/* ELF executable support for BFD.
- Copyright (C) 1991-2014 Free Software Foundation, Inc.
+ Copyright (C) 1991-2020 Free Software Foundation, Inc.
Written by Fred Fish @ Cygnus Support, from information published
in "UNIX System V Release 4, Programmers Guide: ANSI C and
dst->sh_addr = H_GET_WORD (abfd, src->sh_addr);
dst->sh_offset = H_GET_WORD (abfd, src->sh_offset);
dst->sh_size = H_GET_WORD (abfd, src->sh_size);
+ /* PR 23657. Check for invalid section size, in sections with contents.
+ Note - we do not set an error value here because the contents
+ of this particular section might not be needed by the consumer. */
+ if (dst->sh_type != SHT_NOBITS
+ && dst->sh_size > bfd_get_file_size (abfd))
+ _bfd_error_handler
+ (_("warning: %pB has a corrupt section with a size (%" BFD_VMA_FMT "x) larger than the file size"),
+ abfd, dst->sh_size);
dst->sh_link = H_GET_32 (abfd, src->sh_link);
dst->sh_info = H_GET_32 (abfd, src->sh_info);
dst->sh_addralign = H_GET_WORD (abfd, src->sh_addralign);
unsigned int shindex;
const struct elf_backend_data *ebd;
asection *s;
- bfd_size_type amt;
const bfd_target *target;
/* Read in the ELF header in external format. */
if (i_ehdrp->e_shoff != 0)
{
- bfd_signed_vma where = i_ehdrp->e_shoff;
-
- if (where != (file_ptr) where)
- goto got_wrong_format_error;
+ file_ptr where = (file_ptr) i_ehdrp->e_shoff;
/* Seek to the section header table in the file. */
- if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
+ if (bfd_seek (abfd, where, SEEK_SET) != 0)
goto got_no_match;
/* Read the first section header at index 0, and convert to internal
goto got_wrong_format_error;
where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr);
- if (where != (file_ptr) where)
- goto got_wrong_format_error;
if ((bfd_size_type) where <= i_ehdrp->e_shoff)
goto got_wrong_format_error;
- if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
+ if (bfd_seek (abfd, where, SEEK_SET) != 0)
goto got_no_match;
if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
goto got_no_match;
/* Back to where we were. */
where = i_ehdrp->e_shoff + sizeof (x_shdr);
- if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
+ if (bfd_seek (abfd, where, SEEK_SET) != 0)
goto got_no_match;
}
}
Elf_Internal_Shdr *shdrp;
unsigned int num_sec;
- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum;
- i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
+#ifndef BFD64
+ if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
+ goto got_wrong_format_error;
+#endif
+ i_shdrp = (Elf_Internal_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
+ sizeof (*i_shdrp));
if (!i_shdrp)
goto got_no_match;
num_sec = i_ehdrp->e_shnum;
elf_numsections (abfd) = num_sec;
- amt = sizeof (i_shdrp) * num_sec;
- elf_elfsections (abfd) = (Elf_Internal_Shdr **) bfd_alloc (abfd, amt);
+ elf_elfsections (abfd)
+ = (Elf_Internal_Shdr **) bfd_alloc2 (abfd, num_sec, sizeof (i_shdrp));
if (!elf_elfsections (abfd))
goto got_no_match;
switch (ebd->elf_machine_code)
{
case EM_386:
- case EM_486:
+ case EM_IAMCU:
case EM_X86_64:
case EM_OLD_SPARCV9:
case EM_SPARC32PLUS:
!= 0))
abfd->flags &= ~D_PAGED;
}
- }
- /* A further sanity check. */
- if (i_ehdrp->e_shnum != 0)
- {
- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
+ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
+ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
{
/* PR 2257:
We used to just goto got_wrong_format_error here
So we are kind, and reset the string index value to 0
so that at least some processing can be done. */
i_ehdrp->e_shstrndx = SHN_UNDEF;
- _bfd_error_handler (_("warning: %s has a corrupt string table index - ignoring"), abfd->filename);
+ _bfd_error_handler
+ (_("warning: %pB has a corrupt string table index - ignoring"),
+ abfd);
}
}
else if (i_ehdrp->e_shstrndx != SHN_UNDEF)
Elf_Internal_Phdr *i_phdr;
unsigned int i;
- amt = i_ehdrp->e_phnum * sizeof (Elf_Internal_Phdr);
- elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
+#ifndef BFD64
+ if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
+ goto got_wrong_format_error;
+#endif
+ /* Check for a corrupt input file with an impossibly large number
+ of program headers. */
+ if (bfd_get_file_size (abfd) > 0
+ && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
+ goto got_no_match;
+ elf_tdata (abfd)->phdr
+ = (Elf_Internal_Phdr *) bfd_alloc2 (abfd, i_ehdrp->e_phnum,
+ sizeof (*i_phdr));
if (elf_tdata (abfd)->phdr == NULL)
goto got_no_match;
if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_phoff, SEEK_SET) != 0)
rela_hdr = elf_section_data (sec)->rel.hdr;
rela_hdr->sh_size = rela_hdr->sh_entsize * sec->reloc_count;
- rela_hdr->contents = (unsigned char *) bfd_alloc (abfd, rela_hdr->sh_size);
+ rela_hdr->contents = (unsigned char *) bfd_alloc2 (abfd, sec->reloc_count,
+ rela_hdr->sh_entsize);
if (rela_hdr->contents == NULL)
{
*failedp = TRUE;
return;
}
+ if (ptr->howto == NULL)
+ {
+ *failedp = TRUE;
+ return;
+ }
+
src_rela.r_offset = ptr->address + addr_offset;
src_rela.r_info = ELF_R_INFO (n, ptr->howto->type);
src_rela.r_addend = ptr->addend;
while (count--)
{
Elf_External_Phdr extphdr;
+
elf_swap_phdr_out (abfd, phdr, &extphdr);
if (bfd_bwrite (&extphdr, sizeof (Elf_External_Phdr), abfd)
!= sizeof (Elf_External_Phdr))
i_shdrp[0]->sh_link = i_ehdrp->e_shstrndx;
/* at this point we've concocted all the ELF sections... */
- amt = i_ehdrp->e_shnum;
- amt *= sizeof (*x_shdrp);
- x_shdrp = (Elf_External_Shdr *) bfd_alloc (abfd, amt);
+ x_shdrp = (Elf_External_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
+ sizeof (*x_shdrp));
if (!x_shdrp)
return FALSE;
#endif
elf_swap_shdr_out (abfd, *i_shdrp, x_shdrp + count);
}
+ amt = (bfd_size_type) i_ehdrp->e_shnum * sizeof (*x_shdrp);
if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0
|| bfd_bwrite (x_shdrp, amt, abfd) != amt)
return FALSE;
Elf_External_Versym *xver;
Elf_External_Versym *xverbuf = NULL;
const struct elf_backend_data *ebd;
- bfd_size_type amt;
/* Read each raw ELF symbol, converting from external ELF form to
internal ELF form, and then using the information to create a
if (isymbuf == NULL)
return -1;
- amt = symcount;
- amt *= sizeof (elf_symbol_type);
- symbase = (elf_symbol_type *) bfd_zalloc (abfd, amt);
+ symbase = (elf_symbol_type *) bfd_zalloc2 (abfd, symcount,
+ sizeof (elf_symbol_type));
if (symbase == (elf_symbol_type *) NULL)
goto error_return;
if (verhdr != NULL
&& verhdr->sh_size / sizeof (Elf_External_Versym) != symcount)
{
- (*_bfd_error_handler)
- (_("%s: version count (%ld) does not match symbol count (%ld)"),
- abfd->filename,
- (long) (verhdr->sh_size / sizeof (Elf_External_Versym)),
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB: version count (%" PRId64 ")"
+ " does not match symbol count (%ld)"),
+ abfd,
+ (int64_t) (verhdr->sh_size / sizeof (Elf_External_Versym)),
