Pointer comparisons have traps for the unwary. After adding a large
unknown value to "start", the test "start < end" depends on where
"start" is originally in memory.
PR 22239
* dwarf.c (read_cie): Don't compare "start" and "end" pointers
after adding a possibly wild length to "start", compare the length
to the difference of the pointers instead. Remove now redundant
"negative" length test.
Preprocessor tokens like DWARF_VMA_FMT and BFD_VMA_FMT are not
understood by gettext, and cause the translation string to be
truncated. Even if it were not truncated, we wouldn't want a value
that changes depending on host or configure options to be put in a
translation string.
PR 21732
* dwarf.c (READ_ULEB): Don't use DWARF_VMA_FMT in translated string.
(READ_SLEB): Likewise.
* readelf.c (bfd_vmatoa): New function.
(get_data, get_dynamic_data): Use it for printing error messages.
When dumping location lists, also dump locview lists that may be
interspersed with them, and bring view pairs next to the corresponding
location list entries.
This patch supports DW_AT_GNU_locviews as a separate attribute for
DWARF4- loc_lists and split (dwo) loclists, as well as DWARF5
loclists.
It also supports, in DWARF5 loclists, the proposed
DW_LLE_GNU_view_pair loclist entry type proposed for DWARF6.
The tests use 32-bit DWARF, even on 64-bit targets, resolving offsets
to constants so as to reduce the risk that relocations be created for
them, or that the offsets be rejected as nonconstants.
The patch also adds an xfail to an unrelated test, namely dw5, so that
no unexpected fails remain on nds32*-elf, one of the tested targets.
Reviewed-by: Alan Modra <amodra@gmail.com>
for include/ChangeLog
* dwarf2.def (DW_AT_GNU_locviews): New.
* dwarf2.h (enum dwarf_location_list_entry_type): Add
DW_LLE_GNU_view_pair.
(DW_LLE_view_pair): Define.
for binutils/ChangeLog
* dwarf.h (debug_info): Add loc_views and num_loc_views.
* dwarf.c (vm1): New constant.
(print_dwarf_view): New function.
(read_and_display_attr_value): Support DW_AT_GNU_locviews.
(process_debug_info): Keep num_loc_offsets and num_loc_views
in sync.
(display_view_pair_list): New function.
(display_loc_list_dwo): Take vstart_ptr; update it. Dump
location view pairs before the range they apply to, when a
viewlist augments the loc list.
(display_loc_list): Likewise. Check view numbers in range
tests.
(display_loclists_list): Likewise. Handle view pair entries,
and warn on trailing ones.
(loc_views): New variable.
(loc_offsets_compar): Compare loc_views if loc_offsets are the
same.
(display_debug_loc): Check and sort loc_views too. Accept
loc_view as expected_start. Skip if lists and views are the
same. Dump locview list separately in order, and pass the
locview list base to each list dump function. Warn and skip
overlap and hole checking if we find loclists and locviews to
not be adjacent.
* testsuite/binutils-all/locview-1.s: New.
* testsuite/binutils-all/readelf.locview-1: New.
* testsuite/binutils-all/locview-2.s: New.
* testsuite/binutils-all/readelf.locview-2: New.
* testsuite/binutils-all/readelf.exp: Run new tests. Fix
option spelling in pr18374 fail message. XFAIL dw5 test on
nds32*-elf.
bfd * elf32-xtensa.c (elf_xtensa_get_plt_section): Increase length of
plt_name buffer.
(elf_xtensa_get_gotplt_section): Increase length of got_name
buffer.
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add a
default return of FALSE.
* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc): Add a
default return of FALSE.
binutils * dwarf.c (dwarf_vmatoa_1): Do not pass a NULL string pointer to
sprintf.
* srconv.c (walk_tree_type): Initialise the spare field of the
IT_dty structure.
gas * config/tc-pru.c (md_assemble): Add continue statement after
handling 'E' operand character.
* config/tc-v850.c (md_assemble): Initialise the 'insn' variable.
