This fixes yet more errors in the alpha-vms buffer size checks.
* vms-alpha.c (_bfd_vms_slurp_eisd): Don't overflow when checking
offset. Don't overflow when checking rec_size, and do allow
rec_size to the end of the buffer. Ensure eisd->type can be
accessed, not just the first 32 bytes. Don't call
_bfd_vms_save_counted_string with zero length remaining. Fail
on empty string section name.
(_bfd_vms_slurp_egsd): Formatting. Catch more reads past end
of record size. Correct remaining length calculation. Fail
on empty string section name. Consolidate error paths.
Quite a few bfd_zalloc calls are wasting time clearing memory, and
should be bfd_alloc instead.
* archive.c (do_slurp_bsd_armap): Use bfd_alloc rather than
bfd_zalloc when memory is all written after the call.
(do_slurp_coff_armap): Likewise. Set bfd_error on ridiculously
large allocations that overflow bfd_size_type. Use just one
bfd_release on error exit.
(_bfd_slurp_extended_name_table): Use bfd_alloc for extended_names,
clear last byte rather than the entire array. Use bfd_alloc for
string table. Rearrange and simplify code copying file names.
* vms-alpha.c (_bfd_vms_slurp_egsd): Make base_addr a bfd_vma.
Limit alignment power. Correct and simplify alignment expression.
(evax_bfd_print_relocation_records): Avoid signed shift left.
Triggered by overflow of size calulation resulting in a too small
buffer. The testcase found one of the som_bfd_count_ar_symbols
problems.
* som.c (setup_sections): Don't overflow space_strings_size. Use
bfd_malloc2 to catch overflow of size calculation.
(som_prep_for_fixups): Use bfd_zalloc2 to catch overflow of size
calculation.
(som_build_and_write_symbol_table): Similarly use bfd_zmalloc2.
(som_slurp_symbol_table): Similarly use bfd_zmalloc2, bfd_malloc2,
and bfd_zalloc2.
(bfd_som_attach_aux_hdr): Use size_t vars for string length.
(som_bfd_count_ar_symbols): Use bfd_malloc2 to catch overflow of
size calculation. Use size_t vars for length and catch overflow.
(som_slurp_armap): Use bfd_alloc2 to catch overflow of size
calculation.
(som_bfd_ar_write_symbol_stuff): Similarly use bfd_zmalloc2 and
bfd_malloc2. Perform size calculations in bfd_size_type.
Two buffer overflows, and some over restrictive length checks.
* vms-alpha.c (add_symbol): Add "max" parameter. Error on string
length larger than max.
(_bfd_vms_slurp_egsd): Ensure record is at least large enough to
read string length byte, error if not. Pass size to add_symbol.
(_bfd_vms_slurp_etir): Don't read past end of buffer when reading
type and length. Allow read of last byte in buffer.
"count * 8 >= size" might overflow, "count >= size / 8" doesn't.
* coff-rs6000.c (_bfd_xcoff_slurp_armap): Don't overflow when
checking symbol count against section size. Guard against strlen
running off end of buffer by allocating one more byte and zeroing.
* coff64-rs6000.c (xcoff64_slurp_armap): Likewise.
This is fussing about nothing really but since I was looking at signed
vs. unsigned issues, I decided to use the correct types here.
* elf32-ppc.c (ppc_elf_get_synthetic_symtab): Use size_t for vars.
* elf64-ppc.c (sym_exists_at): Use size_t for lo, hi and mid.
PR 25237
* elf.c (assign_file_positions_for_load_sections): Attempt to
keep meaningless p_offset for PT_LOAD segments without file
contents within file size.
In Operand_soffsetx4_decode:
soffsetx4_0 = 0x4 + ((((int) offset_0 << 14) >> 14) << 2);
and other places.
Don't sign extend with shifts! This file also has many occurrences of
truncation via shifts, which aren't a problem due to using uint32, but
I dislike on principle enough to fix.
* xtensa-modules.c (Field_* functions): Don't mask using shifts.
(Operand_soffsetx4_decode, Operand_simm4_decode),
(Operand_simm8_decode, Operand_simm8x256_decode),
(Operand_simm12b_decode, Operand_label8_decode),
(Operand_label12_decode, Operand_soffset_decode),
(Operand_xt_wbr15_label_decode, Operand_xt_wbr18_label_decode): Don't
sign extend using shifts.
