I closed this bug as invalid, but I think it is worth mentioning in NEWS
that older linkers didn't check PT_PHDR very well. The patch also allows
people to force an output file with --noinhibit-exec after the error.
bfd/
PR 25585
* elf.c (assign_file_positions_for_load_sections): Continue linking
on "PHDR segment not covered by LOAD segment" errors.
ld/
PR 25585
* NEWS: Mention better "PHDR segment not covered by LOAD segment"
checking.
It's very easy to make bfd/mach-o.c allocate huge amounts of memory
with fuzzed binaries. This make it a little harder.
The patch also fixes a number of places where an attempt to detect
overflow of multiplication was done with code like
if (x * 4 < x)
/* overflow case */
That of course doesn't work. There are plenty of values of x that
overflow x * 4 but (x * 4) mod 2^n is greater than x. For example
with 16-bit types, 0x6000 * 4 = 0x18000 mod 2^16 = 0x8000.
* mach-o.c (bfd_mach_o_canonicalize_relocs): Fix ineffective
overflow check.
(bfd_mach_o_canonicalize_reloc): Likewise.
(bfd_mach_o_canonicalize_dynamic_reloc): Likewise. Sanity check
counts and offsets against file size.
(bfd_mach_o_build_dysymtab): Fix ineffective overflow check.
(bfd_mach_o_mangle_sections): Remove unnecessary overflow check.
(bfd_mach_o_read_symtab_symbols): Sanity check count and offset
against file size. Delete symbol table error message.
(bfd_mach_o_read_dysymtab): Sanity check counts and offsets
against file size.
(bfd_mach_o_read_symtab): Likewise.
(bfd_mach_o_read_command): Pass file size.
(bfd_mach_o_scan): Sanity check command count against file size.
This patch fixes an ancient wart in aout support, in that text and
data section sizes are rounded up for alignment rather that just the
corresponding header sizes. Changing section sizes could conceivably
result in buffer overflows if section contents were held in memory.
Also, keeping the original section sizes allows this PR to be fixed
nicely.
bfd/
PR 25569
* aoutx.h (adjust_o_magic, adjust_z_magic, adjust_n_magic): Use
"text", "data" and "bss" section pointer vars. Don't update
section size, just exec header sizes.
(adjust_sizes_and_vmas): Don't update text section size. Set
initial exec header a_text. Print exec headers sizes.
* pdp11.c (adjust_o_magic, adjust_z_magic, adjust_n_magic),
(adjust_sizes_and_vmas): Similarly. Formatting.
(final_link): Correct final file extension.
gas/
PR 25569
* config/obj-aout.c (obj_aout_frob_file_before_fix): Don't loop
on section size adjustment, instead perform another write if
exec header size is larger than section size.
* elf-bfd.h (struct elf_backend_data): Add symbol_section_index
callback.
* elfxx-target.h (elf_backend_symbol_section_index): Provide
default definition.
(elfNN_bed): Initialise the symbol_section_index field.
* elf.c (swap_out_syms): Call symbol_section_index, if defined, on
OS and PROC specific section indicies. Warn if converting other
reserved incidies to SHN_ABS.
Since plugin can be used only once in try_load_plugin, call dlclose
before return.
PR binutils/25355
* plugin.c (plugin_list_entry): Remove handle.
(try_load_plugin): Call dlclose before return.
Some minor tidies. Allocating memory for internal relocs and symbols
after reading external relocs is slightly better with fuzzed files.
You can at least do something about silly sizes that way.
* aoutx.h (slurp_reloc_table): Allocate reloc_cache after
reading external relocs.
* ecoff.c (ecoff_slurp_reloc_table): Likewise.
* archive.c (_bfd_write_archive_contents): Don't twiddle bfd_error
after bfd_bread.
* archive64.c (_bfd_archive_64_bit_slurp_armap): Remove unnecessary
bfd_release.
* elf32-m32c.c (m32c_offset_for_reloc): Make shndx_buf a bfd_byte*.
(m32c_elf_relax_section): Likewise.
* elf32-rl78.c (rl78_offset_for_reloc): Likewise.
(rl78_elf_relax_section): Likewise.
* elf32-rx.c (rx_offset_for_reloc): Likewise.
(elf32_rx_relax_section): Likewise.
* mach-o.c (bfd_mach_o_alloc_and_read): Move earlier with better
parameter types and use..
