bfd_zalloc/bfd_zmalloc to fix uninitialized memory reads is too big a
hammer, when the size allocated depends on user input. A typical
bfd_alloc, bfd_seek, bfd_bread sequence will give an error or warning
at the point the file read fails when some enormous item as described
by headers is not actually present in the file. Nice operating system
allow memory overcommit. But not if you write to the memory. So
bfd_zalloc can cause an OOM, thrashing, or system hangs.
The patch also fixes a recently introduced endless loop on bad input.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
memset the particular bits we need. Update src after hitting loop
"continue". Don't count lineno omitted due to invalid symbols in
nbr_func, and update lineno_count. Init entire terminating
lineno. Don't both allocating terminator in n_lineno_cache.
Redirect sym->lineno pointer to where n_lineno_cache will be
copied, and free n_lineno_cache.
* pe-mips.c (NUM_HOWTOS): Typo fix.
when displaying the contents of corrupt files.
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
PR binutils/17512
* coffcode.h (handle_COMDAT): Replace abort with BFD_ASSERT.
Replace another abort with an error message.
(coff_slurp_line_table): Add more range checking.
* peXXigen.c (pe_print_debugdata): Add range checking.
PR binutils/17512
* coffcode.h (coff_set_alignment_hook): Warn if the file lies
about the number of relocations it contains.
(coff_sort_func_alent): Return 0 if the pointers are NULL.
(coff_slurp_line_table): Add more range checks. Do not free new
tables created when sorting line numbers.
* peXXigen.c (pe_print_idata): Add range checks.
(pe_print_edata): Likewise.
(rsrc_print_resource_entries): Likewise. Avoid printing control
characters. Terminate priniting if corruption is detected.
(rsrc_print_resource_directory): Terminate printing if an unknown
directory type is encountered.
(pe_print_debugdata): Fix off-by-one error.
(rsrc_count_entries): Add range checking.
(rsrc_parse_entry): Likewise.
PR binutils/17512
* objdump.c (slurp_symtab): Fail gracefully if the table could not
be read.
(dump_relocs_in_section): Likewise.
* aoutx.h (slurp_symbol_table): Check that computed table size is
not bigger than the file from which is it being read.
(slurp_reloc_table): Likewise.
* coffcode.h (coff_slurp_line_table): Remove unneeded local
'warned'. Do not try to print the details of a symbol with an
invalid index.
* coffgen.c (make_a_sectiobn_from_file): Check computed string
index against length of string table.
(bfd_coff_internal_syment_name): Check read in string offset
against length of string table.
(build_debug_section): Return a pointer to the section used.
(_bfd_coff_read_string_table): Store the length of the string
table in the coff_tdata structure.
(bfd_coff_free_symbols): Set the length of the string table to
zero when it is freed.
(coff_get_normalized_symtab): Check offsets against string table
or data table lengths as appropriate.
* cofflink.c (_bfd_coff_link_input_bfd): Check offset against
length of string table.
* compress.c (bfd_get_full_section_contents): Check computed size
against the size of the file.
* libcoff-in.h (obj_coff_strings_len): Define.
(struct coff_tdata): Add strings_len field.
* libcoff.h: Regenerate.
* peXXigen.c (pe_print_debugdata): Do not attempt to print the
data if the debug section is too small.
* xcofflink.c (xcoff_link_input_bfd): Check offset against
length of string table.
bfd/
* peicode.h (pe_ILF_object_p): Adjust, as the version number
has been read.
(pe_bfd_object_p): Also read version number to detect ILF.
* pe-x86_64.c (COFF_WITH_PE_BIGOBJ): Define.
(x86_64pe_bigobj_vec): Define
* coffcode.h (bfd_coff_backend_data): Add _bfd_coff_max_nscns field.
(bfd_coff_max_nscns): New macro.
(coff_compute_section_file_positions): Use unsigned int for
target_index. Compare with bfd_coff_max_nscns.
(bfd_coff_std_swap_table, ticoff0_swap_table, ticoff1_swap_table):
Set a value for _bfd_coff_max_nscns.
(header_bigobj_classid): New constant.
(coff_bigobj_swap_filehdr_in, coff_bigobj_swap_filehdr_out)
(coff_bigobj_swap_sym_in, coff_bigobj_swap_sym_out)
(coff_bigobj_swap_aux_in, coff_bigobj_swap_aux_out): New
functions.
(bigobj_swap_table): New table.
* libcoff.h: Regenerate.
* coff-sh.c (bfd_coff_small_swap_table): Likewise.
* coff-alpha.c (alpha_ecoff_backend_data): Add value for
_bfd_coff_max_nscns.