(Operand_immrx4_decode, Operand_uimm16x4_decode): Avoid UB in
constant.
Here, since val is signed:
*valuep = (val << scale);
* cpu-ia64-opc.c (ext_imms_scaled): Avoid undefined left shift
of negative values by using unsigned vars.
In cases where a relocatable object file has a common symbol, no other
file has a definition, and there is a matching common symbol found in
a shared library then ld will output a definition using the largest of
size and alignment for the commons. This patch fixes a bug in ld that
ignored common symbols when assigning versions, resulting in such
symbols being given VER_NDX_LOCAL versions.
PR 25236
* elflink.c (_bfd_elf_link_assign_sym_version): Assign versions
for ELF_COMMON_DEF_P symbols.
(elf_link_output_extsym, _bfd_elf_add_default_symbol): Adjust to
suit.
This bug was observed on nios2-linux-gnu with some C++ programs
linked with -pie or -shared. The nios2 ABI doesn't include appropriate
relocations in this instance and GCC is also being patched not to pass
--eh-frame-hdr to the linker in those cases.
2019-12-05 Sandra Loosemore <sandra@codesourcery.com>
bfd/
* elf-eh-frame.c (_bfd_elf_discard_section_eh_frame): Make
FDE encoding warning conditional.
This patch remedies the following DW_FORM_GNU_ref_alt related problem:
/* FIXME: Do we need to locate the correct CU, in a similar
fashion to the code in the DW_FORM_ref_addr case above ? */
Without the correct CU the wrong abbrevs are used, resulting in
errors and/or wrong file names.
There is scope for further work here. Parsing of CUs should be a two
step process, with the first stage just finding the bounds of the CU.
This would allow find_abstract_instance to quickly find the CU
referenced by DW_FORM_ref_addr or DW_FORM_GNU_ref_alt, then take the
second stage of CU parsing where abbrevs, ranges and suchlike consume
time and memory. As it is, we just process CUs from the start of
.debug_info until we find the one of interest. The testcase in the PR
takes 98G of virtual memory.
PR 25230
* dwarf2.c (struct dwarf2_debug_file): Add line_table and
abbrev_offsets.
(struct abbrev_offset_entry): New.
(hash_abbrev, eq_abbrev, del_abbrev): New functions.
(read_abbrevs): Check whether we have already read abbrevs at
given offset, and add new offset/abbrev to hash table.
(decode_line_info): Keep line table at offset zero in file struct.
Return this for a cu reusing the same dir/file list.
(find_abstract_instance): Find cu for DW_FORM_GNU_ref_alt.
(_bfd_dwarf2_slurp_debug_info): Create offset/abbrev hash tables.
(_bfd_dwarf2_cleanup_debug_info): Adjust deletion of lines and
abbrevs.
read_section does offset checking, reporting an error on out of
bounds. There's no need to duplicate the check in functions calling
read_section. Also, I spotted a place where a pointer difference
expression was being cast to unsigned int, possibly truncating
relevant bits on a 64-bit host.
* dwarf2.c (read_indirect_string): Don't duplicate offset check
done in read_section.
(read_indirect_line_string): Likewise.
(read_alt_indirect_string): Likewise.
(read_alt_indirect_ref): Likewise.
(read_abbrevs): Likewise. Free memory on all failure paths.
Use correct unsigned type for pointer difference comparison.
These are unused. Remove them. Also fix the wrong sort of 0 being
returned from read_alt_indirect_ref.
* dwarf2.c (struct dwarf2_debug): Update comments. Remove sec
and sec_info_ptr.
(_bfd_dwarf2_slurp_debug_info): Don't set sec or sec_info_ptr.
(stash_comp_unit): Likewise.
(read_alt_indirect_ref): Return NULL not FALSE.
There were a number of problems with the previous patch. Firstly,
_bfd_dwarf2_stash_syms didn't do anything when the original file had
dynamic symbols, and secondly, info found by the symbol search didn't
make it out of _bfd_elf_find_nearest_line except in the case of DWARF
functions without external linkage.
PR 23652
* dwarf2.c (_bfd_dwarf2_stash_syms): Break out of loop on finding
matching section.
