IMAGE_SCN_LNK_NRELOC_OVFL

Message ID YQOXx2ekdYENEC2s@squeak.grove.modra.org
State New
Headers show
Series
  • IMAGE_SCN_LNK_NRELOC_OVFL
Related show

Commit Message

Cooper Qu via Binutils July 30, 2021, 6:10 a.m.
From microsoft docs: It is an error if IMAGE_SCN_LNK_NRELOC_OVFL is
set and there are fewer than 0xffff relocations in the section.

	* coffcode.h (coff_set_alignment_hook): Sanity check overflow
	reloc count.


-- 
Alan Modra
Australia Development Lab, IBM

Comments

Fangrui Song July 30, 2021, 7:04 a.m. | #1
On 2021-07-30, Alan Modra via Binutils wrote:
>From microsoft docs: It is an error if IMAGE_SCN_LNK_NRELOC_OVFL is

>set and there are fewer than 0xffff relocations in the section.

>

>	* coffcode.h (coff_set_alignment_hook): Sanity check overflow

>	reloc count.

>

>diff --git a/bfd/coffcode.h b/bfd/coffcode.h

>index 9b8798c8631..d2076effb41 100644

>--- a/bfd/coffcode.h

>+++ b/bfd/coffcode.h

>@@ -1951,6 +1951,12 @@ coff_set_alignment_hook (bfd * abfd ATTRIBUTE_UNUSED,

>       coff_swap_reloc_in (abfd, &dst, &n);

>       if (bfd_seek (abfd, oldpos, 0) != 0)

> 	return;

>+      if (n.r_vaddr < 0xffff)


hdr->s_nreloc

>+	{

>+	  _bfd_error_handler (_("%pB: overflow reloc count too small"), abfd);

>+	  bfd_set_error (bfd_error_bad_value);

>+	  return;

>+	}

>       section->reloc_count = hdr->s_nreloc = n.r_vaddr - 1;

>       section->rel_filepos += relsz;

>     }

>

>-- 

>Alan Modra

>Australia Development Lab, IBM
Fangrui Song July 30, 2021, 7:05 a.m. | #2
On 2021-07-30, Fangrui Song wrote:
>

>On 2021-07-30, Alan Modra via Binutils wrote:

>>From microsoft docs: It is an error if IMAGE_SCN_LNK_NRELOC_OVFL is

>>set and there are fewer than 0xffff relocations in the section.

>>

>>	* coffcode.h (coff_set_alignment_hook): Sanity check overflow

>>	reloc count.

>>

>>diff --git a/bfd/coffcode.h b/bfd/coffcode.h

>>index 9b8798c8631..d2076effb41 100644

>>--- a/bfd/coffcode.h

>>+++ b/bfd/coffcode.h

>>@@ -1951,6 +1951,12 @@ coff_set_alignment_hook (bfd * abfd ATTRIBUTE_UNUSED,

>>      coff_swap_reloc_in (abfd, &dst, &n);

>>      if (bfd_seek (abfd, oldpos, 0) != 0)

>>	return;

>>+      if (n.r_vaddr < 0xffff)

>

>hdr->s_nreloc


Ignore me. The code just looks weird.

>>+	{

>>+	  _bfd_error_handler (_("%pB: overflow reloc count too small"), abfd);

>>+	  bfd_set_error (bfd_error_bad_value);

>>+	  return;

>>+	}

>>      section->reloc_count = hdr->s_nreloc = n.r_vaddr - 1;

>>      section->rel_filepos += relsz;

>>    }

>>

>>-- 

>>Alan Modra

>>Australia Development Lab, IBM
Cooper Qu via Binutils July 30, 2021, 7:24 a.m. | #3
On Fri, Jul 30, 2021 at 12:05:10AM -0700, Fangrui Song wrote:
> 

> On 2021-07-30, Fangrui Song wrote:

> > 

> > On 2021-07-30, Alan Modra via Binutils wrote:

> > > From microsoft docs: It is an error if IMAGE_SCN_LNK_NRELOC_OVFL is

> > > set and there are fewer than 0xffff relocations in the section.

> > > 

> > > 	* coffcode.h (coff_set_alignment_hook): Sanity check overflow

> > > 	reloc count.

> > > 

> > > diff --git a/bfd/coffcode.h b/bfd/coffcode.h

> > > index 9b8798c8631..d2076effb41 100644

> > > --- a/bfd/coffcode.h

> > > +++ b/bfd/coffcode.h

> > > @@ -1951,6 +1951,12 @@ coff_set_alignment_hook (bfd * abfd ATTRIBUTE_UNUSED,

> > >      coff_swap_reloc_in (abfd, &dst, &n);

> > >      if (bfd_seek (abfd, oldpos, 0) != 0)

> > > 	return;

> > > +      if (n.r_vaddr < 0xffff)

> > 

> > hdr->s_nreloc

> 

> Ignore me. The code just looks weird.


Yes, and in looking at it again, I'm not certain I have the check
correct.  Since one is subtracted from n.r_vaddr, presumably to
account for the overflow reloc, the test probably ought to be
      if (n.r_vaddr < 0x10000)

-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 9b8798c8631..d2076effb41 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -1951,6 +1951,12 @@  coff_set_alignment_hook (bfd * abfd ATTRIBUTE_UNUSED,
       coff_swap_reloc_in (abfd, &dst, &n);
       if (bfd_seek (abfd, oldpos, 0) != 0)
 	return;
+      if (n.r_vaddr < 0xffff)
+	{
+	  _bfd_error_handler (_("%pB: overflow reloc count too small"), abfd);
+	  bfd_set_error (bfd_error_bad_value);
+	  return;
+	}
       section->reloc_count = hdr->s_nreloc = n.r_vaddr - 1;
       section->rel_filepos += relsz;
     }