/* elfcomm.c -- common code for ELF format file.
- Copyright 2010-2013 Free Software Foundation, Inc.
+ Copyright (C) 2010-2020 Free Software Foundation, Inc.
Originally developed by Eric Youngdale <eric@andante.jic.com>
Modifications by Nick Clifton <nickc@redhat.com>
{
va_list args;
+ /* Try to keep error messages in sync with the program's normal output. */
+ fflush (stdout);
+
va_start (args, message);
fprintf (stderr, _("%s: Error: "), program_name);
vfprintf (stderr, message, args);
{
va_list args;
+ /* Try to keep warning messages in sync with the program's normal output. */
+ fflush (stdout);
+
va_start (args, message);
fprintf (stderr, _("%s: Warning: "), program_name);
vfprintf (stderr, message, args);
}
}
-elf_vma (*byte_get) (unsigned char *, int);
+elf_vma (*byte_get) (const unsigned char *, int);
elf_vma
-byte_get_little_endian (unsigned char *field, int size)
+byte_get_little_endian (const unsigned char *field, int size)
{
switch (size)
{
| (((unsigned long) (field[2])) << 16)
| (((unsigned long) (field[3])) << 24);
+ case 5:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[0]))
+ | (((elf_vma) (field[1])) << 8)
+ | (((elf_vma) (field[2])) << 16)
+ | (((elf_vma) (field[3])) << 24)
+ | (((elf_vma) (field[4])) << 32);
+ else if (sizeof (elf_vma) == 4)
+ /* We want to extract data from an 8 byte wide field and
+ place it into a 4 byte wide field. Since this is a little
+ endian source we can just use the 4 byte extraction code. */
+ return ((unsigned long) (field[0]))
+ | (((unsigned long) (field[1])) << 8)
+ | (((unsigned long) (field[2])) << 16)
+ | (((unsigned long) (field[3])) << 24);
+ /* Fall through. */
+
+ case 6:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[0]))
+ | (((elf_vma) (field[1])) << 8)
+ | (((elf_vma) (field[2])) << 16)
+ | (((elf_vma) (field[3])) << 24)
+ | (((elf_vma) (field[4])) << 32)
+ | (((elf_vma) (field[5])) << 40);
+ else if (sizeof (elf_vma) == 4)
+ /* We want to extract data from an 8 byte wide field and
+ place it into a 4 byte wide field. Since this is a little
+ endian source we can just use the 4 byte extraction code. */
+ return ((unsigned long) (field[0]))
+ | (((unsigned long) (field[1])) << 8)
+ | (((unsigned long) (field[2])) << 16)
+ | (((unsigned long) (field[3])) << 24);
+ /* Fall through. */
+
+ case 7:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[0]))
+ | (((elf_vma) (field[1])) << 8)
+ | (((elf_vma) (field[2])) << 16)
+ | (((elf_vma) (field[3])) << 24)
+ | (((elf_vma) (field[4])) << 32)
+ | (((elf_vma) (field[5])) << 40)
+ | (((elf_vma) (field[6])) << 48);
+ else if (sizeof (elf_vma) == 4)
+ /* We want to extract data from an 8 byte wide field and
+ place it into a 4 byte wide field. Since this is a little
+ endian source we can just use the 4 byte extraction code. */
+ return ((unsigned long) (field[0]))
+ | (((unsigned long) (field[1])) << 8)
+ | (((unsigned long) (field[2])) << 16)
+ | (((unsigned long) (field[3])) << 24);
+ /* Fall through. */
+
case 8:
if (sizeof (elf_vma) == 8)
return ((elf_vma) (field[0]))
| (((unsigned long) (field[1])) << 8)
| (((unsigned long) (field[2])) << 16)
| (((unsigned long) (field[3])) << 24);
+ /* Fall through. */
default:
error (_("Unhandled data length: %d\n"), size);
}
elf_vma
-byte_get_big_endian (unsigned char *field, int size)
+byte_get_big_endian (const unsigned char *field, int size)
{
switch (size)
{
| (((unsigned long) (field[1])) << 16)
