PR binutils/17512
* reloc.c (bfd_get_reloc_size): Handle a reloc size of -1.
(bfd_perform_relocation): Include the size of the reloc in the
test for an out of range relocation.
(bfd_generic_get_relocated_section_contents): Remove reloc range
test.
PR binutils/17512
* coffdump.c (dump_coff_section): Check for a symbol being
available before printing its name.
(main): Check the return value from coff_grok.
* coffgrok.c: Reformat and tidy.
Add range checks to most functions.
(coff_grok): Return NULL if the input bfd is not in a COFF
format.
* coffgrok.h: Reformat and tidy.
(struct coff_section): Change the nrelocs field to unsigned.
* srconv.c (main): Check the return value from coff_grok.
* coff-i860.c (CALC_ADDEND): Always set an addend value.
* tekhex.c (getvalue): Add an end pointer parameter. Use it to
avoid reading off the end of the buffer.
(getsym): Likewise.
(first_phase): Likewise.
(pass_over): Pass an end pointer to the invoked function.
PR binutils/17512
* nm.c (print_symbol): Add 'is_synthetic' parameter. Use it to
help initialize the info.elfinfo field.
(print_size_symbols): Add 'synth_count' parameter. Use it to set
the is_synthetic parameter when calling print_symbol.
(print_symbols): Likewise.
(display_rel_file): Pass synth_count to printing function.
(display_archive): Break loop if the last archive displayed
matches the current archive.
* size.c (display_archive): Likewise.
* archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
is at least big enough for the header to be read.
* elf32-i386.c (elf_i386_get_plt_sym_val): Skip unknown relocs.
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
(bfd_mach_o_read_command): Prevetn duplicate error messages about
unrecognized commands.
* syms.c (_bfd_stab_section_find_nearest_line): Add range checks
when indexing into the string table.
bfd/
PR ld/17773
* elflink.c (bfd_elf_final_link): Assign the file position for
the symbol string table only there are symbols to be emitted.
ld/testsuite/
PR ld/17773
* ld-elf/binutils.exp (binutils_test): Add an optional
readelf_options. Replace -l with $readelf_options. Add a
gap test.
* ld/testsuite/ld-elf/gap.s: New file.
Factor out strlen to give better code and less likelihood of a repeat
of this problem.
PR 17766
* pei-x86_64.c (pex64_bfd_print_pdata_section): Correct string
length. Use memcpy rather than strcpy.
Since 2006, commit d270463e9, _bfd_elf_copy_private_section_data has
copied over SHF_MASKOS and SHF_MASKPROC flags. That makes the buggy
code in sh_elf64_copy_private_data_internal redundant.
bfd/
PR 17755
* elf64-sh64.c (sh_elf64_copy_private_data_internal): Delete code
copying SHF_SH5_ISA32.
binutils/testsuite/
* binutils-all/strip-11.d: New test.
* binutils-all/objcopy.exp: Run it.
*** bfd/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* elf32-arm.c (elf32_arm_merge_eabi_attributes): Handle new
Tag_ABI_VFP_args value and replace hardcoded values by enum
values.
(elf32_arm_post_process_headers): Set e_flags in ELF header
as hard float only when Tag_ABI_VFP_args is 1, using new enum
value AEABI_VFP_args_vfp to check that.
*** binutils/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* readelf.c (arm_attr_tag_ABI_VFP_args): Add "compatible".
*** gdb/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* arm-tdep.c (arm_gdbarch_init): Explicitely handle value 3 of
Tag_ABI_VFP_args. Also replace hardcoded values by enum values
in the switch handling the different values of Tag_ABI_VFP_args.
*** gold/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* arm.cc (Target_arm::do_adjust_elf_header): Set e_flags in ELF
header as hard float only when Tag_ABI_VFP_args is 1, using new
enum value AEABI_VFP_args_vfp to check that.
(Target_arm::merge_object_attributes): Handle new Tag_ABI_VFP_args
value and replace hardcoded values by enum values.