* coff-mips.c (mips_ecoff_backend_data): Likewise.
* coff-rs6000.c (bfd_xcoff_backend_data)
(bfd_pmac_xcoff_backend_data): Likewise.
* coff64-rs6000.c (bfd_xcoff_backend_data)
(bfd_xcoff_aix5_backend_data): Likewise.
* targets.c (x86_64pe_bigobj_vec): Declare.
* configure.in (x86_64pe_bigobj_vec): New vector.
* configure: Regenerate.
* config.bfd: Add bigobj object format for Windows targets.
gas/
* config/tc-i386.c (use_big_obj): Declare.
(OPTION_MBIG_OBJ): Define.
(md_longopts): Add -mbig-obj option.
(md_parse_option): Handle it.
(md_show_usage): Display help for this option.
(i386_target_format): Use bigobj for x86-64 if -mbig-obj.
* doc/c-i386.texi: Document the option.
gas/testsuite/
* gas/pe/big-obj.d, gas/pe/big-obj.s: Add test.
* gas/pe/pe.exp: Add test.
include/coff/
* pe.h (struct external_ANON_OBJECT_HEADER_BIGOBJ): Declare.
(FILHSZ_BIGOBJ): Define.
(struct external_SYMBOL_EX): Declare.
(SYMENT_BIGOBJ, SYMESZ_BIGOBJ): Define.
(union external_AUX_SYMBOL_EX): Declare.
(AUXENT_BIGOBJ, AUXESZ_BIGOBJ): Define.
* internal.h (struct internal_filehdr): Change type
of f_nscns.
* coff-rs6000.c (_bfd_xcoff_sizeof_headers): Also count
.ovrflo sections.
* coffcode.h (coff_compute_section_file_positions): Force
match between file offset and vma offset.
The .except, .loader and .typchk are not mapped to memory,
so do not set their SEC_ALLOC flag.
bfd/ChangeLog:
* coffcode.h (styp_to_sec_flags) [RS6000COFF_C]: Add handling
of STYP_EXCEPT, STYP_LOADER and STYP_TYPCHK sections.
ld/testsuite/ChangeLog:
* ld-powerpc/aix-core-sec-1.hd, ld-powerpc/aix-core-sec-2.hd,
ld-powerpc/aix-core-sec-3.hd: Adjust expected section flags
for section .loader.
2012-10-18 Kai Tietz <ktietz@redhat.com>
PR binutils/14067
* coff-i386.c (bfd_target): Add section flag SEC_EXCLUDE.
Allow BFD_COMPRESS and BFD_DECOMPRESS flags.
* coff-x86_64.c: Likewise.
* coffcode.h (DOT_ZDEBUG): New define.
(sec_to_styp_flags): Check for .zdebug.
(styp_to_sec_flags): Likewise.
* coffgen.c (make_a_section): Handle .debug_* section
compression/decompression flags.
* cofflink.c (mark_relocs): Ignore relocations
for a section, which isn't marked as used.
(_bfd_coff_link_input_bfd): Add support of compressed
debug sections.
* compress.c (decompress_contents): Loop as long
as there is input available and there is room for
output.
* bfd/pe-arm.c: Add .zdebug_ partial match entry.
* pe-i386.c: Likewise.
* pe-x86_64.c: Likewise.
* peXXigen.c (_bfd_XXi_swap_aouthdr_out): Don't clear all
data-directories as this might destroy content.
* coff-i386.c (_bfd_generic_find_nearest_line_discriminator):
define as coff_find_nearest_line_discriminator.
* libcoff-in.h (coff_find_nearest_line_discriminator): New
* libcoff.h: Regenerated.
* coff-x86_64.c: Likewise.
* coffgen.c (coff_find_nearest_line_discriminator): New function.
prototype.
ChangeLog binutils
2012-10-18 Kai Tietz <ktietz@redhat.com>
* objdump.c (dump_bfd): Call dump headers after
call of slurp_symtab.
ChangeLog ld
2012-10-18 Kai Tietz <ktietz@redhat.com>
PR binutils/14067
* NEWS: Menition new feature.
* scripttempl/pep.sc: Add zdebug sections.
* scripttempl/pe.sc: L
(dwcfi_hash): New static hash variable.
(get_debugseg_name): New.
(alloc_debugseg_item): New.
(make_debug_seg): New.
(dwcfi_hash_insert): New.
(dwcfi_hash_find): New.
(dwcfi_hash_find_or_make): New.
(cfi_insn_data): New member cur_seg.
(cie_entry): Likewise.
