diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-03-25 14:20:36 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-03-25 14:20:36 +0000 |
| commit | a539f2c77280d67248128aa993e5f606419a46e6 (patch) | |
| tree | c211120a3cacca49009dcebd3aa995007baf889c | |
| parent | a5ebc2c7ddc26fc1473d53ace9a088d2aa584f0f (diff) | |
| download | gdb-a539f2c77280d67248128aa993e5f606419a46e6.zip gdb-a539f2c77280d67248128aa993e5f606419a46e6.tar.gz gdb-a539f2c77280d67248128aa993e5f606419a46e6.tar.bz2 | |
Import patches from the master sources which fix illegal memory accesses found by running the binutils on fuzzed binaries.
2015-03-25 Nick Clifton <nickc@redhat.com>
Apply from master:
2015-02-26 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_read_section_32): Likewise.
(bfd_mach_o_read_section_64): Likewise.
2015-02-10 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* versados.c (process_otr): Check the esdid value before using it
to access the EDATA.
2015-02-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c: Use bfd_alloc2 to allocate space for structure arrays.
(bfd_mach_o_canonicalize_one_reloc): Fix check on out
of range symbol indicies.
(bfd_mach_o_canonicalize_relocs): Check for out of range alloc.
(bfd_mach_o_canonicalize_dynamic_reloc): Likewise.
(bfd_mach_o_build_dysymtab): Likewise.
(bfd_mach_o_write_symtab_content): Set the string table size to
zero upon error.
(bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the
read fails.
* tekhex.c (first_phase): Check for src pointer reaching end of
buffer.
2015-01-27 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* pdp11.c (aout_get_external_symbols): Return false if there are
no symbols.
2015-01-22 DJ Delorie <dj@redhat.com>
* elf32-m32c.c (m32c_apply_reloc_24): New.
(m32c_elf_howto_table): Use it for R_M32C_24.
(m32c_elf_relocate_section): Handle R_M32C_24 specially.
2015-01-21 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
initialise the fields of the dyld_info structure.
(bfd_mach_o_build_exec_seg_command): Replace assertion with an
error message and a return value.
(bfd_mach_o_layout_commands): Change the function to boolean.
Return FALSE if the function fails.
(bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
fails.
(bfd_mach_o_read_command): Fail if an unrecognised command is
encountered.
* tekhex.c (first_phase): Fail if the section is too big.
* versados.c (struct esdid): Add content_size field.
(process_otr): Use and check the new field.
(versados_get_section_contents): Check that the section exists and
that the requested data is available.
2015-01-19 Alan Modra <amodra@gmail.com>
* bfd-in.h (bfd_get_section_limit_octets): New define, extracted from..
(bfd_get_section_limit): ..here.
* reloc.c (bfd_perform_relocation): Correct bfd_reloc_outofrange check.
(bfd_install_relocation, _bfd_final_link_relocate): Add same check here.
* bfd-in2.h: Regenerate.
* cpu-ns32k.c (_bfd_do_ns32k_reloc_contents): Return bfd_reloc_ok
on zero size relocs.
* ecoff.c (ecoff_reloc_link_order): Likewise.
* elf32-nds32.c (nds32_relocate_contents): Likewise.
* elfxx-aarch64.c (_bfd_aarch64_elf_put_addend): Likewise.
* reloc.c (_bfd_relocate_contents): Don't bomb on zero size relocs.
(_bfd_clear_contents): Likewise.
* elfxx-mips.c (mips_elf_obtain_contents): Likewise.
(mips_elf_perform_relocation): Likewise.
* aoutx.h (aout_link_reloc_link_order): Allow for NULL return
from malloc on zero size alloc.
* cofflink.c (_bfd_coff_reloc_link_order): Likewise.
* elflink.c (elf_reloc_link_order): Likewise.
* linker.c (_bfd_generic_reloc_link_order): Likewise.
* pdp11.c (aout_link_reloc_link_order): Likewise.
* xcofflink.c (xcoff_reloc_link_order): Likewise.
* aoutx.h (howto_table_ext): Ensure NONE relocs have size 3,
bitsize 0, and complain_overflow_dont.
* coff-sparc.c (coff_sparc_howto_table): Likewise.
* elf-hppa.h (elf_hppa_howto_table): Likewise.
* elf-m10200.c (elf_mn10200_howto_table): Likewise.
* elf-m10300.c (elf_mn10300_howto_table): Likewise.
* elf32-arc.c (elf_arc_howto_table): Likewise.
* elf32-arm.c (elf32_arm_howto_table_1): Likewise.
* elf32-avr.c (elf_avr_howto_table): Likewise.
* elf32-bfin.c (bfin_howto_table): Likewise.
* elf32-cr16.c (cr16_elf_howto_table): Likewise.
* elf32-cris.c (cris_elf_howto_table): Likewise.
* elf32-crx.c (crx_elf_howto_table): Likewise.
* elf32-d10v.c (elf_d10v_howto_table): Likewise.
* elf32-d30v.c (elf_d30v_howto_table): Likewise.
* elf32-dlx.c (dlx_elf_howto_table): Likewise.
* elf32-epiphany.c (epiphany_elf_howto_table): Likewise.
* elf32-fr30.c (fr30_elf_howto_table): Likewise.
* elf32-frv.c (elf32_frv_howto_table): Likewise.
* elf32-h8300.c (h8_elf_howto_table): Likewise.
* elf32-i370.c (i370_elf_howto_raw): Likewise.
* elf32-i386.c (elf_howto_table): Likewise.
* elf32-i860.c (elf32_i860_howto_table): Likewise.
* elf32-i960.c (elf32_i960_relocate): Likewise.
* elf32-ip2k.c (ip2k_elf_howto_table): Likewise.
* elf32-iq2000.c (iq2000_elf_howto_table): Likewise.
* elf32-lm32.c (lm32_elf_howto_table): Likewise.
* elf32-m32c.c (m32c_elf_howto_table): Likewise.
* elf32-m32r.c (m32r_elf_howto_table): Likewise.
* elf32-m68hc11.c (elf_m68hc11_howto_table): Likewise.
* elf32-m68hc12.c (elf_m68hc11_howto_table): Likewise.
* elf32-m68k.c (howto_table): Likewise.
* elf32-mcore.c (mcore_elf_howto_raw): Likewise.
* elf32-mep.c (mep_elf_howto_table): Likewise.
* elf32-metag.c (elf_metag_howto_table): Likewise.
* elf32-microblaze.c (microblaze_elf_howto_raw): Likewise.
* elf32-mips.c (elf_mips_howto_table_rel): Likewise.
* elf32-moxie.c (moxie_elf_howto_table): Likewise.
* elf32-msp430.c (elf_msp430_howto_table): Likewise.
* elf32-mt.c (mt_elf_howto_table): Likewise.
* elf32-nds32.c (nds32_elf_howto_table): Likewise.
* elf32-nios2.c (elf_nios2_howto_table_rel): Likewise.
* elf32-or1k.c (or1k_elf_howto_table): Likewise.
* elf32-pj.c (pj_elf_howto_table): Likewise.
* elf32-ppc.c (ppc_elf_howto_raw): Likewise.
* elf32-rl78.c (rl78_elf_howto_table): Likewise.
* elf32-rx.c (rx_elf_howto_table): Likewise.
* elf32-s390.c (elf_howto_table): Likewise.
* elf32-score.c (elf32_score_howto_table): Likewise.
* elf32-score7.c (elf32_score_howto_table): Likewise.
* elf32-sh-relocs.h (R_SH_NONE): Likewise.
* elf32-spu.c (elf_howto_table): Likewise.
* elf32-tic6x.c (elf32_tic6x_howto_table): Likewise.
