Function symbols of course don't normally want .dynbss copies but
with some old versions of gcc they are needed to copy the function
descriptor. This patch restricts the cases where they are useful to
compilers using dot-symbols, and enables the warning regardless of
whether a PLT entry is emitted in the executable. PLTs in shared
libraries are affected by a .dynbss copy in the executable.
bfd/
PR 25384
* elf64-ppc.c (ELIMINATE_COPY_RELOCS): Update comment.
(ppc64_elf_adjust_dynamic_symbol): Don't allow .dynbss copies
of function symbols unless dot symbols are present. Do warn
whenever one is created, regardles of whether a PLT entry is
also emitted for the function symbol.
ld/
* testsuite/ld-powerpc/ambiguousv1b.d: Adjust expected output.
* testsuite/ld-powerpc/funref.s: Align func_tab.
* testsuite/ld-powerpc/funref2.s: Likewise.
* testsuite/ld-powerpc/funv1.s: Add dot symbols.
I thought the fuzzers were really going overboard by defining
VMS_DEBUG but that wasn't the case. VMS_DEBUG is defined by
default. Let's not do that, and fix the segv as well.
* vms.h (VMS_DEBUG): Define as 0.
* vms-alpha.c (image_write): Move debug output after bounds check.
Tidy bounds check.
(_bfd_vms_slurp_eihd): Warning fix.
(_bfd_vms_slurp_etir): Init variables to avoid bogus warnings.
It's always a bad idea to perform arithmetic on an unknown value read
from an object file before comparing against bounds. Code like the
following attempting to bounds check "len", a 64-bit value, isn't
effective because the pointer arithmetic ignores the high 32 bits when
compiled for a 32-bit host.
READ_LEB128 (len, p, end);
if (p + len < p || p + len > end)
goto error_return;
Instead, perform any arithmetic on known values where we don't need to
worry about overflows:
READ_LEB128 (len, p, end);
if (len > (size_t) (end - p))
goto error_return;
I'll note that this check does do things the right way:
READ_LEB128 (symcount, p, end);
/* Sanity check: each symbol has at least two bytes. */
if (symcount > payload_size / 2)
return FALSE;
"symcount * 2 > payload_size" would be wrong since the multiply could
overflow.
* wasm-module.c (wasm_scan_name_function_section): Formatting.
Delete asect name check. Move asect NULL check to wasm_object_p.
Correct bounds check of sizes against end. Replace uses of
bfd_zalloc with bfd_alloc, zeroing only necessary bytes. Use
just one bfd_release.
(wasm_scan): Don't use malloc/strdup for section names,
bfd_alloc instead. Simplify code prefixing section name.
Formatting. Don't attempt to free memory here..
(wasm_object_p): ..do so here. Formatting.
With static PIE linking undefined weak symbols are resolved to 0, so no
dynamic relocation is needed for them. The UNDEFWEAK_NO_DYNAMIC_RELOC
macro was introduced so this case can be handled easily, but it was not
applied consistently in the first attempt to fix ld/22269 for arm:
commit 95b03e4ad6
arm: Check UNDEFWEAK_NO_DYNAMIC_RELOC
This patch fixes spurious relative relocs in static PIE binaries against
GOT entries created for undefined weak symbols on arm*-*, this fixes
FAIL: pr22269-1 (static pie undefined weak)
bfd/ChangeLog:
PR ld/22269
* elf32-arm.c (elf32_arm_final_link_relocate): Use
UNDEFWEAK_NO_DYNAMIC_RELOC.
(allocate_dynrelocs_for_symbol): Likewise.
This changes the fix to PR 25210 by removing the ELF class change.
As it turns out the correct change was only the change in compress.c.
Everything else is unneeded and setting the elf class is making the linker
behave very oddly under LTO. The first stub is correctly written out but for
the rest the suddenly don't have a pointer to the stub section anymore.
This caused SPEC to fail as the program would branch to the stub and it wouldn't
be filled in.
Committed to master under the trivial rule as this is partially reverting a previous commit.
bfd/ChangeLog:
PR 25210
* elfnn-aarch64.c (_bfd_aarch64_create_stub_section): Remove elfclass.