(fde_entry): New cseg and handled members.
(alloc_fde_entry): Initialize cseg member.
(alloc_cfi_insn_data): Initialize cur_seg member.
(dot_cfi_sections): Compare for beginning of
section names via strncmp.
(get_cfi_seg): New.
(cfi_finish): Treat link-once sections.
(is_now_linkonce_segment): New local helper.
(output_cie): Ignore cie entries not member of current
segment.
(output_fde): Likewise.
(select_cie_for_fde): Likewise.
(cfi_change_reg_numbers): Add new argument for current segment
and ignore insn elements, if not part of current segment.
* ehopt.c (get_cie_info): Use strncmp for
section name matching.
(heck_eh_frame): Likewise.
* coffcode.h (sec_to_styp_flags): Allow linkonce for
debugging sections.
* scripttempl/pe.sc: Handle .eh_frame($|.)* sections.
* scripttempl/pep.sc: Likewise.
* ld-pe/pe.exp: Add cfi/cfi32 tests.
* ld-pe/cfi.d: New.
* ld-pe/cfi32.d: New.
* ld-pe/cfia.s: New.
* ld-pe/cfib.s: New.
* peXXigen.c (_bfd_XXi_final_link_postscripte): Sort pdata in temporary
buffer and use rawsize for sorting.
* coffcode.h (coff_compute_section_file_positions): Set rawsize
before doing alignment.
* coffcode.h (coff_slurp_symbol_table): Add intptr_t intermediate
typecast to avoid warning.
* elf32-rx.c: Add "bfd_stdint.h" include required for int32_t type
usage.
* elfxx-ia64.c (elfNN_ia64_relax_br): Use intptr_t typeacast instead
of long for pointer to avoid warning.
(elfNN_ia64_relax_brl): Idem.
(elfNN_ia64_install_value): Idem.
* vms-alpha.c (_bfd_vms_slurp_etir): Idem.
* coffcode.h (sec_to_styp_flags): Adjust debug
sections to be conform to pe-coff specification
and avoid marking them as excluded.
(styp_to_sec_flags): Doing reverse mapping.
* coffcode.h (coff_compute_section_file_positions): Move Rs6000COFF_C
block past vars in COFF_IMAGE_WITH_PE block. Report error on more
than 32k sections.
(record_thumb_to_arm_glue, bfd_arm_process_before_allocation):
Change member name class to symbol_class.
* bfd/coff-i960.c (coff_i960_relocate_section) Rename variable
class to class_val. Change member name class to symbol_class.
* bfd/coff-rs6000.c (_bfd_xcoff_swap_aux_in)
(_bfd_xcoff_swap_aux_out): Rename arguments class to in_class.
* bfd/coff-stgo32.c (adjust_aux_in_post)
(adjust_aux_out_pre, adjust_aux_out_post): Rename arguments class
to in_class.
* bfd/coff64-rs6000.c (_bfd_xcoff64_swap_aux_in)
(_bfd_xcoff64_swap_aux_out): Rename arguments class to in_class.
* bfd/coffcode.h (coff_pointerize_aux_hook): Rename variable class
to n_sclass.
* bfd/coffgen.c (coff_write_symbol, coff_pointerize_aux): Rename
variables named class to n_sclass. (coff_write_symbols): Rename
variable class to sym_class. (bfd_coff_set_symbol_class): Rename
argument class to symbol_class.
* bfd/cofflink.c (_bfd_coff_link_hash_newfunc)
(coff_link_add_symbols, _bfd_coff_link_input_bfd)
(_bfd_coff_write_global_sym, _bfd_coff_generic_relocate_section):
Update code to use renamed members.
* bfd/coffswap.h (coff_swap_aux_in, coff_swap_aux_out): Rename
argument class to in_class.
* bfd/libcoff-in.h (struct coff_link_hash_entry, struct
coff_debug_merge_type) Renamed members class to symbol_class and
type_class.
* bfd/libcoff.h Regenerated.
* bfd/peXXigen.c: (_bfd_XXi_swap_aux_in, _bfd_XXi_swap_aux_out):
Rename argument class to in_class.
* bfd/pef.c (bfd_pef_parse_imported_symbol): Update code to use
renamed members.
* bfd/pef.h (struct bfd_pef_imported_symbol): Changed name of
member class to symbol_class.
* binutils/ieee.c (ieee_read_cxx_misc, ieee_read_cxx_class)
(ieee_read_reference): Rename variables named class to cxxclass.
* gas/config/tc-arc.c (struct syntax_classes): Rename member class
to s_class. (arc_extinst): Rename variable class to
s_class. Update code to use renamed members.
