mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-04-12 14:33:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Test SEC_HAS_CONTENTS before reading section contents

Browse Source 
bfd_malloc_and_get_section does size sanity checking before allocating
memory and reading contents.  These size checks are not done for bss
style sections, because they typically don't occupy file space and
thus can't be compared against file size.  However, if you are
expecting to look at something other than a whole lot of zeros, don't
allow fuzzers to avoid the size checking.

	* cofflink.c (process_embedded_commands): Don't look at
	sections without SEC_HAS_CONTENTS set.
	* cpu-arm.c (bfd_arm_update_notes): Likewise.
	(bfd_arm_get_mach_from_notes): Likewise.
	* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Likewise.
	* elf-hppa.h (elf_hppa_sort_unwind): Likewise.
	* elf-m10300.c (mn10300_elf_relax_section): Likewise.
	* elf-sframe.c (_bfd_elf_parse_sframe): Likewise.
	* elf.c (_bfd_elf_print_private_bfd_data): Likewise.
	* elf32-arm.c (bfd_elf32_arm_process_before_allocation): Likewise.
	* elf32-avr.c (avr_elf32_load_property_records): Likewise.
	* elf32-ppc.c (_bfd_elf_ppc_set_arch): Likewise.
	(ppc_elf_get_synthetic_symtab, ppc_elf_relax_section): Likewise.
	* elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise.
	(opd_entry_value, ppc64_elf_edit_opd, ppc64_elf_edit_toc): Likewise.
	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
	* elflink.c (elf_link_add_object_symbols): Likewise.
	(bfd_elf_get_bfd_needed_list): Likewise.
	* elfnn-aarch64.c (get_plt_type): Likewise.
	* elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise.
	* linker.c (_bfd_handle_already_linked): Likewise.
	* opncls.c (bfd_get_debug_link_info_1): Likewise.
	(bfd_get_alt_debug_link_info, get_build_id): Likewise.
	* peXXigen.c (pe_print_idata, pe_print_pdata): Likewise.
	(_bfd_XX_print_ce_compressed_pdata, pe_print_reloc): Likewise.
	* pei-x86_64.c (pex64_bfd_print_pdata_section): Likewise.
	* stabs.c (_bfd_link_section_stabs): Likewise.
	(_bfd_discard_section_stabs): Likewise.
	* xcofflink.c (_bfd_xcoff_get_dynamic_symtab_upper_bound): Likewise.
	(_bfd_xcoff_canonicalize_dynamic_symtab): Likewise.
	(_bfd_xcoff_get_dynamic_reloc_upper_bound): Likewise.
	(_bfd_xcoff_canonicalize_dynamic_reloc): Likewise.
	(xcoff_link_add_dynamic_symbols): Likewise.
	(xcoff_link_check_dynamic_ar_symbols): Likewise.
	(bfd_xcoff_build_dynamic_sections): Likewise.
This commit is contained in:
Alan Modra 2023-02-22 07:47:36 +10:30
parent 2c5c22d68e
commit 81ff113f78
21 changed files with 92 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bfd/cofflink.c
View File

@ -1213,7 +1213,7 @@ process_embedded_commands (bfd *output_bfd,
char *e;
bfd_byte *copy;
if (!sec)
if (sec == NULL || (sec->flags & SEC_HAS_CONTENTS) == 0)
return 1;
if (!bfd_malloc_and_get_section (abfd, sec, &copy))

6
bfd/cpu-arm.c
View File

@ -418,7 +418,8 @@ bfd_arm_update_notes (bfd *abfd, const char *note_section)
different. */
arm_arch_section = bfd_get_section_by_name (abfd, note_section);
if (arm_arch_section == NULL)
if (arm_arch_section == NULL
|| (arm_arch_section->flags & SEC_HAS_CONTENTS) == 0)
return true;
buffer_size = arm_arch_section->size;
@ -521,7 +522,8 @@ bfd_arm_get_mach_from_notes (bfd *abfd, const char *note_section)
different. */
arm_arch_section = bfd_get_section_by_name (abfd, note_section);
if (arm_arch_section == NULL)
if (arm_arch_section == NULL
|| (arm_arch_section->flags & SEC_HAS_CONTENTS) == 0)
return bfd_mach_arm_unknown;
buffer_size = arm_arch_section->size;