*** include/elf/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* arm.h: New AEABI_FP_number_model_* and AEABI_VFP_args_* enum
values.
*** ld/testsuite/ChangeLog ***
2014-12-25 Thomas Preud'homme <thomas.preudhomme@arm.com>
* ld-arm/attr-merge-2a.s: Add Tag_ABI_VFP_args.
* ld-arm/attr-merge-2b.s: Likewise.
* ld-arm/attr-merge-2.attr: Likewise.
* ld-arm/attr-merge-4a.s: Add Tag_ABI_FP_number_model and
Tag_ABI_VFP_args.
* ld-arm/attr-merge-4b.s: Likewise.
* ld-arm/attr-merge-4.attr: Likewise.
* ld-arm/attr-merge-6a.s: Likewise.
* ld-arm/attr-merge-6b.s: Likewise.
* ld-arm/attr-merge-6.attr: Add Tag_ABI_FP_number_model.
* pe-x86_64.c (pex64_bfd_print_pdata): Add external
declaration.
(bfd_pe_print_data): Set macro to pex64_bfd_print_data.
* pei-x86_64.c (pex64_bfd_print_pdata): Changed to
global function. Now handles multiple .pdata sections.
(pex_bfd_print_pdata_section): New static helper function,
using most of old pex_bfd_print_pdata function code, but adding
support for coff pe objects, which might have some fields
starting at zero offset.
(pex64_print_all_pdata_sections) : New static helper function,
used in call to bfd_map_over_sections inside new
pex66_bfd_print_pdata function.
(bfd_boolean pdata_count): New static variable, used to return
bfd_boolean value for pex64_bfd_print_pdata function.
Yes, I know this also affects bfd_link_hash_indirect, but output of
indirect and warning symbols looks quite broken anyway.
* linker.c (_bfd_generic_link_output_symbols): Remove BSF_WEAK
flag from bfd_link_hash_defined symbols.
The AVR target uses a bit in the elf header flags to indicate if the
object was assembled ready for linker relaxation. Previously this flag
was always set, even when the object was not assembled ready for linker
relaxation.
This patch moves setting of the flag into the assembler, and sets it
only when the assembler is preparing the file for linker relaxation.
bfd/ChangeLog:
* elf32-avr.c (bfd_elf_avr_final_write_processing): Don't set
EF_AVR_LINKRELAX_PREPARED unconditionally.
gas/ChangeLog:
* config/tc-avr.c: Add include for elf/avr.h.
(avr_elf_final_processing): New function.
* config/tc-avr.h (elf_tc_final_processing): Define.
(avr_elf_final_processing): Declare
gas/testsuite/ChangeLog:
* gas/avr/link-relax-elf-flag-clear.d: New file.
* gas/avr/link-relax-elf-flag-set.d: New file.
* gas/avr/link-relax-elf-flag.s: New file.
Trying to use the SEC_LINKER_CREATED section flag to determine whether
a symbol is linker defined fails to work on targets like alpha that
define special SEC_COMMON sections. These might contain symbols that
originated in an object file.
include/
* bfdlink.h (struct bfd_link_hash_entry): Comment non_ir_ref. Add
linker_def.
bfd/
* elflink.c (_bfd_elf_define_linkage_sym): Set linker_def.
* linker.c (_bfd_generic_link_add_one_symbol): Clear linker_def
for CDEF, DEF, DEFW, COM.
ld/
* ldexp.c (exp_fold_tree_1 <etree_provide>): Test linker_def.
ld/testsuite/
* ld-powerpc/sdabase.s,
* ld-powerpc/sdabase.t,
* ld-powerpc/sdabase.d: New test.
* ld-powerpc/sdabase2.t,
* ld-powerpc/sdabase2.d: New test.
* ld-powerpc/powerpc.exp: Run them.
PR binutils/17512
* format.c (bfd_check_format_matches): Check for a matching vector
before using match priorities.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
errors with previous delta.