(bfd_mach_o_read_dylinker, bfd_mach_o_read_dylib),
(bfd_mach_o_read_fvmlib, bfd_mach_o_read_str): ..in these functions.
* peicode.h (pe_bfd_object_p): Don't zero the part of opthdr
being read from file, just the extra.
* som.c (som_slurp_symbol_table): Allocate internal symbol buffer
after reading external syms. Free on failure.
The bfd_alloc2 series of functions were invented to handle cases where
nmemb * size can overflow. This patch changes some places where the
calculation can't overflow.
* elf.c (bfd_section_from_shdr): Use bfd_zalloc rather than
bfd_zalloc2.
(assign_section_numbers): Likewise.
(elf_map_symbols): Likewise, and bfd_alloc rather than bfd_alloc2.
(_bfd_elf_map_sections_to_segments): Use bfd_malloc rather than
bfd_malloc2, size_t amt, and unsigned tls_count.
(rewrite_elf_program_header): Use bfd_malloc and size_t amt.
* elflink.c (elf_create_symbuf): Use bfd_malloc.
(elf_output_implib): Use bfd_alloc.
We have calls to bfd_get_size when swapping in ELF section headers.
Since object files can have a large number of sections, it's worth
caching the file size rather than making lots of stat system calls.
* bfd.c (struct bfd): Move format and direction to other
bitfields. Add "size".
* bfdio.c (bfd_get_size): Cache size when not writing file.
* opncls.c (bfd_get_debug_link_info_1): Allow for bfd_get_size
returning zero, ie. unknown.
(bfd_get_alt_debug_link_info): Likewise.
* bfd-in2.h: Regenerate.
This fixes a number of places that call a memory allocation function
without checking for a NULL return before using.
* mach-o.c (bfd_mach_o_flatten_sections): Return a bfd_boolean,
FALSE if memory alloc fails. Adjust calls.
* som.c (som_prep_for_fixups): Likewise.
* vms-alpha.c (alpha_vms_add_fixup_lp, alpha_vms_add_fixup_ca),
(alpha_vms_add_fixup_qr, alpha_vms_add_fixup_lr),
(alpha_vms_add_lw_reloc, alpha_vms_add_qw_reloc): Likewise.
* som.c (som_build_and_write_symbol_table): Return via error_return
on seek failure.
* vms-alpha.c (VEC_APPEND): Adjust for vector_grow1 changes.
(VEC_APPEND_EL): Delete.
(vector_grow1): Return pointer to element. Catch overflow.
Return NULL on memory allocation failure.
(alpha_vms_add_fixup_lp): Replace VEC_APPEND_EL with VEC_APPEND.
(alpha_vms_add_fixup_ca): Likewise.
(alpha_vms_link_add_object_symbols): Check VEC_APPEND result
before using.
* elf.c (bfd_section_from_shdr): Check bfd_zalloc2 result.
We can't use c99 without enabling c99 support for older compilers
that don't enable c99 by default. So if you want to use c99 contructs
in binutils you'll need to first arrange for -std=c99 to be passed to
older compilers.
* elfxx-riscv.c (riscv_multi_letter_ext_valid_p): Don't use C99.
try_load_plugin is updated to take either plugin name or plugin entry.
load_plugin is updated to search bfd-plugins directories first to build
a list of plugins and call try_load_plugin with each plugin on the list.
When --plugin is used, the plugin list only has one entry.
* plugin.c (try_load_plugin): Make plugin_list_iter an argument
and use it if it isn't NULL. Remove has_plugin_p argument. Add
a build_list_p argument. Don't search plugin_list. Short circuit
when building the plugin list.
(has_plugin): Renamed to has_plugin_list.
(bfd_plugin_set_plugin): Don't set has_plugin.
(bfd_plugin_specified_p): Check plugin_list instead.
(build_plugin_list): New function.
(load_plugin): Call build_plugin_list and use plugin_list.
Since plugin treats each object as independent, we must do a fresh dlopen
of plugin for each object.
PR binutils/25355
* plugin.c (try_claim): Always clean up for LTO wrapper.
(try_load_plugin): Treat each object as independent. Create a
copy for plugin name.
GCC LTO wrapper is needed to extract real symbols from LTO IR objects.