Fix GCC 4.2 warnings like:
cc1: warnings being treated as errors
binutils-gdb/bfd/dwarf2.c:1844: warning: declaration of ‘time’ shadows a global declaration
/usr/include/time.h:187: warning: shadowed declaration is here
binutils-gdb/bfd/dwarf2.c: In function ‘line_info_add_file_name’:
binutils-gdb/bfd/dwarf2.c:1854: warning: declaration of ‘time’ shadows a global declaration
/usr/include/time.h:187: warning: shadowed declaration is here
bfd/
* dwarf2.c (line_info_add_include_dir_stub): Replace time with
xtime.
(line_info_add_file_name): Likewise.
(decode_line_info): Likewise.
binutils/
* dwarf.c (display_debug_names): Replace index with xindex.
Use DWARF_VMA_FMT to report error to work for both 32-bit and 64-bit
builds.
* dwarf.c (READ_ULEB): Use DWARF_VMA_FMT to report error.
(READ_SLEB): Likewise.
PR binutils/21648
* dwarf.c (LEB): Rename to SKIP_ULEB and READ_ULEB. Add check for
reading a value that is too big for the containing variable.
(SLEB): Rename to SKIP_SLEB and READ_SLEB. Add similar check.
Replace uses of LEB and SLEB with appropriate new macro.
(display_debug_frames): Use an unsigned int for the 'reg'
variable. Use a signed long for the 'l' variable.
PR binutils/21438
* dwarf.c (process_extended_line_op): Do not assume that the
string extracted from the section is NUL terminated.
(fetch_indirect_string): If the string retrieved from the section
is not NUL terminated, return an error message.
(fetch_indirect_line_string): Likewise.
(fetch_indexed_string): Likewise.
binutils/
2017-02-27 Jan Kratochvil <jan.kratochvil@redhat.com>
Fix compilation with GCC 4.4.7.
* dwarf.c (display_loclists_list, display_debug_rnglists_list):
Initialize begin and end.
binutils/
2017-02-23 Jan Kratochvil <jan.kratochvil@redhat.com>
* dwarf.c (decode_location_expression): Support DW_OP_implicit_pointer,
DW_OP_const_type, DW_OP_regval_type, DW_OP_deref_type, DW_OP_convert
and DW_OP_reinterpret.
(read_and_display_attr_value): Support DW_AT_call_value,
DW_AT_call_data_value, DW_AT_call_target and
DW_AT_call_target_clobbered.
binutils/
2017-02-23 Jan Kratochvil <jan.kratochvil@redhat.com>
* dwarf.c (fetch_indirect_line_string): New function.
(abbrev_attr): New field implicit_const.
(add_abbrev_attr): New parameter implicit_const.
(process_abbrev_section): Support DW_FORM_implicit_const.
(decode_location_expression): Support DW_OP_entry_value.
(read_and_display_attr_value): Add parameter implicit_const. Support
DW_FORM_line_strp and DW_FORM_implicit_const.
(read_and_display_attr): Add parameter implicit_const.
(process_debug_info): Support line_str and DWARF-5.
(read_debug_line_header): Support DWARF-5.
(display_formatted_table): New function.
(display_debug_lines_raw): New parameter file. Support DWARF-5.
(display_debug_lines_decoded): New parameter fileptr. Support DWARF-5.
(display_debug_lines): Pass file parameter.
(display_debug_macro): Update read_and_display_attr_value caller.
(display_debug_abbrev): Support DW_FORM_implicit_const.
(display_loclists_list): New function.
(display_loc_list): Support .debug_loclists.
(display_debug_ranges_list): New function from display_debug_ranges.
(display_debug_rnglists_list): New function.
(display_debug_ranges): Support .debug_rnglists.
(debug_displays): Add .debug_line_str, .debug_loclists and
.debug_rnglists.
* dwarf.h: Include dwarf2.h
(DWARF2_Internal_LineInfo): Add li_offset_size.
(DWARF2_Internal_CompUnit): Add cu_unit_type.
(enum dwarf_section_display_enum): Add line_str.
* readelf.c (process_section_headers): Add rnglists and loclists.
binutils/
2017-02-23 Jan Kratochvil <jan.kratochvil@redhat.com>
* dwarf.c (display_loc_list): Use dwarf_vma for offset, base_address
and off.