(_bfd_dwarf2_find_nearest_line): Return an int, with value 2 when
returning info from the symbol table. Do the _bfd_elf_find_function
search also when !found. Call _bfd_dwarf2_stash_syms regardless of
symbols.
* elf64-alpha.c (elf64_alpha_find_nearest_line): Accept dwarf2
result of 1 only.
* elfxx-mips.c (_bfd_mips_elf_find_nearest_line): Likewise.
* libbfd-in.h (_bfd_dwarf2_find_nearest_line): Update prototype.
* libbfd.h: Regenerate.
Sometimes DWARF info for a function is incomplete, and the function
can be retrieved by examining symbols. However, when separate debug
files are used it may be that the original file is completely
stripped of symbols. This patch teaches BFD to look at symbols from
the debug file in that case.
The patch also removes arm_elf_find_function, instead implementing
elf_backend_maybe_function_sym. arm_elf_find_function was written
before the generic _bfd_elf_find_function called maybe_function_sym.
aarch64 copied arm, so that file gets the same treatment. There is
some chance this will speed up arm and aarch64 lookup of function/line.
PR 23652
* dwarf2.c (_bfd_dwarf2_stash_syms): New function.
(_bfd_dwarf2_find_nearest_line): Use it here, passing syms to
_bfd_elf_find_function. Call _bfd_elf_find_function in cases
where _bfd_elf_find_nearest_line would do so.
* elf.c (_bfd_elf_find_nearest_line): Omit _bfd_elf_find_function
for dwarf2.
* elfxx-mips.c (_bfd_mips_elf_find_nearest_line): Similarly. Tidy.
* elf32-arm.c (elf32_arm_maybe_function_sym): New function.
(elf_backend_maybe_function_sym): Define.
(arm_elf_find_function, elf32_arm_find_nearest_line): Delete.
(bfd_elf32_find_nearest_line): Don't define.
* elfnn-aarch64.c (elfNN_aarch64_maybe_function_sym): New function.
(elf_backend_maybe_function_sym): Define.
(aarch64_elf_find_function, elfNN_aarch64_find_nearest_line): Delete.
(bfd_elfNN_find_nearest_line): Don't define.
Using bfd_vma for insn is to avoid having to worry about sign
propagation in expressions involving insn and sym_value when bfd_vma
is not the same as unsigned long.
* elf32-sh.c (sh_reloc): Use a bfd_vma insn.
(sh_reloc <R_SH_IND12W>): Divide calculated relocation value
by two before applying to insn. Correct overflow test.
* coff-sh.c (sh_reloc): Likewise.
and other tidies. I think it's better to default to passing the
section to bfd_octets_per_byte, even in cases where we know it won't
make a difference.
A number of the coff reloc functions used bfd_octets_per_byte wrongly,
not factoring it into the offset into the data buffer. As it happens,
the targets using those files always had bfd_octets_per_byte equal to
one, so there wasn't any detectable wrong behaviour. However, it is
wrong in the source and might cause trouble for anyone creating a new
target. Besides fixing that, the patch also defines OCTETS_PER_BYTE
as one in target files where that is appropriate.
bfd/
* archures.c (bfd_octets_per_byte): Tail call
bfd_arch_mach_octets_per_byte.
* coff-arm.c (OCTETS_PER_BYTE): Define.
(coff_arm_reloc): Introduce new "octets" temp. Use OCTETS_PER_BYTE
with section. Correct "addr". Remove ATTRIBUTE_UNUSED.
* coff-i386.c (coff_i386_reloc): Similarly.
* coff-mips.c (mips_reflo_reloc): Similarly.
* coff-x86_64.c (coff_amd64_reloc): Similarly.
* elf32-msp430.c (OCTETS_PER_BYTE): Define.
(rl78_sym_diff_handler): Use OCTETS_PER_BYTE, with section.
* elf32-nds32.c (nds32_elf_get_relocated_section_contents): Similarly.
* elf32-ppc.c (ppc_elf_addr16_ha_reloc): Similarly.
* elf32-pru.c (pru_elf32_do_ldi32_relocate): Similarly.
* elf32-s12z.c (opru18_reloc): Similarly.
* elf32-sh.c (sh_elf_reloc): Similarly.
