PR binutils/18087
gas * doc/as.texinfo: Note that when gas compresses debug sections the
compression is only performed if it makes the section smaller.
* write.c (compress_debug): Do not compress a debug section if
doing so would make it larger.
tests * gas/i386/dw2-compress-1.d: Do not expect the .debug_abbrev or
.debug_info sections to be compressed.
binu * doc/binutils.texi: Note that when objcopy compresses debug
sections the compression is only performed if it makes the section
smaller.
bfd * coffgen.c (make_a_section_from_file): Only prepend a z to a
debug section's name if the section was actually compressed.
* elf.c (_bfd_elf_make_section_from_shdr): Likewise.
* compress.c (bfd_init_section_compress_status): Do not compress
the section if doing so would make it bigger. In such cases leave
the section alone and return COMPRESS_SECTION_NONE.
The IBM z13 has new 128-bit wide vector registers v0-v31, where v0-v15
include the existing 64-bit wide floating point registers. The Linux
kernel presents the vector registers as two additional register sets,
one for the right halves of v0-v15 and another one for the full
registers v16-v31. Thus a new core file may contain two new register
note sections, and this patch adds support to binutils for them.
bfd/
* elf-bfd.h (elfcore_write_s390_vxrs_low): Add prototype.
(elfcore_write_s390_vxrs_high): Likewise.
* elf.c (elfcore_grok_s390_vxrs_low): New function.
(elfcore_grok_s390_vxrs_high): New function.
(elfcore_grok_note): Call them.
(elfcore_write_s390_vxrs_low): New function.
(elfcore_write_s390_vxrs_high): New function.
(elfcore_write_register_note): Call them.
binutils/
* readelf.c (get_note_type): Add NT_S390_VXRS_LOW and
NT_S390_VXRS_HIGH.
include/elf/
* common.h (NT_S390_VXRS_LOW): New macro.
(NT_S390_VXRS_HIGH): Likewise.
PR binutils/17512
* coffcode.h (coff_slurp_symbol_table): Return false if we failed
to load the line table.
* elf.c (_bfd_elf_map_sections_to_segments): Enforce a minimum
maxpagesize of 1.
* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if
the Data Directory Size is too large.
* objcopy.c (copy_object): Free the symbol table if no symbols
could be loaded.
(copy_file): Use bfd_close_all_done to close files that could not
be copied.
commit f64e188b58
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Dec 9 12:42:18 2014 +0000
More fixes for memory access violations triggered by fuzzed binaries.
[snip]
* elf.c (elf_parse_notes): Check that the namedata is long enough
for the string comparison that is about to be performed.
(elf_read_notes): Zero-terminate the note buffer.
This change to elf_parse_notes is the culprit:
+ for (i = ARRAY_SIZE (grokers); i--;)
+ if (in.namesz >= sizeof grokers[i].string - 1
+ && strncmp (in.namedata, grokers[i].string,
+ sizeof (grokers[i].string) - 1) == 0)
Note how this applies sizeof to grokers[i].string...
bfd/ChangeLog
* elf.c (elf_parse_notes): Define convenience macro
GROKER_ELEMENT to add elements to 'grokers'.
Use grokers.len instead of sizeof in string comparisons.
DW_AT_name for functions typically just contains the base function
name, so lacks namespace, class and parameter information. It would
be possible to extract all these from the DWARF, but at a considerable
complication of the parser in dwarf2.c, and then you'd need to mangle
it all together. Much simpler is to look up the actual symbol. This
patch does that, avoiding the extra symbol lookup when the language
doesn't do name mangling.
PR 17541
* dwarf2.c (struct comp_unit): Add "lang".
(non_mangled): New function.
(struct funcinfo): Add "is_linkage". Reorder for better packing.
Make "name" a const char*.
(lookup_address_in_function_table): Delete functionname_ptr param.
(find_abstract_instance_name): Add is_linkage param. Set if we
have DW_AT_linkage_name or non_mangled DW_AT_name.
(scan_unit_for_symbols): Similarly set func->is_linkage.
(parse_comp_unit): Stash DW_AT_language.
(comp_unit_find_nearest_line): Replace functionname_ptr param
with function_ptr param.