When there is a weak symbol with a real definition, the processor
independent code will have arranged for us to see the real definition
first. We need to copy the needs_copy bit from the real definition and
check it when allowing copy reloc in PIE.
bfd/
PR ld/17689
* elf64-x86-64.c (elf_x86_64_link_hash_entry): Add needs_copy.
Change has_bnd_reloc to bit field.
(elf_x86_64_link_hash_newfunc): Initialize needs_copy and
has_bnd_reloc to 0.
(elf_x86_64_check_relocs): Set has_bnd_reloc to 1 instead
of TRUE.
(elf_x86_64_adjust_dynamic_symbol): Copy needs_copy from the
real definition to a weak symbol.
(elf_x86_64_allocate_dynrelocs): Also check needs_copy of a
weak symbol for PIE when discarding space for relocs against
symbols which turn out to need copy relocs.
(elf_x86_64_relocate_section): Also check needs_copy of a
weak symbol for PIE with copy reloc.
ld/testsuite/
PR ld/17689
* ld-x86-64/pr17689.out: New file.
* ld-x86-64/pr17689.rd: Likewise.
* ld-x86-64/pr17689a.c: Likewise.
* ld-x86-64/pr17689b.S: Likewise.
* ld-x86-64/x86-64.exp: Run PR ld/17689 tests.
Copy relocs are used in a scheme to avoid dynamic text relocations in
non-PIC executables that refer to variables defined in shared
libraries. The idea is to have the linker define any such variable in
the executable, with a copy reloc copying the initial value, then have
both the executable and shared library refer to the executable copy.
If the shared library defines the variable as protected then we have
two copies of the variable being used.
PR 15228
* elflink.c (_bfd_elf_adjust_dynamic_copy): Add "info" param.
Error on copy relocs against protected symbols.
(elf_merge_st_other): Set h->protected_def.
* elf-bfd.h (struct elf_link_hash_entry): Add "protected_def".
(_bfd_elf_adjust_dynamic_copy): Update prototype.
* elf-m10300.c (_bfd_mn10300_elf_adjust_dynamic_symbol): Update
_bfd_elf_adjust_dynamic_copy call.
* elf32-arm.c (elf32_arm_adjust_dynamic_symbol): Likewise.
* elf32-cr16.c (_bfd_cr16_elf_adjust_dynamic_symbol): Likewise.
* elf32-cris.c (elf_cris_adjust_dynamic_symbol): Likewise.
* elf32-hppa.c (elf32_hppa_adjust_dynamic_symbol): Likewise.
* elf32-i370.c (i370_elf_adjust_dynamic_symbol): Likewise.
* elf32-i386.c (elf_i386_adjust_dynamic_symbol): Likewise.
* elf32-lm32.c (lm32_elf_adjust_dynamic_symbol): Likewise.
* elf32-m32r.c (m32r_elf_adjust_dynamic_symbol): Likewise.
* elf32-m68k.c (elf_m68k_adjust_dynamic_symbol): Likewise.
* elf32-metag.c (elf_metag_adjust_dynamic_symbol): Likewise.
* elf32-or1k.c (or1k_elf_adjust_dynamic_symbol): Likewise.
* elf32-ppc.c (ppc_elf_adjust_dynamic_symbol): Likewise.
* elf32-s390.c (elf_s390_adjust_dynamic_symbol): Likewise.
* elf32-sh.c (sh_elf_adjust_dynamic_symbol): Likewise.
* elf32-tic6x.c (elf32_tic6x_adjust_dynamic_symbol): Likewise.
* elf32-tilepro.c (tilepro_elf_adjust_dynamic_symbol): Likewise.
* elf32-vax.c (elf_vax_adjust_dynamic_symbol): Likewise.
* elf64-ppc.c (ppc64_elf_adjust_dynamic_symbol): Likewise.
* elf64-s390.c (elf_s390_adjust_dynamic_symbol): Likewise.
* elf64-sh64.c (sh64_elf64_adjust_dynamic_symbol): Likewise.
