Adds two new external authors to etc/update-copyright.py to cover
bfd/ax_tls.m4, and adds gprofng to dirs handled automatically, then
updates copyright messages as follows:
1) Update cgen/utils.scm emitted copyrights.
2) Run "etc/update-copyright.py --this-year" with an extra external
author I haven't committed, 'Kalray SA.', to cover gas testsuite
files (which should have their copyright message removed).
3) Build with --enable-maintainer-mode --enable-cgen-maint=yes.
4) Check out */po/*.pot which we don't update frequently.
PR 31106
* elfcode.h (elf_write_relocs): Do not convert a relocation against a zero-value absolute symbol into a relocation without a symbol if the symbol is being used for a complex relocation.
These were renamed from bfd_read and bfd_write back in 2001 when they
lost an unnecessary parameter. Rename them back, and get rid of a few
casts that are only needed without prototyped functions (K&R C).
This fixes an uninitialised memory access on a fuzzed file:
0 0xf22e9b in offset_from_vma /src/binutils-gdb/bfd/elf.c:1899:2
1 0xf1e90f in _bfd_elf_get_dynamic_symbols /src/binutils-gdb/bfd/elf.c:2099:13
2 0x10e6a54 in bfd_elf32_object_p /src/binutils-gdb/bfd/elfcode.h:851:9
Hopefully it will also stop any attempt to load dynamic symbols from
eu-strip debug files.
* elfcode.h (elf_object_p): Do not attempt to load dynamic
symbols for a file with no section headers until all the
program headers are swapped in. Do not fail on eu-strip debug
files.
When there is no section header in an executable or shared library, we
reconstruct dynamic symbol table from the PT_DYNAMIC segment, which
contains DT_HASH/DT_GNU_HASH/DT_MIPS_XHASH, DT_STRTAB, DT_SYMTAB,
DT_STRSZ, and DT_SYMENT entries, to improve nm and objdump. For DT_HASH,
the number of dynamic symbol table entries equals the number of chains.
For DT_GNU_HASH/DT_MIPS_XHASH, only defined symbols with non-STB_LOCAL
indings are in hash table. Since DT_GNU_HASH/DT_MIPS_XHASH place all
symbols with STB_LOCAL binding before symbols with other bindings and
all undefined symbols defined ones in dynamic symbol table, the highest
symbol index in DT_GNU_HASH/DT_MIPS_XHASH is the highest dynamic symbol
table index. We can also get symbol version from DT_VERSYM, DT_VERDEF
and DT_VERNEED entries.
dt_symtab, dt_versym, dt_verdef, dt_verneed, dt_symtab_count,
dt_verdef_count, dt_verneed_count and dt_strtab are added to
elf_obj_tdata to store dynamic symbol table information.
PR ld/25617
* elf-bfd.h (elf_obj_tdata): Add dt_symtab, dt_verdef, dt_verneed,
dt_symtab_count, dt_verdef_count, dt_verneed_count and dt_strtab.
(elf_use_dt_symtab_p): New.
(_bfd_elf_get_dynamic_symbols): Likewise.
(_bfd_elf_get_section_from_dynamic_symbol): Likewise.
* elf.c (bfd_elf_get_elf_syms): Use dynamic symbol table if
neeeded.
(_bfd_elf_get_dynamic_symtab_upper_bound): Likewise.
(_bfd_elf_slurp_version_tables): Likewise.
(offset_from_vma): New function.
(get_hash_table_data): Likewise.
(_bfd_elf_get_dynamic_symbols): Likewise.
(_bfd_elf_get_section_from_dynamic_symbol): Likewise.
(_bfd_elf_get_symbol_version_name): Likewise.
* elfcode.h (elf_object_p): Call _bfd_elf_get_dynamic_symbols
to reconstruct dynamic symbol table from PT_DYNAMIC segment if
there is no section header.
(elf_slurp_symbol_table): Use dynamic symbol table if neeeded.
Don't free isymbuf when dynamic symbol table is used.
* elflink.c (elf_link_is_defined_archive_symbol): Return wrong
format error when dynamic symbol table is used.
(elf_link_add_object_symbols): Likewise.
