https://sourceware.org/bugzilla/show_bug.cgi?id=33358
Bug ID: 33358
Summary: Incorrect PLT check
Product: binutils
Version: 2.46 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
Target: x86
elf_x86_64_get_synthetic_symtab has
/* Match lazy PLT first. Need to check the first two
instructions. */
if ((memcmp (plt_contents, lazy_plt->plt0_entry,
lazy_plt->plt0_got1_offset) == 0)
&& (memcmp (plt_contents + 6, lazy_plt->plt0_entry + 6,
2) == 0))
{
if (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
lazy_ibt_plt->plt_entry,
lazy_ibt_plt->plt_got_offset) == 0)
{
/* The fist entry in the lazy IBT PLT is the same as
the lazy PLT. */
plt_type = plt_lazy | plt_second;
lazy_plt = lazy_ibt_plt;
}
else
plt_type = plt_lazy;
}
However,
static const bfd_byte elf_x86_64_lazy_ibt_plt_entry[LAZY_PLT_ENTRY_SIZE] =
{
0xf3, 0x0f, 0x1e, 0xfa, /* endbr64 */
0x68, 0, 0, 0, 0, /* pushq immediate */
0xe9, 0, 0, 0, 0, /* jmpq relative */
0x66, 0x90 /* xchg %ax,%ax */
};
doesn't have a field for plt_got_offset as in
static const bfd_byte elf_x86_64_lazy_plt_entry[LAZY_PLT_ENTRY_SIZE] =
{
0xff, 0x25, /* jmpq *name@GOTPC(%rip) */
0, 0, 0, 0, /* replaced with offset to this symbol in .got. */
^^^^^^^^^^^^^^ plt_got_offset
0x68, /* pushq immediate */
0, 0, 0, 0, /* replaced with index into relocation table. */
0xe9, /* jmp relative */
0, 0, 0, 0 /* replaced with offset to start of .plt0. */
};
plt_reloc_offset should be used instead.
--
You are receiving this mail because:
You are on the CC list for the bug.
