v = _("protected symbol ");
else
v = _("symbol ");
- pic = _("; recompile with -fPIC");
+ pic = NULL;
break;
}
else
{
name = bfd_elf_sym_name (input_bfd, symtab_hdr, isym, NULL);
- pic = _("; recompile with -fPIC");
+ pic = NULL;
}
if (bfd_link_dll (info))
- object = _("a shared object");
- else if (bfd_link_pie (info))
- object = _("a PIE object");
+ {
+ object = _("a shared object");
+ if (!pic)
+ pic = _("; recompile with -fPIC");
+ }
else
- object = _("a PDE object");
+ {
+ if (bfd_link_pie (info))
+ object = _("a PIE object");
+ else
+ object = _("a PDE object");
+ if (!pic)
+ pic = _("; recompile with -fPIE");
+ }
/* xgettext:c-format */
_bfd_error_handler (_("%pB: relocation %s against %s%s`%s' can "
}
else
{
- nop = link_info->call_nop_byte;
- if (link_info->call_nop_as_suffix)
+ nop = htab->params->call_nop_byte;
+ if (htab->params->call_nop_as_suffix)
{
nop_offset = irel->r_offset + 3;
disp = bfd_get_32 (abfd, contents + irel->r_offset);
run-time relocation overflow. Don't error out for
sections we don't care about, such as debug sections or
when relocation overflow check is disabled. */
- if (!info->no_reloc_overflow_check
+ if (!htab->params->no_reloc_overflow_check
&& !converted_reloc
&& (bfd_link_pic (info)
|| (bfd_link_executable (info)
bfd_boolean no_copyreloc_p
= (info->nocopyreloc
|| (h != NULL
+ && !h->root.linker_def
+ && !h->root.ldscript_def
&& eh->def_protected
&& elf_has_no_copy_on_protected (h->root.u.def.section->owner)));
if ((sec->flags & SEC_ALLOC) != 0
/* This relocation describes which C++ vtable entries are actually
used. Record for later use during GC. */
case R_X86_64_GNU_VTENTRY:
- BFD_ASSERT (h != NULL);
- if (h != NULL
- && !bfd_elf_gc_record_vtentry (abfd, sec, h, rel->r_addend))
+ if (!bfd_elf_gc_record_vtentry (abfd, sec, h, rel->r_addend))
goto error_return;
break;
&& ELF_ST_VISIBILITY (h->other) == STV_PROTECTED)
{
_bfd_error_handler
- /* xgettext:c-format */
+ /* xgettext:c-format */
(_("%pB: relocation R_X86_64_GOTOFF64 against protected %s"
" `%s' can not be used when making a shared object"),
input_bfd,
h->type == STT_FUNC ? "function" : "data",
h->root.root.string);
bfd_set_error (bfd_error_bad_value);
- return FALSE;
+ return FALSE;
}
}
convert R_X86_64_32 to dynamic R_X86_64_RELATIVE. */
if (r_type == htab->pointer_r_type
|| (r_type == R_X86_64_32
- && info->no_reloc_overflow_check))
+ && htab->params->no_reloc_overflow_check))
{
relocate = TRUE;
outrel.r_info = htab->r_info (0, R_X86_64_RELATIVE);
{
if (contents[roff + 5] == 0xb8)
{
+ if (roff < 3
+ || (roff - 3 + 22) > input_section->size)
+ {
+corrupt_input:
+ info->callbacks->einfo
+ (_("%F%P: corrupt input: %pB\n"),
+ input_bfd);
+ return FALSE;
+ }
memcpy (contents + roff - 3,
"\x64\x48\x8b\x04\x25\0\0\0\0\x48\x8d\x80"
"\0\0\0\0\x66\x0f\x1f\x44\0", 22);
largepic = 1;
}
else
- memcpy (contents + roff - 4,
- "\x64\x48\x8b\x04\x25\0\0\0\0\x48\x8d\x80\0\0\0",