This patch does the following:
1. Set up GCC LTO wrapper for each LTO IR object.
2. Run GCC LTO wrapper to get the real object.
3. Extract symbol info from the real object.
4. Cleanup afterwards.
bfd/
PR binutils/25355
* configure.ac (HAVE_EXECUTABLE_SUFFIX): New AC_DEFINE.
(EXECUTABLE_SUFFIX): Likewise.
* config.in: Regenerated.
* configure: Likewise.
* plugin.c (bfd_plugin_close_and_cleanup): Removed.
(plugin_list_entry): Add all_symbols_read, cleanup_handler,
gcc, lto_wrapper, resolution_file, resolution_option, gcc_env,
real_bfd, real_nsyms, real_syms, lto_nsyms and lto_syms.
(get_lto_wrapper): New.
(setup_lto_wrapper_env): Likewise.
(current_plugin): Likewise.
(register_all_symbols_read): Likewise.
(register_cleanup): Likewise.
(get_symbols): Likewise.
(add_input_file): Likewise.
(bfd_plugin_close_and_cleanup): Likewise.
(claim_file): Removed.
(register_claim_file): Set current_plugin->claim_file.
(add_symbols): Make a copy of LTO symbols. Set lto_nsyms and
lto_syms in current_plugin.
(try_claim): Use current_plugin->claim_file. Call LTO plugin
all_symbols_read handler. Copy real symbols to plugin_data.
Call LTO plugin cleanup handler. Clean up for LTO wrapper.
(try_load_plugin): Don't reuse the previous plugin for LTO
wrapper. Set up GCC LTO wrapper if possible. Don't set
plugin_list_iter->claim_file.
(bfd_plugin_canonicalize_symtab): Use real LTO symbols if
possible.
* plugin.h (plugin_data_struct): Add real_bfd, real_nsyms and
real_syms.
ld/
PR binutils/25355
* testsuite/ld-plugin/lto.exp: Run PR binutils/25355 test.
* testsuite/ld-plugin/pr25355.c: New file.
* testsuite/ld-plugin/pr25355.d: Likewise.
* testsuite/lib/ld-lib.exp (run_cc_link_tests): Support compile
only dump.
This patch fixes execution failures which occur when the BR in a
sequence such as:
J<cond> 1f
BR
1:
is relaxed to a JMP, and the pc-relative offset for the destination of
the J<cond> instruction is hard-coded to be 2 words ahead of the
instruction.
The hard-coded offset will cause execution to jump 1 word ahead of where
it should actually go.
Instead we now detect the hard-coded offset is one we inserted earlier,
and invert the condition, allowing us to remove the BR entirely.
bfd/ChangeLog:
2020-02-10 Jozef Lawrynowicz <jozef.l@mittosystems.com>
* elf32-msp430.c (msp430_elf_relax_section): Before relaxing a branch,
check if previous instruction matches a conditional jump inserted
earlier. Invert conditional jump and delete branch in this case.
This patch fixes relocation overflows caused by an inability to relax
unconditional JMP instructions to BR instructions.
bfd/ChangeLog:
2020-02-10 Jozef Lawrynowicz <jozef.l@mittosystems.com>
* elf32-msp430.c (msp430_elf_relax_add_two_words): Rename to
msp430_elf_relax_add_words. Support insertion of either one or two
words.
(msp430_elf_relax_section): Catch opcode of 0x3c00 when relocation
needs to be grown. Handle insertion of branch instruction to replace
jump.
bfd-in2.h didn't match what was in archures.c and reloc.c. This
fixes overlong comment lines and regenerates bfd-in2.h.
* archures.c: Wrap overlong z80 comments.
* bfd-in2.h: Regenerate.
PR 25469
bfd * archures.c: Add GBZ80 and Z80N machine values.
* reloc.c: Add BFD_RELOC_Z80_16_BE.
* coff-z80.c: Add support for new reloc.
* coffcode.h: Add support for new machine values.
* cpu-z80.c: Add support for new machine names.
* elf32-z80.c: Add support for new reloc.
* bfd-in2.h: Regenerate.
* libbfd.h: Regenerate.
binutils* readelf.c (get_machine_flags): Add support for Z80N machine
number.
gas * config/tc-z80.c: Add -gbz80 command line option to generate code
for the GameBoy Z80. Add support for generating DWARF.
* config/tc-z80.h: Add support for DWARF debug information
generation.
