X-Git-Url: http://git.efficios.com/?a=blobdiff_plain;f=bfd%2Felf-attrs.c;h=070104c27344322d286c9b8cf2bd8ab17e4693d9;hb=refs%2Fheads%2Fconcurrent-displaced-stepping-2020-04-01;hp=f7bfce91c253bcd17e9e3e623fa46af6b38122c3;hpb=2571583aed598dd3f9651b53434e5f177a0e3cf7;p=deliverable%2Fbinutils-gdb.git diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c index f7bfce91c2..070104c273 100644 --- a/bfd/elf-attrs.c +++ b/bfd/elf-attrs.c @@ -1,5 +1,5 @@ /* ELF attributes support (based on ARM EABI attributes). - Copyright (C) 2005-2017 Free Software Foundation, Inc. + Copyright (C) 2005-2020 Free Software Foundation, Inc. This file is part of BFD, the Binary File Descriptor library. @@ -42,6 +42,8 @@ uleb128_size (unsigned int i) static bfd_boolean is_default_attr (obj_attribute *attr) { + if (ATTR_TYPE_HAS_ERROR (attr->type)) + return TRUE; if (ATTR_TYPE_HAS_INT_VAL (attr->type) && attr->i != 0) return FALSE; if (ATTR_TYPE_HAS_STR_VAL (attr->type) && attr->s && *attr->s) @@ -104,7 +106,7 @@ vendor_obj_attr_size (bfd *abfd, int vendor) size += obj_attr_size (list->tag, &list->attr); /* NUL 0x1 */ - return ((size || vendor == OBJ_ATTR_PROC) + return (size ? size + 10 + strlen (vendor_name) : 0); } @@ -434,11 +436,23 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) bfd_byte *p_end; bfd_vma len; const char *std_sec; + ufile_ptr filesize; /* PR 17512: file: 2844a11d. */ if (hdr->sh_size == 0) return; - contents = (bfd_byte *) bfd_malloc (hdr->sh_size); + + filesize = bfd_get_file_size (abfd); + if (filesize != 0 && hdr->sh_size > filesize) + { + /* xgettext:c-format */ + _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"), + abfd, hdr->bfd_section, (long long) hdr->sh_size); + bfd_set_error (bfd_error_invalid_operation); + return; + } + + contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1); if (!contents) return; if (!bfd_get_section_contents (abfd, hdr->bfd_section, contents, 0, @@ -447,6 +461,8 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) free (contents); return; } + /* Ensure that the buffer is NUL terminated. */ + contents[hdr->sh_size] = 0; p = contents; p_end = p + hdr->sh_size; std_sec = get_elf_backend_data (abfd)->obj_attrs_vendor; @@ -468,6 +484,13 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) if (section_len > len) section_len = len; len -= section_len; + if (section_len <= 4) + { + _bfd_error_handler + (_("%pB: error: attribute section length too small: %" PRId64), + abfd, (int64_t) section_len); + break; + } section_len -= 4; namelen = strnlen ((char *) p, section_len) + 1; if (namelen == 0 || namelen >= section_len) @@ -493,7 +516,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) bfd_vma subsection_len; bfd_byte *end; - tag = safe_read_leb128 (abfd, p, &n, FALSE, p_end); + tag = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, p_end); p += n; if (p < p_end - 4) subsection_len = bfd_get_32 (abfd, p); @@ -517,13 +540,13 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) { int type; - tag = safe_read_leb128 (abfd, p, &n, FALSE, end); + tag = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end); p += n; type = _bfd_elf_obj_attrs_arg_type (abfd, vendor, tag); switch (type & (ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL)) { case ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL: - val = safe_read_leb128 (abfd, p, &n, FALSE, end); + val = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end); p += n; bfd_elf_add_obj_attr_int_string (abfd, vendor, tag, val, (char *) p); @@ -535,7 +558,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) p += strlen ((char *)p) + 1; break; case ATTR_TYPE_FLAG_INT_VAL: - val = safe_read_leb128 (abfd, p, &n, FALSE, end); + val = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end); p += n; bfd_elf_add_obj_attr_int (abfd, vendor, tag, val); break; @@ -592,7 +615,7 @@ _bfd_elf_merge_object_attributes (bfd *ibfd, struct bfd_link_info *info) { _bfd_error_handler /* xgettext:c-format */ - (_("error: %B: Object has vendor-specific contents that " + (_("error: %pB: object has vendor-specific contents that " "must be processed by the '%s' toolchain"), ibfd, in_attr->s); return FALSE; @@ -602,7 +625,7 @@ _bfd_elf_merge_object_attributes (bfd *ibfd, struct bfd_link_info *info) || (in_attr->i != 0 && strcmp (in_attr->s, out_attr->s) != 0)) { /* xgettext:c-format */ - _bfd_error_handler (_("error: %B: Object tag '%d, %s' is " + _bfd_error_handler (_("error: %pB: object tag '%d, %s' is " "incompatible with tag '%d, %s'"), ibfd, in_attr->i, in_attr->s ? in_attr->s : "",