- 16);
+ {
+ if (roff < 4
+ || (roff - 4 + 16) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + roff - 4,
+ "\x64\x48\x8b\x04\x25\0\0\0\0\x48\x8d\x80\0\0\0",
+ 16);
+ }
}
else
- memcpy (contents + roff - 3,
- "\x64\x8b\x04\x25\0\0\0\0\x48\x8d\x80\0\0\0",
- 15);
+ {
+ if (roff < 3
+ || (roff - 3 + 15) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + roff - 3,
+ "\x64\x8b\x04\x25\0\0\0\0\x48\x8d\x80\0\0\0",
+ 15);
+ }
bfd_put_32 (output_bfd,
elf_x86_64_tpoff (info, relocation),
contents + roff + 8 + largepic);
unsigned int val, type;
+ if (roff < 3)
+ goto corrupt_input;
type = bfd_get_8 (input_bfd, contents + roff - 3);
val = bfd_get_8 (input_bfd, contents + roff - 1);
bfd_put_8 (output_bfd, 0x48 | ((type >> 2) & 1),
if (roff >= 3)
val = bfd_get_8 (input_bfd, contents + roff - 3);
else
- val = 0;
+ {
+ if (roff < 2)
+ goto corrupt_input;
+ val = 0;
+ }
type = bfd_get_8 (input_bfd, contents + roff - 2);
reg = bfd_get_8 (input_bfd, contents + roff - 1);
reg >>= 3;
{
/* movq */
if (val == 0x4c)
- bfd_put_8 (output_bfd, 0x49,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x49,
+ contents + roff - 3);
+ }
else if (!ABI_64_P (output_bfd) && val == 0x44)
- bfd_put_8 (output_bfd, 0x41,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x41,
+ contents + roff - 3);
+ }
bfd_put_8 (output_bfd, 0xc7,
contents + roff - 2);
bfd_put_8 (output_bfd, 0xc0 | reg,
/* addq/addl -> addq/addl - addressing with %rsp/%r12
is special */
if (val == 0x4c)
- bfd_put_8 (output_bfd, 0x49,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x49,
+ contents + roff - 3);
+ }
else if (!ABI_64_P (output_bfd) && val == 0x44)
- bfd_put_8 (output_bfd, 0x41,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x41,
+ contents + roff - 3);
+ }
bfd_put_8 (output_bfd, 0x81,
contents + roff - 2);
bfd_put_8 (output_bfd, 0xc0 | reg,
{
/* addq/addl -> leaq/leal */
if (val == 0x4c)
- bfd_put_8 (output_bfd, 0x4d,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x4d,
+ contents + roff - 3);
+ }
else if (!ABI_64_P (output_bfd) && val == 0x44)
- bfd_put_8 (output_bfd, 0x45,
- contents + roff - 3);
+ {
+ if (roff < 3)
+ goto corrupt_input;
+ bfd_put_8 (output_bfd, 0x45,
+ contents + roff - 3);
+ }
bfd_put_8 (output_bfd, 0x8d,
contents + roff - 2);
bfd_put_8 (output_bfd, 0x80 | reg | (reg << 3),
{
if (contents[roff + 5] == 0xb8)
{
+ if (roff < 3
+ || (roff - 3 + 22) > input_section->size)
+ goto corrupt_input;
memcpy (contents + roff - 3,
"\x64\x48\x8b\x04\x25\0\0\0\0\x48\x03\x05"
"\0\0\0\0\x66\x0f\x1f\x44\0", 22);
largepic = 1;
}
else
- memcpy (contents + roff - 4,
- "\x64\x48\x8b\x04\x25\0\0\0\0\x48\x03\x05\0\0\0",
- 16);
+ {
+ if (roff < 4
+ || (roff - 4 + 16) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + roff - 4,
+ "\x64\x48\x8b\x04\x25\0\0\0\0\x48\x03\x05\0\0\0",
+ 16);
+ }
}
else
- memcpy (contents + roff - 3,
- "\x64\x8b\x04\x25\0\0\0\0\x48\x03\x05\0\0\0",
- 15);