1
bfd/elf-eh-frame.c
View File

@ -602,6 +602,7 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
hdr_info = &htab->eh_info;
if (sec->size == 0
|| (sec->flags & SEC_HAS_CONTENTS) == 0
|| sec->sec_info_type != SEC_INFO_TYPE_NONE)
{
/* This file does not contain .eh_frame information. */

3
bfd/elf-hppa.h
View File

@ -984,7 +984,8 @@ elf_hppa_sort_unwind (bfd *abfd)
Consider what happens if someone inept creates a linker script
that puts unwind information in .text. */
s = bfd_get_section_by_name (abfd, ".PARISC.unwind");
if (s != NULL)
if (s != NULL && (s->flags & SEC_HAS_CONTENTS) != 0)
{
bfd_size_type size;
bfd_byte *contents;

7
bfd/elf-m10300.c
View File

@ -2694,7 +2694,8 @@ mn10300_elf_relax_section (bfd *abfd,
if (! ((section->flags & SEC_RELOC) != 0
&& section->reloc_count != 0))
continue;
if ((section->flags & SEC_ALLOC) == 0)
if ((section->flags & SEC_ALLOC) == 0
|| (section->flags & SEC_HAS_CONTENTS) == 0)
continue;
/* Get cached copy of section contents if it exists. */
@ -3034,7 +3035,9 @@ mn10300_elf_relax_section (bfd *abfd,
unsigned int symcount;
/* Skip non-code sections and empty sections. */
if ((section->flags & SEC_CODE) == 0 || section->size == 0)
if ((section->flags & SEC_CODE) == 0
|| (section->flags & SEC_HAS_CONTENTS) == 0
|| section->size == 0)
continue;
if (section->reloc_count != 0)

1
bfd/elf-sframe.c
View File

@ -193,6 +193,7 @@ _bfd_elf_parse_sframe (bfd *abfd,
int decerr = 0;
if (sec->size == 0
|| (sec->flags & SEC_HAS_CONTENTS) == 0
|| sec->sec_info_type != SEC_INFO_TYPE_NONE)
{
/* This file does not contain .sframe information. */

2
bfd/elf.c
View File

@ -1689,7 +1689,7 @@ _bfd_elf_print_private_bfd_data (bfd *abfd, void *farg)
}
s = bfd_get_section_by_name (abfd, ".dynamic");
if (s != NULL)
if (s != NULL && (s->flags & SEC_HAS_CONTENTS) != 0)
{
unsigned int elfsec;
unsigned long shlink;

3
bfd/elf32-arm.c
View File

@ -7882,7 +7882,8 @@ bfd_elf32_arm_process_before_allocation (bfd *abfd,
if (sec->reloc_count == 0)
continue;
if ((sec->flags & SEC_EXCLUDE) != 0)
if ((sec->flags & SEC_EXCLUDE) != 0
|| (sec->flags & SEC_HAS_CONTENTS) == 0)
continue;
symtab_hdr = & elf_symtab_hdr (abfd);

2
bfd/elf32-avr.c
View File

@ -4216,7 +4216,7 @@ avr_elf32_load_property_records (bfd *abfd)
/* Find the '.avr.prop' section and load the contents into memory. */
sec = bfd_get_section_by_name (abfd, AVR_PROPERTY_RECORD_SECTION_NAME);
if (sec == NULL)
if (sec == NULL || (sec->flags & SEC_HAS_CONTENTS) == 0)
return NULL;
return avr_elf32_load_records_from_section (abfd, sec);
}

5
bfd/elf32-ppc.c
View File

@ -1087,6 +1087,7 @@ _bfd_elf_ppc_set_arch (bfd *abfd)
s = bfd_get_section_by_name (abfd, APUINFO_SECTION_NAME);
if (s != NULL
&& s->size >= 24
&& (s->flags & SEC_HAS_CONTENTS) != 0
&& bfd_malloc_and_get_section (abfd, s, &contents))
{
unsigned int apuinfo_size = bfd_get_32 (abfd, contents + 4);
@ -1840,7 +1841,8 @@ ppc_elf_get_synthetic_symtab (bfd *abfd, long symcount, asymbol **syms,
/* If this object was prelinked, the prelinker stored the address
of .glink at got[1]. If it wasn't prelinked, got[1] will be zero. */
dynamic = bfd_get_section_by_name (abfd, ".dynamic");
if (dynamic != NULL)
if (dynamic != NULL
&& (dynamic->flags & SEC_HAS_CONTENTS) != 0)
{
bfd_byte *dynbuf, *extdyn, *extdynend;
size_t extdynsize;
@ -6106,6 +6108,7 @@ ppc_elf_relax_section (bfd *abfd,
/* No need to do anything with non-alloc or non-code sections. */
if ((isec->flags & SEC_ALLOC) == 0
|| (isec->flags & SEC_CODE) == 0
|| (isec->flags & SEC_HAS_CONTENTS) == 0
|| (isec->flags & SEC_LINKER_CREATED) != 0
|| isec->size < 4)
return true;