symcount);
/* Slurp in the symbols without the version information,
for (isym = isymbuf + 1, sym = symbase; isym < isymend; isym++, sym++)
{
memcpy (&sym->internal_elf_sym, isym, sizeof (Elf_Internal_Sym));
- sym->symbol.the_bfd = abfd;
+ sym->symbol.the_bfd = abfd;
sym->symbol.name = bfd_elf_sym_name (abfd, hdr, isym, NULL);
-
sym->symbol.value = isym->st_value;
if (isym->st_shndx == SHN_UNDEF)
case STT_COMMON:
/* FIXME: Do we have to put the size field into the value field
as we do with symbols in SHN_COMMON sections (see above) ? */
+ sym->symbol.flags |= BSF_ELF_COMMON;
/* Fall through. */
case STT_OBJECT:
sym->symbol.flags |= BSF_OBJECT;
i < reloc_count;
i++, relent++, native_relocs += entsize)
{
+ bfd_boolean res;
Elf_Internal_Rela rela;
if (entsize == sizeof (Elf_External_Rela))
relent->address = rela.r_offset - asect->vma;
if (ELF_R_SYM (rela.r_info) == STN_UNDEF)
+ /* FIXME: This and the error case below mean that we have a
+ symbol on relocs that is not elf_symbol_type. */
relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
else if (ELF_R_SYM (rela.r_info) > symcount)
{
- (*_bfd_error_handler)
- (_("%s(%s): relocation %d has invalid symbol index %ld"),
- abfd->filename, asect->name, i, ELF_R_SYM (rela.r_info));
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB(%pA): relocation %d has invalid symbol index %ld"),
+ abfd, asect, i, (long) ELF_R_SYM (rela.r_info));
+ bfd_set_error (bfd_error_bad_value);
relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
}
else
if ((entsize == sizeof (Elf_External_Rela)
&& ebd->elf_info_to_howto != NULL)
|| ebd->elf_info_to_howto_rel == NULL)
- (*ebd->elf_info_to_howto) (abfd, relent, &rela);
+ res = ebd->elf_info_to_howto (abfd, relent, &rela);
else
- (*ebd->elf_info_to_howto_rel) (abfd, relent, &rela);
+ res = ebd->elf_info_to_howto_rel (abfd, relent, &rela);
+
+ if (! res || relent->howto == NULL)
+ goto error_return;
}
if (allocated != NULL)
free (allocated);
-
return TRUE;
error_return:
bfd_size_type reloc_count;
bfd_size_type reloc_count2;
arelent *relents;
- bfd_size_type amt;
if (asect->relocation != NULL)
return TRUE;
reloc_count2 = 0;
}
- amt = (reloc_count + reloc_count2) * sizeof (arelent);
- relents = (arelent *) bfd_alloc (abfd, amt);
+ relents = (arelent *) bfd_alloc2 (abfd, reloc_count + reloc_count2,
+ sizeof (arelent));
if (relents == NULL)
return FALSE;
bfd_vma high_offset;
bfd_vma shdr_end;
bfd_vma loadbase;
+ char *filename;
/* Read in the ELF header in external format. */
err = target_read_memory (ehdr_vma, (bfd_byte *) &x_ehdr, sizeof x_ehdr);
return NULL;
}
- x_phdrs = (Elf_External_Phdr *)
- bfd_malloc (i_ehdr.e_phnum * (sizeof *x_phdrs + sizeof *i_phdrs));
+ x_phdrs
+ = (Elf_External_Phdr *) bfd_malloc2 (i_ehdr.e_phnum,
+ sizeof (*x_phdrs) + sizeof (*i_phdrs));
if (x_phdrs == NULL)
return NULL;
err = target_read_memory (ehdr_vma + i_ehdr.e_phoff, (bfd_byte *) x_phdrs,
free (contents);
return NULL;
}
+ filename = bfd_strdup ("<in-memory>");
+ if (filename == NULL)
+ {
+ free (bim);
+ free (contents);
+ return NULL;
+ }
nbfd = _bfd_new_bfd ();
if (nbfd == NULL)
{
+ free (filename);
free (bim);
free (contents);
return NULL;
}
- nbfd->filename = xstrdup ("<in-memory>");
+ nbfd->filename = filename;
nbfd->xvec = templ->xvec;
bim->size = high_offset;
bim->buffer = contents;
projects / deliverable / binutils-gdb.git / blobdiff