binutils-gdb/bfd/simple.c
Jan Kratochvil 024a23103f PR binutils/16595
abfd->section_count unexpectedly changes between 218 and 248 in:

150 bfd_simple_get_relocated_section_contents (bfd *abfd,
[...]
218   saved_offsets = malloc (sizeof (struct saved_output_info)
219                           * abfd->section_count);
[...]
230	  _bfd_generic_link_add_symbols (abfd, &link_info);
[...]
248   bfd_map_over_sections (abfd, simple_restore_output_info, saved_offsets);

_bfd_generic_link_add_symbols increases section_count

and simple_restore_output_info later reads unallocated part of saved_offsets.

READ of size 8 at 0x601c0000c5c0 thread T0
    #0 0x1124770 in simple_restore_output_info (.../gdb/gdb+0x1124770)
    #1 0x10ecd51 in bfd_map_over_sections (.../gdb/gdb+0x10ecd51)
    #2 0x1125150 in bfd_simple_get_relocated_section_contents (.../gdb/gdb+0x1125150)

bfd/
2014-02-17  Jan Kratochvil  <jan.kratochvil@redhat.com>

	PR binutils/16595
	* simple.c (struct saved_offsets): New.
	(simple_save_output_info): Use it for ptr.
	(simple_restore_output_info): Use it for ptr.  Check section_count.
	(bfd_simple_get_relocated_section_contents): Use it for saved_offsets.
2014-02-17 08:32:22 +01:00

