From 73e927885c5d82ad8d4385cf55022fc3c25c65a6 Mon Sep 17 00:00:00 2001
From: Denis Protivensky <dprotivensky@accesssoftek.com>
Date: Fri, 8 May 2015 12:36:40 +0000
Subject: [ARM] Check overflow of R_ARM_CALL/JUMP24

llvm-svn: 236841
---
 lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp')

diff --git a/lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp b/lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp
index 665fcdd7213..746934adba9 100644
--- a/lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp
+++ b/lld/lib/ReaderWriter/ELF/ARM/ARMRelocationHandler.cpp
@@ -313,6 +313,9 @@ static std::error_code relocR_ARM_CALL(uint8_t *location, uint64_t P,
   const bool switchMode = addressesThumb;
 
   uint32_t result = (uint32_t)(((S + A) | T) - P);
+  if (!llvm::isInt<26>((int32_t)result))
+    return make_out_of_range_reloc_error();
+
   const uint32_t imm24 = (result & 0x03FFFFFC) >> 2;
 
   DEBUG(llvm::dbgs() << "\t\tHandle " << LLVM_FUNCTION_NAME << " -";
@@ -337,6 +340,9 @@ static std::error_code relocR_ARM_JUMP24(uint8_t *location, uint64_t P,
                                          bool addressesThumb) {
   uint64_t T = addressesThumb;
   uint32_t result = (uint32_t)(((S + A) | T) - P);
+  if (!llvm::isInt<26>((int32_t)result))
+    return make_out_of_range_reloc_error();
+
   const uint32_t imm24 = (result & 0x03FFFFFC) >> 2;
 
   DEBUG(llvm::dbgs() << "\t\tHandle " << LLVM_FUNCTION_NAME << " -";
-- 
cgit v1.2.3