15
bfd/elf64-ppc.c
View File

@ -2472,7 +2472,9 @@ ppc64_elf_get_synthetic_symtab (bfd *abfd,
asection *dynamic, *glink = NULL, *relplt = NULL;
arelent *p;
if (opd != NULL && !bfd_malloc_and_get_section (abfd, opd, &contents))
if (opd != NULL
&& ((opd->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (abfd, opd, &contents)))
{
free_contents_and_exit_err:
count = -1;
@ -2507,7 +2509,8 @@ ppc64_elf_get_synthetic_symtab (bfd *abfd,
size_t extdynsize;
void (*swap_dyn_in) (bfd *, const void *, Elf_Internal_Dyn *);
if (!bfd_malloc_and_get_section (abfd, dynamic, &dynbuf))
if ((dynamic->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (abfd, dynamic, &dynbuf))
goto free_contents_and_exit_err;
extdynsize = get_elf_backend_data (abfd)->s->sizeof_dyn;
@ -5536,7 +5539,8 @@ opd_entry_value (asection *opd_sec,
if (contents == NULL)
{
if (!bfd_malloc_and_get_section (opd_bfd, opd_sec, &contents))
if ((opd_sec->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (opd_bfd, opd_sec, &contents))
return (bfd_vma) -1;
ppc64_elf_tdata (opd_bfd)->opd.contents = contents;
}
@ -7361,7 +7365,9 @@ ppc64_elf_edit_opd (struct bfd_link_info *info)
continue;
sec = bfd_get_section_by_name (ibfd, ".opd");
if (sec == NULL || sec->size == 0)
if (sec == NULL
|| sec->size == 0
|| (sec->flags & SEC_HAS_CONTENTS) == 0)
continue;
if (sec->sec_info_type == SEC_INFO_TYPE_JUST_SYMS)
@ -8922,6 +8928,7 @@ ppc64_elf_edit_toc (struct bfd_link_info *info)
toc = bfd_get_section_by_name (ibfd, ".toc");
if (toc == NULL
|| toc->size == 0
|| (toc->flags & SEC_HAS_CONTENTS) == 0
|| toc->sec_info_type == SEC_INFO_TYPE_JUST_SYMS
|| discarded_section (toc))
continue;

4
bfd/elf64-x86-64.c
View File

@ -4967,7 +4967,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
for (j = 0; plts[j].name != NULL; j++)
{
plt = bfd_get_section_by_name (abfd, plts[j].name);
if (plt == NULL || plt->size == 0)
if (plt == NULL
|| plt->size == 0
|| (plt->flags & SEC_HAS_CONTENTS) == 0)
continue;
/* Get the PLT section contents. */

4
bfd/elflink.c
View File

@ -4386,7 +4386,7 @@ elf_link_add_object_symbols (bfd *abfd, struct bfd_link_info *info)
| DYN_NO_NEEDED)) == 0;
s = bfd_get_section_by_name (abfd, ".dynamic");
if (s != NULL && s->size != 0)
if (s != NULL && s->size != 0 && (s->flags & SEC_HAS_CONTENTS) != 0)
{
bfd_byte *dynbuf;
bfd_byte *extdyn;
@ -8204,7 +8204,7 @@ bfd_elf_get_bfd_needed_list (bfd *abfd,
return true;
s = bfd_get_section_by_name (abfd, ".dynamic");
if (s == NULL || s->size == 0)
if (s == NULL || s->size == 0 || (s->flags & SEC_HAS_CONTENTS) == 0)
return true;
if (!bfd_malloc_and_get_section (abfd, s, &dynbuf))

1
bfd/elfnn-aarch64.c
View File

@ -9880,6 +9880,7 @@ get_plt_type (bfd *abfd)
bfd_byte *contents, *extdyn, *extdynend;
asection *sec = bfd_get_section_by_name (abfd, ".dynamic");
if (!sec
|| (sec->flags & SEC_HAS_CONTENTS) == 0
|| sec->size < sizeof (ElfNN_External_Dyn)
|| !bfd_malloc_and_get_section (abfd, sec, &contents))
return ret;