| (((unsigned long) (field[0])) << 24);
+ case 5:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[4]))
+ | (((elf_vma) (field[3])) << 8)
+ | (((elf_vma) (field[2])) << 16)
+ | (((elf_vma) (field[1])) << 24)
+ | (((elf_vma) (field[0])) << 32);
+ else if (sizeof (elf_vma) == 4)
+ {
+ /* Although we are extracting data from an 8 byte wide field,
+ we are returning only 4 bytes of data. */
+ field += 1;
+ return ((unsigned long) (field[3]))
+ | (((unsigned long) (field[2])) << 8)
+ | (((unsigned long) (field[1])) << 16)
+ | (((unsigned long) (field[0])) << 24);
+ }
+ /* Fall through. */
+
+ case 6:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[5]))
+ | (((elf_vma) (field[4])) << 8)
+ | (((elf_vma) (field[3])) << 16)
+ | (((elf_vma) (field[2])) << 24)
+ | (((elf_vma) (field[1])) << 32)
+ | (((elf_vma) (field[0])) << 40);
+ else if (sizeof (elf_vma) == 4)
+ {
+ /* Although we are extracting data from an 8 byte wide field,
+ we are returning only 4 bytes of data. */
+ field += 2;
+ return ((unsigned long) (field[3]))
+ | (((unsigned long) (field[2])) << 8)
+ | (((unsigned long) (field[1])) << 16)
+ | (((unsigned long) (field[0])) << 24);
+ }
+ /* Fall through. */
+
+ case 7:
+ if (sizeof (elf_vma) == 8)
+ return ((elf_vma) (field[6]))
+ | (((elf_vma) (field[5])) << 8)
+ | (((elf_vma) (field[4])) << 16)
+ | (((elf_vma) (field[3])) << 24)
+ | (((elf_vma) (field[2])) << 32)
+ | (((elf_vma) (field[1])) << 40)
+ | (((elf_vma) (field[0])) << 48);
+ else if (sizeof (elf_vma) == 4)
+ {
+ /* Although we are extracting data from an 8 byte wide field,
+ we are returning only 4 bytes of data. */
+ field += 3;
+ return ((unsigned long) (field[3]))
+ | (((unsigned long) (field[2])) << 8)
+ | (((unsigned long) (field[1])) << 16)
+ | (((unsigned long) (field[0])) << 24);
+ }
+ /* Fall through. */
+
case 8:
if (sizeof (elf_vma) == 8)
return ((elf_vma) (field[7]))
| (((elf_vma) (field[0])) << 56);
else if (sizeof (elf_vma) == 4)
{
- /* Although we are extracing data from an 8 byte wide field,
+ /* Although we are extracting data from an 8 byte wide field,
we are returning only 4 bytes of data. */
field += 4;
return ((unsigned long) (field[3]))
| (((unsigned long) (field[1])) << 16)
| (((unsigned long) (field[0])) << 24);
}
+ /* Fall through. */
default:
error (_("Unhandled data length: %d\n"), size);
}
elf_vma
-byte_get_signed (unsigned char *field, int size)
+byte_get_signed (const unsigned char *field, int size)
{
elf_vma x = byte_get (field, size);
return (x ^ 0x80) - 0x80;
case 2:
return (x ^ 0x8000) - 0x8000;
+ case 3:
+ return (x ^ 0x800000) - 0x800000;
case 4:
return (x ^ 0x80000000) - 0x80000000;
+ case 5:
+ case 6:
+ case 7:
case 8:
+ /* Reads of 5-, 6-, and 7-byte numbers are the result of
+ trying to read past the end of a buffer, and will therefore
+ not have meaningful values, so we don't try to deal with
+ the sign in these cases. */
return x;
default:
abort ();
of an 8-byte value separately. */
void
-byte_get_64 (unsigned char *field, elf_vma *high, elf_vma *low)
+byte_get_64 (const unsigned char *field, elf_vma *high, elf_vma *low)
{
if (byte_get == byte_get_big_endian)
{
char *
adjust_relative_path (const char *file_name, const char *name,
- int name_len)
+ unsigned long name_len)
{
char * member_file_name;
const char * base_name = lbasename (file_name);
+ size_t amt;
/* This is a proxy entry for a thin archive member.