(_bfd_dwarf2_find_nearest_line): Adjust above calls. Set
functionname_ptr from function->name. Call _bfd_elf_find_function
to retrieve symbol for function if not linkage name.
(_bfd_elf_find_function): Add bfd_target_elf_flavour test, moved from..
* elf.c (elf_find_function): ..here.
(_bfd_elf_find_nearest_line): Adjust calls.
* elf-bfd.h (_bfd_elf_find_function): Declare.
PR binutils/17512
* objdump.c (display_any_bfd): Avoid infinite loop closing and
opening the same archive again and again.
* archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
* libbfd.c (safe_read_leb128): New function.
* libbfd-in.h (safe_read_leb128): Add prototype.
* libbfd.h: Regenerate.
* elf-attrs.c (_bfd_elf_parse_attributes): Use safe_read_leb128.
Check for an over-long subsection length.
* elf.c (elf_parse_notes): Check that the namedata is long enough
for the string comparison that is about to be performed.
(elf_read_notes): Zero-terminate the note buffer.
PR binutils/17512
* dwarf.h (struct dwarf_section): Add user_data field.
* dwarf.c (frame_need_space): Check for an over large register
number.
(display_debug_frames): Check the return value from
frame_need_space. Check for a CFA expression that is so long the
start address wraps around.
(debug_displays): Initialise the user_data field.
* objdump.c (load_specific_debug_section): Save the BFD section
pointer in the user_data field of the dwarf_section structure.
(free_debug_section): Update BFD section data when freeing section
contents.
* readelf.c (load_specific_debug_section): Initialise the
user_data field.
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
header. Add range checks to avoid running off the end of the
section.
* elf.c (bfd_elf_get_str_section): Seek before allocating so that
if the seek fails, no memory is allocated.
(bfd_elf_string_from_elf_section): Do not allocate a string from a
non string section. It only leads to trouble later on.
(_bfd_elf_print_private_bfd_data): Check for there being too
little external dynamic data.
(bfd_section_from_shdr): Replace assertion with a failure mode.
(bfd_section_from_shdr): When walking a loaded group section use
the internal structure size, not the external size. Check for the
group section being empty.
* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
failure mode.
* elfcode.h (elf_slurp_reloc_table): Likewise.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
PR binutils/17512
* ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
a discrepancy between the isymMax and ifdMax values in the
symbolic header.
* elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
scanning the external dynamic entries.
The internal verref buffer is allocated with bfd_zalloc, based on a
count given in headers. If the headers are broken/fuzzed and contain
an enormous count the alloc can result in OOM. If we first read the
external verrefs (into a buffer that isn't zeroed on allocation) then
the read provides a sanity check on the headers.
Also prints an error for version info that fails other sanity checks.
* elf.c (_bfd_elf_slurp_version_tables): Delay allocation of
internal verref buffer. Error for zero sh_info. Print errors.
Check for zero vd_ndx. Use bfd_zalloc for vd_auxptr buffer.
Both readelf/objdump know how to get symbol version string for dynamic
symbols. This patch extracts this functionality into a separate
function and uses it to add symbol version string to versioned symbol
names when dumping dynamic relocations.
bfd/
PR binutils/16496
* elf-bfd.h (bfd_elf_get_symbol_version_string): New.
* elf.c (bfd_elf_get_symbol_version_string): New. Extracted
from bfd_elf_print_symbol.
(bfd_elf_print_symbol): Use it.
binutils/
PR binutils/16496
* objdump.c (objdump_print_symname): Call
bfd_elf_get_symbol_version_string to get ELF symbol version
string. Append version string if needed.
* readelf.c (versioned_symbol_info): New enum.
(get_symbol_version_string): New. Extracted from
process_symbol_table.
(dump_relocations): Add a new argument to indicate if dynamic
symbol table is used. Use get_symbol_version_string to get
symbol version string for dynamic symbol. Append version string
if needed.
(process_relocs): Updated dump_relocations call.
(process_symbol_table): Use get_symbol_version_string.
ld/testsuite/
PR binutils/16496
* ld-cris/weakref3.d: Add symbol version string to versioned
symbol names in dynamic relocation.
* ld-cris/weakref4.d: Likewise.
* ld-elfvers/vers24.rd: Likewise.