* elf32-tilepro.c (tilepro_elf_howto_table): Likewise.
* elf32-v850.c (v850_elf_howto_table): Likewise.
* elf32-vax.c (howto_table): Likewise.
* elf32-xc16x.c (xc16x_elf_howto_table): Likewise.
* elf32-xgate.c (elf_xgate_howto_table): Likewise.
* elf32-xstormy16.c (xstormy16_elf_howto_table): Likewise.
* elf32-xtensa.c (elf_howto_table): Likewise.
* elf64-alpha.c (elf64_alpha_howto_table): Likewise.
* elf64-mips.c (mips_elf64_howto_table_rel): Likewise.
* elf64-mmix.c (elf_mmix_howto_table): Likewise.
* elf64-ppc.c (ppc64_elf_howto_raw): Likewise.
* elf64-s390.c (elf_howto_table): Likewise.
* elf64-sh64.c (sh_elf64_howto_table): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Likewise.
* elfn32-mips.c (elf_mips_howto_table_rel): Likewise.
* elfnn-aarch64.c (elfNN_aarch64_howto_table): Likewise.
(elfNN_aarch64_howto_none): Likewise.
* elfxx-ia64.c (ia64_howto_table): Likewise.
* elfxx-sparc.c (_bfd_sparc_elf_howto_table): Likewise.
* elfxx-tilegx.c (tilegx_elf_howto_table): Likewise.
* nlm32-sparc.c (nlm32_sparc_howto_table): Likewise.
2015-01-06 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_read_symtab_strtab): Zero terminate the
string table.
* reloc.c (bfd_get_reloc_size): Handle a reloc size of -1.
(bfd_perform_relocation): Include the size of the reloc in the
test for an out of range relocation.
(bfd_generic_get_relocated_section_contents): Remove reloc range
test.
* tekhex.c (getvalue): Add an end pointer parameter. Use it to
avoid reading off the end of the buffer.
(getsym): Likewise.
(first_phase): Likewise.
(pass_over): Pass an end pointer to the invoked function.
2015-01-05 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
is at least big enough for the header to be read.
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
(bfd_mach_o_read_command): Prevetn duplicate error messages about
unrecognized commands.
* syms.c (_bfd_stab_section_find_nearest_line): Add range checks
when indexing into the string table.
2014-12-22 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_bsd_armap): Return if the parsed_size is
zero.
(bfd_slurp_armap): Zero terminate the name.
(bfd_generic_stat_arch_elt): If there is no header, fail.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
been provided then set the reloc's symbol to undefined.
* reloc.c (bfd_generic_get_relocated_section_contents): Add range
checking of the reloc to be applied.
* versados.c (process_otr): Add more range checks.
(versados_canonicalize_reloc): If the section is unknown, set the
symbol to undefined.
* vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
(alpha_vms_object_p): Likewise.
2014-12-16 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* format.c (bfd_check_format_matches): Check for a matching vector
before using match priorities.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
errors with previous delta.
2014-12-09 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
* libbfd.c (safe_read_leb128): New function.
* libbfd-in.h (safe_read_leb128): Add prototype.
* libbfd.h: Regenerate.
2014-12-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* compress.c (bfd_get_full_section_contents): Fail if there are no
section contents available when the compress_status is
COMPRESS_SECTION_DONE.
* libbfd.c (bfd_malloc): Refuse to allocate a negative size.
(bfd_malloc2): Use bfd_malloc.
(bfd_realloc): Refuse to reallocate a negative size.
(bfd_realloc2): Use bfd_realloc.
(bfd_realloc_or_free): Use bfd_realloc.
(bfd_zmalloc): Use bfd_malloc.
(bfd_zmalloc): Use bfd_malloc2.
* opncls.c (bfd_alloc): Refuse to allocate a negative size.
2014-12-01 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
2014-11-26 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
(bfd_mach_o_mangle_sections): Move test for too many sections to
before the allocation of the section table.
(bfd_mach_o_read_symtab_strtab): If the read fails, free the
memory and nullify the symbol pointer.
* reloc.c (bfd_generic_get_relocated_section_contents): Add
handling of a bfd_reloc_notsupported return value.
* versados.c (EDATA): Add range checking.
(get_record): Likewise.
(process_otr): Check for contents being available before updating
them.
(versados_canonicalize_reloc): Add range check.
2014-11-21 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* ieee.c (next_byte): Convert to a function. Return FALSE if the
next byte is beyond the end of the buffer.
(parse_int): Test the return value of next_byte.
(parse_expression): Convert to boolean. Return FALSE if the
parsing failed. Test the return value of next_byte.
(ieee_seek): Convert to a function. Return FALSE if the seek goes
beyond the end of the buffer.
(ieee_slurp_external_symbols): Test the return value of ieee_seek
and next_byte.
(ieee_slurp_sections): Convert to boolean. Return FALSE if the
operation failed. Test the return value of ieee_seek and
next_byte.
(ieee_archive_p): Test the return value of ieee_seek and
next_byte.
(do_one): Likewise.
(ieee_slurp_section_data): Likewise.
(ieee_object_p): Likewise. Store the size of the buffer in the
total_amt field in the header.
* libieee.h (common_header_type): Add amt field.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
reloc's value is within range.
(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
operation fails.
* versados.c (process_otr): Check that the section exists before
taking its size.
(versados_object_p): Make sure that enough data was read for the
header to be checked.
* vms-alpha.c (vms_get_remaining_object_record): Change
read_so_far parameter to an unsigned int. Check that the amount
read is in range.