If the extended name table contains an absolute path
archive is located. */
if (IS_ABSOLUTE_PATH (name) || base_name == file_name)
{
- member_file_name = (char *) malloc (name_len + 1);
+ amt = name_len + 1;
+ if (amt == 0)
+ return NULL;
+ member_file_name = (char *) malloc (amt);
if (member_file_name == NULL)
{
error (_("Out of memory\n"));
/* Concatenate the path components of the archive file name
to the relative path name from the extended name table. */
size_t prefix_len = base_name - file_name;
- member_file_name = (char *) malloc (prefix_len + name_len + 1);
+
+ amt = prefix_len + name_len + 1;
+ /* PR 17531: file: 2896dc8b
+ Catch wraparound. */
+ if (amt < prefix_len || amt < name_len)
+ {
+ error (_("Abnormal length of thin archive member name: %lx\n"),
+ name_len);
+ return NULL;
+ }
+
+ member_file_name = (char *) malloc (amt);
if (member_file_name == NULL)
{
error (_("Out of memory\n"));
{
size_t got;
unsigned long size;
+ char fmag_save;
+ fmag_save = arch->arhdr.ar_fmag[0];
+ arch->arhdr.ar_fmag[0] = 0;
size = strtoul (arch->arhdr.ar_size, NULL, 10);
+ arch->arhdr.ar_fmag[0] = fmag_save;
+ /* PR 17531: file: 912bd7de. */
+ if ((signed long) size < 0)
+ {
+ error (_("%s: invalid archive header size: %ld\n"),
+ arch->file_name, size);
+ return FALSE;
+ }
+
size = size + (size & 1);
arch->next_arhdr_offset += sizeof arch->arhdr + size;
unsigned char * index_buffer;
assert (sizeof_ar_index <= sizeof integer_buffer);
-
+
/* Check the size of the archive index. */
if (size < sizeof_ar_index)
{
arch->index_num = byte_get_big_endian (integer_buffer, sizeof_ar_index);
size -= sizeof_ar_index;
- if (size < arch->index_num * sizeof_ar_index)
+ if (size < arch->index_num * sizeof_ar_index
+ /* PR 17531: file: 585515d1. */
+ || size < arch->index_num)
{
- error (_("%s: the archive index is supposed to have %ld entries of %d bytes, but the size is only %ld\n"),
+ error (_("%s: the archive index is supposed to have 0x%lx entries of %d bytes, but the size is only 0x%lx\n"),
arch->file_name, (long) arch->index_num, sizeof_ar_index, size);
return FALSE;
}
arch->longnames_size = 0;
arch->nested_member_origin = 0;
arch->is_thin_archive = is_thin_archive;
- arch->uses_64bit_indicies = FALSE;
+ arch->uses_64bit_indices = FALSE;
arch->next_arhdr_offset = SARMAG;
/* Read the first archive member header. */
}
else if (const_strneq (arch->arhdr.ar_name, "/SYM64/ "))
{
- arch->uses_64bit_indicies = TRUE;
+ arch->uses_64bit_indices = TRUE;
if (! process_archive_index_and_symbols (arch, 8, read_symbols))
return 1;
}
if (const_strneq (arch->arhdr.ar_name, "// "))
{
/* This is the archive string table holding long member names. */
+ char fmag_save = arch->arhdr.ar_fmag[0];
+ arch->arhdr.ar_fmag[0] = 0;
arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10);
+ arch->arhdr.ar_fmag[0] = fmag_save;
+ /* PR 17531: file: 01068045. */
+ if (arch->longnames_size < 8)
+ {
+ error (_("%s: long name table is too small, (size = %ld)\n"),
+ file_name, arch->longnames_size);
+ return 1;
+ }
+ /* PR 17531: file: 639d6a26. */
+ if ((signed long) arch->longnames_size < 0)
+ {
+ error (_("%s: long name table is too big, (size = 0x%lx)\n"),
+ file_name, arch->longnames_size);
+ return 1;
+ }
+
arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size;
- arch->longnames = (char *) malloc (arch->longnames_size);
+ /* Plus one to allow for a string terminator. */
+ arch->longnames = (char *) malloc (arch->longnames_size + 1);
if (arch->longnames == NULL)
{
error (_("Out of memory reading long symbol names in archive\n"));
if ((arch->longnames_size & 1) != 0)
getc (file);
+
+ arch->longnames[arch->longnames_size] = 0;
}
return 0;
char *endp;
char *member_file_name;
char *member_name;
+ char fmag_save;
if (arch->longnames == NULL || arch->longnames_size == 0)
{
error (_("Archive member uses long names, but no longname table found\n"));
return NULL;
}
-
+
arch->nested_member_origin = 0;
+ fmag_save = arch->arhdr.ar_fmag[0];
+ arch->arhdr.ar_fmag[0] = 0;
k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10);
if (arch->is_thin_archive && endp != NULL && * endp == ':')
arch->nested_member_origin = strtoul (endp + 1, NULL, 10);
+ arch->arhdr.ar_fmag[0] = fmag_save;
+ if (j > arch->longnames_size)
+ {
+ error (_("Found long name index (%ld) beyond end of long name table\n"),j);
+ return NULL;
+ }
while ((j < arch->longnames_size)
&& (arch->longnames[j] != '\n')
&& (arch->longnames[j] != '\0'))
j++;
- if (arch->longnames[j-1] == '/')
+ if (j > 0 && arch->longnames[j-1] == '/')
j--;
+ if (j > arch->longnames_size)
+ j = arch->longnames_size;
arch->longnames[j] = '\0';
if (!arch->is_thin_archive || arch->nested_member_origin == 0)
return arch->longnames + k;
+ /* PR 17531: file: 2896dc8b. */
+ if (k >= j)
+ {
+ error (_("Invalid Thin archive member name\n"));
+ return NULL;
+ }
+
/* This is a proxy for a member of a nested archive.
Find the name of the member in that archive. */
member_file_name = adjust_relative_path (arch->file_name,
nested_arch->file_name, member_name);
else
snprintf (name, len, "%s[%s(%s)]", arch->file_name,
- error_name, member_name);
+ error_name, member_name);
}
else if (arch->is_thin_archive)
snprintf (name, len, "%s[%s]", arch->file_name, member_name);