PATCH: Check 64-bit relocation addend overflow for x32
H.J. Lu
hjl.tools@gmail.com
Thu May 10 03:51:00 GMT 2012
On Wed, May 9, 2012 at 8:27 PM, H.J. Lu <hongjiu.lu@intel.com> wrote:
> Hi,
>
> 64-bit relocation addend may overflow for x32. I checked in it this
> patch to prevent it.
>
>
> H.J.
> ---
> diff --git a/bfd/ChangeLog b/bfd/ChangeLog
> index 4c49cf9..ee2c264 100644
> --- a/bfd/ChangeLog
> +++ b/bfd/ChangeLog
> @@ -1,3 +1,8 @@
> +2012-05-09 H.J. Lu <hongjiu.lu@intel.com>
> +
> + * elf64-x86-64.c (elf_x86_64_relocate_section): Check addend
> + overflow for R_X86_64_RELATIVE64.
> +
> 2012-05-08 Ben Cheng <bccheng@google.com>
>
> * bfd/elf.c: Preserve the original p_align and p_flags if they are
> diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
> index de7fd6f..8eafbf0 100644
> --- a/bfd/elf64-x86-64.c
> +++ b/bfd/elf64-x86-64.c
> @@ -3681,6 +3681,27 @@ elf_x86_64_relocate_section (bfd *output_bfd,
> outrel.r_info = htab->r_info (0,
> R_X86_64_RELATIVE64);
> outrel.r_addend = relocation + rel->r_addend;
> + /* Check addend overflow. */
> + if ((outrel.r_addend & 0x80000000)
> + != (rel->r_addend & 0x80000000))
> + {
> + const char *name;
> + if (h && h->root.root.string)
> + name = h->root.root.string;
> + else
> + name = bfd_elf_sym_name (input_bfd, symtab_hdr,
> + sym, NULL);
> + (*_bfd_error_handler)
> + (_("%B: addend %ld in relocation %s against "
> + "symbol `%s' at 0x%lx in section `%A' is "
> + "out of range"),
> + input_bfd, input_section,
> + (long) rel->r_addend,
> + x86_64_elf_howto_table[r_type].name,
> + name, (unsigned long) rel->r_offset);
> + bfd_set_error (bfd_error_bad_value);
> + return FALSE;
> + }
> }
> else
> {
> diff --git a/gas/ChangeLog b/gas/ChangeLog
> index 2cc6360..3b43ecd 100644
> --- a/gas/ChangeLog
> +++ b/gas/ChangeLog
> @@ -1,3 +1,8 @@
> +2012-05-09 H.J. Lu <hongjiu.lu@intel.com>
> +
> + * config/tc-i386.c (tc_gen_reloc): Check x32 addend overflow
> + for BFD_RELOC_64.
> +
> 2012-05-08 Alan Modra <amodra@gmail.com>
>
An update:
Index: ChangeLog
===================================================================
RCS file: /cvs/src/src/gas/ChangeLog,v
retrieving revision 1.4724
diff -u -p -r1.4724 ChangeLog
--- ChangeLog 10 May 2012 03:25:14 -0000 1.4724
+++ ChangeLog 10 May 2012 03:47:54 -0000
@@ -1,5 +1,9 @@
2012-05-09 H.J. Lu <hongjiu.lu@intel.com>
+ * config/tc-i386.c (tc_gen_reloc): Use fits_in_signed_long.
+
+2012-05-09 H.J. Lu <hongjiu.lu@intel.com>
+
* config/tc-i386.c (tc_gen_reloc): Check x32 addend overflow
for BFD_RELOC_64.
Index: config/tc-i386.c
===================================================================
RCS file: /cvs/src/src/gas/config/tc-i386.c,v
retrieving revision 1.490
diff -u -p -r1.490 tc-i386.c
--- config/tc-i386.c 10 May 2012 03:25:15 -0000 1.490
+++ config/tc-i386.c 10 May 2012 03:47:54 -0000
@@ -9175,8 +9175,7 @@ tc_gen_reloc (asection *section ATTRIBUT
{
case BFD_RELOC_64:
/* Check addend overflow. */
- if ((long long) fixp->fx_offset > 0x7fffffffLL
- || (long long) fixp->fx_offset < -0x80000000LL)
+ if (!fits_in_signed_long (fixp->fx_offset))
{
as_bad_where (fixp->fx_file, fixp->fx_line,
_("cannot represent relocation %s with addend %lld in x32 mode"),
--
H.J.
More information about the Binutils
mailing list