97 files changed, 1206 insertions, 483 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 906c975..9363c1a 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,305 @@ +2015-03-25 Nick Clifton <nickc@redhat.com> + + Apply from master: + 2015-02-26 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * mach-o.c (bfd_mach_o_read_section_32): Likewise. + (bfd_mach_o_read_section_64): Likewise. + + 2015-02-10 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * versados.c (process_otr): Check the esdid value before using it + to access the EDATA. + + 2015-02-03 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * mach-o.c: Use bfd_alloc2 to allocate space for structure arrays. + (bfd_mach_o_canonicalize_one_reloc): Fix check on out + of range symbol indicies. + (bfd_mach_o_canonicalize_relocs): Check for out of range alloc. + (bfd_mach_o_canonicalize_dynamic_reloc): Likewise. + (bfd_mach_o_build_dysymtab): Likewise. + (bfd_mach_o_write_symtab_content): Set the string table size to + zero upon error. + (bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the + read fails. + * tekhex.c (first_phase): Check for src pointer reaching end of + buffer. + + 2015-01-27 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * pdp11.c (aout_get_external_symbols): Return false if there are + no symbols. + + 2015-01-22 DJ Delorie <dj@redhat.com> + + * elf32-m32c.c (m32c_apply_reloc_24): New. + (m32c_elf_howto_table): Use it for R_M32C_24. + (m32c_elf_relocate_section): Handle R_M32C_24 specially. + + 2015-01-21 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always + initialise the fields of the dyld_info structure. + (bfd_mach_o_build_exec_seg_command): Replace assertion with an + error message and a return value. + (bfd_mach_o_layout_commands): Change the function to boolean. + Return FALSE if the function fails. + (bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands + fails. + (bfd_mach_o_read_command): Fail if an unrecognised command is + encountered. + * tekhex.c (first_phase): Fail if the section is too big. + * versados.c (struct esdid): Add content_size field. + (process_otr): Use and check the new field. + (versados_get_section_contents): Check that the section exists and + that the requested data is available. + + 2015-01-19 Alan Modra <amodra@gmail.com> + + * bfd-in.h (bfd_get_section_limit_octets): New define, extracted from.. + (bfd_get_section_limit): ..here. + * reloc.c (bfd_perform_relocation): Correct bfd_reloc_outofrange check. + (bfd_install_relocation, _bfd_final_link_relocate): Add same check here. + * bfd-in2.h: Regenerate. + + * cpu-ns32k.c (_bfd_do_ns32k_reloc_contents): Return bfd_reloc_ok + on zero size relocs. + * ecoff.c (ecoff_reloc_link_order): Likewise. + * elf32-nds32.c (nds32_relocate_contents): Likewise. + * elfxx-aarch64.c (_bfd_aarch64_elf_put_addend): Likewise. + + * reloc.c (_bfd_relocate_contents): Don't bomb on zero size relocs. + (_bfd_clear_contents): Likewise. + * elfxx-mips.c (mips_elf_obtain_contents): Likewise. + (mips_elf_perform_relocation): Likewise. + + * aoutx.h (aout_link_reloc_link_order): Allow for NULL return + from malloc on zero size alloc. + * cofflink.c (_bfd_coff_reloc_link_order): Likewise. + * elflink.c (elf_reloc_link_order): Likewise. + * linker.c (_bfd_generic_reloc_link_order): Likewise. + * pdp11.c (aout_link_reloc_link_order): Likewise. + * xcofflink.c (xcoff_reloc_link_order): Likewise. + + * aoutx.h (howto_table_ext): Ensure NONE relocs have size 3, + bitsize 0, and complain_overflow_dont. + * coff-sparc.c (coff_sparc_howto_table): Likewise. + * elf-hppa.h (elf_hppa_howto_table): Likewise. + * elf-m10200.c (elf_mn10200_howto_table): Likewise. + * elf-m10300.c (elf_mn10300_howto_table): Likewise. + * elf32-arc.c (elf_arc_howto_table): Likewise. + * elf32-arm.c (elf32_arm_howto_table_1): Likewise. + * elf32-avr.c (elf_avr_howto_table): Likewise. + * elf32-bfin.c (bfin_howto_table): Likewise. + * elf32-cr16.c (cr16_elf_howto_table): Likewise. + * elf32-cris.c (cris_elf_howto_table): Likewise. + * elf32-crx.c (crx_elf_howto_table): Likewise. + * elf32-d10v.c (elf_d10v_howto_table): Likewise. + * elf32-d30v.c (elf_d30v_howto_table): Likewise. + * elf32-dlx.c (dlx_elf_howto_table): Likewise. + * elf32-epiphany.c (epiphany_elf_howto_table): Likewise. + * elf32-fr30.c (fr30_elf_howto_table): Likewise. + * elf32-frv.c (elf32_frv_howto_table): Likewise. + * elf32-h8300.c (h8_elf_howto_table): Likewise. + * elf32-i370.c (i370_elf_howto_raw): Likewise. + * elf32-i386.c (elf_howto_table): Likewise. + * elf32-i860.c (elf32_i860_howto_table): Likewise. + * elf32-i960.c (elf32_i960_relocate): Likewise. + * elf32-ip2k.c (ip2k_elf_howto_table): Likewise. + * elf32-iq2000.c (iq2000_elf_howto_table): Likewise. + * elf32-lm32.c (lm32_elf_howto_table): Likewise. + * elf32-m32c.c (m32c_elf_howto_table): Likewise. + * elf32-m32r.c (m32r_elf_howto_table): Likewise. + * elf32-m68hc11.c (elf_m68hc11_howto_table): Likewise. + * elf32-m68hc12.c (elf_m68hc11_howto_table): Likewise. + * elf32-m68k.c (howto_table): Likewise. + * elf32-mcore.c (mcore_elf_howto_raw): Likewise. + * elf32-mep.c (mep_elf_howto_table): Likewise. + * elf32-metag.c (elf_metag_howto_table): Likewise. + * elf32-microblaze.c (microblaze_elf_howto_raw): Likewise. + * elf32-mips.c (elf_mips_howto_table_rel): Likewise. + * elf32-moxie.c (moxie_elf_howto_table): Likewise. + * elf32-msp430.c (elf_msp430_howto_table): Likewise. + * elf32-mt.c (mt_elf_howto_table): Likewise. + * elf32-nds32.c (nds32_elf_howto_table): Likewise. + * elf32-nios2.c (elf_nios2_howto_table_rel): Likewise. + * elf32-or1k.c (or1k_elf_howto_table): Likewise. + * elf32-pj.c (pj_elf_howto_table): Likewise. + * elf32-ppc.c (ppc_elf_howto_raw): Likewise. + * elf32-rl78.c (rl78_elf_howto_table): Likewise. + * elf32-rx.c (rx_elf_howto_table): Likewise. + * elf32-s390.c (elf_howto_table): Likewise. + * elf32-score.c (elf32_score_howto_table): Likewise. + * elf32-score7.c (elf32_score_howto_table): Likewise. + * elf32-sh-relocs.h (R_SH_NONE): Likewise. + * elf32-spu.c (elf_howto_table): Likewise. + * elf32-tic6x.c (elf32_tic6x_howto_table): Likewise. + * elf32-tilepro.c (tilepro_elf_howto_table): Likewise. + * elf32-v850.c (v850_elf_howto_table): Likewise. + * elf32-vax.c (howto_table): Likewise. + * elf32-xc16x.c (xc16x_elf_howto_table): Likewise. + * elf32-xgate.c (elf_xgate_howto_table): Likewise. + * elf32-xstormy16.c (xstormy16_elf_howto_table): Likewise. + * elf32-xtensa.c (elf_howto_table): Likewise. + * elf64-alpha.c (elf64_alpha_howto_table): Likewise. + * elf64-mips.c (mips_elf64_howto_table_rel): Likewise. + * elf64-mmix.c (elf_mmix_howto_table): Likewise. + * elf64-ppc.c (ppc64_elf_howto_raw): Likewise. + * elf64-s390.c (elf_howto_table): Likewise. + * elf64-sh64.c (sh_elf64_howto_table): Likewise. + * elf64-x86-64.c (x86_64_elf_howto_table): Likewise. + * elfn32-mips.c (elf_mips_howto_table_rel): Likewise. + * elfnn-aarch64.c (elfNN_aarch64_howto_table): Likewise. + (elfNN_aarch64_howto_none): Likewise. + * elfxx-ia64.c (ia64_howto_table): Likewise. + * elfxx-sparc.c (_bfd_sparc_elf_howto_table): Likewise. + * elfxx-tilegx.c (tilegx_elf_howto_table): Likewise. + * nlm32-sparc.c (nlm32_sparc_howto_table): Likewise. + + 2015-01-06 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * mach-o.c (bfd_mach_o_read_symtab_strtab): Zero terminate the + string table. + + * reloc.c (bfd_get_reloc_size): Handle a reloc size of -1. + (bfd_perform_relocation): Include the size of the reloc in the + test for an out of range relocation. + (bfd_generic_get_relocated_section_contents): Remove reloc range + test. + + * tekhex.c (getvalue): Add an end pointer parameter. Use it to + avoid reading off the end of the buffer. + (getsym): Likewise. + (first_phase): Likewise. + (pass_over): Pass an end pointer to the invoked function. + + 2015-01-05 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * archive.c (do_slurp_bsd_armap): Make sure that the parsed sized + is at least big enough for the header to be read. + * mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks. + (bfd_mach_o_read_command): Prevetn duplicate error messages about + unrecognized commands. + * syms.c (_bfd_stab_section_find_nearest_line): Add range checks + when indexing into the string table. + + 2014-12-22 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * archive.c (do_slurp_bsd_armap): Return if the parsed_size is + zero. + (bfd_slurp_armap): Zero terminate the name. + (bfd_generic_stat_arch_elt): If there is no header, fail. + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have + been provided then set the reloc's symbol to undefined. + * reloc.c (bfd_generic_get_relocated_section_contents): Add range + checking of the reloc to be applied. + * versados.c (process_otr): Add more range checks. + (versados_canonicalize_reloc): If the section is unknown, set the + symbol to undefined. + * vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks. + (alpha_vms_object_p): Likewise. + + 2014-12-16 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * format.c (bfd_check_format_matches): Check for a matching vector + before using match priorities. + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one + errors with previous delta. + + 2014-12-09 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * archive64.c (bfd_elf64_archive_slurp_armap): Add range checks. + * libbfd.c (safe_read_leb128): New function. + * libbfd-in.h (safe_read_leb128): Add prototype. + * libbfd.h: Regenerate. + + 2014-12-03 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * compress.c (bfd_get_full_section_contents): Fail if there are no + section contents available when the compress_status is + COMPRESS_SECTION_DONE. + * libbfd.c (bfd_malloc): Refuse to allocate a negative size. + (bfd_malloc2): Use bfd_malloc. + (bfd_realloc): Refuse to reallocate a negative size. + (bfd_realloc2): Use bfd_realloc. + (bfd_realloc_or_free): Use bfd_realloc. + (bfd_zmalloc): Use bfd_malloc. + (bfd_zmalloc): Use bfd_malloc2. + * opncls.c (bfd_alloc): Refuse to allocate a negative size. + + 2014-12-01 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * archive.c (do_slurp_coff_armap): Add range checks to prevent + running off the end of the string table. + * compress.c (bfd_get_full_section_contents): Return a NULL + pointer for zero sized sections. Do not attempt to copy a buffer + onto itself. + * reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto + parameter is NULL. + + 2014-11-26 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise. + (bfd_mach_o_mangle_sections): Move test for too many sections to + before the allocation of the section table. + (bfd_mach_o_read_symtab_strtab): If the read fails, free the + memory and nullify the symbol pointer. + * reloc.c (bfd_generic_get_relocated_section_contents): Add + handling of a bfd_reloc_notsupported return value. + * versados.c (EDATA): Add range checking. + (get_record): Likewise. + (process_otr): Check for contents being available before updating + them. + (versados_canonicalize_reloc): Add range check. + + 2014-11-21 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * ieee.c (next_byte): Convert to a function. Return FALSE if the + next byte is beyond the end of the buffer. + (parse_int): Test the return value of next_byte. + (parse_expression): Convert to boolean. Return FALSE if the + parsing failed. Test the return value of next_byte. + (ieee_seek): Convert to a function. Return FALSE if the seek goes + beyond the end of the buffer. + (ieee_slurp_external_symbols): Test the return value of ieee_seek + and next_byte. + (ieee_slurp_sections): Convert to boolean. Return FALSE if the + operation failed. Test the return value of ieee_seek and + next_byte. + (ieee_archive_p): Test the return value of ieee_seek and + next_byte. + (do_one): Likewise. + (ieee_slurp_section_data): Likewise. + (ieee_object_p): Likewise. Store the size of the buffer in the + total_amt field in the header. + * libieee.h (common_header_type): Add amt field. + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the + reloc's value is within range. + (bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the + operation fails. + * versados.c (process_otr): Check that the section exists before + taking its size. + (versados_object_p): Make sure that enough data was read for the + header to be checked. + * vms-alpha.c (vms_get_remaining_object_record): Change + read_so_far parameter to an unsigned int. Check that the amount + read is in range. + 2015-03-24 Nick Clifton <nickc@redhat.com> Apply from master: diff --git a/bfd/aoutx.h b/bfd/aoutx.h index 9385a98..764d163 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -203,8 +203,8 @@ reloc_howto_type howto_table_ext[] = HOWTO (RELOC_GLOB_DAT,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "GLOB_DAT", FALSE, 0, 0x00000000, FALSE), HOWTO (RELOC_JMP_SLOT,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "JMP_SLOT", FALSE, 0, 0x00000000, FALSE), HOWTO (RELOC_RELATIVE,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "RELATIVE", FALSE, 0, 0x00000000, FALSE), - HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE), - HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE), + HOWTO (0, 0, 3, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE), + HOWTO (0, 0, 3, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE), #define RELOC_SPARC_REV32 RELOC_WDISP19 HOWTO (RELOC_SPARC_REV32, 0, 2, 32, FALSE, 0, complain_overflow_dont, 0,"R_SPARC_REV32",FALSE, 0, 0xffffffff, FALSE), }; @@ -3816,7 +3816,7 @@ aout_link_reloc_link_order (struct aout_final_link_info *flaginfo, size = bfd_get_reloc_size (howto); buf = (bfd_byte *) bfd_zmalloc (size); - if (buf == NULL) + if (buf == NULL && size != 0) return FALSE; r = MY_relocate_contents (howto, flaginfo->output_bfd, (bfd_vma) pr->addend, buf); diff --git a/bfd/archive.c