https://sourceware.org/bugzilla/show_bug.cgi?id=26569
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <amo...@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b1b11e922b3de18b7e226da6fe6d87fa17564bde commit b1b11e922b3de18b7e226da6fe6d87fa17564bde Author: Alan Modra <amo...@gmail.com> Date: Thu Sep 17 07:44:53 2020 +0930 PR26569, R_RISCV_RVC_JUMP results in buffer overflow This patch corrects "size" and "bitsize" in R_RISCV_RVC_* reloc howtos so that elfnn-riscv.c:perform_relocation doesn't access past the end of a section. I've also corrected "size" in the R_RISCV_CALL* reloc howtos since these relocs apply to two consecutive instructions. That caused fallout in the assembler with complaints about "fixup not contained within frag" due to tc-riscv.c:append_insn finishing off a frag after the auipc insn making up a "call" macro. Which is a little rude since the CALL reloc also relocates the following jalr. Fixed by changing the frag handling a little. I've also changed R_RISCV_ALIGN and R_RISCV_TPREL_ADD marker reloc howtos to look like R_RISCV_NONE, and corrected dst_mask for numerous relocs, not that it matters very much. bfd/ PR 26569 * elfxx-riscv.c (howto_table): Correct size and bitsize of R_RISCV_RVC_BRANCH, R_RISCV_RVC_JUMP, and R_RISCV_RVC_LUI. Correct size for R_RISCV_TLS_DTPMOD32, R_RISCV_TLS_DTPREL32, R_RISCV_CALL, and R_RISCV_CALL_PLT. Make R_RISCV_TPREL_ADD and R_RISCV_ALIGN like R_RISCV_NONE. Correct dst_mask many relocs. gas/ * config/tc-riscv.c (append_insn): Don't tie off frags at CALL relocs. (riscv_call): Tie them off after the jalr. (md_apply_fix): Zero fx_size of RELAX fixup. -- You are receiving this mail because: You are on the CC list for the bug.