* ld-elf/pr16496a.c: New file.
* ld-elf/pr16496a.map: Likewise.
* ld-elf/pr16496b.c: Likewise.
* ld-elf/pr16496b.od: Likewise.
* ld-elf/shared.exp (build_tests): Add libpr16496a.so and
libpr16496b.so tests.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Initialise the parts of the
line number cache that would not be initialised by the copy from
the new line number table.
(coff_classify_symbol): Allow for _bfd_coff_internal_syment_name
returning NULL.
* coffgen.c (coff_get_normalized_symbols): Get the external
symbols before allocating space for the internal symbols, in case
the get fails.
* elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref
array if one is needed. Likewise with the verdef array.
* peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error
messages.
(_bfd_XXi_swap_aux_in): Make sure that all fields of the aux
structure are initialised.
(pe_print_edata): Avoid reading off the end of the data buffer.
PR binutils/17512
* coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a
symbol table bigger than the file.
* elf.c (bfd_elf_get_str_section): Do not try to load a string
table bigger than the file.
* readelf.c (process_program_headers): Avoid memory exhaustion due
to corrupt values in a dynamis segment header.
(get_32bit_elf_symbols): Do not attempt to read an over-large
section.
(get_64bit_elf_symbols): Likewise.
PR binutils/17512
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
detection table on a per-bfd basis.
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
export table.
and potential secuiryt breach.
PR binutils/17510
* srec.c (srec_bad_byte): Increase size of buf to allow for
negative values.
(srec_scan): Use an unsigned char buffer to hold header bytes.
presented with corrupt binaries.
PR binutils/17512
* elf.c (bfd_section_from_shdr): Detect and warn about ELF
binaries with a group of sections linked by the string table
indicies.
* peXXigen.c (pe_print_edata): Detect out of range rvas and
entry counts for the Export Address table, Name Pointer table
and Ordinal table.
the bfd library to parse binaries containing maliciously corrupt section
group headers.
PR binutils/17510
* elf.c (setup_group): Improve handling of corrupt group
sections.
long type instead of long long meant that bfd_seek (SET) could be called with a
negative offset.
PR ld/16803
* elf.c (_bfd_elf_set_section_contents): Use correct type to hold
file position.
When a VDSO gets large enough that it doesn't entirely fit in one page,
but not so large that the part described by the program header exceeds
one page, then gdb/BFD doesn't read the section headers and symbol
table information. This patch cures that by passing the size of the
vdso to BFD, and fixes a number of other issues in the BFD code.
bfd/
* elfcode.h (bfd_from_remote_memory): Add "size" parameter.
Consolidate code handling possible section headers past end of
segment. Don't use p_align for page size guess, instead use
minpagesize. Take note of ld.so clearing section headers when
p_memsz > p_filesz. Handle file header specifying no section
headers. Handle zero p_align throughout. Default loadbase to
zero. Add comments. Rename contents_size to high_offset, and
make it a bfd_vma. Delete unnecessary bfd_set_error calls.
* bfd-in.h (bfd_elf_bfd_from_remote_memory): Update prototpe.
* elf-bfd.h (struct elf_backend_data <elf_backend_from_remote_memory>):
Likewise.
(_bfd_elf32_bfd_from_remote_memory): Likewise.
(_bfd_elf64_bfd_from_remote_memory): Likewise.
* elf.c (bfd_elf_bfd_from_remote_memory): Adjust.
* bfd-in2.h: Regnerate.
gdb/
* symfile-mem.c (symbol_file_add_from_memory): Add size parameter.
Pass to bfd_elf_bfd_from_remote_memory. Adjust all callers.
(struct symbol_file_add_from_memory_args): Add size field.
(find_vdso_size): New function.
(add_vsyscall_page): Attempt to find vdso size.
copy_elf_program_header has logic to reject non-alloc sections when
calculating p_vaddr offset for padding, but blithely assumed the
first section in a segment was allocated.
PR 16690
* elf.c (copy_elf_program_header): Ignore first section lma if
non-alloc.
Bad linker script may lead to TLS sections separated by non-TLS sections
in output. This patch changes linker assert to a linker error to
provide better linker diagnosis.
PR ld/16498
* elf.c (_bfd_elf_map_sections_to_segments): Issue a linker error
if TLS sections are not adjacent.