b/bfd/archive.c index df37996..34a9830 100644 --- a/bfd/archive.c +++ b/bfd/archive.c @@ -311,8 +311,7 @@ _bfd_look_for_bfd_in_cache (bfd *arch_bfd, file_ptr filepos) struct ar_cache *entry = (struct ar_cache *) htab_find (hash_table, &m); if (!entry) return NULL; - else - return entry->arbfd; + return entry->arbfd; } else return NULL; @@ -902,6 +901,10 @@ do_slurp_bsd_armap (bfd *abfd) return FALSE; parsed_size = mapdata->parsed_size; free (mapdata); + /* PR 17512: file: 883ff754. */ + /* PR 17512: file: 0458885f. */ + if (parsed_size < 4) + return FALSE; raw_armap = (bfd_byte *) bfd_zalloc (abfd, parsed_size); if (raw_armap == NULL) @@ -1038,12 +1041,19 @@ do_slurp_coff_armap (bfd *abfd) } /* OK, build the carsyms. */ - for (i = 0; i < nsymz; i++) + for (i = 0; i < nsymz && stringsize > 0; i++) { + bfd_size_type len; + rawptr = raw_armap + i; carsyms->file_offset = swap ((bfd_byte *) rawptr); carsyms->name = stringbase; - stringbase += strlen (stringbase) + 1; + /* PR 17512: file: 4a1d50c1. */ + len = strnlen (stringbase, stringsize); + if (len < stringsize) + len ++; + stringbase += len; + stringsize -= len; carsyms++; } *stringbase = 0; @@ -1131,6 +1141,7 @@ bfd_slurp_armap (bfd *abfd) return FALSE; if (bfd_seek (abfd, -(file_ptr) (sizeof (hdr) + 20), SEEK_CUR) != 0) return FALSE; + extname[20] = 0; if (CONST_STRNEQ (extname, "__.SYMDEF SORTED") || CONST_STRNEQ (extname, "__.SYMDEF")) return do_slurp_bsd_armap (abfd); @@ -1964,6 +1975,9 @@ bfd_generic_stat_arch_elt (bfd *abfd, struct stat *buf) } hdr = arch_hdr (abfd); + /* PR 17512: file: 3d9e9fe9. */ + if (hdr == NULL) + return -1; #define foo(arelt, stelt, size) \ buf->stelt = strtol (hdr->arelt, &aloser, size); \ diff --git a/bfd/archive64.c b/bfd/archive64.c index 6b87ec5..9d29b90 100644 --- a/bfd/archive64.c +++ b/bfd/archive64.c @@ -46,6 +46,7 @@ bfd_elf64_archive_slurp_armap (bfd *abfd) struct areltdata *mapdata; bfd_byte int_buf[8]; char *stringbase; + char *stringend; bfd_byte *raw_armap = NULL; carsym *carsyms; bfd_size_type amt; @@ -92,11 +93,18 @@ bfd_elf64_archive_slurp_armap (bfd *abfd) ptrsize = 8 * nsymz; amt = carsym_size + stringsize + 1; + if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz) + { + bfd_set_error (bfd_error_malformed_archive); + return FALSE; + } ardata->symdefs = (struct carsym *) bfd_zalloc (abfd, amt); if (ardata->symdefs == NULL) return FALSE; carsyms = ardata->symdefs; stringbase = ((char *) ardata->symdefs) + carsym_size; + stringbase[stringsize] = 0; + stringend = stringbase + stringsize; raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize); if (raw_armap == NULL) @@ -114,7 +122,8 @@ bfd_elf64_archive_slurp_armap (bfd *abfd) { carsyms->file_offset = bfd_getb64 (raw_armap + i * 8); carsyms->name = stringbase; - stringbase += strlen (stringbase) + 1; + if (stringbase < stringend) + stringbase += strlen (stringbase) + 1; ++carsyms; } *stringbase = '\0'; diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h index 1f80a76..1607872 100644 --- a/bfd/bfd-in.h +++ b/bfd/bfd-in.h @@ -292,10 +292,13 @@ typedef struct bfd_section *sec_ptr; #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0) +#define bfd_get_section_limit_octets(bfd, sec) \ + ((bfd)->direction != write_direction && (sec)->rawsize != 0 \ + ? (sec)->rawsize : (sec)->size) + /* Find the address one past the end of SEC. */ #define bfd_get_section_limit(bfd, sec) \ - (((bfd)->direction != write_direction && (sec)->rawsize != 0 \ - ? (sec)->rawsize : (sec)->size) / bfd_octets_per_byte (bfd)) + (bfd_get_section_limit_octets(bfd, sec) / bfd_octets_per_byte (bfd)) /* Return TRUE if input section SEC has been discarded. */ #define discarded_section(sec) \ diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h index c7a2bb5..bca5181 100644 --- a/bfd/bfd-in2.h +++ b/bfd/bfd-in2.h @@ -299,10 +299,13 @@ typedef struct bfd_section *sec_ptr; #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0) +#define bfd_get_section_limit_octets(bfd, sec) \ + ((bfd)->direction != write_direction && (sec)->rawsize != 0 \ + ? (sec)->rawsize : (sec)->size) + /* Find the address one past the end of SEC. */ #define bfd_get_section_limit(bfd, sec) \ - (((bfd)->direction != write_direction && (sec)->rawsize != 0 \ - ? (sec)->rawsize : (sec)->size) / bfd_octets_per_byte (bfd)) + (bfd_get_section_limit_octets(bfd, sec) / bfd_octets_per_byte (bfd)) /* Return TRUE if input section SEC has been discarded. */ #define discarded_section(sec) \ diff --git a/bfd/coff-sparc.c b/bfd/coff-sparc.c index 031dcd0..21d9933 100644 --- a/bfd/coff-sparc.c +++ b/bfd/coff-sparc.c @@ -74,7 +74,7 @@ bfd_coff_generic_reloc (bfd *abfd ATTRIBUTE_UNUSED, static reloc_howto_type coff_sparc_howto_table[] = { - HOWTO(R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, bfd_coff_generic_reloc,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE), + HOWTO(R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, bfd_coff_generic_reloc,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE), HOWTO(R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_8", FALSE,0,0x000000ff,TRUE), HOWTO(R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_16", FALSE,0,0x0000ffff,TRUE), HOWTO(R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_32", FALSE,0,0xffffffff,TRUE), diff --git a/bfd/compress.c b/bfd/compress.c index 20eef95..6a87258 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -239,6 +239,8 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) #endif case COMPRESS_SECTION_DONE: + if (sec->contents == NULL) + return FALSE; if (p == NULL) { p = (bfd_byte *) bfd_malloc (sz); @@ -246,7 +248,9 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) return FALSE; *ptr = p; } - memcpy (p, sec->contents, sz); + /* PR 17512; file: 5bc29788. */ + if (p != sec->contents) + memcpy (p, sec->contents, sz); return TRUE; default: diff --git a/bfd/cpu-ns32k.c b/bfd/cpu-ns32k.c index 55ee030..cee72b3 100644 --- a/bfd/cpu-ns32k.c +++ b/bfd/cpu-ns32k.c @@ -585,8 +585,9 @@ _bfd_do_ns32k_reloc_contents (reloc_howto_type *howto, switch (size) { default: - case 0: abort (); + case 0: + return bfd_reloc_ok; case 1: case 2: case 4: diff --git a/bfd/elf-hppa.h b/bfd/elf-hppa.h index 5ee7de8..705bdac 100644 --- a/bfd/elf-hppa.h +++ b/bfd/elf-hppa.h @@ -47,7 +47,7 @@ static reloc_howto_type elf_hppa_howto_table[ELF_HOWTO_TABLE_SIZE] = { - { R_PARISC_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield, + { R_PARISC_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, bfd_elf_generic_reloc, "R_PARISC_NONE", FALSE, 0, 0, FALSE }, /* The values in DIR32 are to placate the check in diff --git a/bfd/elf-m10200.c b/bfd/elf-m10200.c index 86872b7..cbeda2f 100644 --- a/bfd/elf-m10200.c +++ b/bfd/elf-m10200.c @@ -46,11 +46,11 @@ static reloc_howto_type elf_mn10200_howto_table[] = /* Dummy relocation. Does nothing. */ HOWTO (R_MN10200_NONE, 0, - 2, - 16, + 3, + 0, FALSE, 