/* BFD back-end for Intel 386 PE IMAGE COFF files.
- Copyright (C) 2006-2017 Free Software Foundation, Inc.
+ Copyright (C) 2006-2019 Free Software Foundation, Inc.
This file is part of BFD, the Binary File Descriptor library.
#include "sysdep.h"
#include "bfd.h"
-#define TARGET_SYM x86_64_pei_vec
-#define TARGET_NAME "pei-x86-64"
+#define TARGET_SYM x86_64_pei_vec
+#define TARGET_NAME "pei-x86-64"
#define COFF_IMAGE_WITH_PE
#define COFF_WITH_PE
#define COFF_WITH_pex64
-#define PCRELOFFSET TRUE
+#define PCRELOFFSET TRUE
#if defined (USE_MINGW64_LEADING_UNDERSCORES)
-#define TARGET_UNDERSCORE '_'
+#define TARGET_UNDERSCORE '_'
#else
-#define TARGET_UNDERSCORE 0
+#define TARGET_UNDERSCORE 0
#endif
/* Long section names not allowed in executable images, only object files. */
#define COFF_LONG_SECTION_NAMES 0
/* Swap in unwind info header. */
-static void
-pex64_get_unwind_info (bfd *abfd, struct pex64_unwind_info *ui, void *data)
+static bfd_boolean
+pex64_get_unwind_info (bfd *abfd, struct pex64_unwind_info *ui,
+ void *data, void *data_end)
{
struct external_pex64_unwind_info *ex_ui =
(struct external_pex64_unwind_info *) data;
bfd_byte *ex_dta = (bfd_byte *) data;
+ bfd_byte *ex_dta_end = (bfd_byte *) data_end;
memset (ui, 0, sizeof (struct pex64_unwind_info));
+
+ if (ex_dta >= ex_dta_end || ex_dta + 4 >= ex_dta_end)
+ return FALSE;
+
ui->Version = PEX64_UWI_VERSION (ex_ui->Version_Flags);
ui->Flags = PEX64_UWI_FLAGS (ex_ui->Version_Flags);
ui->SizeOfPrologue = (bfd_vma) ex_ui->SizeOfPrologue;
ui->FrameOffset = PEX64_UWI_FRAMEOFF (ex_ui->FrameRegisterOffset);
ui->sizeofUnwindCodes = PEX64_UWI_SIZEOF_UWCODE_ARRAY (ui->CountOfCodes);
ui->SizeOfBlock = ui->sizeofUnwindCodes + 4;
- ui->rawUnwindCodes = &ex_dta[4];
+ ui->rawUnwindCodes = ex_dta + 4;
+ ui->rawUnwindCodesEnd = ex_dta_end;
ex_dta += ui->SizeOfBlock;
+ if (ex_dta >= ex_dta_end)
+ return FALSE;
+
switch (ui->Flags)
{
case UNW_FLAG_CHAININFO:
+ if (ex_dta + 12 >= ex_dta_end)
+ return FALSE;
ui->rva_BeginAddress = bfd_get_32 (abfd, ex_dta + 0);
ui->rva_EndAddress = bfd_get_32 (abfd, ex_dta + 4);
ui->rva_UnwindData = bfd_get_32 (abfd, ex_dta + 8);
ui->SizeOfBlock += 12;
- return;
+ return TRUE;
case UNW_FLAG_EHANDLER:
case UNW_FLAG_UHANDLER:
case UNW_FLAG_FHANDLER:
+ if (ex_dta + 4 >= ex_dta_end)
+ return FALSE;
ui->rva_ExceptionHandler = bfd_get_32 (abfd, ex_dta);
ui->SizeOfBlock += 4;
- return;
+ return TRUE;
default:
- return;
+ return TRUE;
}
}
i = 0;
+ if (ui->rawUnwindCodes + 1 >= ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+
if (ui->Version == 2
&& PEX64_UNWCODE_CODE (ui->rawUnwindCodes[1]) == UWOP_EPILOG)
{
/* Display epilog opcode (whose docoding is not fully documented).