* doc/c-z80.texi: Document new command line option.
* testsuite/gas/z80/gbz80_all.d: New file.
* testsuite/gas/z80/gbz80_all.s: New file.
* testsuite/gas/z80/z80.exp: Run the new tests.
* testsuite/gas/z80/z80n_all.d: New file.
* testsuite/gas/z80/z80n_all.s: New file.
* testsuite/gas/z80/z80n_reloc.d: New file.
include * coff/internal.h (R_IMM16BE): Define.
* elf/z80.h (EF_Z80_MACH_Z80N): Define.
(R_Z80_16_BE): New reloc.
ld * emulparams/elf32z80.sh: Use z80 emulation.
* emultempl/z80.em: Make generic to both COFF and ELF Z80 emulations.
* emultempl/z80elf.em: Delete.
* testsuite/ld-elf/pr22450.d: Expect to fail for the Z80.
* testsuite/ld-elf/sec64k.exp: Fix Z80 assembly.
* testsuite/ld-unique/pr21529.s: Avoid register name conflict.
* testsuite/ld-unique/unique.s: Likewise.
* testsuite/ld-unique/unique_empty.s: Likewise.
* testsuite/ld-unique/unique_shared.s: Likewise.
* testsuite/ld-unique/unique.d: Updated expected output.
* testsuite/ld-z80/arch_z80n.d: New file.
* testsuite/ld-z80/comb_arch_z80_z80n.d: New file.
* testsuite/ld-z80/labels.s: Add more labels.
* testsuite/ld-z80/relocs.s: Add more reloc tests.
* testsuite/ld-z80/relocs_f_z80n.d: New file
opcodes * z80-dis.c: Add support for GBZ80 opcodes.
__patchable_function_entries section is generated by a compiler with
-fpatchable-function-entry=XX. The assembly code looks like this:
---
.text
.globl _start
.type _start, %function
_start:
.section __patchable_function_entries,"aw",%progbits
.dc.a .LPFE1
.text
.LPFE1:
.byte 0
---
But --gc-sections will silently remove __patchable_function_entries
section and generate corrupt result. This patch disallows garbage
collection on __patchable_function_entries section without linked-to
section.
bfd/
PR ld/25490
* elflink.c (_bfd_elf_gc_mark_extra_sections): Issue an error
for garbage collection on __patchable_function_entries section
without linked-to section.
ld/
PR ld/25490
* testsuite/ld-elf/pr25490-1.d: New file.
* testsuite/ld-elf/pr25490-1.s: Likewise.
As shown in
https://sourceware.org/bugzilla/show_bug.cgi?id=25490
--gc-sections will silently remove __patchable_function_entries section
and generate corrupt result. This patch adds the section flag 'o' to
.section directive:
.section __patchable_function_entries,"awo",@progbits,foo
.section __patchable_function_entries,"awoG",@progbits,foo,foo,comdat
.section __patchable_function_entries,"awo",@progbits,bar,unique,4
.section __patchable_function_entries,"awoG",@progbits,foo,foo,comdat,unique,1
which specifies the symbol name which the section references. Assmebler
will set its elf_linked_to_section to a local section where the symbol
is defined.
Linker is updated to call mark_hook if gc_mark of any of its linked-to
sections is set after all sections, except for backend specific ones,
have been garbage collected.
bfd/
PR gas/25381
* bfd-in2.h: Regenerated.
* elflink.c (_bfd_elf_gc_mark_extra_sections): Call mark_hook
on section if gc_mark of any of its linked-to sections is set
and don't set gc_mark again.
* section.c (asection): Add linked_to_symbol_name to map_head
union.
gas/
PR gas/25381
* config/obj-elf.c (get_section): Also check
linked_to_symbol_name.
(obj_elf_change_section): Also set map_head.linked_to_symbol_name.
(obj_elf_parse_section_letters): Handle the 'o' flag.
(build_group_lists): Renamed to ...
(build_additional_section_info): This. Set elf_linked_to_section
from map_head.linked_to_symbol_name.
(elf_adjust_symtab): Updated.
* config/obj-elf.h (elf_section_match): Add linked_to_symbol_name.
* doc/as.texi: Document the 'o' flag.
* testsuite/gas/elf/elf.exp: Run PR gas/25381 tests.
* testsuite/gas/elf/section18.d: New file.
