diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-11-17 16:59:09 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-17 16:59:09 +0000 |
| commit | 32a9d621c3c480aa093a089a36e36c35f68a4010 (patch) | |
| tree | 230ef48b11e27fb545512cc1c2e28ae52f2f44bf /bfd/elf.c | |
| parent | 022af27274b440186def92cae77c2d4304c3ce9b (diff) | |
| download | binutils-32a9d621c3c480aa093a089a36e36c35f68a4010.tar.gz binutils-32a9d621c3c480aa093a089a36e36c35f68a4010.tar.bz2 binutils-32a9d621c3c480aa093a089a36e36c35f68a4010.zip | |
Applies a series of patches for PR 17512 and 17533 which fix invalid memory accesses.
2014-11-13 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* config/obj-coff.c (coff_obj_symbol_new_hook): Set the is_sym
field.
2014-11-14 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* dwarf.c (get_encoded_value): Add an 'end' parameter. Change the
'data' parameter to a double pointer and return the updated value.
(decode_location_expression): Update call to get_encoded_value.
(frame_need_space): Handle the case where one or both of the
mallocs fails.
(read_cie): Initialise the cie pointer, even if the read fails.
(display_debug_frames): Warn if the calculated block_end is before
the start of the block. Break the loop if the CIE could not be
read. Update call to get_encoded_value. Warn if the read CFA
expressions are too big.
2014-11-13 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (process_version_sections): If the read of the version
def information fails, make sure that the external verdef data is
not used.
(get_dynamic_data): Do not attempt to allocate memory for more
dynamic data than there is in the file. If the read fails, free
the allocated buffer.
(process_symbol_table): Do not print dynamic information if we
were unable to read the dynamic symbol table.
(print_gnu_note): Do not print the note if the descsz is too
small.
2014-11-12 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* dwarf.c (read_and_display_attr_value): Check that we do not read
past end.
(display_debug_pubnames_worker): Add range checks.
(process_debug_info): Check for invalid pointer sizes.
(display_loc_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_ranges): Likewise.
(display_debug_aranges): Check for invalid address size.
(read_cie): Add range checks. Replace call strchr with while loop.
* objdump.c (dump_dwarf): Replace abort with a warning message.
(print_section_stabs): Improve range checks.
* rdcoff.c (coff_get_slot): Use long for indx parameter type.
Add check for an excesively large index.
* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
string table. Avoid walking off the end of the stabs data.
* stabs.c (parse_stab_string): Add check for a NULL name.
2014-11-11 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* binutils/readelf.c (dynamic_nent): Change type to size_t.
(slurp_rela_relocs): Use size_t type for nrelas.
(slurp_rel_relocs): Likewise.
(get_program_headers): Improve out of memory error message.
(get_32bit_section_headers): Likewise.
(get_32bit_section_headers): Likewise.
(get_64bit_section_headers): Likewise.
(get_32bit_elf_symbols): Likewise.
(get_64bit_elf_symbols): Likewise.
(process_section_groups): Likewise.
(get_32bit_dynamic_section): Likewise.
(get_64bit_dynamic_section): Likewise.
(process_dynamic_section): Likewise.
(process_version_sections): Likewise.
(get_symbol_index_type): Likewise.
(process_mips_specific): Likewise.
(process_corefile_note_segment): Likewise.
(process_version_sections): Use size_t type for total.
(get_dynamic_data): Change type of number parameter to size_t.
Improve out of memory error messages.
(process_symbol_table): Change type of nbuckets and nchains to
size_t. Skip processing of sections headers if there are none.
Improve out of memory error messages.
2014-11-11 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (display_arm_attribute): Avoid reading off the end of
the buffer when processing a Tag_nodefaults.
2014-11-10 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (ia64_process_unwind): Replace assertion with an error
message. Add range checking for group section indicies.
(hppa_process_unwind): Replace assertion with an error message.
(process_syminfo): Likewise.
(decode_arm_unwind_bytecode): Add range checking.
(dump_section_as_strings): Add more string range checking.
(display_tag_value): Likewise.
(display_arm_attribute): Likewise.
(display_gnu_attribute): Likewise.
(display_tic6x_attribute): Likewise.
(display_msp430x_attribute): Likewise.
2014-11-10 Nick Clifton <nickc@redhat.com>
PR binutils/17552
* objcopy.c (copy_archive): Clean up temporary files even if an
error occurs.
2014-11-07 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (get_data): Avoid allocating memory when we know that
the read will fail.
(find_section_by_type): New function.
(get_unwind_section_word): Check for invalid symbol indicies.
Check for invalid reloc types.
(get_32bit_dynamic_section): Add range checks.
(get_64bit_dynamic_section): Add range checks.