- Looks to be designed to speed-up unwinding, as there is no need
+ Looks to be designed to speed-up unwinding, as there is no need
to decode instruction flow if outside an epilog. */
unsigned int func_size = rf->rva_EndAddress - rf->rva_BeginAddress;
+ if (ui->rawUnwindCodes + 1 + (ui->CountOfCodes * 2) >= ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+
fprintf (file, "\tv2 epilog (length: %02x) at pc+:",
ui->rawUnwindCodes[0]);
+
if (PEX64_UNWCODE_INFO (ui->rawUnwindCodes[1]))
fprintf (file, " 0x%x", func_size - ui->rawUnwindCodes[0]);
+
i++;
for (; i < ui->CountOfCodes; i++)
{
fputc ('\n', file);
}
+ if (ui->rawUnwindCodes + 2 + (ui->CountOfCodes * 2) >= ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+
for (; i < ui->CountOfCodes; i++)
{
const bfd_byte *dta = ui->rawUnwindCodes + 2 * i;
int unexpected = FALSE;
fprintf (file, "\t pc+0x%02x: ", (unsigned int) dta[0]);
+
switch (PEX64_UNWCODE_CODE (dta[1]))
{
case UWOP_PUSH_NONVOL:
fprintf (file, "push %s", pex_regs[info]);
break;
+
case UWOP_ALLOC_LARGE:
if (info == 0)
{
- tmp = bfd_get_16 (abfd, &dta[2]) * 8;
+ if (dta + 4 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_16 (abfd, dta + 2) * 8;
i++;
}
else
{
- tmp = bfd_get_32 (abfd, &dta[2]);
+ if (dta + 6 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_32 (abfd, dta + 2);
i += 2;
}
fprintf (file, "alloc large area: rsp = rsp - 0x%x", tmp);
break;
+
case UWOP_ALLOC_SMALL:
fprintf (file, "alloc small area: rsp = rsp - 0x%x", (info + 1) * 8);
break;
+
case UWOP_SET_FPREG:
/* According to the documentation, info field is unused. */
fprintf (file, "FPReg: %s = rsp + 0x%x (info = 0x%x)",
unexpected = ui->FrameRegister == 0;
save_allowed = FALSE;
break;
+
case UWOP_SAVE_NONVOL:
- tmp = bfd_get_16 (abfd, &dta[2]) * 8;
+ if (dta + 4 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_16 (abfd, dta + 2) * 8;
i++;
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
unexpected = !save_allowed;
break;
+
case UWOP_SAVE_NONVOL_FAR:
- tmp = bfd_get_32 (abfd, &dta[2]);
+ if (dta + 6 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_32 (abfd, dta + 2);
i += 2;
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
unexpected = !save_allowed;
break;
+
case UWOP_SAVE_XMM:
if (ui->Version == 1)
{
- tmp = bfd_get_16 (abfd, &dta[2]) * 8;
+ if (dta + 4 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_16 (abfd, dta + 2) * 8;
i++;
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
unexpected = !save_allowed;
unexpected = TRUE;
}
break;
+
case UWOP_SAVE_XMM_FAR:
- tmp = bfd_get_32 (abfd, &dta[2]) * 8;
+ if (dta + 6 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_32 (abfd, dta + 2) * 8;
i += 2;
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
unexpected = !save_allowed;
break;
+
case UWOP_SAVE_XMM128:
- tmp = bfd_get_16 (abfd, &dta[2]) * 16;
+ if (dta + 4 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_16 (abfd, dta + 2) * 16;
i++;
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
unexpected = !save_allowed;
break;
+
case UWOP_SAVE_XMM128_FAR:
- tmp = bfd_get_32 (abfd, &dta[2]) * 16;
+ if (dta + 6 > ui->rawUnwindCodesEnd)
+ {
+ fprintf (file, _("warning: corrupt unwind data\n"));
+ return;
+ }
+ tmp = bfd_get_32 (abfd, dta + 2) * 16;
i += 2;
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
unexpected = !save_allowed;
break;
+
case UWOP_PUSH_MACHFRAME:
fprintf (file, "interrupt entry (SS, old RSP, EFLAGS, CS, RIP");
if (info == 0)
else
fprintf (file, ", unknown(%u))", info);
break;
+
default:
/* PR 17512: file: 2245-7442-0.004. */
fprintf (file, _("Unknown: %x"), PEX64_UNWCODE_CODE (dta[1]));
break;
- }
+ }
+
if (unexpected)
fprintf (file, " [Unexpected!]");
fputc ('\n', file);
/* PR 17512: file: 2245-7442-0.004. */
if (end_addr > sec_size)
{
- fprintf (file, _("warning: xdata section corrupt"));
+ fprintf (file, _("warning: xdata section corrupt\n"));
end_addr = sec_size;
}
}
else
end_addr = sec_size;
- pex64_get_unwind_info (abfd, &ui, &xdata[addr]);
+ if (! pex64_get_unwind_info (abfd, &ui, xdata + addr, xdata + end_addr))
+ {
+ fprintf (file, _("warning: xdata section corrupt\n"));
+ return;
+ }
if (ui.Version != 1 && ui.Version != 2)
{
/* virt_size might be zero for objects. */
if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
{
- stop = (datasize / onaline) * onaline;
+ stop = datasize;
virt_size_is_zero = TRUE;
}
else if (datasize < stop)
_("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
pdata_section->name, (unsigned long) datasize,
(unsigned long) stop);
- /* Be sure not to read passed datasize. */
- stop = datasize / onaline;
+ /* Be sure not to read past datasize. */
+ stop = datasize;
}
/* Display functions table. */
seen_error = 1;
fprintf (file, " has %s begin address as predecessor\n",
(rf.rva_BeginAddress < prev_beginaddress ? "smaller" : "same"));
- }
+ }
prev_beginaddress = rf.rva_BeginAddress;
/* Now we check for negative addresses. */
if ((prev_beginaddress & 0x80000000) != 0)
/* We are probably into the padding of the section now. */
break;
if (i == 0)
- fprintf (file, _("\nDump of %s\n"), xdata_section->name);
+ fprintf (file, _("\nDump of %s\n"), xdata_section->name);
fputc (' ', file);
fprintf_vma (file, rf.rva_UnwindData + imagebase);
if (PEX64_IS_RUNTIME_FUNCTION_CHAINED (&rf))
{
bfd_vma altent = PEX64_GET_UNWINDDATA_UNIFIED_RVA (&rf);
- bfd_vma pdata_vma = bfd_get_section_vma (abfd, pdata_section);
+ bfd_vma pdata_vma = bfd_section_vma (pdata_section);
struct pex64_runtime_function arf;
fprintf (file, "\t shares information with ");
altent += imagebase;
if (altent >= pdata_vma
- && (altent + PDATA_ROW_SIZE <= pdata_vma
- + pei_section_data (abfd, pdata_section)->virt_size))
+ && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
{
pex64_get_runtime_function
(abfd, &arf, &pdata[altent - pdata_vma]);
/* Search for the current entry in the sorted array. */
p = (bfd_vma *)
- bsearch (&rf.rva_UnwindData, xdata_arr,
+ bsearch (&rf.rva_UnwindData, xdata_arr,
(size_t) xdata_arr_cnt, sizeof (bfd_vma),
sort_xdata_arr);