(display_loc_list_dwo): Use dwarf_vma for offset.
(display_debug_loc): Use dwarf_vma for offset, base_address.
(struct range_entry, range_entry_compar): Use dwarf_vma for
ranges_offset.
(display_debug_ranges): Use dwarf_vma for ranges_offset, offset and
base_address.
PR binutils/21156
* dwarf.c (cu_tu_indexes_read): Move into...
(load_cu_tu_indexes): ... here. Change the variable into
tri-state. Change the function into boolean, returning
false if the indicies could not be loaded.
(find_cu_tu_set): Return NULL if the indicies could not be
loaded.
On S/390 we see quite often registers marked as "bad register" in the
readelf --debug-dump=frames or objdump -Wf output.
00000000 0000000000000014 00000000 CIE
Version: 1
Augmentation: "zR"
Code alignment factor: 1
Data alignment factor: -8
Return address column: 14
Augmentation data: 1b
DW_CFA_def_cfa: r15 ofs 160
DW_CFA_nop
DW_CFA_nop
DW_CFA_nop
...
00000050 000000000000001c 00000054 FDE cie=00000000 pc=0000000080000e58..0000000080000e84
DW_CFA_advance_loc: 6 to 0000000080000e5e
DW_CFA_offset: r14 at cfa-48
DW_CFA_offset: r15 at cfa-40
DW_CFA_advance_loc: 6 to 0000000080000e64
DW_CFA_def_cfa_offset: 320
DW_CFA_advance_loc: 18 to 0000000080000e76
DW_CFA_restore: bad register: r15 <------
DW_CFA_restore: r14
DW_CFA_def_cfa_offset: 160
This is triggered by this check in display_debug_frames (dwarf.c):
case DW_CFA_restore:
if (opa >= (unsigned int) cie->ncols
|| opa >= (unsigned int) fc->ncols)
reg_prefix = bad_reg;
cie->ncols is number of registers referenced in the CIE which is 15 due
to r14 being given as return address column. So for the CFA_restore of
r15 a "bad register" is being printed while the same rule on r14 is ok.
The reason for this check is to prevent wild memory accesses when
reading input with corrupted register values while accessing the
col_type/col_offset arrays. However in that case r15 is a perfectly
valid register. It just happens not to be mentioned in the CIE. Hence
restoring the CIE rule for r15 should end up with the default rule which
is DW_CFA_undefined.
This probably wasn't observed on other platforms because they either do
not use CFA_restore (x86-64) or do not issue CFA_restore on registers
with a higher number than the return address column.
binutils/ChangeLog:
2016-09-29 Andreas Krebbel <krebbel@linux.vnet.ibm.com>
* dwarf.c (frame_display_row): Fix formatting of return address
register column.
(display_debug_frames): Ignore invalid indices into
cie->col_type/cie->col_offset arrays and default to
DW_CF_undefined instead.
This patch adds support for .cfi_val_offset GAS pseudo command which
maps to DW_CFA_val_offset and DW_CFA_val_offset_sf.
gas/ChangeLog:
2016-09-29 Andreas Krebbel <krebbel@linux.vnet.ibm.com>
* doc/as.texinfo: Add docu for .cfi_val_offset.
* dw2gencfi.c (cfi_add_CFA_val_offset): New function.
(dot_cfi): Add case for DW_CFA_val_offset.
(output_cfi_insn): Likewise.
(cfi_pseudo_table): Add entry for cfi_val_offset.
* dw2gencfi.h: Add prototype for cfi_add_CFA_val_offset.
* testsuite/gas/cfi/cfi-common-8.d: New test.
* testsuite/gas/cfi/cfi-common-8.s: New test.
* testsuite/gas/cfi/cfi.exp: Run cfi-common-8 testcase.
binutils/ChangeLog:
2016-09-29 Andreas Krebbel <krebbel@linux.vnet.ibm.com>
* dwarf.c (display_debug_frames): Adjust output line.
PR binutils/20440
* dwarf.c (display_debug_lines_decoded): Add checks for running
off the end of the section when populating the directory table and
file table.
(frame_display_row): Set max_regs equal to ncols.
