mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-01-24 12:35:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Binutils: Always skip only 1 byte for CIE version 1's return address register.

Browse Source 
According to the specification for the CIE entries, when the CIE version is 1 then
the return address register field is always 1 byte.  Readelf does this correctly in
read_cie in dwarf.c but ld does this incorrectly and always tries to read a
skip_leb128.  If the value here has the top bit set then ld will incorrectly read
at least another byte, causing either an assert failure or an incorrect address to
be used in eh_frame.

I'm not sure how to generate a generic test for this as I'd need to write assembly,
and it's a bit hard to trigger. Essentially the relocated value needs to start with
something that & 0x70 != 0x10 while trying to write a personality.

bfd/ChangeLog:

	* elf-eh-frame.c (_bfd_elf_write_section_eh_frame): Correct CIE parse.
This commit is contained in:
Tamar Christina 2019-03-01 11:37:51 +00:00
parent b24cc4146e
commit 4ffd290906
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bfd/ChangeLog
View File

@ -1,3 +1,7 @@
2019-02-28 Tamar Christina <tamar.christina@arm.com>
* elf-eh-frame.c (_bfd_elf_write_section_eh_frame): Correct CIE parse.
2019-02-28 Nick Clifton <nickc@redhat.com>
PR 24273

12
bfd/elf-eh-frame.c
View File

@ -1993,7 +1993,7 @@ _bfd_elf_write_section_eh_frame (bfd *abfd,
|| ent->u.cie.per_encoding_relative)
{
char *aug;
unsigned int action, extra_string, extra_data;
unsigned int version, action, extra_string, extra_data;
unsigned int per_width, per_encoding;
/* Need to find 'R' or 'L' augmentation's argument and modify
@ -2004,13 +2004,17 @@ _bfd_elf_write_section_eh_frame (bfd *abfd,
extra_string = extra_augmentation_string_bytes (ent);
extra_data = extra_augmentation_data_bytes (ent);
/* Skip length, id and version. */
buf += 9;
/* Skip length, id. */
buf += 8;
version = *buf++;
aug = (char *) buf;
buf += strlen (aug) + 1;
skip_leb128 (&buf, end);
skip_leb128 (&buf, end);
skip_leb128 (&buf, end);
if (version == 1)
skip_bytes (&buf, end, 1);
else
skip_leb128 (&buf, end);
if (*aug == 'z')
{
/* The uleb128 will always be a single byte for the kind