270 lines
8.3 KiB
C

/* simple.c -- BFD simple client routines
Copyright 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010, 2011
Free Software Foundation, Inc.
Contributed by MontaVista Software, Inc.
This file is part of BFD, the Binary File Descriptor library.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston,
MA 02110-1301, USA. */
#include "sysdep.h"
#include "bfd.h"
#include "libbfd.h"
#include "bfdlink.h"
static bfd_boolean
simple_dummy_warning (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
const char *warning ATTRIBUTE_UNUSED,
const char *symbol ATTRIBUTE_UNUSED,
bfd *abfd ATTRIBUTE_UNUSED,
asection *section ATTRIBUTE_UNUSED,
bfd_vma address ATTRIBUTE_UNUSED)
{
return TRUE;
}
static bfd_boolean
simple_dummy_undefined_symbol (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
const char *name ATTRIBUTE_UNUSED,
bfd *abfd ATTRIBUTE_UNUSED,
asection *section ATTRIBUTE_UNUSED,
bfd_vma address ATTRIBUTE_UNUSED,
bfd_boolean fatal ATTRIBUTE_UNUSED)
{
return TRUE;
}
static bfd_boolean
simple_dummy_reloc_overflow (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
struct bfd_link_hash_entry *entry ATTRIBUTE_UNUSED,
const char *name ATTRIBUTE_UNUSED,
const char *reloc_name ATTRIBUTE_UNUSED,
bfd_vma addend ATTRIBUTE_UNUSED,
bfd *abfd ATTRIBUTE_UNUSED,
asection *section ATTRIBUTE_UNUSED,
bfd_vma address ATTRIBUTE_UNUSED)
{
return TRUE;
}
static bfd_boolean
simple_dummy_reloc_dangerous (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
const char *message ATTRIBUTE_UNUSED,
bfd *abfd ATTRIBUTE_UNUSED,
asection *section ATTRIBUTE_UNUSED,
bfd_vma address ATTRIBUTE_UNUSED)
{
return TRUE;
}
static bfd_boolean
simple_dummy_unattached_reloc (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
const char *name ATTRIBUTE_UNUSED,
bfd *abfd ATTRIBUTE_UNUSED,
asection *section ATTRIBUTE_UNUSED,
bfd_vma address ATTRIBUTE_UNUSED)
{
return TRUE;
}
static bfd_boolean
simple_dummy_multiple_definition (struct bfd_link_info *link_info ATTRIBUTE_UNUSED,
struct bfd_link_hash_entry *h ATTRIBUTE_UNUSED,
bfd *nbfd ATTRIBUTE_UNUSED,
asection *nsec ATTRIBUTE_UNUSED,
bfd_vma nval ATTRIBUTE_UNUSED)
{
return TRUE;
}
static void
simple_dummy_einfo (const char *fmt ATTRIBUTE_UNUSED, ...)
{
}
struct saved_output_info
{
bfd_vma offset;
asection *section;
};
struct saved_offsets
{
int section_count;
struct saved_output_info *sections;
};
static void
simple_save_output_info (bfd *abfd ATTRIBUTE_UNUSED,
asection *section,
void *ptr)
{
struct saved_offsets *saved_offsets = (struct saved_offsets *) ptr;
struct saved_output_info *output_info;
output_info = &saved_offsets->sections[section->index];
output_info->offset = section->output_offset;
output_info->section = section->output_section;
if ((section->flags & SEC_DEBUGGING) != 0
|| section->output_section == NULL)
{
section->output_offset = 0;
section->output_section = section;
}
}
static void
simple_restore_output_info (bfd *abfd ATTRIBUTE_UNUSED,
asection *section,
void *ptr)
{
struct saved_offsets *saved_offsets = (struct saved_offsets *) ptr;
struct saved_output_info *output_info;
if (section->index >= saved_offsets->section_count)
return;
output_info = &saved_offsets->sections[section->index];
section->output_offset = output_info->offset;
section->output_section = output_info->section;
}
/*
FUNCTION
bfd_simple_relocate_secton
SYNOPSIS
bfd_byte *bfd_simple_get_relocated_section_contents
(bfd *abfd, asection *sec, bfd_byte *outbuf, asymbol **symbol_table);
DESCRIPTION
Returns the relocated contents of section @var{sec}. The symbols in
@var{symbol_table} will be used, or the symbols from @var{abfd} if
@var{symbol_table} is NULL. The output offsets for debug sections will
be temporarily reset to 0. The result will be stored at @var{outbuf}
or allocated with @code{bfd_malloc} if @var{outbuf} is @code{NULL}.
Returns @code{NULL} on a fatal error; ignores errors applying
particular relocations.
*/
bfd_byte *
bfd_simple_get_relocated_section_contents (bfd *abfd,
asection *sec,
bfd_byte *outbuf,
asymbol **symbol_table)
{
struct bfd_link_info link_info;
struct bfd_link_order link_order;
struct bfd_link_callbacks callbacks;
bfd_byte *contents, *data;
int storage_needed;
struct saved_offsets saved_offsets;
/* Don't apply relocation on executable and shared library. See
PR 4756. */
if ((abfd->flags & (HAS_RELOC | EXEC_P | DYNAMIC)) != HAS_RELOC
|| ! (sec->flags & SEC_RELOC))
{
contents = outbuf;
if (!bfd_get_full_section_contents (abfd, sec, &contents))
return NULL;
return contents;
}
/* In order to use bfd_get_relocated_section_contents, we need
to forge some data structures that it expects. */
/* Fill in the bare minimum number of fields for our purposes. */
memset (&link_info, 0, sizeof (link_info));
link_info.output_bfd = abfd;
link_info.input_bfds = abfd;
link_info.input_bfds_tail = &abfd->link_next;
link_info.hash = _bfd_generic_link_hash_table_create (abfd);
link_info.callbacks = &callbacks;
callbacks.warning = simple_dummy_warning;
callbacks.undefined_symbol = simple_dummy_undefined_symbol;
callbacks.reloc_overflow = simple_dummy_reloc_overflow;
callbacks.reloc_dangerous = simple_dummy_reloc_dangerous;
callbacks.unattached_reloc = simple_dummy_unattached_reloc;
callbacks.multiple_definition = simple_dummy_multiple_definition;
callbacks.einfo = simple_dummy_einfo;
memset (&link_order, 0, sizeof (link_order));
link_order.next = NULL;
link_order.type = bfd_indirect_link_order;
link_order.offset = 0;
link_order.size = sec->size;
link_order.u.indirect.section = sec;
data = NULL;
if (outbuf == NULL)
{
bfd_size_type amt = sec->rawsize > sec->size ? sec->rawsize : sec->size;
data = (bfd_byte *) bfd_malloc (amt);
if (data == NULL)
return NULL;
outbuf = data;
}
/* The sections in ABFD may already have output sections and offsets set.
Because this function is primarily for debug sections, and GCC uses the
knowledge that debug sections will generally have VMA 0 when emitting
relocations between DWARF-2 sections (which are supposed to be
section-relative offsets anyway), we need to reset the output offsets
to zero. We also need to arrange for section->output_section->vma plus
section->output_offset to equal section->vma, which we do by setting
section->output_section to point back to section. Save the original
output offset and output section to restore later. */
saved_offsets.section_count = abfd->section_count;
saved_offsets.sections = malloc (sizeof (*saved_offsets.sections)
* saved_offsets.section_count);
if (saved_offsets.sections == NULL)
{
if (data)
free (data);
return NULL;
}
bfd_map_over_sections (abfd, simple_save_output_info, &saved_offsets);
if (symbol_table == NULL)
{
_bfd_generic_link_add_symbols (abfd, &link_info);
storage_needed = bfd_get_symtab_upper_bound (abfd);
symbol_table = (asymbol **) bfd_malloc (storage_needed);
bfd_canonicalize_symtab (abfd, symbol_table);
}
else
storage_needed = 0;
contents = bfd_get_relocated_section_contents (abfd,
&link_info,
&link_order,
outbuf,
0,
symbol_table);
if (contents == NULL && data != NULL)
free (data);
bfd_map_over_sections (abfd, simple_restore_output_info, &saved_offsets);
free (saved_offsets.sections);
_bfd_generic_link_hash_table_free (link_info.hash);
return contents;
}