PR binutils/17512
* coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a
symbol table bigger than the file.
* elf.c (bfd_elf_get_str_section): Do not try to load a string
table bigger than the file.
* readelf.c (process_program_headers): Avoid memory exhaustion due
to corrupt values in a dynamis segment header.
(get_32bit_elf_symbols): Do not attempt to read an over-large
section.
(get_64bit_elf_symbols): Likewise.
PR binutils/17512
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
detection table on a per-bfd basis.
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
export table.
and potential secuiryt breach.
PR binutils/17510
* srec.c (srec_bad_byte): Increase size of buf to allow for
negative values.
(srec_scan): Use an unsigned char buffer to hold header bytes.
presented with corrupt binaries.
PR binutils/17512
* elf.c (bfd_section_from_shdr): Detect and warn about ELF
binaries with a group of sections linked by the string table
indicies.
* peXXigen.c (pe_print_edata): Detect out of range rvas and
entry counts for the Export Address table, Name Pointer table
and Ordinal table.
executable with an invalid value in the NumberOfRvaAndSizes field of the
AOUT header.
PR binutils/17512
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
with an invalid value for NumberOfRvaAndSizes.
the bfd library to parse binaries containing maliciously corrupt section
group headers.
PR binutils/17510
* elf.c (setup_group): Improve handling of corrupt group
sections.
2014-10-22 Tejas Belagod <tejas.belagod@arm.com>
bfd/
* bfd-in.h (bfd_elf64_aarch64_set_options): Add a parameter.
* bfd-in2.h (bfd_elf64_aarch64_set_options): Likewise.
* elfnn-aarch64.c (aarch64_erratum_835769_stub): New.
(elf_aarch64_stub_type): Add new type
aarch64_stub_erratum_835769_veneer.
(elf_aarch64_stub_hash_entry): New fields for erratum 835769.
(aarch64_erratum_835769_fix): New data struct to record erratum
835769.
(elf_aarch64_link_hash_table: Global flags for 835769.
(aarch64_build_one_stub): Add case for 835769.
(aarch64_size_one_stub): Likewise.
(aarch64_mem_op_p, aarch64_mlxl_p,
aarch64_erratum_sequence,erratum_835769_scan):
New. Decode and scan functions for erratum 835769.
(elf_aarch64_create_or_find_stub_sec): New.
(elfNN_aarch64_size_stubs): Look for erratum 835769 and record
them.
(bfd_elfNN_aarch64_set_options: Set global flag for 835769.
(erratum_835769_branch_to_stub_data,
make_branch_to_erratum_835769_stub):New. Connect up all the
erratum stubs to occurances by branches.
(elfNN_aarch64_write_section): New hook.
(aarch64_map_one_stub): Output erratum stub symbol.
(elfNN_aarch64_size_dynamic_sections): Init mapping symbol
information for erratum 835769.
(elf_backend_write_section): Define.
ld/
* emultempl/aarch64elf.em: Add command-line option for erratum
835769.
ld/testsuite/
* ld-aarch64/aarch64-elf.exp (aarch64elftests): Drive erratum
835769 tests.
* ld-aarch64/erratum835769.d: New.
* ld-aarch64/erratum835769.s: New.
elf32_arm_plt0_size and elf32_arm_plt_size read instructions
to determine what is size of PLT entry. However it does not
read instruction correctly in case of ARM big endian V7 case.
In this case instructions are still kept in little endian
order (BE8).
* elf32-arm.c (read_code32): New function to read 32 bit
arm instruction.
(read_code16): New function to read 16 bit thumb instrution.
(elf32_arm_plt0_size, elf32_arm_plt_size): Use read_code32
and read_code16 to read instructions.
bfd/
* elfxx-mips.c (print_mips_ases): Print unknown ASEs.
(print_mips_isa_ext): Print the value of an unknown extension.
binutils/
* readelf.c (print_mips_ases): Print unknown ASEs.
(print_mips_isa_ext): Print the value of an unknown extension.
include/
* elf/mips.h (AFL_ASE_MASK): Define.