(load_specific_debug_section): If the section is compressed, but
it is not big enough to hold a compression header then warn and
return 0.
PR 19872
bfd * dwarf2.c (parse_comp_unit): Skip warning about unrecognised
version number if the version is zero.
bin * dwarf.c (display_debug_aranges): Skip warning about unrecognised
version number if the version is zero.
When the DWARF address size is 32-bit, but the host machine is 64-bit,
objdump fails to spot base addresses specified in the .debug_ranges and
.debug_loc lists.
As an example, here is the output when dumping an example .debug_ranges
section with the pre-patched objdump:
Contents of the .debug_ranges section:
Offset Begin End
00000000 ffffffff 00000004 (start > end)
00000000 00000000 00000004
00000000 ffffffff 00000008 (start > end)
00000000 00000000 00000004
00000000 <End of list>
And this is what the same section looks like when dumped with the
patched version of objdump:
Contents of the .debug_ranges section:
Offset Begin End
00000000 ffffffff 00000004 (base address)
00000000 00000004 00000008
00000000 ffffffff 00000008 (base address)
00000000 00000008 0000000c
00000000 <End of list>
binutils/ChangeLog:
* dwarf.c (is_max_address): New function.
(display_loc_list): Remove out of date comment, use
is_max_address.
(display_debug_ranges): Likewise.
binutils/testsuite/ChangeLog:
* binutils-all/objdump.exp: Add test for .debug_ranges decode.
* binutils-all/dw2-ranges.S: New file.
* binutils-all/dw2-ranges.W: New file.
This patch fixes all occurences of left-shifting negative constants in C code
which is undefined by the C standard.
binutils/ChangeLog:
* dwarf.c (read_leb128): Fix left shift of negative value.
PR binutils/18374
bin * dwarf.h (struct dwarf_section): Add reloc_info and num_relocs
fields.
(struct dwarf_section_display): Change bitfield to boolean.
(reloc_at): Add prototype.
* dwarf.c (display_loc_list): Ignore list terminators if there are
relocs against them.
(display_debug_loc): Issue a warning if there are relocs against
the .debug_loc section.
(display_displays): Initialise reloc_info and num_relocs fields.
* objdump.c (load_specific_debug_section): Initialise reloc_info
and num_relocs fields.
(reloc_at): New function.
* readelf.c (is_32bit_abs_reloc): Add IA64's R_IA64_DIS32LSB
reloc.
(reloc_at): New function.
(apply_relocations): Add relocs_return and num_relocs_return
parameters. Fill them in with the loaded relocs if non-NULL.
(dump_section_as_bytes): Update call to apply_relocations.
(load_specific_debug_section): Initialise reloc_info and
num_relocs fields.
tests * binutils-all/pr18374.s: New test file.
* binutils-all/readelf.exp: Assemble and run the new test.
* binutils-all/readelf.pr18374: Expected output from readelf.
PR binutils/17512
* dwarf.c (display_debug_loc): Pacify the undefined behaviour
sanitizer by simplifying address difference calculation.
(struct Frame_Chunk): Change type of cfa_offset to dwarf_vma in
order to avoid arithmetic overflows.
(frame_display_row): Cast cfa_offset before printing it.
(display_debug_frames): Likewise.
Check for an unexpected segment size.
Chnage type of 'l' local to dwarf_vma and cast it back to an int
when printing.
(process_cu_tu_index): Tighten check for an invalid ncols value.
* readelf.c (process_corefile_note_segment): Check for
inote.descdata extending beyond the end of the section.
(process_v850_notes): Likewise.
PR binutils/17531
* dwarf.c (display_debug_aranges): Add check for an excessive
ar_length value.
(process_cu_tu_index): Check for a row * columns sum being too
large.
PR binutils/17531
* dwarf.c (display_debug_pubnames_worker): Work around compiler
bug checking address ranges.
(display_debug_frames): Likewise.
(display_gdb_index): Likewise.
(process_cu_tu_index): Add range check on the ncols value.
PR binutils/17531
* dwarf.c (display_debug_pubnames_worker): Use dwarf_vma type for
offset.