The newer update-copyright.py fixes file encoding too, removing cr/lf
on binutils/bfdtest2.c and ld/testsuite/ld-cygwin/exe-export.exp, and
embedded cr in binutils/testsuite/binutils-all/ar.exp string match.
Commit 5aa0f10c42 added a per_xvec_warn array to provide support for
warnings from elf_object_p (and a later patch for warnings from
pe_bfd_object_p) to be cached and then only printed if the target
matches. It was quite limited in the style of message supported, only
one message could be printed, and didn't really meet the stated aim of
only warning when a target matches: There are many other errors and
warnings that can be emitted by functions called from elf_object_p.
So this patch extends the error handler functions to support printing
to a string buffer, extends per_xvec_warn to support multiple errors/
warnings, and hooks this all into bfd_check_format_matches. If
bfd_check_format_matches succeeds then any errors/warnings are printed
for the matching target. If bfd_check_format_matches fails either due
to no match or to multiple matches and only one target vector produced
errors, then those errors are printed.
* bfd.c (MAX_ARGS): Define, use throughout.
(print_func): New typedef.
(_bfd_doprnt): Add new print param. Replace calls to fprintf
with print.
(PRINT_TYPE): Similarly.
(error_handler_fprintf): Renamed from error_handler_internal.
Use _bfd_get_error_program_name. Add fprintf arg. Move code
setting up args..
(_bfd_doprnt_scan): ..to here. Add ap param.
(struct buf_stream): New.
(err_sprintf): New function.
(error_handler_bfd): New static variable.
(error_handler_sprintf): New function.
(_bfd_set_error_handler_caching): New function.
(_bfd_get_error_program_name): New function.
* elfcode.h (elf_swap_shdr_in): Use _bfd_error_handler in
warning messages.
(elf_object_p): Likewise.
* format.c (print_warnmsg): New function.
(clear_warnmsg): Rewrite.
(null_error_handler): New function.
(bfd_check_format_matches): Ignore warnings from recursive calls
checking first element of an archive. Use caching error handler
otherwise. Print warnings on successful match, or when only one
target has emitted warnings/errors.
* peicode.h (pe_bfd_object_p): Use _bfd_error_handler in
warning messages.
* targets.c (per_xvec_warn): Change type of array elements.
(struct per_xvec_message): New.
(_bfd_per_xvec_warn): Rewrite.
* Makefile.am (LIBBFD_H_FILES): Add bfd.c.
* Makefile.in: Regenerate.
* bfd-in2.h: Regenerate.
* libbfd.h: Regenerate.
elfcode.h can emit three warnings in elf_object_p for various things,
"section extending past end of file", "corrupt string table index",
and "program header with invalid alignment". The problem with doing
this is that the warning can be emitted for multiple possible targets
as each one is tried. I was looking at a fuzzer testcase that had an
object file with 6144 program headers, 5316 of which had invalid
alignment. It would be bad enough to get 5316 messages all the same,
but this object was contained in an archive and resulted in 4975776
repeats.
Some trimming can be done by not warning if the bfd is already marked
read_only, as is done for the "section extending past end of file"
warning, but that still results in an unacceptable number of
warnings for object files in archives. Besides that, it is just wrong
to warn about a problem detected by a target elf_object_p other than
the one that actually matches. At some point we might have more
target specific warnings.
So what to do? One obvious solution is to remove the warnings.
Another is to poke any warning strings into the target xvec, emitting
them if that xvec is the final one chosen. This also has the benefit
of solving the archive problem. A warning when recursing into
_bfd_check_format for the first element of the archive (to find the
correct target for the archive) will still be on the xvec at the point
that target is chosen for the archive. However, target xvecs are
read-only. Thus the need for per_xvec_warn to logically extend
bfd_target with a writable field. I've made per_xvec_warn one larger
than bfd_target_vector to provide one place for user code that makes
private copies of target xvecs.
* elfcode.h (elf_swap_shdr_in, elf_object_p): Stash potential
warnings in _bfd_per_xvec_warn location.
* format.c (clear_warnmsg): New function.