2
bfd/elfxx-mips.c
View File

@ -16572,7 +16572,7 @@ _bfd_mips_elf_get_synthetic_symtab (bfd *abfd,
return 0;
plt = bfd_get_section_by_name (abfd, ".plt");
if (plt == NULL)
if (plt == NULL || (plt->flags & SEC_HAS_CONTENTS) == 0)
return 0;
slurp_relocs = get_elf_backend_data (abfd)->s->slurp_reloc_table;

43
bfd/linker.c
View File

@ -2880,27 +2880,38 @@ _bfd_handle_already_linked (asection *sec,
sec->owner, sec);
else if (sec->size != 0)
{
bfd_byte *sec_contents, *l_sec_contents = NULL;
bfd_byte *sec_contents, *l_sec_contents;
if (!bfd_malloc_and_get_section (sec->owner, sec, &sec_contents))
if ((sec->flags & SEC_HAS_CONTENTS) == 0
&& (l->sec->flags & SEC_HAS_CONTENTS) == 0)
;
else if ((sec->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (sec->owner, sec,
&sec_contents))
info->callbacks->einfo
/* xgettext:c-format */
(_("%pB: could not read contents of section `%pA'\n"),
sec->owner, sec);
else if (!bfd_malloc_and_get_section (l->sec->owner, l->sec,
&l_sec_contents))
info->callbacks->einfo
/* xgettext:c-format */
(_("%pB: could not read contents of section `%pA'\n"),
l->sec->owner, l->sec);
else if (memcmp (sec_contents, l_sec_contents, sec->size) != 0)
info->callbacks->einfo
/* xgettext:c-format */
(_("%pB: duplicate section `%pA' has different contents\n"),
sec->owner, sec);
free (sec_contents);
free (l_sec_contents);
else if ((l->sec->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (l->sec->owner, l->sec,
&l_sec_contents))
{
info->callbacks->einfo
/* xgettext:c-format */
(_("%pB: could not read contents of section `%pA'\n"),
l->sec->owner, l->sec);
free (sec_contents);
}
else
{
if (memcmp (sec_contents, l_sec_contents, sec->size) != 0)
info->callbacks->einfo
/* xgettext:c-format */
(_("%pB: duplicate section `%pA' has different contents\n"),
sec->owner, sec);
free (l_sec_contents);
free (sec_contents);
}
}
break;
}

7
bfd/opncls.c
View File

@ -1201,7 +1201,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, void *crc32_out)
sect = bfd_get_section_by_name (abfd, GNU_DEBUGLINK);
if (sect == NULL)
if (sect == NULL || (sect->flags & SEC_HAS_CONTENTS) == 0)
return NULL;
size = bfd_section_size (sect);
@ -1289,7 +1289,7 @@ bfd_get_alt_debug_link_info (bfd * abfd, bfd_size_type *buildid_len,
sect = bfd_get_section_by_name (abfd, GNU_DEBUGALTLINK);
if (sect == NULL)
if (sect == NULL || (sect->flags & SEC_HAS_CONTENTS) == 0)
return NULL;
size = bfd_section_size (sect);
@ -1801,7 +1801,8 @@ get_build_id (bfd *abfd)
return (struct bfd_build_id *) abfd->build_id;
sect = bfd_get_section_by_name (abfd, ".note.gnu.build-id");
if (sect == NULL)
if (sect == NULL
|| (sect->flags & SEC_HAS_CONTENTS) == 0)
{
bfd_set_error (bfd_error_no_debug_section);
return NULL;