* readelf.c (dump_relocations): Handle printing offsets which are
MIN_INT.
(process_corefile_note_segment): Add range check of the namesz
field.
PR binutils/17531
* dwarf.c (process_debug_info): Zero the debug information array
since correct initialisation cannot be relied upon.
(process_cu_tu_index): Improve range checks.
PR binutils/17512
* dwarf.c (eh_addr_size): Use an unsigned type.
(size_of_encoded_value): Return an unsigned type.
(read_leb128): Break if the shift becomes too big.
(process_extended_line_op): Do not read the address if the length
is too long.
(read_cie): Warn and fail if the pointer size or segment size are
too big.
* dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect
structure definition.
(DWARF2_External_PubNames): Likewise.
(DWARF2_External_CompUnit): Likewise.
(DWARF2_External_ARange): Likewise.
(DWARF2_Internal_LineInfo): Use dwarf_vma type for
li_prologue_length.
(eh_addr_size): Update prototype.
* coffcode.h (styp_to_sec_flags): Use an unsigned long type to
hold the flag bits.
* peXXigen.c (pe_print_reloc): Use unsigned types to hold the
size and number of relocs.
(pe_print_debugdata): Use a 32-bit aligned buffer to store the
codeview record.
* versados.c (process_otr): Check the esdid value before using it
to access the EDATA.
DWARFv5 defines and GCC5 may output two new DW_LANG constants for the
Fortran 2003 and Fortran 2008 standards. Handle and display both in
binutils.
binutils/ChangeLog:
* dwarf.c (read_and_display_attr_value): Handle DW_LANG_Fortran03
and DW_LANG_Fortran08.
include/ChangeLog:
* dwarf2.h: Add DW_LANG_Fortran03 and DW_LANG_Fortran08.
http://dwarfstd.org/ShowIssue.php?issue=141121.1
PR binutils/17512
* dwarf.c (display_debug_frames): Fix range checks to work on
32-bit binaries complied on a 64-bit host.
* peXXigen.c (rsrc_print_resource_entries): Add range check for
addresses that wrap around the address space.
(rsrc_parse_entry): Likewise.
PR binutils/17531
* dwarf.c (read_and_display_attr_value): Test for a block length
being so long that it wraps around to before the start of the block.
(process_debug_info): Test for section_begin wrapping around to
before the start of the section.
(display_gdb_index): Test for num_cus being so large that the end
address wraps around to before the start of the section.
(process_cu_tu_index): Test for j being so large that the section
index pool wraps around to before the start of the section.
PR binutils/17531
* dwarf.c (process_debug_info): Add range check.
(display_debug_pubnames_worker): Likewise.
(display_gdb_index): Fix range check.
(process_cu_tu_index): Add range check.
* readelf.c (get_data): Change parameter types from size_t to
bfd_size_type. Add checks for loss of accuracy when casting from
bfd_size_type to size_t.
(get_dynamic_data): Likewise.
(process_section_groups): Limit number of error messages.
abbrev_base is independent of abbrev_size. We should use abbrev_base +
abbrev_size to check abbrev section size.
* dwarf.c (process_debug_info): Properly check abbrev size.
PR binutils/17531
* dwarf.c (process_debug_info): Check for abbrev_base being larger
than the section size.
(process_cu_tu_index): Use xcalloc2 to allocate the CU and TU
arrays.
(xcalloc2): New function. Like xcalloc, but checks for overflow.
* dwarf.h (xcalloc2): Prototype.
PR binutils/17531
* dwarf.c (alloc_num_debug_info_entries): New variable.
(process_debug_info): Set it. Use it to avoid displaying
attributes for which there is no info.
(display_debug_abbrev): Check that the debug_info_entry index is
valid before using it.
(display_loc_list_dwo): Likewise.
(process_cu_tu_index): Add range check for an overlarge dw_sect
value.
(free_debug_memory): Reset alloc_num_debug_info_entries.
* readelf.c (slurp_ia64_unwind_table): Warn if the reloc could not
be indentified.
(dynamic_section_mips_val): Warn if the timestamp is invalid.
(print_mips_got_entry): Add a data_end parameter. Warn if a read
would go beyond the end of the data, and return an error value.
