Address buffer overflow in MIPS-COFF hi relocation handling
This commit fixes a buffer overflow vulnerability in the MIPS-COFF object file format relocation handling by making hi relocation lists section-specific and pe…
A buffer overflow was identified in the mips_reflo_reloc function when processing MIPS-COFF object files. This vulnerability arose because the hi relocation list was managed per-file rather than per-section, leading to situations where hi relocation section data could be freed prematurely, prior to being processed by lo relocations. The fix changes the storage of mips_refhi_list to be per-section and introduces a sanity check for the hi relocation offset using bfd_reloc_offset_in_range, preventing potential exploits and improving the robustness of the linker.
In Details
This fix targets the MIPS-COFF object file format within the Binary File Descriptor (BFD) library, specifically concerning "hi/lo" relocations. These are a common pattern in MIPS (and other architectures) where a 32-bit address is split into two parts: a high 16 bits (hi) and a low 16 bits (lo), applied by separate relocation entries. The mips_refhi_list stores information about the hi relocations. The previous implementation had a mips_refhi_list in ecoff_tdata, which is per-file. Moving it to ecoff_section_tdata makes it per-section, aligning memory management with the relocation pr…
For Context
When you compile a program, the linker's job is to combine different pieces of code and data into a single executable file. A crucial part of this process is called "relocation," where the linker adjusts addresses and references within the code to point to the correct locations in the final program. In the MIPS architecture, this often involves a special two-step process called "hi/lo" relocations for handling memory addresses. This commit fixes a bug where the linker could mishandle these hi/lo relocations in a specific file format (MIPS-COFF). The previous approach could lead to a 'buffer overflow,' which is a type of software vulnerability where a program writes data beyond its allocated memory, potentially causing crashes or security risks. The fix ensures that the linker properly manages these address adjustments, especially when dealing with complex or unusual object files, making the linking process more secure and reliable.