Since 1993-11-05 git commit c188b0bec3, bfd_check_format has failed
if any of the target object_p functions returns false with any error
but bfd_error_wrong_format. That's just weird. There is really no
reason why coff_real_object_p should be fixed to only return that
error instead of numerous other possible errors. Even an out of
memory condition for one target doesn't necessarily mean other targets
can't match, assuming the failing target nicely returns all memory it
might have used.
* format.c (bfd_check_format_matches): Ignore bfd_error on target
match failures. Don't init to bfd_error_wrong_format before
calling _bfd_check_format.
BFD is not supposed to exit or abort on anything the user can do.
* vms-alpha.c (_bfd_vms_push, _bfd_vms_pop): Return pass/fail
status rather than exiting on stack overflow or underflow.
(_bfd_vms_slurp_etir): Adjust to suit.
Fixes lots of places the fuzzers are going to find, and the one they
already hit.
* mach-o.c (bfd_mach_o_read_dylinker): Don't read past end of
command. Check name offset is within command.
(bfd_mach_o_read_dylib, bfd_mach_o_read_prebound_dylib),
(bfd_mach_o_read_prebind_cksum, bfd_mach_o_read_twolevel_hints),
(bfd_mach_o_read_fvmlib, bfd_mach_o_read_dysymtab),
(bfd_mach_o_read_symtab, bfd_mach_o_read_uuid),
(bfd_mach_o_read_linkedit, bfd_mach_o_read_str),
(bfd_mach_o_read_dyld_info, bfd_mach_o_read_version_min),
(bfd_mach_o_read_encryption_info, bfd_mach_o_read_source_version),
(bfd_mach_o_read_encryption_info_64, bfd_mach_o_read_main),
(bfd_mach_o_read_note, bfd_mach_o_read_build_version),
(bfd_mach_o_read_segment): Similarly.
(bfd_mach_o_read_thread): Properly bound check thread struct.
Don't repeat checks on second loop.
(bfd_mach_o_read_command): Fail on invalid command length.
It's a little tricky. We can release any memory back when we have a
match failure, but after a match success which we might want to
preserve for later use the high water mark must change to that of the
matched bfd.
* format.c (bfd_check_format_matches): Add preserve_match.
Save initial bfd state in "preserve", matched bfd state in
"preserve_match". Save just the first match. Release
bfd_alloc memory. Restore and finish preserved state as
appropriate on all function exit paths.
object_p functions cannot allocate memory by malloc and not free it
before returning. Even a successful target match may not be the best
match. If a match isn't used then those malloc'd blocks won't be
freed.
* coffgen.c (coff_real_object_p): Free malloc'd memory on target
match too.
PR 25307
(bfd_pef_parse_function_stubs): Correct the test that ensures that
there is enough data remaining in the code buffer before
attempting to read a function stub.
ld/PR25316
* elfnn-ia64.c (elfNN_ia64_merge_private_bfd_data): don't fail
on binary inputs ld/PR25316.
(is_ia64_elf): new helper to filter on ia64 objects.
PR 25224
bfd * Makefile.am: Add z80-elf target support.
* configure.ac: Likewise.
* targets.c: Likewise.
* config.bfd: Add z80-elf target support and new arches: ez80 and z180.
* elf32-z80.c: New file.
* archures.c: Add new z80 architectures: eZ80 and Z180.
* coffcode.h: Likewise.
* cpu-z80.c: Likewise.
* bfd-in2.h: Likewise plus additional Z80 relocations.
* coff-z80.c: Add new relocations for Z80 target and local label check.
gas * config/tc-z80.c: Add new architectures: Z180 and eZ80. Add support
for assembler code generated by SDCC. Add new relocation types. Add
z80-elf target support.
* config/tc-z80.h: Add z80-elf target support. Enable dollar local
labels. Local labels starts from ".L".
* testsuite/gas/all/fwdexp.d: Fix failure due to symbol conflict.
* testsuite/gas/all/fwdexp.s: Likewise.
