From 0405f40a79cfe5dd1abdc5818c617ae67fbbd02d Mon Sep 17 00:00:00 2001
From: Matthias Klose <doko@debian.org>
Date: Tue, 29 May 2018 14:46:35 +0100
Subject: [PATCH] pr23055

# DP: Fix PR ld/23055, memory corruption in ld.

bfd/

2018-04-17  Nick Clifton  <nickc@redhat.com>

	PR 23055
	* aoutx.h (find_nearest_line): Check that the symbol name exists
	and is long enough, before attempting to see if it is for a .o
	file.
	* hash.c (bfd_hash_hash): Add an assertion that the string is not
	NULL.
	* linker.c (bfd_link_hash_lookup): Fail if the table or string are
	NULL.
	(_bfd_generic_link_add_archive_symbols): Fail if an archive entry
	has no name.

2018-04-17  H.J. Lu  <hongjiu.lu@intel.com>

	PR ld/23055
	* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): Use a
	normal input file with compatible relocation.



Gbp-Pq: Name pr23055.diff
---
 bfd/aoutx.h     | 9 ++++++---
 bfd/elfxx-x86.c | 4 +++-
 bfd/hash.c      | 1 +
 bfd/linker.c    | 6 ++++++
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 8abaeb9e1..f14683e52 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -2737,7 +2737,10 @@ NAME (aout, find_nearest_line) (bfd *abfd,
 		  const char *symname;
 
 		  symname = q->symbol.name;
-		  if (strcmp (symname + strlen (symname) - 2, ".o") == 0)
+
+		  if (symname != NULL
+		      && strlen (symname) > 2
+		      && strcmp (symname + strlen (symname) - 2, ".o") == 0)
 		    {
 		      if (q->symbol.value > low_line_vma)
 			{
@@ -2802,8 +2805,8 @@ NAME (aout, find_nearest_line) (bfd *abfd,
 	    case N_FUN:
 	      {
 		/* We'll keep this if it is nearer than the one we have already.  */
-		if (q->symbol.value >= low_func_vma &&
-		    q->symbol.value <= offset)
+		if (q->symbol.value >= low_func_vma
+		    && q->symbol.value <= offset)
 		  {
 		    low_func_vma = q->symbol.value;
 		    func = (asymbol *)q;
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index b7edcde14..a75d073ba 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -2515,7 +2515,9 @@ error_alignment:
 	       abfd = abfd->link.next)
 	    if (bfd_get_flavour (abfd) == bfd_target_elf_flavour
 		&& (abfd->flags
-		    & (DYNAMIC | BFD_LINKER_CREATED | BFD_PLUGIN)) == 0)
+		    & (DYNAMIC | BFD_LINKER_CREATED | BFD_PLUGIN)) == 0
+		&& bed->relocs_compatible (abfd->xvec,
+					   info->output_bfd->xvec))
 	      {
 		htab->elf.dynobj = abfd;
 		dynobj = abfd;
diff --git a/bfd/hash.c b/bfd/hash.c
index 43c6005e7..852a95e05 100644
--- a/bfd/hash.c
+++ b/bfd/hash.c
@@ -435,6 +435,7 @@ bfd_hash_hash (const char *string, unsigned int *lenp)
   unsigned int len;
   unsigned int c;
 
+  BFD_ASSERT (string != NULL);
   hash = 0;
   len = 0;
   s = (const unsigned char *) string;
diff --git a/bfd/linker.c b/bfd/linker.c
index dac21bd9e..daf21d3e7 100644
--- a/bfd/linker.c
+++ b/bfd/linker.c
@@ -495,6 +495,9 @@ bfd_link_hash_lookup (struct bfd_link_hash_table *table,
 {
   struct bfd_link_hash_entry *ret;
 
+  if (table == NULL || string == NULL)
+    return NULL;
+
   ret = ((struct bfd_link_hash_entry *)
 	 bfd_hash_lookup (&table->table, string, create, copy));
 
@@ -941,6 +944,9 @@ _bfd_generic_link_add_archive_symbols
 	      continue;
 	    }
 
+	  if (arsym->name == NULL)
+	    goto error_return;
+				  
 	  h = bfd_link_hash_lookup (info->hash, arsym->name,
 				    FALSE, FALSE, TRUE);
 
-- 
2.30.2