* elf64-x86-64.c (elf_x86_64_adjust_dynamic_symbol): Likewise.
* elfnn-aarch64.c (elfNN_aarch64_adjust_dynamic_symbol): Likewise.
* elfxx-mips.c (_bfd_mips_elf_adjust_dynamic_symbol): Likewise.
* elfxx-sparc.c (_bfd_sparc_elf_adjust_dynamic_symbol): Likewise.
* elfxx-tilegx.c (tilegx_elf_adjust_dynamic_symbol): Likewise.
commit f64e188b58
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Dec 9 12:42:18 2014 +0000
More fixes for memory access violations triggered by fuzzed binaries.
[snip]
* elf.c (elf_parse_notes): Check that the namedata is long enough
for the string comparison that is about to be performed.
(elf_read_notes): Zero-terminate the note buffer.
This change to elf_parse_notes is the culprit:
+ for (i = ARRAY_SIZE (grokers); i--;)
+ if (in.namesz >= sizeof grokers[i].string - 1
+ && strncmp (in.namedata, grokers[i].string,
+ sizeof (grokers[i].string) - 1) == 0)
Note how this applies sizeof to grokers[i].string...
bfd/ChangeLog
* elf.c (elf_parse_notes): Define convenience macro
GROKER_ELEMENT to add elements to 'grokers'.
Use grokers.len instead of sizeof in string comparisons.
DW_AT_name for functions typically just contains the base function
name, so lacks namespace, class and parameter information. It would
be possible to extract all these from the DWARF, but at a considerable
complication of the parser in dwarf2.c, and then you'd need to mangle
it all together. Much simpler is to look up the actual symbol. This
patch does that, avoiding the extra symbol lookup when the language
doesn't do name mangling.
PR 17541
* dwarf2.c (struct comp_unit): Add "lang".
(non_mangled): New function.
(struct funcinfo): Add "is_linkage". Reorder for better packing.
Make "name" a const char*.
(lookup_address_in_function_table): Delete functionname_ptr param.
(find_abstract_instance_name): Add is_linkage param. Set if we
have DW_AT_linkage_name or non_mangled DW_AT_name.
(scan_unit_for_symbols): Similarly set func->is_linkage.
(parse_comp_unit): Stash DW_AT_language.
(comp_unit_find_nearest_line): Replace functionname_ptr param
with function_ptr param.
(_bfd_dwarf2_find_nearest_line): Adjust above calls. Set
functionname_ptr from function->name. Call _bfd_elf_find_function
to retrieve symbol for function if not linkage name.
(_bfd_elf_find_function): Add bfd_target_elf_flavour test, moved from..
* elf.c (elf_find_function): ..here.
(_bfd_elf_find_nearest_line): Adjust calls.
* elf-bfd.h (_bfd_elf_find_function): Declare.
_bfd_dwarf2_find_nearest_line may be called on a COFF bfd.
* dwarf2.c (read_address): Check bfd_target_elf_flavour before
calling get_elf_backend_data.
(_bfd_dwarf2_find_nearest_line): Fix parens.
HI16/LO16 are deliberately put adjacent, which might mean relocs are
then not sorted by r_offset. See tc-mips.c:mips_frob_file. Don't undo
the HI16/LO16 sorting.
PR 17666
* elf-bfd.h (struct elf_backend_data): Add sort_relocs_p.
* elfxx-target.h (elf_backend_sort_relocs_p): Define.
(elfNN_bed): Init new field.
* elflink.c (elf_link_adjust_relocs): Conditionally sort.
(bfd_elf_final_link): Control sorting of relocs.
* elfxx-mips.c (_bfd_mips_elf_sort_relocs_p): New function.
* elfxx-mips.h (_bfd_mips_elf_sort_relocs_p): Declare.
* elf32-mips.c (elf_backend_sort_relocs_p): Define.
* elf64-mips.c (elf_backend_sort_relocs_p): Define.