(process_mips_specific): Do not read options from beyond the end
of the section.
Correct code to display optional data at the end of an option.
Warn if there are too many GOT symbols.
Update calls to print_mips_got_entry, and handle error returns.
PR binutils/17531
* dwarf.c (decode_location_expression): Check for an out of range
value for a DW_OP_GNU_entry_value expression.
(display_debug_lines_raw): Check for a partial
.debug_line. section being encountered without a prior, full
.debug.line section.
(display_debug_lines_decoded): Likewise. Also check for
li_line_range being zero.
(display_debug_pubnames_worker): Check for an invalid pn_length
field.
(read_cie): Add range checks.
* elfcomm.c (setup_archive): Check for a negative longnames_size.
Also fix a place where %lld was wrongly used to print a dwarf_vma.
* configure.ac: Check for long long and sizes of long long and long.
* elfcomm.h (HOST_WIDEST_INT): Test HAVE_LONG_LONG in place of
__STDC_VERSION__ and __GNUC__.
* strings.c (print_strings): Likewise.
* dwarf.c (DWARF_VMA_FMT, DWARF_VMA_FMT_LONG): Likewise.
(read_debug_line_header): Use dwarf_vmatoa to print warning.
* configure: Regenerate.
* config.in: Regenerate.
PR binutils/17531
* dwarf.c (display_debug_frames): Check for a negative
augmentation data length.
(display_gdb_index): Check for invalid offsets.
* elfcomm.c (process_archive_index_and_symbols): Check for an
index number that overflows when multiplied by the ar index size.
* readelf.c (dump_ia64_unwind): Add range checks.
(slurp_ia64_unwind_table): Change to a boolean function. Add
range checks.
(process_version_sections): Add range checks.
(get_symbol_version_string): Add check for missing section
headers.
PR binutils/17512
* dwarf.h (struct dwarf_section): Add user_data field.
* dwarf.c (frame_need_space): Check for an over large register
number.
(display_debug_frames): Check the return value from
frame_need_space. Check for a CFA expression that is so long the
start address wraps around.
(debug_displays): Initialise the user_data field.
* objdump.c (load_specific_debug_section): Save the BFD section
pointer in the user_data field of the dwarf_section structure.
(free_debug_section): Update BFD section data when freeing section
contents.
* readelf.c (load_specific_debug_section): Initialise the
user_data field.
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
header. Add range checks to avoid running off the end of the
section.
* elf.c (bfd_elf_get_str_section): Seek before allocating so that
if the seek fails, no memory is allocated.
(bfd_elf_string_from_elf_section): Do not allocate a string from a
non string section. It only leads to trouble later on.
(_bfd_elf_print_private_bfd_data): Check for there being too
little external dynamic data.
(bfd_section_from_shdr): Replace assertion with a failure mode.
(bfd_section_from_shdr): When walking a loaded group section use
the internal structure size, not the external size. Check for the
group section being empty.
* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
failure mode.
* elfcode.h (elf_slurp_reloc_table): Likewise.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
PR binutils/17531
* dwarf.c (process_cu_tu_index): Check for an out of range row
index.
* elfcomm.c (adjust_relative_path): Change name_len parameter to
an unsigned long. Check for path length overflow.
(process_archive_index_and_symbols): Check for invalid header
size.
(setup_archive): Add checks for invalid archives.
(get_archive_member_name): Add range checks.
* elfcomm.h (adjust_relative_path): Update prototyoe.
* readelf.c (process_archive): Add range checks.
PR binutils/17512
* dwarf.c (display_block): Do nothing if the block starts after
the end of the buffer.
(read_and_display_attr_value): Add range checks.
(struct Frame_Chunk): Make the ncols and ra fields unsigned.
(frame_need_space): Test for an ncols of zero.
(read_cie): Fail if the augmentation data extends off the end of
the buffer.
(display_debug_frames): Add checks for read_cie failing. Add
range checks.
* coff-h8300.c (rtype2howto): Replace abort with returning a NULL
value.
* coff-h8500.c (rtype2howto): Likewise.