8
bfd/peXXigen.c
View File

@ -1288,7 +1288,7 @@ pe_print_idata (bfd * abfd, void * vfile)
{
/* Maybe the extra header isn't there. Look for the section. */
section = bfd_get_section_by_name (abfd, ".idata");
if (section == NULL)
if (section == NULL || (section->flags & SEC_HAS_CONTENTS) == 0)
return true;
addr = section->vma;
@ -1845,6 +1845,7 @@ pe_print_pdata (bfd * abfd, void * vfile)
int onaline = PDATA_ROW_SIZE;
if (section == NULL
|| (section->flags & SEC_HAS_CONTENTS) == 0
|| coff_section_data (abfd, section) == NULL
|| pei_section_data (abfd, section) == NULL)
return true;
@ -2014,6 +2015,7 @@ _bfd_XX_print_ce_compressed_pdata (bfd * abfd, void * vfile)
struct sym_cache cache = {0, 0} ;
if (section == NULL
|| (section->flags & SEC_HAS_CONTENTS) == 0
|| coff_section_data (abfd, section) == NULL
|| pei_section_data (abfd, section) == NULL)
return true;
@ -2147,7 +2149,9 @@ pe_print_reloc (bfd * abfd, void * vfile)
asection *section = bfd_get_section_by_name (abfd, ".reloc");
bfd_byte *p, *end;
if (section == NULL || section->size == 0 || !(section->flags & SEC_HAS_CONTENTS))
if (section == NULL
|| section->size == 0
|| (section->flags & SEC_HAS_CONTENTS) == 0)
return true;
fprintf (file,

2
bfd/pei-x86_64.c
View File

@ -555,6 +555,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
/* Sanity checks. */
if (pdata_section == NULL
|| (pdata_section->flags & SEC_HAS_CONTENTS) == 0
|| coff_section_data (abfd, pdata_section) == NULL
|| pei_section_data (abfd, pdata_section) == NULL)
return true;
@ -699,6 +700,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
xdata_section = pex64_get_section_by_rva (abfd, xdata_base, ".text");
/* Transfer xdata section into xdata array. */
if (!xdata_section
|| (xdata_section->flags & SEC_HAS_CONTENTS) == 0
|| !bfd_malloc_and_get_section (abfd, xdata_section, &xdata))
goto done;

6
bfd/stabs.c
View File

@ -162,7 +162,9 @@ _bfd_link_section_stabs (bfd *abfd,
bfd_size_type *pstridx;
if (stabsec->size == 0
|| stabstrsec->size == 0)
|| stabstrsec->size == 0
|| (stabsec->flags & SEC_HAS_CONTENTS) == 0
|| (stabstrsec->flags & SEC_HAS_CONTENTS) == 0)
/* This file does not contain stabs debugging information. */
return true;
@ -520,7 +522,7 @@ _bfd_discard_section_stabs (bfd *abfd,
bfd_size_type *pstridx;
int deleting;
if (stabsec->size == 0)
if (stabsec->size == 0 || (stabsec->flags & SEC_HAS_CONTENTS) == 0)
/* This file does not contain stabs debugging information. */
return false;

16
bfd/xcofflink.c
View File

@ -259,7 +259,7 @@ _bfd_xcoff_get_dynamic_symtab_upper_bound (bfd *abfd)
}
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
{
bfd_set_error (bfd_error_no_symbols);
return -1;
@ -293,7 +293,7 @@ _bfd_xcoff_canonicalize_dynamic_symtab (bfd *abfd, asymbol **psyms)
}
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
{
bfd_set_error (bfd_error_no_symbols);
return -1;
@ -378,7 +378,7 @@ _bfd_xcoff_get_dynamic_reloc_upper_bound (bfd *abfd)
}
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
{
bfd_set_error (bfd_error_no_symbols);
return -1;
@ -413,7 +413,7 @@ _bfd_xcoff_canonicalize_dynamic_reloc (bfd *abfd,
}
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
{
bfd_set_error (bfd_error_no_symbols);
return -1;
@ -904,7 +904,7 @@ xcoff_link_add_dynamic_symbols (bfd *abfd, struct bfd_link_info *info)
o_snloader field in the a.out header, rather than grabbing the
section by name. */
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
{
_bfd_error_handler
(_("%pB: dynamic object with no .loader section"),
@ -2373,7 +2373,7 @@ xcoff_link_check_dynamic_ar_symbols (bfd *abfd,
*pneeded = false;
lsec = bfd_get_section_by_name (abfd, ".loader");
if (lsec == NULL)
if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0)
/* There are no symbols, so don't try to include it. */
return true;
@ -4128,7 +4128,9 @@ bfd_xcoff_build_dynamic_sections (bfd *output_bfd,
{
/* Grab the contents of SUB's .debug section, if any. */
subdeb = bfd_get_section_by_name (sub, ".debug");
if (subdeb != NULL && subdeb->size > 0)
if (subdeb != NULL
&& subdeb->size != 0
&& (subdeb->flags & SEC_HAS_CONTENTS) != 0)
{
/* We use malloc and copy the names into the debug
stringtab, rather than bfd_alloc, because I expect