* elf32-spu.c (spu_elf_rel9): Similarly.
* elf32-xtensa.c (bfd_elf_xtensa_reloc): Similarly.
* elf64-ppc.c (ppc64_elf_ha_reloc, ppc64_elf_brtaken_reloc),
(ppc64_elf_toc64_reloc): Similarly.
* bfd.c (bfd_get_section_limit): Pass section to bfd_octets_per_byte.
* cofflink.c (_bfd_coff_link_input_bfd),
(_bfd_coff_reloc_link_order): Likewise.
* elf.c (_bfd_elf_section_offset): Likewise.
* elflink.c (resolve_section, bfd_elf_perform_complex_relocation),
(elf_link_input_bfd, elf_reloc_link_order, elf_fixup_link_order),
(bfd_elf_final_link): Likewise.
* elf.c (_bfd_elf_make_section_from_shdr): Don't strncmp twice
to set SEC_ELF_OCTETS.
* reloc.c (bfd_perform_relocation): Tidy SEC_ELF_OCTETS special case.
(bfd_install_relocation): Likewise.
(_bfd_final_link_relocate): Don't recalculate octets.
* syms.c (_bfd_stab_section_find_nearest_line): Introduc new
"octets" temp.
* bfd-in2.h: Regenerate.
ld/
* ldexp.c (fold_name): Pass section to bfd_octets_per_byte.
* ldlang.c (init_opb): Don't call bfd_arch_mach_octets_per_byte
unnecessarily.
All symbols, sizes and relocations in this section are octets instead of
bytes. Required for DWARF debug sections as DWARF information is
organized in octets, not bytes.
bfd/
* section.c (struct bfd_section): New flag SEC_ELF_OCTETS.
* archures.c (bfd_octets_per_byte): New parameter sec.
If section is not NULL and SEC_ELF_OCTETS is set, one octet es
returned [ELF targets only].
* bfd.c (bfd_get_section_limit): Provide section parameter to
bfd_octets_per_byte.
* bfd-in2.h: regenerate.
* binary.c (binary_set_section_contents): Move call to
bfd_octets_per_byte into section loop. Provide section parameter
to bfd_octets_per_byte.
* coff-arm.c (coff_arm_reloc): Provide section parameter
to bfd_octets_per_byte.
* coff-i386.c (coff_i386_reloc): likewise.
* coff-mips.c (mips_reflo_reloc): likewise.
* coff-x86_64.c (coff_amd64_reloc): likewise.
* cofflink.c (_bfd_coff_link_input_bfd): likewise.
(_bfd_coff_reloc_link_order): likewise.
* elf.c (_bfd_elf_section_offset): likewise.
(_bfd_elf_make_section_from_shdr): likewise.
Set SEC_ELF_OCTETS for sections with names .gnu.build.attributes,
.debug*, .zdebug* and .note.gnu*.
* elf32-msp430.c (rl78_sym_diff_handler): Provide section parameter
to bfd_octets_per_byte.
* elf32-nds.c (nds32_elf_get_relocated_section_contents): likewise.
* elf32-ppc.c (ppc_elf_addr16_ha_reloc): likewise.
* elf32-pru.c (pru_elf32_do_ldi32_relocate): likewise.
* elf32-s12z.c (opru18_reloc): likewise.
* elf32-sh.c (sh_elf_reloc): likewise.
* elf32-spu.c (spu_elf_rel9): likewise.
* elf32-xtensa.c (bfd_elf_xtensa_reloc): likewise
* elf64-ppc.c (ppc64_elf_brtaken_reloc): likewise.
(ppc64_elf_addr16_ha_reloc): likewise.
(ppc64_elf_toc64_reloc): likewise.
* elflink.c (bfd_elf_final_link): likewise.
(bfd_elf_perform_complex_relocation): likewise.
(elf_fixup_link_order): likewise.
(elf_link_input_bfd): likewise.
(elf_link_sort_relocs): likewise.
(elf_reloc_link_order): likewise.
(resolve_section): likewise.
* linker.c (_bfd_generic_reloc_link_order): likewise.
(bfd_generic_define_common_symbol): likewise.
(default_data_link_order): likewise.
(default_indirect_link_order): likewise.
* srec.c (srec_set_section_contents): likewise.