* coff-tic30.c (rtype2howto): Likewise.
* coff-z80.c (rtype2howto): Likewise.
* coff-z8k.c (rtype2howto): Likewise.
* coff-ia64.c (RTYPE2HOWTO): Always return a valid howto.
* coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none
could be found.
* coff-mcore.c (RTYPE2HOWTO): Add range checking.
* coff-w65.c (rtype2howto): Likewise.
* coff-we32k.c (RTYPE2HOWTO): Likewise.
* pe-mips.c (RTYPE2HOWTO): Likewise.
* coff-x86_64.c (coff_amd64_reloc): Likewise. Replace abort with
an error return.
* coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to
be unused.
* coffgen.c (make_a_section_from_file): Check the length of a
section name before testing to see if it is a debug section name.
(coff_object_p): Zero out any uninitialised bytes in the opt
header.
* ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw
source being empty when there are values to be processed.
(_bfd_ecoff_slurp_symbol_table): Add range check.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
(bfd_mach_o_mangle_sections): Move test for too many sections to
before the allocation of the section table.
(bfd_mach_o_read_symtab_strtab): If the read fails, free the
memory and nullify the symbol pointer.
* reloc.c (bfd_generic_get_relocated_section_contents): Add
handling of a bfd_reloc_notsupported return value.
* versados.c (EDATA): Add range checking.
(get_record): Likewise.
(process_otr): Check for contents being available before updating
them.
(versados_canonicalize_reloc): Add range check.
PR binutils/17512
* dwarf.c (get_encoded_value): Check for an encoded size of 0.
(display_debug_lines_raw): Check for an invalid line range value.
(display_debug_frames): Check for corrupt augmentation data.
* coffgen.c (coff_get_normalized_symtab): Check for an excessive
number of auxillary entries.
* ieee.c (next_byte): Convert to a function. Return FALSE if the
next byte is beyond the end of the buffer.
(parse_int): Test the return value of next_byte.
(parse_expression): Convert to boolean. Return FALSE if the
parsing failed. Test the return value of next_byte.
(ieee_seek): Convert to a function. Return FALSE if the seek goes
beyond the end of the buffer.
(ieee_slurp_external_symbols): Test the return value of ieee_seek
and next_byte.
(ieee_slurp_sections): Convert to boolean. Return FALSE if the
operation failed. Test the return value of ieee_seek and
next_byte.
(ieee_archive_p): Test the return value of ieee_seek and
next_byte.
(do_one): Likewise.
(ieee_slurp_section_data): Likewise.
(ieee_object_p): Likewise. Store the size of the buffer in the
total_amt field in the header.
* libieee.h (common_header_type): Add amt field.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
reloc's value is within range.
(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
operation fails.
* pei-x86_64.c (pex64_xdata_print_uwd_codes): Replace abort with
an error message.
(pex64_dump_xdata): Check for buffer overflows.
* versados.c (process_otr): Check that the section exists before
taking its size.
(versados_object_p): Make sure that enough data was read for the
header to be checked.
* vms-alpha.c (vms_get_remaining_object_record): Change
read_so_far parameter to an unsigned int. Check that the amount
read is in range.
This is the updated version using uintptr_t as Alan Modra suggested.
2014-11-18 Jan-Benedict Glaw <jbglaw@lug-owl.de>
* dwarf.c (process_extended_line_op): Fix signedness warning.
PR binutils/17512
* peXXIgen.c (pe_print_pdata): Fail if the section's virtual size
is larger than its real size.
(rsrc_print_section): Fix off-by-one error checking for overflow.
* pei-x86_64.c (pex64_bfd_print_pdata): Handle empty unwind
sections.
* dwarf.c (get_encoded_value): Warn and return if the encoded
value is more than 64-bits long.
(SAFE_BYTE_GET): Do not attempt to read more than 64-bits.
(process_extended_line_op): Add more range checks.
(decode_location_expression): Use the return value from
display_block. Add more range checks.
(read_debug_line_header): Add range check.
(display_debug_lines_raw): Add range checks.
(display_debug_frames): Silently skip multiple zero terminators.
Add range checks.
(process_cu_tu_index): Check for non-existant or empty sections.