(process_dynamic_section): Check for a corrupt time value.
(process_symbol_table): Add range checks.
(dump_section_as_strings): Add string length range checks.
(display_tag_value): Likewise.
(display_arm_attribute): Likewise.
(display_gnu_attribute): Likewise.
(display_tic6x_attribute): Likewise.
(display_msp430x_attribute): Likewise.
(process_mips_specific): Add range check.
2014-11-06 Nick Clifton <nickc@redhat.com>
PR binutils/17552, binutils/17533
* bucomm.c (is_valid_archive_path): New function. Returns false
for absolute pathnames and pathnames that include /../.
* bucomm.h (is_valid_archive_path): Add prototype.
* ar.c (extract_file): Use new function to check for valid
pathnames when extracting files from an archive.
* objcopy.c (copy_archive): Likewise.
* doc/binutils.texi: Update documentation to mention the
limitation on pathname of archive members.
2014-11-05 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (printable_section_name): New function.
(printable_section_name_from_index): New function.
(dump_relocations): Use new function.
(process_program_headers, get_32bit_elf_symbols,
(get_64bit_elf_symbols, process_section_headers,
(process_section_groups, process_relocs, ia64_process_unwind,
(hppa_process_unwind, get_unwind_section_word, decode_arm_unwind,
(arm_process_unwind, process_version_sections,
(process_symbol_table, apply_relocations, get_section_contents,
(dump_section_as_strings, dump_section_as_bytes,
(display_debug_section, process_attributes, process_mips_specific,
(process_mips_specific process_gnu_liblist): Likewise.
(get_unwind_section_word): Check for a missing symbol table.
Replace aborts with error messages.
(arm_process_unwind): Check for a missing string table.
(process_attributes): Check for an attribute length that is too
small.
(process_mips_specific): Check for a corrupt GOT symbol offset.
2014-11-05 Nick Clifton <nickc@redhat.com>
PR binutils/17533
* bucomm.c (is_valid_archive_path): New function.
* bucomm.h (is_valid_archive_path): Prototype it.
* ar.c (extract_file): Call is_valid_archive_path to verify a
member filename before extracting it.
* objcopy.c (copy_archive): Likewise.
2014-11-04 Nick Clifton <nickc@redhat.com>
PR binutils/17531
* readelf.c (get_data): If the reason parameter is null, do not
print any error messages.
(get_32bit_section_headers): Verify section header entry size
before reading in the section headers.
(get_64bit_section_headers): Likewise.
(process_section_headers): Pass FALSE to get_section_headers.
(get_file_header): Pass TRUE to get_section_headers.
(process_dynamic_section): Change an assert to an error message.
(process_symbol_table): Handle corrupt histograms.
(get_32bit_program_headers): Verify program header entry size
before reading in the program headers.
(get_64bit_program_headers): Likewise.
(get_unwind_section_word): Do nothing if no section was provided.
Fail if the offset is outside of the section.
(print_dynamic_symbol): Catch out of range symbol indicies.
(process_mips_specific): Likewise.
(process_attributes): Make sure that there is enough space left in
the section before attempting to read the length of the next
attribute.
2014-11-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* objdump.c (slurp_symtab): Fail gracefully if the table could not
be read.
(dump_relocs_in_section): Likewise.
2014-11-14 Nick Clifton <nickc@redhat.com>
PR binutils/17597
* opncls.c (bfd_get_debug_link_info): Avoid reading off the end of
the section.
(bfd_get_alt_debug_link_info): Likewise.
2014-11-14 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* ieee.c (ieee_archive_p) Skip processing if no bytes are read at
all.
(ieee_object_p): Likewise.
2014-11-13 H.J. Lu <hongjiu.lu@intel.com>
* coffcode.h (coff_slurp_line_table): Add cast to unsigned int.
2014-11-13 H.J. Lu <hongjiu.lu@intel.com>
* coffcode.h (coff_pointerize_aux_hook): Fix a typo.
2014-11-13 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffcode.h (coff_ptr_struct): Add is_sym field.
(coff_new_section_hook): Set the is_sym field.
(coff_pointerize_aux_hook): Check the is_sym field.
(coff_print_aux): Likewise.
(coff_compute_section_file_positions): Likewise.
(coff_write_object_contents): Likewise.
(coff_slurp_line_table): Likewise.
(coff_slurp_symbol_table): Likewise.
(CALC_ADDEND): Likewise.
* coffgen.c (coff_renumber_symbols): Likewise.
(coff_mangle_symbols): Likewise.
(coff_fix_symbol_name): Likewise.
(coff_write_symbol): Likewise.
(coff_write_alien_symbol): Likewise.
(coff_write_native_symbol): Likewise.
(coff_write_symbols): Likewise.
