Landing: f4441fd82f1c
Project / Subsystem
binutils / mips-coff
Date
2026-06-11
Author
Alan Modra <amodra@sourceware.org>
Commit
f4441fd82f1cf477683ed3c08271cff7e975937a
Source
public_inbox
Perf win
No
Breaking
No
All attributes
- project
- binutils
- subsystem
- mips-coff
- patch_id
- —
- commit_hash
- f4441fd82f1cf477683ed3c08271cff7e975937a
- source_type
- public_inbox
- headline
- Address buffer overflow in MIPS-COFF hi relocation handling
- tldr
- This commit fixes a buffer overflow vulnerability in the MIPS-COFF object file format relocation handling by making hi relocation lists section-specific and pe…
- author
- Alan Modra <amodra@sourceware.org>
- outcome
- committed
- performance_win
- false
- breaking_change
- false
- series_id
- —
- series_parts
- []
- tags
-
- • mips
- • coff
- • relocation
- • buffer overflow
- • security
- discussion_id_link
- —
- bugzilla_pr
- —
- date
- 2026-06-11T00:00:00.000Z
A buffer overflow was identified in the mips_reflo_reloc function when processing MIPS-COFF object files. This vulnerability arose because the hi relocation list was managed per-file rather than per-section, leading to situations where hi relocation section data could be freed prematurely, prior to being processed by lo relocations. The fix changes the storage of mips_refhi_list to be per-section and introduces a sanity check for the hi relocation offset using bfd_reloc_offset_in_range, preventing potential exploits and improving the robustness of the linker.