(bfd_check_format_matches): Call clear_warnmsg before trying
a new xvec. Print warnings for the successful non-archive
match.
* targets.c: Include libiberty.h.
(_bfd_target_vector_entries): Use ARRAY_SIZE.
(per_xvec_warn): New.
(_bfd_per_xvec_warn): New function.
* Makefile.am (LIBBFD_H_FILES): Add targets.c.
* Makefile.in: Regenerate.
* libbfd.h: Regenerate.
BFD_VMA_FMT can't be used in format strings that need to be
translated, because the translation won't work when the type of
bfd_vma differs from the machine used to compile .pot files. We've
known about this for a long time, but patches slip through review.
So just get rid of BFD_VMA_FMT, instead using the appropriate PRId64,
PRIu64, PRIx64 or PRIo64 and SCN variants for scanf. The patch is
mostly mechanical, the only thing requiring any thought is casts
needed to preserve PRId64 output from bfd_vma values, or to preserve
one of the unsigned output formats from bfd_signed_vma values.
At least x86-64's x32 sub-mode and RISC-V's 32-bit mode calculate
addends as 64-bit values, but store them in signed 32-bit fields when
generating the file without encountering any earlier error. When the
relocated field is a 64-bit one, the value resulting after processing
the relocation record when linking (or the latest when loading) may
thus be wrong due to the truncation.
With the code change in place, one x32 testcase actually triggers the
new diagnostic. That one case of too large a (negative) addend is being
adjusted alongside the addition of a new testcase to actually trigger
the new error. (Note that due to internal BFD behavior the relocation in
.data doesn't get processed anymore after the errors in .text.)
Note that in principle it is possible to express 64-bit relocations in
ELF32, but this would require .rel relocations, i.e. with the addend
stored in the 64-bit field being relocated. But I guess it would be a
lot of effort for little gain to actually support this.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
The static variables used by bfd_section_from_shdr to detect loops
in ELF sections have a problem: Comparing a BFD pointer doesn't
guarantee that the current bfd is the same as the one previously used
to allocate the sections_being_created array. For example, doing
size bad_elf_1 bad_elf_2
with two corrupted ELF files containing section loops will leave the
section_being_created array allocated for the first file and since
bfd_close is called for bad_elf_1 before bfd_elf_2 is opened, it is
possible that the BFD for the second file is allocated in the same
memory as the first file. If bad_elf_2 has more sections than
bad_elf_1 then we might write beyond the end of the array.
So this patch implements the FIXME Nick put in a comment about
attaching the array to the BFD.
* elf-bfd.h (struct elf_obj_tdata): Add being_created.
* elf.c (bfd_section_from_shdr): Delete static vars for loop
detection. Use new tdata variable instead.
* elfcode.h (elf_object_p): Allocate being_created.
PR 26931
* elf-bfd.h (struct elf_backend_data): Add bfd_boolean field to
slurp_secondary_relocs field.
(_bfd_elf_slurp_secondary_reloc_section): Update prototype.
* elf.c (_bfd_elf_slurp_secondary_reloc_section): Add new
parameter. Compute number of symbols based upon the new
parameter.
* elfcode.h (elf_slurp_reloc_table): Pass dynamic as new
parameter.
PR 26406
* elf-bfd.h (struct bfd_elf_section_data): Add
has_secondary_relocs field.
* elf.c (_bfd_elf_copy_special_section_fields): Set the
has_secondary_relocs field for sections which have associated
secondary relocs.
* elfcode.h (elf_write_relocs): Only call write_secondary_relocs
on sections which have associated secondary relocs.
This adds a few more sanity checks on ELF objects, and a BFD flag to
disable objcopy and strip when fuzzed input files belong in the "too
hard" basket.
bfd/
PR 26348
* bfd.c (struct bfd): Add read_only.
* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
Set read_only on warning.
(elf_object_p): Sanity check program header alignment. Set
read_only on warning.
* bfd-in2.h: Regenerate.
binutils/
PR 26348
* objcopy.c (copy_object): Report file name with endian error.
