Fix an indirection via uninitialised memory when parsing a corrupt input file.

PR 27839 * simple.c (simple_dummy_add_to_set): New function. (simple_dummy_constructor): New function. (simple_dummy_multiple_common): New function. (bfd_simple_get_relocated_section_contents): Zero out the callbacks structure, and then set the add_to_set, constructor and multiple_common fields.
2021-05-10 14:44:31 +01:00 · 2021-05-10 14:44:31 +01:00 · 23182ac0d8
commit 23182ac0d8
parent 5b45e89f56
2 changed files with 46 additions and 0 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,13 @@
+2021-05-10  Nick Clifton  <nickc@redhat.com>
+
+	PR 27839
+	* simple.c (simple_dummy_add_to_set): New function.
+	(simple_dummy_constructor): New function.
+	(simple_dummy_multiple_common): New function.
+	(bfd_simple_get_relocated_section_contents): Zero out the
+	callbacks structure, and then set the add_to_set, constructor and
+	multiple_common fields.
+
 2021-05-10  Dimitar Dimitrov  <dimitar@dinux.eu>

 	* elf32-pru.c (elf_backend_can_gc_sections): Define as 1.
--- a/bfd/simple.c
+++ b/bfd/simple.c
@ -24,6 +24,35 @@
 #include "libbfd.h"
 #include "bfdlink.h"

+static void
+simple_dummy_add_to_set (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+			 struct bfd_link_hash_entry *entry ATTRIBUTE_UNUSED,
+			 bfd_reloc_code_real_type reloc ATTRIBUTE_UNUSED,
+			 bfd *abfd ATTRIBUTE_UNUSED,
+			 asection *sec ATTRIBUTE_UNUSED,
+			 bfd_vma value ATTRIBUTE_UNUSED)
+{
+}
+
+static  void
+simple_dummy_constructor (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+			  bool constructor ATTRIBUTE_UNUSED,
+			  const char *name ATTRIBUTE_UNUSED,
+			  bfd *abfd ATTRIBUTE_UNUSED,
+			  asection *sec ATTRIBUTE_UNUSED,
+			  bfd_vma value ATTRIBUTE_UNUSED)
+{
+}
+
+static void
+simple_dummy_multiple_common (struct bfd_link_info * info ATTRIBUTE_UNUSED,
+			      struct bfd_link_hash_entry * entry ATTRIBUTE_UNUSED,
+			      bfd * abfd ATTRIBUTE_UNUSED,
+			      enum bfd_link_hash_type type ATTRIBUTE_UNUSED,
+			      bfd_vma size ATTRIBUTE_UNUSED)
+{
+}
+
 static void
 simple_dummy_warning (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
 		      const char *warning ATTRIBUTE_UNUSED,
@ -208,6 +237,9 @@ bfd_simple_get_relocated_section_contents (bfd *abfd,
  abfd->link.next = NULL;
  link_info.hash = _bfd_generic_link_hash_table_create (abfd);
  link_info.callbacks = &callbacks;
+  /* Make sure that any fields not initialised below do not
+     result in a potential indirection via a random address.  */
+  memset (&callbacks, 0, sizeof callbacks);
  callbacks.warning = simple_dummy_warning;
  callbacks.undefined_symbol = simple_dummy_undefined_symbol;
  callbacks.reloc_overflow = simple_dummy_reloc_overflow;
@ -215,7 +247,11 @@ bfd_simple_get_relocated_section_contents (bfd *abfd,
  callbacks.unattached_reloc = simple_dummy_unattached_reloc;
  callbacks.multiple_definition = simple_dummy_multiple_definition;
  callbacks.einfo = simple_dummy_einfo;
+  callbacks.multiple_common = simple_dummy_multiple_common;
+  callbacks.constructor = simple_dummy_constructor;
+  callbacks.add_to_set = simple_dummy_add_to_set;

+fprintf (stderr, "SIMPLE CALLBACKS %p\n", & callbacks);
  memset (&link_order, 0, sizeof (link_order));
  link_order.next = NULL;
  link_order.type = bfd_indirect_link_order;