Use SAFE_BYTE_GET instead of byte_get.
PR binutils/17512
* dwarf.c (get_encoded_value): Add an 'end' parameter. Change the
'data' parameter to a double pointer and return the updated value.
(decode_location_expression): Update call to get_encoded_value.
(frame_need_space): Handle the case where one or both of the
mallocs fails.
(read_cie): Initialise the cie pointer, even if the read fails.
(display_debug_frames): Warn if the calculated block_end is before
the start of the block. Break the loop if the CIE could not be
read. Update call to get_encoded_value. Warn if the read CFA
expressions are too big.
* ieee.c (ieee_archive_p) Skip processing if no bytes are read at
all.
(ieee_object_p): Likewise.
PR binutils/17512
* dwarf.c (read_and_display_attr_value): Check that we do not read
past end.
(display_debug_pubnames_worker): Add range checks.
(process_debug_info): Check for invalid pointer sizes.
(display_loc_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_ranges): Likewise.
(display_debug_aranges): Check for invalid address size.
(read_cie): Add range checks. Replace call strchr with while loop.
* objdump.c (dump_dwarf): Replace abort with a warning message.
(print_section_stabs): Improve range checks.
* rdcoff.c (coff_get_slot): Use long for indx parameter type.
Add check for an excesively large index.
* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
string table. Avoid walking off the end of the stabs data.
* stabs.c (parse_stab_string): Add check for a NULL name.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Set the line number of
corrupt entries to -1.
(coff_slurp_symbol_table): Alway initialise the value of the
symbol.
* coffgen.c (coff_print_symbol): Check that the combined pointer
is valid.
(coff_print_symbol): Do not print negative line numbers.
* peXXigen.c (pe_print_idata): Add range checking displaying
member names.
The linker side of pr16563 was fixed with commit 18cd5bce, but
unfortunately people continue to use older linkers with -flto. This
means we have binaries with working .eh_frame that can't be dumped by
readelf, and I'm seeing internal IBM bug reports about this fact.
PR 16563
* dwarf.c (GET): Remove semicolon.
(read_cie): New function, extracted from..
(display_debug_frames): ..here. Correctly handle signed offset
from FDE to CIE in .eh_frame. Decode forward referenced CIEs too.
When a DW_FORM_flag_present attribute comes at the very end of a
debug section, readelf complains about a corrupt attribute
because it's checking to make sure there's at least one byte of
data remaining. This patch suppresses the check when the form
is DW_FORM_flag_present.
2014-02-11 Cary Coutant <ccoutant@google.com>
* binutils/dwarf.c (read_and_display_attr_value): Don't warn
for zero-length attribute value.
I happened to run readelf on an ELF file created by Guile. readelf
complained about invalid values for DW_FORM_strp. At first I assumed
this was just a Guile bug, but eu-readelf did the right thing, so I
looked a bit deeper.
I came across some old Mach-O code to bias some offsets by section
addresses. Guile, unlike many ELF writers, sets the address for the
various DWARF-related sections, causing this unusual code to be run.
This code came from an old commit:
2005-09-30 H.J. Lu <hongjiu.lu@intel.com>
* dwarf.c (fetch_indirect_string): Adjust for section address.
(process_debug_info): Likewise.
(display_debug_loc): Likewise.
(display_debug_ranges): Likewise.
* objdump.c (mach_o_dwarf_sections): New.
(generic_dwarf_sections): Likewise.
(check_mach_o_dwarf): Likewise.
(dump_dwarf): Call check_mach_o_dwarf.
However it was partially reverted here:
https://sourceware.org/ml/binutils/2008-11/msg00134.html
This patch just completes the reversion.
Built and regtested on x86-64 Fedora 18. I also ran the resulting
readelf against the Guile-created object with success.
I have no way of testing this on Mach-O, so your feedback is
solicited.
2013-12-19 Tom Tromey <tromey@redhat.com>
* dwarf.c (fetch_indirect_string): Don't bias by section address.
(fetch_indexed_string): Likewise.
(process_debug_info): Likewise.
(display_debug_loc): Likewise.
(display_debug_ranges): Likewise.
