This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] MIPS/LD: Fix a segfault from ELF `e_flags' access with non-ELF output BFD
- From: Maciej W.Rozycki <macro at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 7 Jul 2017 17:00:39 -0000
- Subject: [binutils-gdb] MIPS/LD: Fix a segfault from ELF `e_flags' access with non-ELF output BFD
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e54cb31aa33a124f746ff40c134e20e6d2bc6c34
commit e54cb31aa33a124f746ff40c134e20e6d2bc6c34
Author: Maciej W. Rozycki <macro@imgtec.com>
Date: Fri Jul 7 17:58:03 2017 +0100
MIPS/LD: Fix a segfault from ELF `e_flags' access with non-ELF output BFD
Fix a commit 861fb55ab50a ("Defer allocation of R_MIPS_REL32 GOT
slots"), <https://sourceware.org/ml/binutils/2008-08/msg00096.html>,
regression and a more recent:
FAIL: ld-unique/pr21529
new LD test case failure, observed with all the relevant MIPS targets
whenever the linker is invoked with one or more ELF inputs and the
output format set to `binary'.
The culprit is a segmentation fault caused in `mips_before_allocation'
by a null pointer dereference, where an attempt is made to access the
ELF file header's `e_flags' member, for the purpose of determining
whether to produce a PLT and copy relocations, without first checking
that the output BFD is ELF. The `e_flags' member is stored in BFD's
private data pointed to by `tdep', which in the case of the `binary' BFD
is null, causing the segmentation fault. With other non-ELF BFDs such
as SREC `tdep' is not null and consequently no crash may happen and in
that case random data will be interpreted as it was `e_flags'.
Disable the access to `e_flags' then and all the associated checks and
consequently never produce a PLT and copy relocations if output is not a
MIPS ELF BFD, matching `_bfd_mips_elf_merge_private_bfd_data' that does
not process `e_flags' in that case either and therefore does not let us
decide here anyway if all the input objects included in the link are
suitable for use with a PLT and copy relocations.
ld/
* emultempl/mipself.em (mips_before_allocation): Avoid ELF
processing if not MIPS ELF.
* testsuite/ld-mips-elf/binary.d: New test.
* testsuite/ld-mips-elf/binary.ld: New test linker script.
* testsuite/ld-mips-elf/binary.s: New test source.
* testsuite/ld-mips-elf/mips-elf.exp: Run the new test.
Diff:
---
ld/ChangeLog | 9 +++++++++
ld/emultempl/mipself.em | 15 +++++++++------
ld/testsuite/ld-mips-elf/binary.d | 8 ++++++++
ld/testsuite/ld-mips-elf/binary.ld | 5 +++++
ld/testsuite/ld-mips-elf/binary.s | 2 ++
ld/testsuite/ld-mips-elf/mips-elf.exp | 3 +++
6 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/ld/ChangeLog b/ld/ChangeLog
index cb72710..2151602 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,12 @@
+2017-07-07 Maciej W. Rozycki <macro@imgtec.com>
+
+ * emultempl/mipself.em (mips_before_allocation): Avoid ELF
+ processing if not MIPS ELF.
+ * testsuite/ld-mips-elf/binary.d: New test.
+ * testsuite/ld-mips-elf/binary.ld: New test linker script.
+ * testsuite/ld-mips-elf/binary.s: New test source.
+ * testsuite/ld-mips-elf/mips-elf.exp: Run the new test.
+
2017-07-07 Alan Modra <amodra@gmail.com>
* testsuite/ld-powerpc/ppc476-shared.lnk: Align .bss.
diff --git a/ld/emultempl/mipself.em b/ld/emultempl/mipself.em
index cd68707..d541fef 100644
--- a/ld/emultempl/mipself.em
+++ b/ld/emultempl/mipself.em
@@ -214,13 +214,16 @@ mips_create_output_section_statements (void)
static void
mips_before_allocation (void)
{
- flagword flags;
+ if (is_mips_elf (link_info.output_bfd))
+ {
+ flagword flags;
- flags = elf_elfheader (link_info.output_bfd)->e_flags;
- if (!bfd_link_pic (&link_info)
- && !link_info.nocopyreloc
- && (flags & (EF_MIPS_PIC | EF_MIPS_CPIC)) == EF_MIPS_CPIC)
- _bfd_mips_elf_use_plts_and_copy_relocs (&link_info);
+ flags = elf_elfheader (link_info.output_bfd)->e_flags;
+ if (!bfd_link_pic (&link_info)
+ && !link_info.nocopyreloc
+ && (flags & (EF_MIPS_PIC | EF_MIPS_CPIC)) == EF_MIPS_CPIC)
+ _bfd_mips_elf_use_plts_and_copy_relocs (&link_info);
+ }
gld${EMULATION_NAME}_before_allocation ();
}
diff --git a/ld/testsuite/ld-mips-elf/binary.d b/ld/testsuite/ld-mips-elf/binary.d
new file mode 100644
index 0000000..eb88c1c
--- /dev/null
+++ b/ld/testsuite/ld-mips-elf/binary.d
@@ -0,0 +1,8 @@
+#objdump: -b binary -s
+#name: MIPS link ELF into binary output format
+#ld: -r --oformat=binary -T binary.ld
+
+.*: +file format binary
+
+Contents of section \.data:
+ 0000 61626364 65666768 696a6b6c 6d6e6f70 abcdefghijklmnop
diff --git a/ld/testsuite/ld-mips-elf/binary.ld b/ld/testsuite/ld-mips-elf/binary.ld
new file mode 100644
index 0000000..037ae69
--- /dev/null
+++ b/ld/testsuite/ld-mips-elf/binary.ld
@@ -0,0 +1,5 @@
+SECTIONS
+{
+ .data : { *(.data) }
+ /DISCARD/ : { *(*) }
+}
diff --git a/ld/testsuite/ld-mips-elf/binary.s b/ld/testsuite/ld-mips-elf/binary.s
new file mode 100644
index 0000000..fbc0244
--- /dev/null
+++ b/ld/testsuite/ld-mips-elf/binary.s
@@ -0,0 +1,2 @@
+ .data
+ .ascii "abcdefghijklmnop"
diff --git a/ld/testsuite/ld-mips-elf/mips-elf.exp b/ld/testsuite/ld-mips-elf/mips-elf.exp
index 4360b83..4008da0 100644
--- a/ld/testsuite/ld-mips-elf/mips-elf.exp
+++ b/ld/testsuite/ld-mips-elf/mips-elf.exp
@@ -1213,3 +1213,6 @@ run_ld_link_tests [list \
"relax-offset-umips"]]
rename prune_warnings ""
rename mips_old_prune_warnings prune_warnings
+
+# Verify that we can link ELF input into the `binary' output format.
+run_dump_test "binary"