(coff_write_linenumbers): Likewise.
(coff_pointerize_aux): Likewise.
(coff_get_normalized_symtab): Likewise.
(coff_get_symbol_info): Likewise.
(bfd_coff_get_syment): Likewise.
(bfd_coff_get_auxent): Likewise.
(coff_print_symbol): Likewise.
(coff_find_nearest_line_with_names): Likewise.
(bfd_coff_set_symbol_class): Likewise.
(coff_make_empty_symbol): Set the is_sym field.
(coff_bfd_make_debug_symbol): Likewise.
* peicode.h (pe_ILF_make_a_symbol): Likewise.
* libcoff.h: Regenerate.
* libcoff-in.h: Regenerate.
2014-11-12 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Set the line number of
corrupt entries to -1.
(coff_slurp_symbol_table): Alway initialise the value of the
symbol.
* coffgen.c (coff_print_symbol): Check that the combined pointer
is valid.
(coff_print_symbol): Do not print negative line numbers.
* peXXigen.c (pe_print_idata): Add range checking displaying
member names.
2014-11-12 Alan Modra <amodra@gmail.com>
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Drop line number info
not preceded by a valid function entry. Revert last change.
2014-11-11 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Initialise the parts of the
line number cache that would not be initialised by the copy from
the new line number table.
(coff_classify_symbol): Allow for _bfd_coff_internal_syment_name
returning NULL.
* coffgen.c (coff_get_normalized_symbols): Get the external
symbols before allocating space for the internal symbols, in case
the get fails.
* elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref
array if one is needed. Likewise with the verdef array.
* peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error
messages.
(_bfd_XXi_swap_aux_in): Make sure that all fields of the aux
structure are initialised.
(pe_print_edata): Avoid reading off the end of the data buffer.
2014-11-11 Alan Modra <amodra@gmail.com>
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Use updated lineno_count
when building func_table.
2014-11-11 Alan Modra <amodra@gmail.com>
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
memset the particular bits we need. Update src after hitting loop
"continue". Don't count lineno omitted due to invalid symbols in
nbr_func, and update lineno_count. Init entire terminating
lineno. Don't both allocating terminator in n_lineno_cache.
Redirect sym->lineno pointer to where n_lineno_cache will be
copied, and free n_lineno_cache.
* pe-mips.c (NUM_HOWTOS): Typo fix.
2014-11-10 Nick Clifton <nickc@redhat.com>
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
2014-11-08 Alan Modra <amodra@gmail.com>
* peXXigen.c (pe_print_idata): Revert last patch, cast lhs instead.
2014-11-07 H.J. Lu <hongjiu.lu@intel.com>
* peXXigen.c (pe_print_idata): Cast to unsigned long in range
checks.
2014-11-07 Alan Modra <amodra@gmail.com>
* tekhex.c (tekhex_set_arch_mach): Ignore unknown arch errors.
2014-11-07 Alan Modra <amodra@gmail.com>
* tekhex.c (CHUNK_SPAN): Define.
(struct data_struct <chunk_init>): Use one byte per span, update
all code accessing this field.
(find_chunk): Add create param, don't create new entry unless set.
(insert_byte): Don't save zeros.
(first_phase): Set section SEC_CODE or SEC_DATA flag depending
on symbol type. Create an alternate section if both types of
symbol are given. Attach type '2' and '6' symbols to absolute
section.
(move_section_contents): Fix caching of chunk. Don't create chunk
when reading, or for writing zeros.
(tekhex_set_section_contents): Don't create initial chunks.
(tekhex_write_object_contents): Use CHUNK_SPAN.
2014-11-07 Alan Modra <amodra@gmail.com>
* aoutx.h (aout_get_external_symbols): Tidy allocation of symbol buffer.
2014-11-07 Alan Modra <amodra@gmail.com>
* archive.c (_bfd_slurp_extended_name_table): Revert bfd_get_size check.
* coffcode.h (coff_set_alignment_hook): Likewise.
(coff_slurp_line_table): Likewise.
* coffgen.c (coff_get_normalized_symtab): Likewise.
(_bfd_coff_get_external_symbols): Likewise.
* elf.c (bfd_elf_get_str_section): Likewise.
* tekhex.c (first_phase): Likewise.
2014-11-06 Nick Clifton <nickc@redhat.com>
* aoutx.h (slurp_symbol_table): Revert previous delta.
(slurp_reloc_table): Likewise.
* compress.c (bfd_get_full_section_contents): Remove file size
test.
* coffgen.c (coff_get_normalized_symtab): Allow zero-sized symtabs
and do not complain about linker generated files.
2014-11-04 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffcode.h (handle_COMDAT): Replace abort with BFD_ASSERT.