(srec_write_section): likewise.
* syms.c (_bfd_stab_section_find_nearest_line): likewise.
* reloc.c (_bfd_final_link_relocate): likewise.
(bfd_generic_get_relocated_section_contents): likewise.
(bfd_install_relocation): likewise.
For section which have SEC_ELF_OCTETS set, multiply output_base
and output_offset with bfd_octets_per_byte.
(bfd_perform_relocation): likewise.
include/
* coff/ti.h (GET_SCNHDR_SIZE, PUT_SCNHDR_SIZE, GET_SCN_SCNLEN),
(PUT_SCN_SCNLEN): Adjust bfd_octets_per_byte calls.
binutils/
* objdump.c (disassemble_data): Provide section parameter to
bfd_octets_per_byte.
(dump_section): likewise
(dump_section_header): likewise. Show SEC_ELF_OCTETS flag if set.
gas/
* as.h: Define SEC_OCTETS as SEC_ELF_OCTETS if OBJ_ELF.
* dwarf2dbg.c: (dwarf2_finish): Set section flag SEC_OCTETS for
.debug_line, .debug_info, .debug_abbrev, .debug_aranges, .debug_str
and .debug_ranges sections.
* write.c (maybe_generate_build_notes): Set section flag
SEC_OCTETS for .gnu.build.attributes section.
* frags.c (frag_now_fix): Don't divide by OCTETS_PER_BYTE if
SEC_OCTETS is set.
* symbols.c (resolve_symbol_value): Likewise.
ld/
* ldexp.c (fold_name): Provide section parameter to
bfd_octets_per_byte.
* ldlang (init_opb): New argument s. Set opb_shift to 0 if
SEC_ELF_OCTETS for the current section is set.
(print_input_section): Pass current section to init_opb.
(print_data_statement,print_reloc_statement,
print_padding_statement): Likewise.
(lang_check_section_addresses): Call init_opb for each
section.
(lang_size_sections_1,lang_size_sections_1,
lang_do_assignments_1): Likewise.
(lang_process): Pass NULL to init_opb.
This code in elf_link_add_object_symbols:
ret = elf_add_dt_needed_tag (abfd, info, soname, add_needed);
if (ret < 0)
goto error_return;
/* If we have already included this dynamic object in the
link, just ignore it. There is no reason to include a
particular dynamic object more than once. */
if (ret > 0)
return TRUE;
prevents a shared library from being loaded twice by ensuring that any
library soname doesn't match the soname of one already loaded. This
happens before sym_hashes are allocated, which leaves sym_hashes NULL.
cmse_scan looks at library symbols, and when attempting to look up a
global symbol will segfault if sym_hashes is zero.
* elf32-arm.c (elf32_arm_size_stubs): Exclude dynamic library
BFDs that have not been loaded.
The testcase in this PR triggered "BFD_ASSERT (p2->is_sym)" by
sneakily generating a C_FILE sym whose value pointed into auxents.
The fix then is in the last changed line of this patch, to check
p->is_sym as well as p->u.syment.n_sclass. The other changes fix
various overflow checks that weren't as solid as they could be.
PR 25197
* coffgen.c (coff_find_nearest_line_with_names): Check that C_FILE
u.syment.n_value does point at another C_FILE sym and not into
some auxent that happens to look like a C_FILE. Properly check
for integer overflow and avoid possible pointer wrap-around.
Simplify pr17512 checks.
This patch renames elf_backend_modify_program_headers and moves the
elf.c code tweaking the ELF file header for -pie -Ttext-segment to a
new function, _bfd_elf_modify_headers, which then becomes the default
elf_backed_modify_headers and is called from any other target
elf_backed_modify_headers.
* elf-bfd.h (struct elf_backend_data <elf_backend_modify_headers>):
Rename from elf_backend_modify_program_headers.
(_bfd_elf_modify_headers): Declare.
* elf.c (assign_file_positions_except_relocs): Set
elf_program_header_size. Always call elf_backend_modify_headers.
Extract code modifying file header..
(_bfd_elf_modify_headers): ..to here. New function.
* elf32-arm.c (elf_backend_modify_headers): Renamed from
elf_backend_modify_program_headers.
* elf32-i386.c: Similarly.
* elf64-x86-64.c: Similarly.