* testsuite/gas/elf/section18.s: Likewise.
* testsuite/gas/elf/section19.d: Likewise.
* testsuite/gas/elf/section19.s: Likewise.
* testsuite/gas/elf/section20.d: Likewise.
* testsuite/gas/elf/section20.s: Likewise.
* testsuite/gas/elf/section21.d: Likewise.
* testsuite/gas/elf/section21.l: Likewise.
* testsuite/gas/elf/section21.s: Likewise.
ld/
PR ld/24526
PR ld/25021
PR ld/25490
* testsuite/ld-elf/elf.exp: Run PR ld/25490 tests.
* testsuite/ld-elf/pr24526.d: New file.
* testsuite/ld-elf/pr24526.s: Likewise.
* testsuite/ld-elf/pr25021.d: Likewise.
* testsuite/ld-elf/pr25021.s: Likewise.
* testsuite/ld-elf/pr25490-2-16.rd: Likewise.
* testsuite/ld-elf/pr25490-2-32.rd: Likewise.
* testsuite/ld-elf/pr25490-2-64.rd: Likewise.
* testsuite/ld-elf/pr25490-2.s: Likewise.
* testsuite/ld-elf/pr25490-3-16.rd: Likewise.
* testsuite/ld-elf/pr25490-3-32.rd: Likewise.
* testsuite/ld-elf/pr25490-3-64.rd: Likewise.
* testsuite/ld-elf/pr25490-3.s: Likewise.
* testsuite/ld-elf/pr25490-4-16.rd: Likewise.
* testsuite/ld-elf/pr25490-4-32.rd: Likewise.
* testsuite/ld-elf/pr25490-4-64.rd: Likewise.
* testsuite/ld-elf/pr25490-4.s: Likewise.
* testsuite/ld-elf/pr25490-5-16.rd: Likewise.
* testsuite/ld-elf/pr25490-5-32.rd: Likewise.
* testsuite/ld-elf/pr25490-5-64.rd: Likewise.
* testsuite/ld-elf/pr25490-5.s: Likewise.
* testsuite/ld-elf/pr25490-6-16.rd: Likewise.
* testsuite/ld-elf/pr25490-6-32.rd: Likewise.
* testsuite/ld-elf/pr25490-6-64.rd: Likewise.
* testsuite/ld-elf/pr25490-6.s: Likewise.
Correctly point at `insn[2]' rather than `insn[4]' in determining that
the third instruction from where an R_V850_LONGJUMP relocation points at
is not a recognized one, fixing a problem with commit 86aba9dbfa7e ("Add
linker relaxation to v850 toolchain") resulting in a build failure like:
.../bfd/elf32-v850.c: In function 'v850_elf_relax_section':
.../bfd/elf32-v850.c:3854:5: error: 'insn[4]' may be used uninitialized in this function [-Werror=maybe-uninitialized]
3854 | _bfd_error_handler
| ^~~~~~~~~~~~~~~~~~
3855 | /* xgettext:c-format */
| ~~~~~~~~~~~~~~~~~~~~~~~
3856 | (_("%pB: %#" PRIx64 ": warning: %s points to "
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3857 | "unrecognized insn %#x"),
| ~~~~~~~~~~~~~~~~~~~~~~~~~
3858 | abfd,
| ~~~~~
3859 | (uint64_t) (irel->r_offset + no_match),
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3860 | "R_V850_LONGJUMP",
| ~~~~~~~~~~~~~~~~~~
3861 | insn[no_match]);
| ~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Makefile:1608: recipe for target 'elf32-v850.lo' failed
make[4]: *** [elf32-v850.lo] Error 1
with GCC 10.
bfd/
* elf32-v850.c (v850_elf_relax_section): Fix the index used for
reporting an unrecognized instruction with R_V850_LONGJUMP.
It is incorrect to "continue" in the ppc_elf_relocate_section reloc
processing loop except when editing or deleting relocs. The normal
loop processing arranges to write the relocs if shuffling them over a
deleted entry. Deleting only happens for debug sections currently and
those sections won't contain R_PPC_VLE_ADDR20 relocs, so this patch
doesn't fix a bug that would trigger with any normal object file.
* elf32-ppc.c (ppc_elf_relocate_section): After applying
R_PPC_VLE_ADDR20, goto copy_reloc.