* gas/config/tc-mips.c (insn_uses_reg): Rename argument class to
regclass.
* gas/config/tc-ppc.c (ppc_csect, ppc_change_csect, ppc_function)
(ppc_tc, ppc_is_toc_sym, ppc_symbol_new_hook, ppc_frob_label)
(ppc_fix_adjustable, md_apply_fix): Update code to use renamed
members.
* gas/config/tc-ppc.h (struct ppc_tc_sy): Change name of member
from class to symbol_class. (OBJ_COPY_SYMBOL_ATTRIBUTES): Update
code to use renamed members.
* gas/config/tc-score.c (s3_adjust_paritybit): Rename argument
class to i_class.
* gas/config/tc-score7.c (s7_adjust_paritybit): Rename argument
class to i_class.
* gprof/corefile.c (core_create_function_syms): Rename variable
class to cxxclass.
* include/coff/ti.h (GET_LNSZ_SIZE, PUT_LNSZ_SIZE): Updated name
of class variable to in_class to match changes in function that
use this macro.
* include/opcode/ia64.h (struct ia64_operand): Renamed member
class to op_class
* ld/emultempl/elf32.em (gld${EMULATION_NAME}_load_symbols)
(gld${EMULATION_NAME}_try_needed): Rename variable class to
link_class
* opcodes/ia64-dis.c (print_insn_ia64): Update code to use renamed
member.
* opcodes/m88k-dis.c (m88kdis): Rename variable class to in_class.
* opcodes/tic80-opc.c (tic80_symbol_to_value)
(tic80_value_to_symbol): Rename argument class to symbol_class.
Stop using bfd_usrdata in libbfd.
* coff-stgo32.c (bfd_coff_go32stub): Remove.
(stub_bytes, comment): Replace STUBSIZE by GO32_STUBSIZE.
(adjust_filehdr_in_post): Declare the abfd parameter as unused.
Replace STUBSIZE by GO32_STUBSIZE. Save now the stub in
filehdr_dst->u.go32.stub. New comment with the reason.
(adjust_filehdr_out_pre): Replace STUBSIZE by GO32_STUBSIZE.
Substitute the removed macro bfd_coff_go32stub.
(adjust_filehdr_out_post, adjust_scnhdr_in_post, adjust_scnhdr_out_pre)
(adjust_scnhdr_out_post, adjust_aux_in_post, adjust_aux_out_pre)
(adjust_aux_out_post): Replace STUBSIZE by GO32_STUBSIZE.
(create_go32_stub, go32_stubbed_coff_bfd_copy_private_bfd_data):
Replace STUBSIZE by GO32_STUBSIZE. Substitute the removed macro
bfd_coff_go32stub.
* coffcode.h (coff_mkobject_hook): Initialize coff->go32stub.
* libcoff-in.h (coff_data_type): New field go32stub.
* libcoff.h: Regenerated.
include/coff/
Stop using bfd_usrdata in libbfd.
* go32exe.h (struct external_filehdr_go32_exe <stub>, FILHSZ): Replace
STUBSIZE by GO32_STUBSIZE.
(STUBSIZE): Move the definition ...
* internal.h (GO32_STUBSIZE): ... here and rename it.
(struct internal_filehdr <go32stub>, F_GO32STUB): New.
* coffcode.h (sec_to_styp_flags): Partially revert (functional
changes only) earlier patch:-
2009-06-25 Kai Tietz <kai.tietz@onevision.com>
* coffcode.h (sec_to_styp_flags): Set discardable for .reloc and
give .debug and .reloc data characteristics.
(DOT_RELOC): New define for .reloc section string.
(coff_write_object_contents): Use DOT_RELOC instead of string.
* coffcode.h (sec_to_styp_flags): Set discardable for .reloc and
give .debug and .reloc data characteristics.
(DOT_RELOC): New define for .reloc section string.
(coff_write_object_contents): Use DOT_RELOC instead of string.
* coffgen.c (make_a_section_from_file): Set the backend long
section names enable if long section names found on input.
* coffcode.h: Extend long section names documentation to match.
binutils/ChangeLog
* objcopy.c (enum long_section_name_handling): New enum type.
(enum command_line_switch): Add OPTION_LONG_SECTION_NAMES.
(copy_options[]): Add entry for --long-section-names option.
(copy_usage): Document it.
(set_long_section_mode): New subroutine.
(copy_file): Call it.
(copy_main): Accept OPTION_LONG_SECTION_NAMES and parse arg.
* doc/binutils.texi: Update objcopy documentation with details
of new option.