Error and return on abfd->read_only.
ldmain.c:add_archive_element copies file name pointers from the bfd to
a lang_input_statement_type.
input->filename = abfd->filename;
input->local_sym_name = abfd->filename;
This results in stale pointers when twiddling the bfd filename in
places like the pe ld after_open. So don't free the bfd filename,
and make copies using bfd_alloc memory that won't result in small
memory leaks that annoy memory checkers.
PR 25993
bfd/
* archive.c (_bfd_get_elt_at_filepos): Don't strdup filename,
use bfd_set_filename.
* elfcode.h (_bfd_elf_bfd_from_remote_memory): Likewise.
* mach-o.c (bfd_mach_o_fat_member_init): Likewise.
* opncls.c (bfd_fopen, bfd_openstreamr, bfd_openr_iovec, bfd_openw),
(bfd_create): Likewise.
(_bfd_delete_bfd): Don't free filename.
(bfd_set_filename): Copy filename param to bfd_alloc'd memory,
return pointer to the copy or NULL on alloc fail.
* vms-lib.c (_bfd_vms_lib_get_module): Free newname and test
result of bfd_set_filename.
* bfd-in2.h: Regenerate.
gdb/
* solib-darwin.c (darwin_bfd_open): Don't strdup pathname for
bfd_set_filename.
* solib-aix.c (solib_aix_bfd_open): Use std::string for name
passed to bfd_set_filename.
* symfile-mem.c (add_vsyscall_page): Likewise for string
passed to symbol_file_add_from_memory.
(symbol_file_add_from_memory): Make name param a const char* and
don't strdup.
ld/
* emultempl/pe.em (gld_${EMULATION_NAME}_after_open): Don't copy
other_bfd_filename for bfd_set_filename, and test result of
bfd_set_filename call. Don't create a new is->filename, simply
copy from bfd filename. Free new_name after bfd_set_filename.
* emultempl/pep.em (gld_${EMULATION_NAME}_after_open): Likewise.
Function pointers in elfNN_bed that are initialized by elfxx-target.h
to non-zero values generally don't need a non-NULL test before calling
them. Targets don't set a non-NULL function to NULL. The one
exception being elfnn-ia64.c and that exception is removed here.
* elf.c (_bfd_elf_setup_sections): Don't test known non-NULL
backend functions for NULL before calling.
(copy_special_section_fields, _bfd_elf_copy_private_bfd_data),
(bfd_section_from_shdr, assign_section_numbers): Likewise.
* elfcode.h (elf_write_relocs, elf_slurp_reloc_table): Likewise.
* elfnn-ia64.c (ignore_errors): New function.
(elf_backend_link_order_error_handler): Redefine as ignore_errors.
Fixes additional locations not handled in the first patch.
When converting between addresses in ELF headers [octets] and bfd
LMA/VMA [bytes], the number of octets per byte needs to be incorporated.
include/
* bfdlink.h (struct bfd_link_order): Add unit (bytes/octets) to
offset and size members.
* elf/internal.h (struct elf_internal_phdr): Likewise for
p_align member.
(struct elf_segment_map): Likewise for p_paddr and p_size
members
bfd/
* bfd.c (bfd_record_phdr): New local "opb". Fix assignment of
"p_paddr" from "at".
* elfcode.h (bfd_from_remote_memory): Add units to several
parameters. New local "opb". Fix usage of p_align. Fix
calculation of "localbase" from "ehdr_vma" and "p_vaddr". Fix
call of target_read_memory.
* elflink.c (elf_fixup_link_order): Fix scope of "s" local. Fix
calculation of "offset" and "output_offset".
(bfd_elf_final_link): New local "opb". Fix calculation of "size"
from "offset" and fix calculation of "end" from "vma+size". Fix
comparison between "sh_addr" and "vma"/"output_offset".
(bfd_elf_discard_info): Fix calculation of "eh_alignment".
* elf-bfd.h (struct elf_link_hash_table): Add unit to tls_size
member.
* elf.c (_bfd_elf_map_sections_to_segments): Add unit (bytes/
octets) to "wrap_to2 and "phdr_size" locals. Fix calculation of
"wrap_to" value. Add unit (bytes) to phdr_lma variable. Fix
assignment of p_paddr from phdr_lma. Fix comparison between
"lma+size" and "next->lma".
