/* ELF attributes support (based on ARM EABI attributes).
- Copyright 2005, 2006, 2007, 2009, 2010
- Free Software Foundation, Inc.
+ Copyright (C) 2005-2015 Free Software Foundation, Inc.
This file is part of BFD, the Binary File Descriptor library.
int i;
int vendor;
+ if (bfd_get_flavour (ibfd) != bfd_target_elf_flavour
+ || bfd_get_flavour (obfd) != bfd_target_elf_flavour)
+ return;
+
for (vendor = OBJ_ATTR_FIRST; vendor <= OBJ_ATTR_LAST; vendor++)
{
in_attr
{
bfd_byte *contents;
bfd_byte *p;
+ bfd_byte *p_end;
bfd_vma len;
- const char *std_section;
+ const char *std_sec;
+ /* PR 17512: file: 2844a11d. */
+ if (hdr->sh_size == 0)
+ return;
contents = (bfd_byte *) bfd_malloc (hdr->sh_size);
if (!contents)
return;
return;
}
p = contents;
- std_section = get_elf_backend_data (abfd)->obj_attrs_vendor;
+ p_end = p + hdr->sh_size;
+ std_sec = get_elf_backend_data (abfd)->obj_attrs_vendor;
+
if (*(p++) == 'A')
{
len = hdr->sh_size - 1;
- while (len > 0)
+
+ while (len > 0 && p < p_end - 4)
{
- int namelen;
+ unsigned namelen;
bfd_vma section_len;
int vendor;
section_len = bfd_get_32 (abfd, p);
p += 4;
+ if (section_len == 0)
+ break;
if (section_len > len)
section_len = len;
len -= section_len;
- namelen = strlen ((char *)p) + 1;
- section_len -= namelen + 4;
- if (std_section && strcmp ((char *)p, std_section) == 0)
+ section_len -= 4;
+ namelen = strnlen ((char *) p, section_len) + 1;
+ if (namelen == 0 || namelen >= section_len)
+ break;
+ section_len -= namelen;
+ if (std_sec && strcmp ((char *) p, std_sec) == 0)
vendor = OBJ_ATTR_PROC;
- else if (strcmp ((char *)p, "gnu") == 0)
+ else if (strcmp ((char *) p, "gnu") == 0)
vendor = OBJ_ATTR_GNU;
else
{
}
p += namelen;
- while (section_len > 0)
+ while (section_len > 0 && p < p_end)
{
int tag;
unsigned int n;
bfd_vma subsection_len;
bfd_byte *end;
- tag = read_unsigned_leb128 (abfd, p, &n);
+ tag = safe_read_leb128 (abfd, p, &n, FALSE, p_end);
p += n;
- subsection_len = bfd_get_32 (abfd, p);
+ if (p < p_end - 4)
+ subsection_len = bfd_get_32 (abfd, p);
+ else
+ subsection_len = 0;
p += 4;
+ if (subsection_len == 0)
+ break;
if (subsection_len > section_len)
subsection_len = section_len;
section_len -= subsection_len;
subsection_len -= n + 4;
end = p + subsection_len;
+ /* PR 17512: file: 0e8c0c90. */
+ if (end > p_end)
+ end = p_end;
switch (tag)
{
case Tag_File:
{
int type;
- tag = read_unsigned_leb128 (abfd, p, &n);
+ tag = safe_read_leb128 (abfd, p, &n, FALSE, end);
p += n;
type = _bfd_elf_obj_attrs_arg_type (abfd, vendor, tag);
switch (type & (ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL))
{
case ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL:
- val = read_unsigned_leb128 (abfd, p, &n);
+ val = safe_read_leb128 (abfd, p, &n, FALSE, end);
p += n;
bfd_elf_add_obj_attr_int_string (abfd, vendor, tag,
- val, (char *)p);
+ val, (char *) p);
p += strlen ((char *)p) + 1;
break;
case ATTR_TYPE_FLAG_STR_VAL:
bfd_elf_add_obj_attr_string (abfd, vendor, tag,
- (char *)p);
+ (char *) p);
p += strlen ((char *)p) + 1;
break;
case ATTR_TYPE_FLAG_INT_VAL:
- val = read_unsigned_leb128 (abfd, p, &n);
+ val = safe_read_leb128 (abfd, p, &n, FALSE, end);
p += n;
bfd_elf_add_obj_attr_int (abfd, vendor, tag, val);
break;
/* Only pass on attributes that match in both inputs. */
if (in_attr[tag].i != out_attr[tag].i
- || in_attr[tag].s != out_attr[tag].s
+ || (in_attr[tag].s == NULL) != (out_attr[tag].s == NULL)
|| (in_attr[tag].s != NULL && out_attr[tag].s != NULL
&& strcmp (in_attr[tag].s, out_attr[tag].s) != 0))
{
/* Only pass on attributes that match in both inputs. */
if (in_list->attr.i != out_list->attr.i
- || in_list->attr.s != out_list->attr.s
+ || (in_list->attr.s == NULL) != (out_list->attr.s == NULL)
|| (in_list->attr.s && out_list->attr.s
&& strcmp (in_list->attr.s, out_list->attr.s) != 0))
{