PR binutils/17512
* objdump.c (display_any_bfd): Avoid infinite loop closing and
opening the same archive again and again.
* archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
* libbfd.c (safe_read_leb128): New function.
* libbfd-in.h (safe_read_leb128): Add prototype.
* libbfd.h: Regenerate.
* elf-attrs.c (_bfd_elf_parse_attributes): Use safe_read_leb128.
Check for an over-long subsection length.
* elf.c (elf_parse_notes): Check that the namedata is long enough
for the string comparison that is about to be performed.
(elf_read_notes): Zero-terminate the note buffer.
Now that ld -r relocs are sorted by the pr17666 fix, there isn't so
much need to sort incoming relocs.
* elf64-ppc.c (sort_r_offset): Delete.
(ppc64_elf_edit_opd): Don't sort input relocs.
In i386 and x86-64 binaries with ifunc, relocations against .got.plt
section may not be in the same order as entries in PLT section. This
patch adds _bfd_elf_ifunc_get_synthetic_symtab. It takes a function
pointer which returns an array of PLT entry symbol values. It calls
the function pointer to get the PLT entry symbol value array indexed
by relocation index, instead of calling plt_sym_val on each relocation
index.
PR binutils/17677
* elf-bfd.h (_bfd_elf_ifunc_get_synthetic_symtab): New prototype.
* elf-ifunc.c (_bfd_elf_ifunc_get_synthetic_symtab): New
function.
* elf32-i386.c (elf_i386_plt_sym_val): Removed.
(elf_backend_plt_sym_val): Likewise.
(elf_i386_get_plt_sym_val): New.
(elf_i386_get_synthetic_symtab): Likewise.
(bfd_elf32_get_synthetic_symtab): Likewise.
* elf64-x86-64.c (elf_x86_64_plt_sym_val): Removed.
(elf_x86_64_plt_sym_val_offset_plt_bnd): Likewise.
(elf_backend_plt_sym_val): Likewise.
(elf_x86_64_get_plt_sym_val): New.
(elf_x86_64_get_synthetic_symtab): Use
_bfd_elf_ifunc_get_synthetic_symtab.
(bfd_elf64_get_synthetic_symtab): Don't undefine for NaCl.
PR binutils/17512
* objdump.c (free_debug_section): Reset the compress_status as
well.
* compress.c (bfd_get_full_section_contents): Fail if there are no
section contents available when the compress_status is
COMPRESS_SECTION_DONE.
* libbfd.c (bfd_malloc): Refuse to allocate a negative size.
(bfd_malloc2): Use bfd_malloc.
(bfd_realloc): Refuse to reallocate a negative size.
(bfd_realloc2): Use bfd_realloc.
(bfd_realloc_or_free): Use bfd_realloc.
(bfd_zmalloc): Use bfd_malloc.
(bfd_zmalloc): Use bfd_malloc2.
* opncls.c (bfd_alloc): Refuse to allocate a negative size.
This patch reverts the change in elf_x86_64_check_relocs and the partial
change in elf_x86_64_adjust_dynamic_symbol. Instead, we discard space
in PIE for relocs against symbols which turn out to need copy relocs.
* elf64-x86-64.c (elf_x86_64_check_relocs): Revert the last
change.
(elf_x86_64_adjust_dynamic_symbol): Don't check !info->shared
with ELIMINATE_COPY_RELOCS.
(elf_x86_64_allocate_dynrelocs): For PIE, discard space for
relocs against symbols which turn out to need copy relocs.
This patch allows copy relocs for non-GOT pc-relative relocation in PIE.
bfd/
* elf64-x86-64.c (elf_x86_64_create_dynamic_sections): Always
allow copy relocs for building executables.
(elf_x86_64_check_relocs): Allow copy relocs for non-GOT
pc-relative relocation in shared object.
(elf_x86_64_adjust_dynamic_symbol): Allocate copy relocs for
PIE.
(elf_x86_64_relocate_section): Don't copy a pc-relative
relocation into the output file if the symbol needs copy reloc.
ld/testsuite/
* ld-x86-64/copyreloc-lib.c: New file.