Replace another abort with an error message.
(coff_slurp_line_table): Add more range checking.
* peXXigen.c (pe_print_debugdata): Add range checking.
2014-11-05 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffcode.h (coff_set_alignment_hook): Warn if the file lies
about the number of relocations it contains.
(coff_sort_func_alent): Return 0 if the pointers are NULL.
(coff_slurp_line_table): Add more range checks. Do not free new
tables created when sorting line numbers.
* peXXigen.c (pe_print_idata): Add range checks.
(pe_print_edata): Likewise.
(rsrc_print_resource_entries): Likewise. Avoid printing control
characters. Terminate priniting if corruption is detected.
(rsrc_print_resource_directory): Terminate printing if an unknown
directory type is encountered.
(pe_print_debugdata): Fix off-by-one error.
(rsrc_count_entries): Add range checking.
(rsrc_parse_entry): Likewise.
2014-11-04 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* compress.c (bfd_get_full_section_contents): Improve test for
linker created objects.
PR binutils/17533
* archive.c (_bfd_slurp_extended_name_table): Handle archives with
corrupt extended name tables.
2014-11-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* aoutx.h (slurp_symbol_table): Check that computed table size is
not bigger than the file from which is it being read.
(slurp_reloc_table): Likewise.
* coffcode.h (coff_slurp_line_table): Remove unneeded local
'warned'. Do not try to print the details of a symbol with an
invalid index.
* coffgen.c (make_a_sectiobn_from_file): Check computed string
index against length of string table.
(bfd_coff_internal_syment_name): Check read in string offset
against length of string table.
(build_debug_section): Return a pointer to the section used.
(_bfd_coff_read_string_table): Store the length of the string
table in the coff_tdata structure.
(bfd_coff_free_symbols): Set the length of the string table to
zero when it is freed.
(coff_get_normalized_symtab): Check offsets against string table
or data table lengths as appropriate.
* cofflink.c (_bfd_coff_link_input_bfd): Check offset against
length of string table.
* compress.c (bfd_get_full_section_contents): Check computed size
against the size of the file.
* libcoff-in.h (obj_coff_strings_len): Define.
(struct coff_tdata): Add strings_len field.
* libcoff.h: Regenerate.
* peXXigen.c (pe_print_debugdata): Do not attempt to print the
data if the debug section is too small.
* xcofflink.c (xcoff_link_input_bfd): Check offset against
length of string table.
2014-10-31 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a
symbol table bigger than the file.
* elf.c (bfd_elf_get_str_section): Do not try to load a string
table bigger than the file.
* tekhex.c (first_phase): Check that the section range is sane.
Diffstat (limited to 'bfd/elf.c')
| -rw-r--r-- | bfd/elf.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/bfd/elf.c b/bfd/elf.c index c8e659a27be..8b207ad872a 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -7269,8 +7269,12 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bfd_boolean default_imported_symver) hdr = &elf_tdata (abfd)->dynverref_hdr; - elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) + if (hdr->sh_info) + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + else + elf_tdata (abfd)->verref = NULL; + if (elf_tdata (abfd)->verref == NULL) goto error_return; @@ -7430,8 +7434,12 @@ error_return_verref: else freeidx = ++maxidx; } - elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) + if (maxidx) + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc2 (abfd, maxidx, sizeof (Elf_Internal_Verdef)); + else + elf_tdata (abfd)->verdef = NULL; + if (elf_tdata (abfd)->verdef == NULL) goto error_return; @@ -7572,16 +7580,12 @@ asymbol * _bfd_elf_make_empty_symbol (bfd *abfd) { elf_symbol_type *newsym; - bfd_size_type amt = sizeof (elf_symbol_type); - newsym = (elf_symbol_type *) bfd_zalloc (abfd, amt); + newsym = (elf_symbol_type *) bfd_zalloc (abfd, sizeof * newsym); if (!newsym) return NULL; - else - { - newsym->symbol.the_bfd = abfd; - return &newsym->symbol; - } + newsym->symbol.the_bfd = abfd; + return &newsym->symbol; } void @@ -9408,7 +9412,7 @@ elfcore_write_lwpstatus (bfd *abfd, lwpstat.pr_lwpid = pid >> 16; lwpstat.pr_cursig = cursig; #if defined (HAVE_LWPSTATUS_T_PR_REG) - memcpy (lwpstat.pr_reg, gregs, sizeof (lwpstat.pr_reg)); + memcpy (&lwpstat.pr_reg, gregs, sizeof (lwpstat.pr_reg)); #elif defined (HAVE_LWPSTATUS_T_PR_CONTEXT) #if !defined(gregs) memcpy (lwpstat.pr_context.uc_mcontext.gregs, |