This fixes yet more errors in the alpha-vms buffer size checks.
* vms-alpha.c (_bfd_vms_slurp_eisd): Don't overflow when checking
offset. Don't overflow when checking rec_size, and do allow
rec_size to the end of the buffer. Ensure eisd->type can be
accessed, not just the first 32 bytes. Don't call
_bfd_vms_save_counted_string with zero length remaining. Fail
on empty string section name.
(_bfd_vms_slurp_egsd): Formatting. Catch more reads past end
of record size. Correct remaining length calculation. Fail
on empty string section name. Consolidate error paths.
Quite a few bfd_zalloc calls are wasting time clearing memory, and
should be bfd_alloc instead.
* archive.c (do_slurp_bsd_armap): Use bfd_alloc rather than
bfd_zalloc when memory is all written after the call.
(do_slurp_coff_armap): Likewise. Set bfd_error on ridiculously
large allocations that overflow bfd_size_type. Use just one
bfd_release on error exit.
(_bfd_slurp_extended_name_table): Use bfd_alloc for extended_names,
clear last byte rather than the entire array. Use bfd_alloc for
string table. Rearrange and simplify code copying file names.
* vms-alpha.c (_bfd_vms_slurp_egsd): Make base_addr a bfd_vma.
Limit alignment power. Correct and simplify alignment expression.
(evax_bfd_print_relocation_records): Avoid signed shift left.
Triggered by overflow of size calulation resulting in a too small
buffer. The testcase found one of the som_bfd_count_ar_symbols
problems.
* som.c (setup_sections): Don't overflow space_strings_size. Use
bfd_malloc2 to catch overflow of size calculation.
(som_prep_for_fixups): Use bfd_zalloc2 to catch overflow of size
calculation.
(som_build_and_write_symbol_table): Similarly use bfd_zmalloc2.
(som_slurp_symbol_table): Similarly use bfd_zmalloc2, bfd_malloc2,
and bfd_zalloc2.
(bfd_som_attach_aux_hdr): Use size_t vars for string length.
(som_bfd_count_ar_symbols): Use bfd_malloc2 to catch overflow of
size calculation. Use size_t vars for length and catch overflow.
(som_slurp_armap): Use bfd_alloc2 to catch overflow of size
calculation.
(som_bfd_ar_write_symbol_stuff): Similarly use bfd_zmalloc2 and
bfd_malloc2. Perform size calculations in bfd_size_type.
Two buffer overflows, and some over restrictive length checks.
* vms-alpha.c (add_symbol): Add "max" parameter. Error on string
length larger than max.
(_bfd_vms_slurp_egsd): Ensure record is at least large enough to
read string length byte, error if not. Pass size to add_symbol.
(_bfd_vms_slurp_etir): Don't read past end of buffer when reading
type and length. Allow read of last byte in buffer.
"count * 8 >= size" might overflow, "count >= size / 8" doesn't.
* coff-rs6000.c (_bfd_xcoff_slurp_armap): Don't overflow when
checking symbol count against section size. Guard against strlen
running off end of buffer by allocating one more byte and zeroing.
* coff64-rs6000.c (xcoff64_slurp_armap): Likewise.
This is fussing about nothing really but since I was looking at signed
vs. unsigned issues, I decided to use the correct types here.
* elf32-ppc.c (ppc_elf_get_synthetic_symtab): Use size_t for vars.
* elf64-ppc.c (sym_exists_at): Use size_t for lo, hi and mid.
PR 25237
* elf.c (assign_file_positions_for_load_sections): Attempt to
keep meaningless p_offset for PT_LOAD segments without file
contents within file size.
In Operand_soffsetx4_decode:
soffsetx4_0 = 0x4 + ((((int) offset_0 << 14) >> 14) << 2);
and other places.
Don't sign extend with shifts! This file also has many occurrences of
truncation via shifts, which aren't a problem due to using uint32, but
I dislike on principle enough to fix.
* xtensa-modules.c (Field_* functions): Don't mask using shifts.
(Operand_soffsetx4_decode, Operand_simm4_decode),
(Operand_simm8_decode, Operand_simm8x256_decode),
(Operand_simm12b_decode, Operand_label8_decode),
(Operand_label12_decode, Operand_soffset_decode),
(Operand_xt_wbr15_label_decode, Operand_xt_wbr18_label_decode): Don't
sign extend using shifts.
(Operand_immrx4_decode, Operand_uimm16x4_decode): Avoid UB in
constant.
Here, since val is signed:
*valuep = (val << scale);
* cpu-ia64-opc.c (ext_imms_scaled): Avoid undefined left shift
of negative values by using unsigned vars.
GDB Administrator
Alan Modra
Hannes Domani