diff mbox series

buffer overflow in nds32_elf_lo12_reloc

Message ID ahVrCSmtOp-QIIkU@squeak.grove.modra.org
State New
Headers
Series buffer overflow in nds32_elf_lo12_reloc |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm fail Patch failed to apply
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 fail Patch failed to apply

Commit Message

Alan Modra May 26, 2026, 9:42 a.m. UTC 
  nds32_elf_lo12_reloc reads the lo reloc word when processing stashed
hi relocs.

	* elf32-nds32.c: Replace bfd_octets_per_byte with OCTETS_PER_BYTE
	throughout file.
	(nds32_elf_lo12_reloc): Sanity check reloc offset.
diff mbox series

Patch

diff --git a/bfd/elf32-nds32.c b/bfd/elf32-nds32.c
index 0f6c676eb94..1912f94caa3 100644
--- a/bfd/elf32-nds32.c
+++ b/bfd/elf32-nds32.c
@@ -2697,7 +2697,7 @@  nds32_elf_do_9_pcrel_reloc (bfd *               abfd,
   bfd_reloc_status_type status;
 
   /* Sanity check the address (offset in section).  */
-  bfd_vma octet = offset * bfd_octets_per_byte (abfd, input_section);
+  bfd_vma octet = offset * OCTETS_PER_BYTE (abfd, input_section);
   if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octet))
     return bfd_reloc_outofrange;
 
@@ -2821,7 +2821,7 @@  nds32_elf_hi20_reloc (bfd *abfd,
 
   /* Sanity check the address (offset in section).  */
   bfd_vma octet = (reloc_entry->address
-		   * bfd_octets_per_byte (abfd, input_section));
+		   * OCTETS_PER_BYTE (abfd, input_section));
   if (!bfd_reloc_offset_in_range (reloc_entry->howto,
 				  abfd, input_section, octet))
     return bfd_reloc_outofrange;
@@ -2901,6 +2901,12 @@  nds32_elf_lo12_reloc (bfd *input_bfd, arelent *reloc_entry, asymbol *symbol,
       return bfd_reloc_ok;
     }
 
+  bfd_vma octet = (reloc_entry->address
+		   * OCTETS_PER_BYTE (input_bfd, input_section));
+  if (!bfd_reloc_offset_in_range (reloc_entry->howto, input_bfd, input_section,
+				  octet))
+    return bfd_reloc_outofrange;
+
   sdata = nds32_elf_section_data (input_section);
   if (sdata->nds32_hi20_list != NULL)
     {
@@ -2992,7 +2998,7 @@  nds32_elf_generic_reloc (bfd *input_bfd, arelent *reloc_entry,
 
   /* Sanity check the address (offset in section).  */
   bfd_vma octet = (reloc_entry->address
-		   * bfd_octets_per_byte (input_bfd, input_section));
+		   * OCTETS_PER_BYTE (input_bfd, input_section));
   if (!bfd_reloc_offset_in_range (reloc_entry->howto, input_bfd, input_section,
 				  octet))
     return bfd_reloc_outofrange;
@@ -4753,7 +4759,7 @@  nds32_elf_final_link_relocate (reloc_howto_type *howto, bfd *input_bfd,
   bfd_vma relocation;
 
   /* Sanity check the address.  */
-  bfd_vma octet = address * bfd_octets_per_byte (input_bfd, input_section);
+  bfd_vma octet = address * OCTETS_PER_BYTE (input_bfd, input_section);
   if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octet))
     return bfd_reloc_outofrange;