* elfxx-target.h: Similarly. Default elf_backend_modify_headers
to _bfd_elf_modify_headers.
* elf-nacl.h (nacl_modify_headers): Rename from
nacl_modify_program_headers.
* elf-nacl.c (nacl_modify_headers): Rename from
nacl_modify_program_headers and call _bfd_elf_modify_headers.
* elf32-rx.c (elf32_rx_modify_headers): Similarly.
* elf32-spu.c (spu_elf_modify_headers): Similarly.
* elfnn-ia64.c (elfNN_ia64_modify_headers): Similarly.
* elf32-sh.c (elf_backend_modify_program_headers): Don't undef.
This patch introduces a new "sorry, cannot handle this file" bfd error
status. The idea is to use this error in cases where bfd hasn't found
a bfd_bad_value error, ie. an input file or set of options that are
invalid, but rather an input file that is simply too difficult to
process. Typically this might happen with fuzzed object files such as
the one in the PR, a wildly improbable core file. Some things are
just not worth wasting time over to fix "properly".
PR 25196
* bfd.c (bfd_error_type): Add bfd_error_sorry.
(bfd_errmsgs): Likewise.
* elf.c (rewrite_elf_program_header): Don't abort on confused
lma/alignment. Replace bfd_error_bad_value with bfd_error_sorry.
(_bfd_elf_validate_reloc): Use bfd_error_sorry.
(_bfd_elf_final_write_processing): Likewise.
* bfd-in2.h: Regenerate.
Make _bfd_riscv_relax_call handle section alignment padding same as
the _bfd_riscv_relax_lui and _bfd_riscv_relax_pc functions already
do. Use the max section alignment if section boundaries are crossed,
otherwise the alignment of the containing section.
bfd/
PR 25181
* elfnn-riscv.c (_bfd_riscv_relax_call): Always add max_alignment to
foff. If sym_sec->output_section and sec->output_section are the same
and not *ABS* then set max_alignment to that section's alignment.
ld/
PR 25181
* testsuite/ld-riscv-elf/call-relax-0.s: New file.
* testsuite/ld-riscv-elf/call-relax-1.s: New file.
* testsuite/ld-riscv-elf/call-relax-2.s: New file.
* testsuite/ld-riscv-elf/call-relax-3.s: New file.
* testsuite/ld-riscv-elf/call-relax.d: New test.
* testsuite/ld-riscv-elf/ld-riscv-elf.exp: Run call-relax test.
Change-Id: Iaf65cee52345abf1955f36e8e72c4f6cc0db8d9a
I think it is past time to remove CR16C support. CR16C was added in
2004, and only for ld. gas and binutils support is lacking, and there
have been no commits to bfd/elf32-cr16c.c other than warning fixes or
global maintainers making changes to all targets. I see no maintainer
listed for CR16C, and no commits from anyone at NSC supporting the
target. Furthermore, at the time the CR16 support was added in 2007,
config.sub was changed upstream to no longer recognise cr16c as a
valid cpu. That means the CR16C ld support is only available as a
secondary target by configuring with, for example,
--enable-targets=all or --enable-targets=cr16c-unknown-elf. No
testing of the CR16C target is possible.
include/
* elf/cr16c.h: Delete.
bfd/
* cpu-cr16c.c: Delete.
* elf32-cr16c.c: Delete.
* Makefile.am,
* archures.c,
* config.bfd,
* configure.ac,
* reloc.c,
* targets.c: Remove cr16c support.
* Makefile.in,
* bfd-in2.h,
* configure,
* libbfd.h,
* po/SRC-POTFILES.in: Regenerate.
ld/
* emulparams/elf32cr16c.sh: Delete.
* scripttempl/elf32cr16c.sc: Delete.
* Makefile.am,
* configure.tgt: Remove cr16c support.
* NEWS: Mention removal of cr16c.
* Makefile.in,
* po/BLD-POTFILES.in: Regenerate.
* doc/chew.c (add_to_definition): Use correct type when
calculating size of array reallocation.
(nextword): Always initialise the word return parameter.
(compile): Check return value of nextword().
Alan Modra
Hannes Domani
Sandra Loosemore
Nick Clifton
Christian Eggers
Jim Wilson
Tim R?hsen