From aeaaa9af6359c8e394ce9cf24911fec4f4d23703 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 23 Sep 2025 08:52:26 +0800 Subject: [PATCH] elf: Return error on unsorted symbol table if not allowed Normally ELF symbol table should be sorted, i.e., local symbols precede global symbols. Irix 6 is an exception and its elf_bad_symtab is set to true. Issue an error if elf_bad_symtab is false and symbol table is unsorted. PR ld/33450 * elflink.c (set_symbol_value): Change return type to bool and return false on error. Issue an error on unsorted symbol table if not allowed. (elf_link_input_bfd): Return false if set_symbol_value reurns false. Signed-off-by: H.J. Lu CVE: CVE-2025-11414 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703] Signed-off-by: Peter Marko --- bfd/elflink.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/bfd/elflink.c b/bfd/elflink.c index 66982f82b94..54f0d6e957e 100644 --- a/bfd/elflink.c +++ b/bfd/elflink.c @@ -9127,7 +9127,7 @@ struct elf_outext_info := as in C := as in C, plus "0-" for unambiguous negation. */ -static void +static bool set_symbol_value (bfd *bfd_with_globals, Elf_Internal_Sym *isymbuf, size_t locsymcount, @@ -9148,9 +9148,15 @@ set_symbol_value (bfd *bfd_with_globals, "absolute" section and give it a value. */ sym->st_shndx = SHN_ABS; sym->st_value = val; - return; + return true; + } + if (!elf_bad_symtab (bfd_with_globals)) + { + _bfd_error_handler (_("%pB: corrupt symbol table"), + bfd_with_globals); + bfd_set_error (bfd_error_bad_value); + return false; } - BFD_ASSERT (elf_bad_symtab (bfd_with_globals)); extsymoff = 0; } @@ -9160,11 +9166,12 @@ set_symbol_value (bfd *bfd_with_globals, if (h == NULL) { /* FIXMEL What should we do ? */ - return; + return false; } h->root.type = bfd_link_hash_defined; h->root.u.def.value = val; h->root.u.def.section = bfd_abs_section_ptr; + return true; } static bool @@ -11862,8 +11869,10 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) return false; /* Symbol evaluated OK. Update to absolute value. */ - set_symbol_value (input_bfd, isymbuf, locsymcount, - r_symndx, val); + if (!set_symbol_value (input_bfd, isymbuf, locsymcount, r_symndx, + val)) + return false; + continue; }