This patch fixes 2 GNU_RELRO segment bugs:
1. lang_size_sections didn't properly align base to the maximum
alignment power of sections between DATA_SEGMENT_ALIGN and
DATA_SEGMENT_RELRO_END.
2. ld failed to adjust LOAD segment to generate GNU_RELRO segment
when LOAD segment doesn't fit GNU_RELRO segment. This is
https://sourceware.org/bugzilla/show_bug.cgi?id=14207
We "fixed" ld by not generating GNU_RELRO segment. This patch
adjusts LOAD segment to generate GNU_RELRO segment. It fixes
PR ld/16322 and at the same time it also fixes PR binutils/16323
since now we can adjust LOAD segment if it is too small.
bfd/
PR ld/14207
PR ld/16322
PR binutils/16323
* elf.c (_bfd_elf_map_sections_to_segments): Don't check section
size for PT_GNU_RELRO segment.
(assign_file_positions_for_load_sections): If PT_LOAD segment
doesn't fit PT_GNU_RELRO segment, adjust its p_filesz and p_memsz.
ld/
PR ld/14207
PR ld/16322
PR binutils/16323
* ldlang.c (lang_size_sections): Properly align RELRO base.
ld/testsuite/
PR ld/14207
PR ld/16322
PR binutils/16323
* ld-elf/pr16322.d: New file.
* ld-elf/pr16322.s: Likewise.
* ld-x86-64/pr14207.d: Expect PT_GNU_RELRO segment.
It is a good pratice to set the SHF_INFO_LINK bit when the sh_info field
represents a section header index.
bfd/
PR binutils/16317
* elf.c (assign_section_numbers): Set the SHF_INFO_LINK bit for
SHT_REL/SHT_RELA sections when setting the sh_info field.
binutils/testsuite/
PR binutils/16317
* binutils-all/readelf.s: Updated.
* binutils-all/readelf.s-64: Likewise.
ld/testsuite/
PR binutils/16317
* ld-elf/linkinfo1.s: New file.
* ld-elf/linkinfo1a.d: Likewise.
* ld-elf/linkinfo1b.d: Likewise.
bfd/
* elf.c (assign_file_positions_except_relocs): Set e_type in ELF
header to ET_EXEC for -pie -Ttext-segment=.
2013-12-10 H.J. Lu <hongjiu.lu@intel.com>
* ld-pie/vaddr-0.d: New file.
* ld-pie/vaddr-1.d: Likewise.
* ld-pie/vaddr.s: Likewise.
(_bfd_elf_init_reloc_shdr): Delete.
* elf.c (_bfd_elf_init_reloc_shdr): Make static.
* elf64-x86-64.c (elf_x86_64_merge_symbol): Trim parameters to
just what is needed.
* elflink.c (_bfd_elf_merge_symbol): Update bed->merge_symbol call.
* elf.c (elfcore_write_s390_tdb): New function.
(elfcore_write_register_note): Call it.
(elfcore_grok_s390_tdb): New function.
(elfcore_grok_note): Call it.
* readelf.c (get_note_type): Add NT_S390_TDB.
* elf-bfd.h (struct elf_obj_tdata): Add elf_find_function_cache.
* elf.c (elf_find_function): Revert last change. Use new
tdata field rather than static vars for cache.
Pedro Alves <palves@redhat.com>
* Makefile.in (SOURCE_HFILES): Add `elf-linux-psinfo.h'.
* elf-bfd.h (elf_internal_linux_prpsinfo): New structure
declaration.
(elfcore_write_linux_prpsinfo32, elfcore_write_linux_prpsinfo64)
(elfcore_write_ppc32_linux_prpsinfo32): New declarations.
* elf-linux-psinfo.h: New file.
* elf.c: Include elf-linux-psinfo.h.
(elfcore_write_linux_prpsinfo32, elfcore_write_linux_prpsinfo64):
New functions.
* elf32-ppc.c: Include `elf-linux-psinfo.h'.
(elf_external_ppc_linux_prpsinfo32): New structure declaration.
(PPC_LINUX_PRPSINFO32_SWAP_FIELDS): New macro.
(elfcore_write_ppc_linux_prpsinfo32): New function.
