X-Git-Url: http://git.efficios.com/?a=blobdiff_plain;f=bfd%2Felf-attrs.c;h=5c1b96092c2dad6f9baea975c969967a24837814;hb=61658d78f08920e6afe7b43bcaa287521da196aa;hp=ceafd44d45cc03779d60aa1bdc74f076e5ddd0c2;hpb=5ee4a1ca16364c79f8717752ee9a9bd562580907;p=deliverable%2Fbinutils-gdb.git

diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index ceafd44d45..5c1b96092c 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -1,5 +1,5 @@
 /* ELF attributes support (based on ARM EABI attributes).
-   Copyright (C) 2005-2015 Free Software Foundation, Inc.
+   Copyright (C) 2005-2018 Free Software Foundation, Inc.
 
    This file is part of BFD, the Binary File Descriptor library.
 
@@ -42,6 +42,8 @@ uleb128_size (unsigned int i)
 static bfd_boolean
 is_default_attr (obj_attribute *attr)
 {
+  if (ATTR_TYPE_HAS_ERROR (attr->type))
+    return TRUE;
   if (ATTR_TYPE_HAS_INT_VAL (attr->type) && attr->i != 0)
     return FALSE;
   if (ATTR_TYPE_HAS_STR_VAL (attr->type) && attr->s && *attr->s)
@@ -438,7 +440,16 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
   /* PR 17512: file: 2844a11d.  */
   if (hdr->sh_size == 0)
     return;
-  contents = (bfd_byte *) bfd_malloc (hdr->sh_size);
+  if (hdr->sh_size > bfd_get_file_size (abfd))
+    {
+      /* xgettext:c-format */
+      _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
+			  abfd, hdr->bfd_section, (long long) hdr->sh_size);
+      bfd_set_error (bfd_error_invalid_operation);
+      return;
+    }
+
+  contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
   if (!contents)
     return;
   if (!bfd_get_section_contents (abfd, hdr->bfd_section, contents, 0,
@@ -447,10 +458,12 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
       free (contents);
       return;
     }
+  /* Ensure that the buffer is NUL terminated.  */
+  contents[hdr->sh_size] = 0;
   p = contents;
   p_end = p + hdr->sh_size;
   std_sec = get_elf_backend_data (abfd)->obj_attrs_vendor;
-  
+
   if (*(p++) == 'A')
     {
       len = hdr->sh_size - 1;
@@ -468,6 +481,13 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 	  if (section_len > len)
 	    section_len = len;
 	  len -= section_len;
+	  if (section_len <= 4)
+	    {
+	      _bfd_error_handler
+		(_("%pB: error: attribute section length too small: %" PRId64),
+		 abfd, (int64_t) section_len);
+	      break;
+	    }
 	  section_len -= 4;
 	  namelen = strnlen ((char *) p, section_len) + 1;
 	  if (namelen == 0 || namelen >= section_len)
@@ -493,7 +513,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 	      bfd_vma subsection_len;
 	      bfd_byte *end;
 
-	      tag = safe_read_leb128 (abfd, p, &n, FALSE, p_end);
+	      tag = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, p_end);
 	      p += n;
 	      if (p < p_end - 4)
 		subsection_len = bfd_get_32 (abfd, p);
@@ -517,13 +537,13 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 		    {
 		      int type;
 
-		      tag = safe_read_leb128 (abfd, p, &n, FALSE, end);
+		      tag = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end);
 		      p += n;
 		      type = _bfd_elf_obj_attrs_arg_type (abfd, vendor, tag);
 		      switch (type & (ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL))
 			{
 			case ATTR_TYPE_FLAG_INT_VAL | ATTR_TYPE_FLAG_STR_VAL:
-			  val = safe_read_leb128 (abfd, p, &n, FALSE, end);
+			  val = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end);
 			  p += n;
 			  bfd_elf_add_obj_attr_int_string (abfd, vendor, tag,
 							   val, (char *) p);
@@ -535,7 +555,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 			  p += strlen ((char *)p) + 1;
 			  break;
 			case ATTR_TYPE_FLAG_INT_VAL:
-			  val = safe_read_leb128 (abfd, p, &n, FALSE, end);
+			  val = _bfd_safe_read_leb128 (abfd, p, &n, FALSE, end);
 			  p += n;
 			  bfd_elf_add_obj_attr_int (abfd, vendor, tag, val);
 			  break;
@@ -571,8 +591,9 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
    attributes.  */
 
 bfd_boolean
-_bfd_elf_merge_object_attributes (bfd *ibfd, bfd *obfd)
+_bfd_elf_merge_object_attributes (bfd *ibfd, struct bfd_link_info *info)
 {
+  bfd *obfd = info->output_bfd;
   obj_attribute *in_attr;
   obj_attribute *out_attr;
   int vendor;
@@ -590,7 +611,8 @@ _bfd_elf_merge_object_attributes (bfd *ibfd, bfd *obfd)
       if (in_attr->i > 0 && strcmp (in_attr->s, "gnu") != 0)
 	{
 	  _bfd_error_handler
-		(_("error: %B: Object has vendor-specific contents that "
+	    /* xgettext:c-format */
+		(_("error: %pB: object has vendor-specific contents that "
 		   "must be processed by the '%s' toolchain"),
 		 ibfd, in_attr->s);
 	  return FALSE;
@@ -599,7 +621,8 @@ _bfd_elf_merge_object_attributes (bfd *ibfd, bfd *obfd)
       if (in_attr->i != out_attr->i
 	  || (in_attr->i != 0 && strcmp (in_attr->s, out_attr->s) != 0))
 	{
-	  _bfd_error_handler (_("error: %B: Object tag '%d, %s' is "
+	  /* xgettext:c-format */
+	  _bfd_error_handler (_("error: %pB: object tag '%d, %s' is "
 				"incompatible with tag '%d, %s'"),
 			      ibfd,
 			      in_attr->i, in_attr->s ? in_attr->s : "",