bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/26569] R_RISCV_RVC_JUMP results in buffer overflow

From: cvs-commit at gcc dot gnu.org
Subject: [Bug ld/26569] R_RISCV_RVC_JUMP results in buffer overflow
Date: Mon, 21 Sep 2020 00:11:32 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=26569

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b1b11e922b3de18b7e226da6fe6d87fa17564bde

commit b1b11e922b3de18b7e226da6fe6d87fa17564bde
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Sep 17 07:44:53 2020 +0930

    PR26569, R_RISCV_RVC_JUMP results in buffer overflow

    This patch corrects "size" and "bitsize" in R_RISCV_RVC_* reloc howtos
    so that elfnn-riscv.c:perform_relocation doesn't access past the end
    of a section.  I've also corrected "size" in the R_RISCV_CALL* reloc
    howtos since these relocs apply to two consecutive instructions.  That
    caused fallout in the assembler with complaints about "fixup not
    contained within frag" due to tc-riscv.c:append_insn finishing off a
    frag after the auipc insn making up a "call" macro.  Which is a little
    rude since the CALL reloc also relocates the following jalr.  Fixed by
    changing the frag handling a little.

    I've also changed R_RISCV_ALIGN and R_RISCV_TPREL_ADD marker reloc
    howtos to look like R_RISCV_NONE, and corrected dst_mask for numerous
    relocs, not that it matters very much.

    bfd/
            PR 26569
            * elfxx-riscv.c (howto_table): Correct size and bitsize of
            R_RISCV_RVC_BRANCH, R_RISCV_RVC_JUMP, and R_RISCV_RVC_LUI.
            Correct size for R_RISCV_TLS_DTPMOD32, R_RISCV_TLS_DTPREL32,
            R_RISCV_CALL, and R_RISCV_CALL_PLT.  Make R_RISCV_TPREL_ADD and
            R_RISCV_ALIGN like R_RISCV_NONE.  Correct dst_mask many relocs.
    gas/
            * config/tc-riscv.c (append_insn): Don't tie off frags at CALL
            relocs.
            (riscv_call): Tie them off after the jalr.
            (md_apply_fix): Zero fx_size of RELAX fixup.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]