* ld-x86-64/copyreloc-main.c: Likewise.
* ld-x86-64/copyreloc-main.out: Likewise.
* ld-x86-64/copyreloc-main1.rd: Likewise.
* ld-x86-64/copyreloc-main2.rd: Likewise.
* ld-x86-64/x86-64.exp: Run copyreloc tests.
In MIPS the relocation calculation only ignores the overflow checks for undefined
weak symbols on relocations associated with j/jal. This patch extends this to
the relocations used by the: b* instructions; pc/gp relative symbol offsets; and the
lwpc/ldpc MIPS r6 instructions.
bfd/
* elfxx-mips.c (mips_elf_calculate_relocation): Only check for overflow
on non-weak undefined symbols.
ld/testsuite/
* ld-mips-elf/mips-elf.exp: Add in undefined weak overflow tests for
o32, n32 and n64.
* ld-mips-elf/undefweak-overflow.s: New test.
* ld-mips-elf/undefweak-overflow.d: New test.
* ld-mips-elf/undefweak-overflow-n32.d: New test.
* ld-mips-elf/undefweak-overflow-n64.d: New test.
This patch sorts .opd relocs (see pr17666) and allows .opd sections
with a mix of 16 and 24 byte entries to be edited.
* elf64-ppc.c (OPD_NDX): Define. Use throughout for sizing/indexing
_opd_sec_data array, halving required memory.
(sort_r_offset): New function.
(ppc64_elf_edit_opd): Sort incoming relocs. Accept .opd
sections with a mix of 16 and 24 byte OPD entries. Don't
attempt to honour --non-overlapping-opd for .opd sections with
unexpected relocs. Simplify opd entry size calculations by
first finding the reloc for the next entry. Make edit loop
handle one opd entry per iteration, with an inner loop
handling relocs per entry.
PR binutils/17512
* dwarf.h (struct dwarf_section): Add user_data field.
* dwarf.c (frame_need_space): Check for an over large register
number.
(display_debug_frames): Check the return value from
frame_need_space. Check for a CFA expression that is so long the
start address wraps around.
(debug_displays): Initialise the user_data field.
* objdump.c (load_specific_debug_section): Save the BFD section
pointer in the user_data field of the dwarf_section structure.
(free_debug_section): Update BFD section data when freeing section
contents.
* readelf.c (load_specific_debug_section): Initialise the
user_data field.
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
header. Add range checks to avoid running off the end of the
section.
* elf.c (bfd_elf_get_str_section): Seek before allocating so that
if the seek fails, no memory is allocated.
(bfd_elf_string_from_elf_section): Do not allocate a string from a
non string section. It only leads to trouble later on.
(_bfd_elf_print_private_bfd_data): Check for there being too
little external dynamic data.
(bfd_section_from_shdr): Replace assertion with a failure mode.
(bfd_section_from_shdr): When walking a loaded group section use
the internal structure size, not the external size. Check for the
group section being empty.
* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
failure mode.
* elfcode.h (elf_slurp_reloc_table): Likewise.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
PR 16452, 16457
* elflink.c (_bfd_elf_link_find_version_dependencies): Exclude
symbols from libraries that won't be listed in DT_NEEDED.
(elf_link_output_extsym): Don't output verdefs for such symbols.
PR binutils/17512
* ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
a discrepancy between the isymMax and ifdMax values in the
symbolic header.
* elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
scanning the external dynamic entries.
PR binutils/17512
* dwarf.c (display_block): Do nothing if the block starts after
the end of the buffer.
(read_and_display_attr_value): Add range checks.
(struct Frame_Chunk): Make the ncols and ra fields unsigned.
(frame_need_space): Test for an ncols of zero.
(read_cie): Fail if the augmentation data extends off the end of
the buffer.
(display_debug_frames): Add checks for read_cie failing. Add
range checks.
* coff-h8300.c (rtype2howto): Replace abort with returning a NULL
value.