0, - complain_overflow_bitfield, + complain_overflow_dont, bfd_elf_generic_reloc, "R_MN10200_NONE", FALSE, diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c index 1dbb2f9..0b13c1a 100644 --- a/bfd/elf-m10300.c +++ b/bfd/elf-m10300.c @@ -142,11 +142,11 @@ static reloc_howto_type elf_mn10300_howto_table[] = /* Dummy relocation. Does nothing. */ HOWTO (R_MN10300_NONE, 0, - 2, - 16, + 3, + 0, FALSE, 0, - complain_overflow_bitfield, + complain_overflow_dont, bfd_elf_generic_reloc, "R_MN10300_NONE", FALSE, diff --git a/bfd/elf32-arc.c b/bfd/elf32-arc.c index e528e66..d193965 100644 --- a/bfd/elf32-arc.c +++ b/bfd/elf32-arc.c @@ -58,11 +58,11 @@ static reloc_howto_type elf_arc_howto_table[] = /* This reloc does nothing. */ HOWTO (R_ARC_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ - complain_overflow_bitfield, /* Complain_on_overflow. */ + complain_overflow_dont, /* Complain_on_overflow. */ bfd_elf_generic_reloc, /* Special_function. */ "R_ARC_NONE", /* Name. */ TRUE, /* Partial_inplace. */ diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c index 782cc87..7690251 100644 --- a/bfd/elf32-arm.c +++ b/bfd/elf32-arm.c @@ -79,7 +79,7 @@ static reloc_howto_type elf32_arm_howto_table_1[] = /* No relocation. */ HOWTO (R_ARM_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c index 54d67bf..dad04e2 100644 --- a/bfd/elf32-avr.c +++ b/bfd/elf32-avr.c @@ -121,11 +121,11 @@ static reloc_howto_type elf_avr_howto_table[] = { HOWTO (R_AVR_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_AVR_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-bfin.c b/bfd/elf32-bfin.c index 692875b..db2a5ba 100644 --- a/bfd/elf32-bfin.c +++ b/bfd/elf32-bfin.c @@ -423,11 +423,11 @@ static reloc_howto_type bfin_howto_table [] = /* This reloc does nothing. . */ HOWTO (R_BFIN_UNUSED0, /* type. */ 0, /* rightshift. */ - 2, /* size (0 = byte, 1 = short, 2 = long). */ - 32, /* bitsize. */ + 3, /* size (0 = byte, 1 = short, 2 = long). */ + 0, /* bitsize. */ FALSE, /* pc_relative. */ 0, /* bitpos. */ - complain_overflow_bitfield, /* complain_on_overflow. */ + complain_overflow_dont,/* complain_on_overflow. */ bfd_elf_generic_reloc, /* special_function. */ "R_BFIN_UNUSED0", /* name. */ FALSE, /* partial_inplace. */ @@ -451,11 +451,11 @@ static reloc_howto_type bfin_howto_table [] = HOWTO (R_BFIN_UNUSED1, /* type. */ 0, /* rightshift. */ - 2, /* size (0 = byte, 1 = short, 2 = long). */ - 32, /* bitsize. */ + 3, /* size (0 = byte, 1 = short, 2 = long). */ + 0, /* bitsize. */ FALSE, /* pc_relative. */ 0, /* bitpos. */ - complain_overflow_bitfield, /* complain_on_overflow. */ + complain_overflow_dont,/* complain_on_overflow. */ bfd_elf_generic_reloc, /* special_function. */ "R_BFIN_UNUSED1", /* name. */ FALSE, /* partial_inplace. */ @@ -581,8 +581,8 @@ static reloc_howto_type bfin_howto_table [] = HOWTO (R_BFIN_UNUSEDB, /* type. */ 0, /* rightshift. */ - 2, /* size (0 = byte, 1 = short, 2 = long). */ - 32, /* bitsize. */ + 3, /* size (0 = byte, 1 = short, 2 = long). */ + 0, /* bitsize. */ FALSE, /* pc_relative. */ 0, /* bitpos. */ complain_overflow_dont, /* complain_on_overflow. */ @@ -595,8 +595,8 @@ static reloc_howto_type bfin_howto_table [] = HOWTO (R_BFIN_UNUSEDC, /* type. */ 0, /* rightshift. */ - 2, /* size (0 = byte, 1 = short, 2 = long). */ - 32, /* bitsize. */ + 3, /* size (0 = byte, 1 = short, 2 = long). */ + 0, /* bitsize. */ FALSE, /* pc_relative. */ 0, /* bitpos. */ complain_overflow_dont, /* complain_on_overflow. */ diff --git a/bfd/elf32-cr16.c b/bfd/elf32-cr16.c index 6dadcc1..862d9ff 100644 --- a/bfd/elf32-cr16.c +++ b/bfd/elf32-cr16.c @@ -115,8 +115,8 @@ static reloc_howto_type cr16_elf_howto_table[] = { HOWTO (R_CR16_NONE, /* type */ 0, /* rightshift */ - 2, /* size */ - 32, /* bitsize */ + 3, /* size */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ diff --git a/bfd/elf32-cris.c b/bfd/elf32-cris.c index c516b2f..ce1cbfe 100644 --- a/bfd/elf32-cris.c +++ b/bfd/elf32-cris.c @@ -40,11 +40,11 @@ static reloc_howto_type cris_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_CRIS_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_CRIS_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-crx.c b/bfd/elf32-crx.c index f2925f5..607ad9c 100644 --- a/bfd/elf32-crx.c +++ b/bfd/elf32-crx.c @@ -82,8 +82,8 @@ static reloc_howto_type crx_elf_howto_table[] = { HOWTO (R_CRX_NONE, /* type */ 0, /* rightshift */ - 2, /* size */ - 32, /* bitsize */ + 3, /* size */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont,/* complain_on_overflow */ diff --git a/bfd/elf32-d10v.c b/bfd/elf32-d10v.c index f45e2db..6680864 100644 --- a/bfd/elf32-d10v.c +++ b/bfd/elf32-d10v.c @@ -33,8 +33,8 @@ static reloc_howto_type elf_d10v_howto_table[] = /* This reloc does nothing. */ HOWTO (R_D10V_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ complain_overflow_dont,/* Complain_on_overflow. */ diff --git a/bfd/elf32-d30v.c b/bfd/elf32-d30v.c index 211a673..e39cdff 100644 --- a/bfd/elf32-d30v.c +++ b/bfd/elf32-d30v.c @@ -254,11 +254,11 @@ static reloc_howto_type elf_d30v_howto_table[] = /* This reloc does nothing. */ HOWTO (R_D30V_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ - complain_overflow_bitfield, /* Complain_on_overflow. */ + complain_overflow_dont,/* Complain_on_overflow. */ bfd_elf_generic_reloc, /* Special_function. */ "R_D30V_NONE", /* Name. */ FALSE, /* Partial_inplace. */ diff --git a/bfd/elf32-dlx.c b/bfd/elf32-dlx.c index 91441aa..978befd 100644 --- a/bfd/elf32-dlx.c +++ b/bfd/elf32-dlx.c @@ -237,7 +237,7 @@ static reloc_howto_type dlx_elf_howto_table[]= /* No relocation. */ HOWTO (R_DLX_NONE, /* Type. */ 0, /* Rightshift. */ - 0, /* size (0 = byte, 1 = short, 2 = long). */ + 3, /* size (0 = byte, 1 = short, 2 = long). */ 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ diff --git a/bfd/elf32-epiphany.c b/bfd/elf32-epiphany.c index 8d95cc9..133521f 100644 --- a/bfd/elf32-epiphany.c +++ b/bfd/elf32-epiphany.c @@ -63,7 +63,7 @@ static reloc_howto_type epiphany_elf_howto_table [] = pr) /* pcrel_offset */ /* This reloc does nothing. */ - AHOW (R_EPIPHANY_NONE, 0, 0,32, FALSE, 0, complain_overflow_dont, "R_EPIPHANY_NONE", 0, 0), + AHOW (R_EPIPHANY_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, "R_EPIPHANY_NONE", 0, 0), /* 8 bit absolute (not likely) */ AHOW (R_EPIPHANY_8, 0, 0, 8, FALSE, 0, complain_overflow_bitfield, "R_EPIPHANY_8", 0x000000ff, 0x000000ff), diff --git a/bfd/elf32-fr30.c b/bfd/elf32-fr30.c index 022a0a9..3cc31b7 100644 --- a/bfd/elf32-fr30.c +++ b/bfd/elf32-fr30.c @@ -37,11 +37,11 @@ static reloc_howto_type fr30_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_FR30_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_FR30_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-frv.c b/bfd/elf32-frv.c index 46f299b..714399a 100644 --- a/bfd/elf32-frv.c +++ b/bfd/elf32-frv.c @@ -34,11 +34,11 @@ static reloc_howto_type elf32_frv_howto_table [] = /* This reloc does nothing. */ HOWTO (R_FRV_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_FRV_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-h8300.c b/bfd/elf32-h8300.c index e9eae94..983e8c2 100644 --- a/bfd/elf32-h8300.c +++ b/bfd/elf32-h8300.c @@ -61,7 +61,7 @@ static reloc_howto_type h8_elf_howto_table[] = #define R_H8_NONE_X 0 HOWTO (R_H8_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-i370.c b/bfd/elf32-i370.c index e28c257..3c32190 100644 --- a/bfd/elf32-i370.c +++ b/bfd/elf32-i370.c @@ -40,11 +40,11 @@ static reloc_howto_type i370_elf_howto_raw[] = /* This reloc does nothing. */ HOWTO (R_I370_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_I370_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index 73141ee..1d463e5 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -37,7 +37,7 @@ static reloc_howto_type elf_howto_table[]= { - HOWTO(R_386_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield, + HOWTO(R_386_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, bfd_elf_generic_reloc, "R_386_NONE", TRUE, 0x00000000, 0x00000000, FALSE), HOWTO(R_386_32, 0, 2, 32, FALSE, 0, complain_overflow_bitfield, diff --git a/bfd/elf32-i860.c b/bfd/elf32-i860.c index de900c1..8920feb 100644 --- a/bfd/elf32-i860.c +++ b/bfd/elf32-i860.c @@ -264,11 +264,11 @@ static reloc_howto_type elf32_i860_howto_table [] = /* This relocation does nothing. */ HOWTO (R_860_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_860_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-i960.c b/bfd/elf32-i960.c index c6fbbb8..5030347 100644 --- a/bfd/elf32-i960.c +++ b/bfd/elf32-i960.c @@ -83,7 +83,7 @@ elf32_i960_relocate (bfd *abfd ATTRIBUTE_UNUSED, static reloc_howto_type elf_howto_table[]= { - HOWTO (R_960_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield, + HOWTO (R_960_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, elf32_i960_relocate, "R_960_NONE", TRUE, 0x00000000, 0x00000000, FALSE), EMPTY_HOWTO (1), diff --git a/bfd/elf32-ip2k.c b/bfd/elf32-ip2k.c index 79e1ecc..df12490 100644 --- a/bfd/elf32-ip2k.c +++ b/bfd/elf32-ip2k.c @@ -141,7 +141,7 @@ static reloc_howto_type ip2k_elf_howto_table [] = pr) /* pcrel_offset */ /* This reloc does nothing. */ - IP2K_HOWTO (R_IP2K_NONE, 0,2,32, FALSE, 0, "R_IP2K_NONE", 0, 0), + IP2K_HOWTO (R_IP2K_NONE, 0,3,0, FALSE, 0, "R_IP2K_NONE", 0, 0), /* A 16 bit absolute relocation. */ IP2K_HOWTO (R_IP2K_16, 0,1,16, FALSE, 0, "R_IP2K_16", 0, 0xffff), /* A 32 bit absolute relocation. */ diff --git a/bfd/elf32-iq2000.c b/bfd/elf32-iq2000.c index a6bf8d2..fc87891 100644 --- a/bfd/elf32-iq2000.c +++ b/bfd/elf32-iq2000.c @@ -34,11 +34,11 @@ static reloc_howto_type iq2000_elf_howto_table [] = HOWTO (R_IQ2000_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont, /* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_IQ2000_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-lm32.c b/bfd/elf32-lm32.c index 5f2b6b8..0ff5929 100644 --- a/bfd/elf32-lm32.c +++ b/bfd/elf32-lm32.c @@ -262,11 +262,11 @@ static reloc_howto_type lm32_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_LM32_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield,/* complain_on_overflow */ + complain_overflow_dont, /* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_LM32_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-m32c.c b/bfd/elf32-m32c.c index 3e2c802..be88738 100644 --- a/bfd/elf32-m32c.c +++ b/bfd/elf32-m32c.c @@ -40,6 +40,8 @@ void dump_symtab (bfd *, void *, void *); #endif static bfd_boolean m32c_elf_relax_section (bfd *abfd, asection *sec, struct bfd_link_info *link_info, bfd_boolean *again); +static bfd_reloc_status_type m32c_apply_reloc_24 + (bfd *, arelent *, asymbol *, void *, asection *, bfd *, char **); static reloc_howto_type m32c_elf_howto_table [] = @@ -47,11 +49,11 @@ static reloc_howto_type m32c_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_M32C_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_M32C_NONE", /* name */ FALSE, /* partial_inplace */ @@ -83,7 +85,7 @@ static reloc_howto_type m32c_elf_howto_table [] = FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ - bfd_elf_generic_reloc, /* special_function */ + m32c_apply_reloc_24, /* special_function */ "R_M32C_24", /* name */ FALSE, /* partial_inplace */ 0, /* src_mask */ @@ -303,6 +305,48 @@ m32c_info_to_howto_rela +/* Apply R_M32C_24 relocations. We have to do this because it's not a + power-of-two size, and the generic code may think it overruns the + section if it's right at the end. + + Must return something other than bfd_reloc_continue to avoid the + above problem. Typical return values include bfd_reloc_ok or + bfd_reloc_overflow. +*/ + +static bfd_reloc_status_type m32c_apply_reloc_24 (bfd *abfd ATTRIBUTE_UNUSED, + arelent *reloc_entry, + asymbol *symbol, + void *vdata_start ATTRIBUTE_UNUSED, + asection *input_section, + bfd *ibfd ATTRIBUTE_UNUSED, + char **error_msg ATTRIBUTE_UNUSED) +{ + bfd_vma relocation; + bfd_reloc_status_type s; + + s = bfd_elf_generic_reloc (abfd, reloc_entry, symbol, + vdata_start, + input_section, ibfd, error_msg); + if (s != bfd_reloc_continue) + return s; + + /* Get symbol value. (Common symbols are special.) */ + if (bfd_is_com_section (symbol->section)) + relocation = 0; + else + relocation = symbol->value; + + relocation += symbol->section->output_offset; + + /* Add in supplied addend. */ + relocation += reloc_entry->addend; + + reloc_entry->addend = relocation; + reloc_entry->address += input_section->output_offset; + return bfd_reloc_ok; +} + /* Relocate an M32C ELF section. There is some attempt to make this function usable for many architectures, both USE_REL and USE_RELA ['twould be nice if such a critter existed], @@ -531,9 +575,32 @@ m32c_elf_relocate_section printf ("\n"); } #endif - r = _bfd_final_link_relocate (howto, input_bfd, input_section, - contents, rel->r_offset, relocation, - rel->r_addend); + switch (ELF32_R_TYPE(rel->r_info)) + { + case R_M32C_24: + /* Like m32c_apply_reloc_24, we must handle this one separately. */ + relocation += rel->r_addend; + + /* Sanity check the address. */ + if (rel->r_offset + 3 + > bfd_get_section_limit_octets (input_bfd, input_section)) + r = bfd_reloc_outofrange; + else + { + bfd_put_8 (input_bfd, relocation & 0xff, contents + rel->r_offset); + bfd_put_8 (input_bfd, (relocation >> 8) & 0xff, contents + rel->r_offset + 1); + bfd_put_8 (input_bfd, (relocation >> 16) & 0xff, contents + rel->r_offset + 2); + r = bfd_reloc_ok; + } + + break; + + default: + r = _bfd_final_link_relocate (howto, input_bfd, input_section, + contents, rel->r_offset, relocation, + rel->r_addend); + break; + } if (r != bfd_reloc_ok) { diff --git a/bfd/elf32-m32r.c b/bfd/elf32-m32r.c index e6b45ab..951d43e 100644 --- a/bfd/elf32-m32r.c +++ b/bfd/elf32-m32r.c @@ -474,11 +474,11 @@ static reloc_howto_type m32r_elf_howto_table[] = /* This reloc does nothing. */ HOWTO (R_M32R_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_M32R_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-m68hc11.c b/bfd/elf32-m68hc11.c