[committed, PATCH] PR binutils/18437: BFD: abort in ELF PLT parsing

["H.J. Lu" <hongjiu dot lu at intel dot com>]

Extra relocations may be added to the .rel.plt/.rela.plt section, which
are unrelated to PLT.  We should skip them when retrieving PLT entry
symbol values.

	PR binutils/18437
	* elf32-i386.c (elf_i386_get_plt_sym_val): Skip extra relocations
	in .rel.plt/.rela.plt.
	* elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.
---
 bfd/ChangeLog      | 7 +++++++
 bfd/elf32-i386.c   | 5 +++++
 bfd/elf64-x86-64.c | 5 +++++
 3 files changed, 17 insertions(+)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index b5e4f39..87a0bff 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2015-05-26  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR binutils/18437
+	* elf32-i386.c (elf_i386_get_plt_sym_val): Skip extra relocations
+	in .rel.plt/.rela.plt.
+	* elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.
+
 2015-05-19  Jiong Wang  <jiong.wang@arm.com>
 
 	* elfnn-aarch64.c (aarch64_tls_transition_without_check): Sort
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index c6ff746..23d50e1 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -5260,6 +5260,11 @@ bad_return:
 	abort ();
       plt_sym_val[reloc_index] = plt->vma + plt_offset;
       plt_offset += bed->plt->plt_entry_size;
+
+      /* PR binutils/18437: Skip extra relocations in the .rel.plt
+	 section.  */
+      if (plt_offset >= plt->size)
+	break;
     }
 
   free (plt_contents);
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index 01df230..4428f97 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -5649,6 +5649,11 @@ bad_return:
       else
 	plt_sym_val[reloc_index] = plt->vma + plt_offset;
       plt_offset += bed->plt_entry_size;
+
+      /* PR binutils/18437: Skip extra relocations in the .rela.plt
+	 section.  */
+      if (plt_offset >= plt->size)
+	break;
     }
 
   free (plt_contents);
-- 
1.9.3