(elf_sort_segments): Fix assignment from p_paddr to lma.
(assign_file_positions_for_load_sections): Add unit (bytes) to
local "align". Fix calculation of local "off_adjust". Fix
calculation of local "filehdr_vaddr".
(assign_file_positions_for_non_load_sections): New local "opb".
Fix calculation of "end" from "p_size". Fix comparison between
"vma+SECTION_SIZE" and "start". Fix calculation of "p_memsz"
from "end" and "p_vaddr".
(rewrite_elf_program_header): Fix comparison between p_vaddr and
vma. Fix assignment to p_paddr from lma. Fix comparison between
p_paddr and lma. Fix assignment to p_paddr from lma.
* merge.c (sec_merge_emit): New local "opb". Convert
"alignment_power" to octets.
(_bfd_add_merge_section): New locals "alignment_power" and
"opb". Fix comparison between "alignment_power" and
"sizeof(align)".
(_bfd_merge_sections): New local "opb". Divide size by opb
before checking align mask.
* elf-bfd.h (struct elf_backend_data): Add new fields:
init_secondary_reloc_section, slurp_secondary_reloc_section,
write_secondary_reloc_section.
(_bfd_elf_init_secondary_reloc_section): Prototype.
(_bfd_elf_slurp_secondary_reloc_section): Prototype.
(_bfd_elf_write_secondary_reloc_section): Prototype.
* elf.c ( bfd_section_from_shdr): Invoke the new
init_secondary_reloc_section backend function, if defined, when a
second reloc section is encountered.
(swap_out_syms): Invoke the new symbol_section_index function, if
defined, when computing the section index of an OS/PROC specific
symbol.
(_bfd_elf_init_secondary_reloc_section): New function.
(_bfd_elf_slurp_secondary_reloc_section): New function.
(_bfd_elf_write_secondary_reloc_section): New function.
(_bfd_elf_copy_special_section_fields): New function.
* elfcode.h (elf_write_relocs): Invoke the new
write_secondary_relocs function, if defined, in order to emit
secondary relocs.
(elf_slurp_reloc_table): Invoke the new slurp_secondary_relocs
function, if defined, in order to read in secondary relocs.
* elfxx-target.h (elf_backend_copy_special_section_fields):
Provide a non-NULL default definition.
(elf_backend_init_secondary_reloc_section): Likewise.
(elf_backend_slurp_secondary_reloc_section): Likewise.
(elf_backend_write_secondary_reloc_section): Likewise.
(struct elf_backend_data elfNN_bed): Add initialisers for the new
fields.
* configure.ac (score_elf32_[bl]e_vec): Add elf64.lo
* configure: Regenerate.
The object_p (and archive_p, core_file_p) functions are not supposed
to have any target specific malloc'd memory attached to the bfd on
their return. This should be obvious on a failure return, but it's
also true for a successful return. The reason is that even though the
object_p recognises the file, that particular target may not be used
and thus the bfd won't be closed calling close_and_cleanup for the
target that allocated the memory.
It turns out that the object_p bfd_target* return value isn't needed.
In all cases except ld/plugin.c the target is abfd->xvec and with
ld/plugin.c the target isn't used. So this patch returns a cleanup
function from object_p instead, called in bfd_check_format_matches to
tidy the bfd before trying a different target match. The only cleanup
that does anything at this stage is the alpha-vms one.
bfd/
* targets.c (bfd_cleanup): New typedef.
(struct bfd <_bfd_check_format>): Return a bfd_cleanup.
* libbfd-in.h (_bfd_no_cleanup): Define.
* format.c (bfd_reinit): Add cleanup parameter, call it.
(bfd_check_format_matches): Set cleanup from _bfd_check_format
call and pass to bfd_reinit. Delete temp, use abfd->xvec instead.
* aout-target.h (callback, object_p): Return bfd_cleanup.
* aout-tic30.c (tic30_aout_callback, tic30_aout_object_p): Likewise.
* archive.c (bfd_generic_archive_p): Likewise.
* binary.c (binary_object_p): Likewise.
* coff-alpha.c (alpha_ecoff_object_p): Likewise.