* testsuite/gas/z80/suffix.d: Fix failure on ELF target.
* testsuite/gas/z80/z80.exp: Add new tests
* testsuite/gas/z80/dollar.d: New file.
* testsuite/gas/z80/dollar.s: New file.
* testsuite/gas/z80/ez80_adl_all.d: New file.
* testsuite/gas/z80/ez80_adl_all.s: New file.
* testsuite/gas/z80/ez80_adl_suf.d: New file.
* testsuite/gas/z80/ez80_isuf.s: New file.
* testsuite/gas/z80/ez80_z80_all.d: New file.
* testsuite/gas/z80/ez80_z80_all.s: New file.
* testsuite/gas/z80/ez80_z80_suf.d: New file.
* testsuite/gas/z80/r800_extra.d: New file.
* testsuite/gas/z80/r800_extra.s: New file.
* testsuite/gas/z80/r800_ii8.d: New file.
* testsuite/gas/z80/r800_z80_doc.d: New file.
* testsuite/gas/z80/z180.d: New file.
* testsuite/gas/z80/z180.s: New file.
* testsuite/gas/z80/z180_z80_doc.d: New file.
* testsuite/gas/z80/z80_doc.d: New file.
* testsuite/gas/z80/z80_doc.s: New file.
* testsuite/gas/z80/z80_ii8.d: New file.
* testsuite/gas/z80/z80_ii8.s: New file.
* testsuite/gas/z80/z80_in_f_c.d: New file.
* testsuite/gas/z80/z80_in_f_c.s: New file.
* testsuite/gas/z80/z80_op_ii_ld.d: New file.
* testsuite/gas/z80/z80_op_ii_ld.s: New file.
* testsuite/gas/z80/z80_out_c_0.d: New file.
* testsuite/gas/z80/z80_out_c_0.s: New file.
* testsuite/gas/z80/z80_reloc.d: New file.
* testsuite/gas/z80/z80_reloc.s: New file.
* testsuite/gas/z80/z80_sli.d: New file.
* testsuite/gas/z80/z80_sli.s: New file.
ld * Makefile.am: Add new target z80-elf
* configure.tgt: Likewise.
* emultempl/z80.em: Add support for eZ80 and Z180 architectures.
* emulparams/elf32z80.sh: New file.
* emultempl/z80elf.em: Likewise.
* testsuite/ld-z80/arch_ez80_adl.d: Likewise.
* testsuite/ld-z80/arch_ez80_z80.d: Likewise.
* testsuite/ld-z80/arch_r800.d: Likewise.
* testsuite/ld-z80/arch_z180.d: Likewise.
* testsuite/ld-z80/arch_z80.d: Likewise.
* testsuite/ld-z80/comb_arch_ez80_z80.d: Likewise.
* testsuite/ld-z80/comb_arch_z180.d: Likewise.
* testsuite/ld-z80/labels.s: Likewise.
* testsuite/ld-z80/relocs.s: Likewise.
* testsuite/ld-z80/relocs_b_ez80.d: Likewise.
* testsuite/ld-z80/relocs_b_z80.d: Likewise.
* testsuite/ld-z80/relocs_f_z80.d: Likewise.
* testsuite/ld-z80/z80.exp: Likewise.
opcodes * z80-dis.c: Add support for eZ80 and Z80 instructions.
This fixes PR 25210 by specifying the the correct ELF class for AArch64 stubs.
After doing this the stub section starts behaving like a normal object file
loaded from disk. That is SEC_LINKER_CREATED causes us to have to write the
section manually.
This flag was added as a fix for PR 24753. I believe that
fix to still be correct as linker created sections don't have a size on disk
and it fixes the Arm bootstrap regression. But in this case specifying the
correct section class also makes the stub section not be considered by
compress.c.
So I'm partially revert this change so that we don't have to manage the section
manually as implied by SEC_LINKER_CREATED.
bfd/ChangeLog:
PR 25210
PR 24753
* elfnn-aarch64.c (_bfd_aarch64_create_stub_section): Set ELF class.
ld/ChangeLog:
PR 25210
PR 24753
* emultempl/aarch64elf.em (elf${ELFSIZE}_aarch64_add_stub_section):
Remove SEC_LINKER_CREATED.
