diff options
| author | Alan Modra <amodra@gmail.com> | 2023-02-22 07:47:36 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-02-23 12:58:53 +1030 |
| commit | 81ff113f7852558610855261551410455886cb08 (patch) | |
| tree | 502a105a57027cad820b282e2d0249c316e4b3ca /bfd/xcofflink.c | |
| parent | 2c5c22d68e5a0eac05b1f300916cf772a8b29b03 (diff) | |
| download | binutils-81ff113f7852558610855261551410455886cb08.zip binutils-81ff113f7852558610855261551410455886cb08.tar.gz binutils-81ff113f7852558610855261551410455886cb08.tar.bz2 | |
Test SEC_HAS_CONTENTS before reading section contents
bfd_malloc_and_get_section does size sanity checking before allocating
memory and reading contents. These size checks are not done for bss
style sections, because they typically don't occupy file space and
thus can't be compared against file size. However, if you are
expecting to look at something other than a whole lot of zeros, don't
allow fuzzers to avoid the size checking.
* cofflink.c (process_embedded_commands): Don't look at
sections without SEC_HAS_CONTENTS set.
* cpu-arm.c (bfd_arm_update_notes): Likewise.
(bfd_arm_get_mach_from_notes): Likewise.
* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Likewise.
* elf-hppa.h (elf_hppa_sort_unwind): Likewise.
* elf-m10300.c (mn10300_elf_relax_section): Likewise.
* elf-sframe.c (_bfd_elf_parse_sframe): Likewise.
* elf.c (_bfd_elf_print_private_bfd_data): Likewise.
* elf32-arm.c (bfd_elf32_arm_process_before_allocation): Likewise.
* elf32-avr.c (avr_elf32_load_property_records): Likewise.
* elf32-ppc.c (_bfd_elf_ppc_set_arch): Likewise.
(ppc_elf_get_synthetic_symtab, ppc_elf_relax_section): Likewise.
* elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise.
(opd_entry_value, ppc64_elf_edit_opd, ppc64_elf_edit_toc): Likewise.
* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
* elflink.c (elf_link_add_object_symbols): Likewise.
(bfd_elf_get_bfd_needed_list): Likewise.
* elfnn-aarch64.c (get_plt_type): Likewise.
* elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise.
* linker.c (_bfd_handle_already_linked): Likewise.
* opncls.c (bfd_get_debug_link_info_1): Likewise.
(bfd_get_alt_debug_link_info, get_build_id): Likewise.
* peXXigen.c (pe_print_idata, pe_print_pdata): Likewise.
(_bfd_XX_print_ce_compressed_pdata, pe_print_reloc): Likewise.
* pei-x86_64.c (pex64_bfd_print_pdata_section): Likewise.
* stabs.c (_bfd_link_section_stabs): Likewise.
(_bfd_discard_section_stabs): Likewise.
* xcofflink.c (_bfd_xcoff_get_dynamic_symtab_upper_bound): Likewise.
(_bfd_xcoff_canonicalize_dynamic_symtab): Likewise.
(_bfd_xcoff_get_dynamic_reloc_upper_bound): Likewise.
(_bfd_xcoff_canonicalize_dynamic_reloc): Likewise.
(xcoff_link_add_dynamic_symbols): Likewise.
(xcoff_link_check_dynamic_ar_symbols): Likewise.
(bfd_xcoff_build_dynamic_sections): Likewise.
Diffstat (limited to 'bfd/xcofflink.c')
| -rw-r--r-- | bfd/xcofflink.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c index b3ab780..a67f24b 100644 --- a/bfd/xcofflink.c +++ b/bfd/xcofflink.c @@ -259,7 +259,7 @@ _bfd_xcoff_get_dynamic_symtab_upper_bound (bfd *abfd) } lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) { bfd_set_error (bfd_error_no_symbols); return -1; @@ -293,7 +293,7 @@ _bfd_xcoff_canonicalize_dynamic_symtab (bfd *abfd, asymbol **psyms) } lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) { bfd_set_error (bfd_error_no_symbols); return -1; @@ -378,7 +378,7 @@ _bfd_xcoff_get_dynamic_reloc_upper_bound (bfd *abfd) } lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) { bfd_set_error (bfd_error_no_symbols); return -1; @@ -413,7 +413,7 @@ _bfd_xcoff_canonicalize_dynamic_reloc (bfd *abfd, } lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) { bfd_set_error (bfd_error_no_symbols); return -1; @@ -904,7 +904,7 @@ xcoff_link_add_dynamic_symbols (bfd *abfd, struct bfd_link_info *info) o_snloader field in the a.out header, rather than grabbing the section by name. */ lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) { _bfd_error_handler (_("%pB: dynamic object with no .loader section"), @@ -2373,7 +2373,7 @@ xcoff_link_check_dynamic_ar_symbols (bfd *abfd, *pneeded = false; lsec = bfd_get_section_by_name (abfd, ".loader"); - if (lsec == NULL) + if (lsec == NULL || (lsec->flags & SEC_HAS_CONTENTS) == 0) /* There are no symbols, so don't try to include it. */ return true; @@ -4128,7 +4128,9 @@ bfd_xcoff_build_dynamic_sections (bfd *output_bfd, { /* Grab the contents of SUB's .debug section, if any. */ subdeb = bfd_get_section_by_name (sub, ".debug"); - if (subdeb != NULL && subdeb->size > 0) + if (subdeb != NULL + && subdeb->size != 0 + && (subdeb->flags & SEC_HAS_CONTENTS) != 0) { /* We use malloc and copy the names into the debug stringtab, rather than bfd_alloc, because I expect |