr_ptr = ps;
 		  /* Make sure that this symbol is not removed by strip.  */
 		  (*ps)->flags |= BSF_KEEP;