* coff-ia64.c (ia64coff_object_p): Likewise.
* coff-rs6000.c (_bfd_xcoff_archive_p, rs6000coff_core_p): Likewise.
* coff-sh.c (coff_small_object_p): Likewise.
* coff-stgo32.c (go32_check_format): Likewise.
* coff64-rs6000.c (xcoff64_archive_p, rs6000coff_core_p),
(xcoff64_core_p): Likewise.
* coffgen.c (coff_real_object_p, coff_object_p): Likewise.
* elf-bfd.h (bfd_elf32_object_p, bfd_elf32_core_file_p),
(bfd_elf64_object_p, bfd_elf64_core_file_p): Likewise.
* elfcode.h (elf_object_p): Likewise.
* elfcore.h (elf_core_file_p): Likewise.
* i386msdos.c (msdos_object_p): Likewise.
* ihex.c (ihex_object_p): Likewise.
* libaout.h (some_aout_object_p): Likewise.
* libbfd-in.h (bfd_generic_archive_p, _bfd_dummy_target),
(_bfd_vms_lib_alpha_archive_p, _bfd_vms_lib_ia64_archive_p): Likewise.
* libbfd.c (_bfd_dummy_target): Likewise.
* libcoff-in.h (coff_object_p): Likewise.
* mach-o-aarch64.c (bfd_mach_o_arm64_object_p),
(bfd_mach_o_arm64_core_p): Likewise.
* mach-o-arm.c (bfd_mach_o_arm_object_p),
(bfd_mach_o_arm_core_p): Likewise.
* mach-o-i386.c (bfd_mach_o_i386_object_p),
(bfd_mach_o_i386_core_p): Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_object_p),
(bfd_mach_o_x86_64_core_p): Likewise.
* mach-o.c (bfd_mach_o_header_p, bfd_mach_o_gen_object_p),
(bfd_mach_o_gen_core_p, bfd_mach_o_fat_archive_p): Likewise.
* mach-o.h (bfd_mach_o_object_p, bfd_mach_o_core_p),
(bfd_mach_o_fat_archive_p, bfd_mach_o_header_p): Likewise.
* mmo.c (mmo_object_p): Likewise.
* pef.c (bfd_pef_object_p, bfd_pef_xlib_object_p): Likewise.
* peicode.h (coff_real_object_p, pe_ILF_object_p),
(pe_bfd_object_p): Likewise.
* plugin.c (ld_plugin_object_p, bfd_plugin_object_p): Likewise.
* ppcboot.c (ppcboot_object_p): Likewise.
* rs6000-core.c (rs6000coff_core_p): Likewise.
* som.c (som_object_setup, som_object_p): Likewise.
* srec.c (srec_object_p, symbolsrec_object_p): Likewise.
* tekhex.c (tekhex_object_p): Likewise.
* vms-alpha.c (alpha_vms_object_p): Likewise.
* vms-lib.c (_bfd_vms_lib_archive_p, _bfd_vms_lib_alpha_archive_p),
(_bfd_vms_lib_ia64_archive_p, _bfd_vms_lib_txt_archive_p): Likewise.
* wasm-module.c (wasm_object_p): Likewise.
* xsym.c (bfd_sym_object_p): Likewise.
* xsym.h (bfd_sym_object_p): Likewise.
* aoutx.h (some_aout_object_p): Likewise, and callback parameter
return type.
* pdp11.c (some_aout_object_p): Likewise.
* plugin.c (register_ld_plugin_object_p): Update object_p
parameter type.
* plugin.h (register_ld_plugin_object_p): Likewise.
* bfd-in2.h: Regenerate.
* libbfd.h: Regenerate.
* libcoff.h: Regenerate.
ld/
* plugin.c (plugin_object_p): Return a bfd_cleanup.
(plugin_cleanup): New function.
This patch fixes the worst of the cases where libbfd might terminate
a program due to calling xstrdup or xmalloc. I've also fixed some
error paths that didn't clean up properly.
PR 24955
* libbfd-in.h (bfd_strdup): New inline function.
* archive.c (_bfd_get_elt_at_filepos): Use bfd_strdup. Close
bfd on error.
