Landing: 1c6e6d2fc53f
Project / Subsystem
binutils / bfd/elf32-fr30
Date
2026-05-24
Author
Alan Modra <amodra@sourceware.org>
Commit
1c6e6d2fc53fbc60d599c4f4bb4156d2928e175e
Source
public_inbox
Perf win
No
Breaking
No
All attributes
- project
- binutils
- subsystem
- bfd/elf32-fr30
- patch_id
- —
- commit_hash
- 1c6e6d2fc53fbc60d599c4f4bb4156d2928e175e
- source_type
- public_inbox
- headline
- Fix buffer overflow in FR30 i20/i32 relocation handlers (PR 34159)
- tldr
- Patches a fuzzer-discovered buffer overflow in FR30's custom relocation functions by adding bounds checking.
- author
- Alan Modra <amodra@sourceware.org>
- outcome
- committed
- performance_win
- false
- breaking_change
- false
- series_id
- —
- series_parts
- []
- tags
-
- • security
- • relocation
- • fr30
- • fuzzing
- • buffer-overflow
- discussion_id_link
- public_inbox:binutils#34159
- bugzilla_pr
- —
- date
- 2026-05-24T00:00:00.000Z
The FR30 ELF backend’s custom relocation handlers for i20 and i32 relocations lacked offset validation, allowing malformed object files to trigger out-of-bounds memory access. The patch replaces partial generic-reloc logic with a proper call to bfd_elf_generic_reloc for relocatable links and adds bfd_reloc_offset_in_range checks before accessing section data. This hardens the linker against crafted inputs that previously could cause crashes or potentially worse memory corruption during relocation processing.