* testsuite/ld-aarch64/aarch64-elf.exp: Add erratum835769-843419.
* testsuite/ld-aarch64/erratum835769-843419.d: New test.
This fixes yet more errors in the alpha-vms buffer size checks.
* vms-alpha.c (_bfd_vms_slurp_eisd): Don't overflow when checking
offset. Don't overflow when checking rec_size, and do allow
rec_size to the end of the buffer. Ensure eisd->type can be
accessed, not just the first 32 bytes. Don't call
_bfd_vms_save_counted_string with zero length remaining. Fail
on empty string section name.
(_bfd_vms_slurp_egsd): Formatting. Catch more reads past end
of record size. Correct remaining length calculation. Fail
on empty string section name. Consolidate error paths.
Quite a few bfd_zalloc calls are wasting time clearing memory, and
should be bfd_alloc instead.
* archive.c (do_slurp_bsd_armap): Use bfd_alloc rather than
bfd_zalloc when memory is all written after the call.
(do_slurp_coff_armap): Likewise. Set bfd_error on ridiculously
large allocations that overflow bfd_size_type. Use just one
bfd_release on error exit.
(_bfd_slurp_extended_name_table): Use bfd_alloc for extended_names,
clear last byte rather than the entire array. Use bfd_alloc for
string table. Rearrange and simplify code copying file names.
* vms-alpha.c (_bfd_vms_slurp_egsd): Make base_addr a bfd_vma.
Limit alignment power. Correct and simplify alignment expression.
(evax_bfd_print_relocation_records): Avoid signed shift left.
Triggered by overflow of size calulation resulting in a too small
buffer. The testcase found one of the som_bfd_count_ar_symbols
problems.
* som.c (setup_sections): Don't overflow space_strings_size. Use
bfd_malloc2 to catch overflow of size calculation.
(som_prep_for_fixups): Use bfd_zalloc2 to catch overflow of size
calculation.
(som_build_and_write_symbol_table): Similarly use bfd_zmalloc2.
(som_slurp_symbol_table): Similarly use bfd_zmalloc2, bfd_malloc2,
and bfd_zalloc2.
(bfd_som_attach_aux_hdr): Use size_t vars for string length.
(som_bfd_count_ar_symbols): Use bfd_malloc2 to catch overflow of
size calculation. Use size_t vars for length and catch overflow.
(som_slurp_armap): Use bfd_alloc2 to catch overflow of size
calculation.
(som_bfd_ar_write_symbol_stuff): Similarly use bfd_zmalloc2 and
bfd_malloc2. Perform size calculations in bfd_size_type.
Two buffer overflows, and some over restrictive length checks.
* vms-alpha.c (add_symbol): Add "max" parameter. Error on string
length larger than max.
(_bfd_vms_slurp_egsd): Ensure record is at least large enough to
read string length byte, error if not. Pass size to add_symbol.
(_bfd_vms_slurp_etir): Don't read past end of buffer when reading
type and length. Allow read of last byte in buffer.
"count * 8 >= size" might overflow, "count >= size / 8" doesn't.
* coff-rs6000.c (_bfd_xcoff_slurp_armap): Don't overflow when
checking symbol count against section size. Guard against strlen
running off end of buffer by allocating one more byte and zeroing.
* coff64-rs6000.c (xcoff64_slurp_armap): Likewise.
This is fussing about nothing really but since I was looking at signed
vs. unsigned issues, I decided to use the correct types here.
* elf32-ppc.c (ppc_elf_get_synthetic_symtab): Use size_t for vars.
* elf64-ppc.c (sym_exists_at): Use size_t for lo, hi and mid.
PR 25237
* elf.c (assign_file_positions_for_load_sections): Attempt to
keep meaningless p_offset for PT_LOAD segments without file
contents within file size.
Alan Modra
Szabolcs Nagy
Tamar Christina
Nick Clifton
Jim Wilson
Sergei Trofimovich
Jan Beulich
Sergey Belyashov
Hannes Domani