The code in ppc64_elf_tls_optimize looking at the .toc is only
interested in .toc entries that are addresses. .toc can contain more
than just an array of addresses, so if we have items that aren't
8-byte aligned, ignore them.
* elf64-ppc.c (ppc64_elf_tls_optimize): Ignore relocs against toc
entries that aren't a multiple of 8 rather than failing assertion.
powerpc64 ld builds plt call stubs with a read barrier to provide
thread safety on lazy plt updates, necessary on multi-threaded apps
with power7 or later weakly ordered memory. gcc-4.9 libgomp
introduced more functions that could call pthread_create, which means
we have more functions that if referenced in an executable should
cause a default of --plt-thread-safe.
* elf64-ppc.c (ppc64_elf_size_stubs): Add gcc-4.9 libgomp functions
to thread_starter.
When functions are emitted in comdat groups, global symbols defined in
duplicates of the group are treated as if they were undefined. That
prevents the symbols in the discarded sections from affecting the
linker's global symbol hash table or causing duplicate symbol errors.
Annoyingly, when gcc emits a function to a comdat group, it does not
put *all* of a function's code and data in the comdat group.
Typically, constant tables, exception handling info, and debug info
are emitted to normal sections outside of the group, which is a
perennial source of linker problems due to the special handling needed
to deal with the extra-group pieces that ought to be discarded. In
the case of powerpc64-gcc, the OPD entry for a function is not put in
the group. Since the function symbol is defined on the OPD entry this
means we need to handle symbols in .opd specially.
To see how this affects LTO in particular, consider the linker
testcase PR ld/12942 (1). This testcase links an LTO object file
pr12942a.o with a normal (non-LTO) object pr12942b.o. Both objects
contain a definition for _Z4testv in a comdat group. On loading
pr12942a.o, the linker sees a comdat group (actually linkonce section)
for _Z4testv and a weak _Z4testv defined in the IR. On loading
pr12942b.o, the linker sees the same comdat group, and thus discards
it. However, _Z4testv is a weak symbol defined in .opd, not part of
the group, so this weak symbol overrides the weak IR symbol. On
(re)loading the LTO version of pr12942a.o, the linker sees another
weak _Z4testv, but this one does not override the value we have from
pr12942b.o. The result is a linker complaint about "`_Z4testv'
... defined in discarded section `.group' of tmpdir/pr12942b.o".
* elf64-ppc.c (ppc64_elf_add_symbol_hook): If function code
section for function symbols defined in .opd is discarded, let
the symbol appear to be undefined.
(opd_entry_value): Ensure the result section is that for the
function code section in the same object as the OPD entry.
For binary ouput, we don't have an ELF bfd output so can't access
elf_elfheader. The elf64-ppc.c changes are really just a tidy,
triggered by looking at all places where the abiversion bits are
accessed.
bfd/
* elf64-ppc.c (ppc64_elf_before_check_relocs): Do .opd processing
even when output is not ppc64 ELF. Remove redundant tests on
type of input bfd.
ld/
PR 17488
* emultempl/ppc64elf.em (gld${EMULATION_NAME}_finish): Don't attempt
to access ELF header e_flags when not ppc64 ELF output.
The idea here is to drop .eh_frame FDEs corresponding to dropped
comdat group sections or linkonce sections, but not perform changes in
encoding.
bfd/
PR 17467
* elf-eh-frame.c (ENSURE_NO_RELOCS): Don't stop at first NONE reloc.
(_bfd_elf_parse_eh_frame): When relocatable output, don't set
flags enabling conversion of CIEs and FDEs to use relative encoding.
(find_merged_cie): Similarly.
(_bfd_elf_write_section_eh_frame): Don't edit FDEs when
relocatable, except for CIE pointer.
* elflink.c (bfd_elf_reloc_symbol_deleted_p): Return true for
relocs against symbols in dropped comdat group sections.
(bfd_elf_discard_info): Do some eh_frame optimisation when
relocatable.
ld/
* ldlang.c (lang_add_section): Set up map_head.s and map_tail.s when
relocatable.