* elfcode.h (_bfd_elf_bfd_from_remote_memory): Use bfd_strdup.
* opncls.c (bfd_fopen): Use bfd_strdup. Close fd and stream
on error.
(bfd_openstreamr): Use bfd_strdup.
(bfd_openr_iovec, bfd_openw, bfd_create): Likewise.
* plugin.c (try_load_plugin): Use bfd_malloc.
* libbfd.h: Regenerate.
Depending on optimisation level and gcc version, git commit 890f750a3b
introduces a false positive warning that i_shdrp may be used
uninitialized.
PR 24689
* elfcode.h (elf_object_p): Warning fix.
The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
hdr->contents were initialized by setup_group rather than being read
from the file, thus last byte was not zero and string dereference ran
off the end of the buffer.
PR 24689
* elfcode.h (elf_object_p): Check type of e_shstrndx section.
Compressed debug sections can have uncompressed sizes that exceed the
original file size, so we can't use bfd_get_file_size. objdump also
used bfd_get_file_size to limit reloc section size, but I believe the
underlying bug causing the PR22508 out of bounds buffer access was
that we had an integer overflow when calculating the reloc buffer
size. I've fixed that instead in most of the backends, som and
vms-alpha being the exceptions. SOM and vmd-alpha have rather more
serious bugs in their slurp_relocs routines that would need fixing
first if we want to fuss about making them safe against fuzzed object
files.
The patch also fixes a number of other potential overflows by using
the bfd_alloc2/malloc2/zalloc2 memory allocation functions.
bfd/
* coffcode.h (buy_and_read): Delete unnecessary forward decl. Add
nmemb parameter. Use bfd_alloc2.
(coff_slurp_line_table): Use bfd_alloc2. Update buy_and_read calls.
Delete assertion.
(coff_slurp_symbol_table): Use bfd_alloc2 and bfd_zalloc2.
(coff_slurp_reloc_table): Use bfd_alloc2. Update buy_and_read calls.
* coffgen.c (coff_get_reloc_upper_bound): Ensure size calculation
doesn't overflow.
* elf.c (bfd_section_from_shdr): Use bfd_zalloc2. Style fix.
(assign_section_numbers): Style fix.
(swap_out_syms): Use bfd_malloc2.
(_bfd_elf_get_reloc_upper_bound): Ensure size calculation doesn't
overflow.
(_bfd_elf_make_empty_symbol): Style fix.
(elfobj_grok_stapsdt_note_1): Formatting.
* elfcode.h (elf_object_p): Use bfd_alloc2.
(elf_write_relocs, elf_write_shdrs_and_ehdr): Likewise.
(elf_slurp_symbol_table): Use bfd_zalloc2.
(elf_slurp_reloc_table): Use bfd_alloc2.
(_bfd_elf_bfd_from_remote_memory): Use bfd_malloc2.
* elf64-sparc (elf64_sparc_get_reloc_upper_bound): Ensure
size calculation doesn't overflow.
(elf64_sparc_get_dynamic_reloc_upper_bound): Likewise.
* mach-o.c (bfd_mach_o_get_reloc_upper_bound): Likewise.
* pdp11.c (get_reloc_upper_bound): Copy aoutx.h version.
binutils/
* objdump.c (load_specific_debug_section): Don't compare section
size against file size.
(dump_relocs_in_section): Don't compare reloc size against file size.
Print "failed to read relocs" on bfd_get_reloc_upper_bound error.
A recent Fedora bug (1520805) exposed a problem with objcopy's reloc
copying code, when a binary also contains mergeable notes. The note
merging code would delete some relocs, but then the reloc copying code
would try to put them back again, which did not work.
So I am checking in the patch below to fix the problem. The patch
also tweaks one of the binutils note merging tests so that it is
skipped for the Sparc64 target, since this has funky relocs.
binutils * objcopy.c (copy_relocations_in_section): Use the orelocations
field of the input section, if it has been initialised.
* testsuite/binutils-all/note-2-64.d: Skip test on Sparc64.
bfd * elfcode.h (elf_write_relocs): Check for an empty howto field.