+ {
+ if (roff < 3
+ || (roff - 3 + 15) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + roff - 3,
+ "\x64\x8b\x04\x25\0\0\0\0\x48\x03\x05\0\0\0",
+ 15);
+ }
relocation = (htab->elf.sgot->output_section->vma
+ htab->elf.sgot->output_offset + off
turn a leaq into a movq in the form we use it, it
suffices to change the second byte from 0x8d to
0x8b. */
+ if (roff < 2)
+ goto corrupt_input;
bfd_put_8 (output_bfd, 0x8b, contents + roff - 2);
bfd_put_32 (output_bfd,
BFD_ASSERT (r_type == R_X86_64_TPOFF32);
if (ABI_64_P (output_bfd))
{
+ if ((rel->r_offset + 5) >= input_section->size)
+ goto corrupt_input;
if (contents[rel->r_offset + 5] == 0xb8)
- memcpy (contents + rel->r_offset - 3,
- "\x66\x66\x66\x66\x2e\x0f\x1f\x84\0\0\0\0\0"
- "\x64\x48\x8b\x04\x25\0\0\0", 22);
+ {
+ if (rel->r_offset < 3
+ || (rel->r_offset - 3 + 22) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + rel->r_offset - 3,
+ "\x66\x66\x66\x66\x2e\x0f\x1f\x84\0\0\0\0\0"
+ "\x64\x48\x8b\x04\x25\0\0\0", 22);
+ }
else if (contents[rel->r_offset + 4] == 0xff
|| contents[rel->r_offset + 4] == 0x67)
- memcpy (contents + rel->r_offset - 3,
- "\x66\x66\x66\x66\x64\x48\x8b\x04\x25\0\0\0",
- 13);
+ {
+ if (rel->r_offset < 3
+ || (rel->r_offset - 3 + 13) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + rel->r_offset - 3,
+ "\x66\x66\x66\x66\x64\x48\x8b\x04\x25\0\0\0",
+ 13);
+
+ }
else
- memcpy (contents + rel->r_offset - 3,
- "\x66\x66\x66\x64\x48\x8b\x04\x25\0\0\0", 12);
+ {
+ if (rel->r_offset < 3
+ || (rel->r_offset - 3 + 12) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + rel->r_offset - 3,
+ "\x66\x66\x66\x64\x48\x8b\x04\x25\0\0\0", 12);
+ }
}
else
{
+ if ((rel->r_offset + 4) >= input_section->size)
+ goto corrupt_input;
if (contents[rel->r_offset + 4] == 0xff)
- memcpy (contents + rel->r_offset - 3,
- "\x66\x0f\x1f\x40\x00\x64\x8b\x04\x25\0\0\0",
- 13);
+ {
+ if (rel->r_offset < 3
+ || (rel->r_offset - 3 + 13) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + rel->r_offset - 3,
+ "\x66\x0f\x1f\x40\x00\x64\x8b\x04\x25\0\0\0",
+ 13);
+ }
else
- memcpy (contents + rel->r_offset - 3,
- "\x0f\x1f\x40\x00\x64\x8b\x04\x25\0\0\0", 12);
+ {
+ if (rel->r_offset < 3
+ || (rel->r_offset - 3 + 12) > input_section->size)
+ goto corrupt_input;
+ memcpy (contents + rel->r_offset - 3,
+ "\x0f\x1f\x40\x00\x64\x8b\x04\x25\0\0\0", 12);
+ }
}
/* Skip R_X86_64_PC32, R_X86_64_PLT32, R_X86_64_GOTPCRELX
and R_X86_64_PLTOFF64. */
if (get_elf_x86_backend_data (info->output_bfd)->target_os != is_nacl)
{
- if (info->bndplt)
+ const struct elf_backend_data *bed
+ = get_elf_backend_data (info->output_bfd);
+ struct elf_x86_link_hash_table *htab
+ = elf_x86_hash_table (info, bed->target_id);
+ if (!htab)
+ abort ();
+ if (htab->params->bndplt)
{
init_table.lazy_plt = &elf_x86_64_lazy_bnd_plt;
init_table.non_lazy_plt = &elf_x86_64_non_lazy_bnd_plt;
projects / deliverable / binutils-gdb.git / blobdiff