* coff-h8500.c (rtype2howto): Likewise.
* coff-tic30.c (rtype2howto): Likewise.
* coff-z80.c (rtype2howto): Likewise.
* coff-z8k.c (rtype2howto): Likewise.
* coff-ia64.c (RTYPE2HOWTO): Always return a valid howto.
* coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none
could be found.
* coff-mcore.c (RTYPE2HOWTO): Add range checking.
* coff-w65.c (rtype2howto): Likewise.
* coff-we32k.c (RTYPE2HOWTO): Likewise.
* pe-mips.c (RTYPE2HOWTO): Likewise.
* coff-x86_64.c (coff_amd64_reloc): Likewise. Replace abort with
an error return.
* coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to
be unused.
* coffgen.c (make_a_section_from_file): Check the length of a
section name before testing to see if it is a debug section name.
(coff_object_p): Zero out any uninitialised bytes in the opt
header.
* ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw
source being empty when there are values to be processed.
(_bfd_ecoff_slurp_symbol_table): Add range check.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
(bfd_mach_o_mangle_sections): Move test for too many sections to
before the allocation of the section table.
(bfd_mach_o_read_symtab_strtab): If the read fails, free the
memory and nullify the symbol pointer.
* reloc.c (bfd_generic_get_relocated_section_contents): Add
handling of a bfd_reloc_notsupported return value.
* versados.c (EDATA): Add range checking.
(get_record): Likewise.
(process_otr): Check for contents being available before updating
them.
(versados_canonicalize_reloc): Add range check.
The internal verref buffer is allocated with bfd_zalloc, based on a
count given in headers. If the headers are broken/fuzzed and contain
an enormous count the alloc can result in OOM. If we first read the
external verrefs (into a buffer that isn't zeroed on allocation) then
the read provides a sanity check on the headers.
Also prints an error for version info that fails other sanity checks.
* elf.c (_bfd_elf_slurp_version_tables): Delay allocation of
internal verref buffer. Error for zero sh_info. Print errors.
Check for zero vd_ndx. Use bfd_zalloc for vd_auxptr buffer.
Both readelf/objdump know how to get symbol version string for dynamic
symbols. This patch extracts this functionality into a separate
function and uses it to add symbol version string to versioned symbol
names when dumping dynamic relocations.
bfd/
PR binutils/16496
* elf-bfd.h (bfd_elf_get_symbol_version_string): New.
* elf.c (bfd_elf_get_symbol_version_string): New. Extracted
from bfd_elf_print_symbol.
(bfd_elf_print_symbol): Use it.
binutils/
PR binutils/16496
* objdump.c (objdump_print_symname): Call
bfd_elf_get_symbol_version_string to get ELF symbol version
string. Append version string if needed.
* readelf.c (versioned_symbol_info): New enum.
(get_symbol_version_string): New. Extracted from
process_symbol_table.
(dump_relocations): Add a new argument to indicate if dynamic
symbol table is used. Use get_symbol_version_string to get
symbol version string for dynamic symbol. Append version string
if needed.
(process_relocs): Updated dump_relocations call.
(process_symbol_table): Use get_symbol_version_string.
ld/testsuite/
PR binutils/16496
* ld-cris/weakref3.d: Add symbol version string to versioned
symbol names in dynamic relocation.
* ld-cris/weakref4.d: Likewise.
* ld-elfvers/vers24.rd: Likewise.
* ld-elf/pr16496a.c: New file.
* ld-elf/pr16496a.map: Likewise.
* ld-elf/pr16496b.c: Likewise.
* ld-elf/pr16496b.od: Likewise.
* ld-elf/shared.exp (build_tests): Add libpr16496a.so and
libpr16496b.so tests.
H.J. Lu
Nick Clifton
Alan Modra
Terry Guo
Pierre Muller
Andrew Burgess
Richard Henderson
Keith Seitz
Eric Botcazou
Steve Ellcey
Andrew Bennett