MIPS64/BFD: Fix a crash with invalid `r_sym' in relocation

[deliverable/binutils-gdb.git] / bfd / elf64-mips.c

diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c
index 115047f32c08d2a20bf21b3d5c7e1939944f1cd4..86e55897cfe8f5d2f177ce6c08ee4fb6d7e76a13 100644 (file)
--- a/bfd/elf64-mips.c
+++ b/bfd/elf64-mips.c
@@ -3669,6 +3669,7 @@ mips_elf64_slurp_one_reloc_table (bfd *abfd, asection *asect,
 {
   void *allocated;
   bfd_byte *native_relocs;
+  unsigned int symcount;
   arelent *relent;
   bfd_vma i;
   int entsize;
@@ -3694,6 +3695,11 @@ mips_elf64_slurp_one_reloc_table (bfd *abfd, asection *asect,
   else
     rela_p = TRUE;
 
+  if (dynamic)
+    symcount = bfd_get_dynamic_symcount (abfd);
+  else
+    symcount = bfd_get_symcount (abfd);
+
   for (i = 0, relent = relents;
        i < reloc_count;
        i++, native_relocs += entsize)
@@ -3750,6 +3756,17 @@ mips_elf64_slurp_one_reloc_table (bfd *abfd, asection *asect,
                {
                  if (rela.r_sym == STN_UNDEF)
                    relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+                 else if (rela.r_sym > symcount)
+                   {
+                     _bfd_error_handler
+                       /* xgettext:c-format */
+                       (_("%pB(%pA): relocation %" PRIu64
+                          " has invalid symbol index %ld"),
+                        abfd, asect, (uint64_t) i, rela.r_sym);
+                     bfd_set_error (bfd_error_bad_value);
+                     relent->sym_ptr_ptr
+                       = bfd_abs_section_ptr->symbol_ptr_ptr;
+                   }
                  else
                    {
                      asymbol **ps, *s;