index 2101bdf..00a77d0 100644 --- a/bfd/elf32-m68hc11.c +++ b/bfd/elf32-m68hc11.c @@ -65,8 +65,8 @@ static reloc_howto_type elf_m68hc11_howto_table[] = { /* This reloc does nothing. */ HOWTO (R_M68HC11_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont,/* complain_on_overflow */ diff --git a/bfd/elf32-m68hc12.c b/bfd/elf32-m68hc12.c index 7f48b7e..fd13354 100644 --- a/bfd/elf32-m68hc12.c +++ b/bfd/elf32-m68hc12.c @@ -107,8 +107,8 @@ static reloc_howto_type elf_m68hc11_howto_table[] = { /* This reloc does nothing. */ HOWTO (R_M68HC11_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont,/* complain_on_overflow */ diff --git a/bfd/elf32-m68k.c b/bfd/elf32-m68k.c index 9a42288..75ef6bc 100644 --- a/bfd/elf32-m68k.c +++ b/bfd/elf32-m68k.c @@ -31,7 +31,7 @@ elf_m68k_discard_copies (struct elf_link_hash_entry *, void *); static reloc_howto_type howto_table[] = { - HOWTO(R_68K_NONE, 0, 0, 0, FALSE,0, complain_overflow_dont, bfd_elf_generic_reloc, "R_68K_NONE", FALSE, 0, 0x00000000,FALSE), + HOWTO(R_68K_NONE, 0, 3, 0, FALSE,0, complain_overflow_dont, bfd_elf_generic_reloc, "R_68K_NONE", FALSE, 0, 0x00000000,FALSE), HOWTO(R_68K_32, 0, 2,32, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_32", FALSE, 0, 0xffffffff,FALSE), HOWTO(R_68K_16, 0, 1,16, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_16", FALSE, 0, 0x0000ffff,FALSE), HOWTO(R_68K_8, 0, 0, 8, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_8", FALSE, 0, 0x000000ff,FALSE), diff --git a/bfd/elf32-mcore.c b/bfd/elf32-mcore.c index 903d379..3d37530 100644 --- a/bfd/elf32-mcore.c +++ b/bfd/elf32-mcore.c @@ -110,11 +110,11 @@ static reloc_howto_type mcore_elf_howto_raw[] = /* This reloc does nothing. */ HOWTO (R_MCORE_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ NULL, /* special_function */ "R_MCORE_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-mep.c b/bfd/elf32-mep.c index 548359f..ac51df4 100644 --- a/bfd/elf32-mep.c +++ b/bfd/elf32-mep.c @@ -42,7 +42,7 @@ static bfd_reloc_status_type mep_reloc (bfd *, arelent *, struct bfd_symbol *, static reloc_howto_type mep_elf_howto_table [] = { /* type, size, bits, leftshift, rightshift, pcrel, OD/OS/OU, mask. */ - MEPREL (R_MEP_NONE, 0, 0, 0, 0, 0, N, 0), + MEPREL (R_MEP_NONE, 3, 0, 0, 0, 0, N, 0), MEPREL (R_RELC, 0, 0, 0, 0, 0, N, 0), /* MEPRELOC:HOWTO */ /* This section generated from bfd/mep-relocs.pl from include/elf/mep.h. */ diff --git a/bfd/elf32-metag.c b/bfd/elf32-metag.c index a68b51c..209baed 100644 --- a/bfd/elf32-metag.c +++ b/bfd/elf32-metag.c @@ -142,7 +142,7 @@ static reloc_howto_type elf_metag_howto_table[] = /* No relocation. */ HOWTO (R_METAG_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-microblaze.c b/bfd/elf32-microblaze.c index a4cc6a3..64487af 100644 --- a/bfd/elf32-microblaze.c +++ b/bfd/elf32-microblaze.c @@ -44,11 +44,11 @@ static reloc_howto_type microblaze_elf_howto_raw[] = /* This reloc does nothing. */ HOWTO (R_MICROBLAZE_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ - complain_overflow_bitfield, /* Complain on overflow. */ + complain_overflow_dont,/* Complain on overflow. */ NULL, /* Special Function. */ "R_MICROBLAZE_NONE", /* Name. */ FALSE, /* Partial Inplace. */ @@ -179,11 +179,11 @@ static reloc_howto_type microblaze_elf_howto_raw[] = /* This reloc does nothing. Used for relaxation. */ HOWTO (R_MICROBLAZE_64_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ TRUE, /* PC_relative. */ 0, /* Bitpos. */ - complain_overflow_bitfield, /* Complain on overflow. */ + complain_overflow_dont,/* Complain on overflow. */ NULL, /* Special Function. */ "R_MICROBLAZE_64_NONE",/* Name. */ FALSE, /* Partial Inplace. */ diff --git a/bfd/elf32-mips.c b/bfd/elf32-mips.c index 78ae1dd..af661c4 100644 --- a/bfd/elf32-mips.c +++ b/bfd/elf32-mips.c @@ -107,7 +107,7 @@ static reloc_howto_type elf_mips_howto_table_rel[] = /* No relocation. */ HOWTO (R_MIPS_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-moxie.c b/bfd/elf32-moxie.c index 1f685b9..fab19d8 100644 --- a/bfd/elf32-moxie.c +++ b/bfd/elf32-moxie.c @@ -34,11 +34,11 @@ static reloc_howto_type moxie_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_MOXIE_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_MOXIE_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-msp430.c b/bfd/elf32-msp430.c index 2f55c53..593cd81 100644 --- a/bfd/elf32-msp430.c +++ b/bfd/elf32-msp430.c @@ -30,11 +30,11 @@ static reloc_howto_type elf_msp430_howto_table[] = { HOWTO (R_MSP430_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield,/* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_MSP430_NONE", /* name */ FALSE, /* partial_inplace */ @@ -197,11 +197,11 @@ static reloc_howto_type elf_msp430x_howto_table[] = { HOWTO (R_MSP430_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield,/* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_MSP430_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-mt.c b/bfd/elf32-mt.c index 6df1521..5ae4e19 100644 --- a/bfd/elf32-mt.c +++ b/bfd/elf32-mt.c @@ -48,8 +48,8 @@ static reloc_howto_type mt_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_MT_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ diff --git a/bfd/elf32-nds32.c b/bfd/elf32-nds32.c index 2b63024..dbfa85e 100644 --- a/bfd/elf32-nds32.c +++ b/bfd/elf32-nds32.c @@ -321,11 +321,11 @@ static reloc_howto_type nds32_elf_howto_table[] = /* This reloc does nothing. */ HOWTO (R_NDS32_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_NDS32_NONE", /* name */ FALSE, /* partial_inplace */ @@ -4182,11 +4182,10 @@ nds32_relocate_contents (reloc_howto_type *howto, bfd *input_bfd, switch (size) { default: - case 0: - case 1: - case 8: abort (); break; + case 0: + return bfd_reloc_ok; case 2: x = bfd_getb16 (location); break; diff --git a/bfd/elf32-nios2.c b/bfd/elf32-nios2.c index 2739961..0105b70 100644 --- a/bfd/elf32-nios2.c +++ b/bfd/elf32-nios2.c @@ -80,7 +80,7 @@ static reloc_howto_type elf_nios2_howto_table_rel[] = { /* No relocation. */ HOWTO (R_NIOS2_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ @@ -764,6 +764,7 @@ struct elf_reloc_map }; static const struct elf_reloc_map nios2_reloc_map[] = { + {BFD_RELOC_NONE, R_NIOS2_NONE}, {BFD_RELOC_NIOS2_S16, R_NIOS2_S16}, {BFD_RELOC_NIOS2_U16, R_NIOS2_U16}, {BFD_RELOC_16_PCREL, R_NIOS2_PCREL16}, diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c index e5b7bad..fd8fb83 100644 --- a/bfd/elf32-or1k.c +++ b/bfd/elf32-or1k.c @@ -60,8 +60,8 @@ static reloc_howto_type or1k_elf_howto_table[] = /* This reloc does nothing. */ HOWTO (R_OR1K_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ diff --git a/bfd/elf32-pj.c b/bfd/elf32-pj.c index 84b61f9..4a1655e 100644 --- a/bfd/elf32-pj.c +++ b/bfd/elf32-pj.c @@ -113,7 +113,7 @@ static reloc_howto_type pj_elf_howto_table[] = /* No relocation. */ HOWTO (R_PJ_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index ea690a7..af3c10c 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -187,8 +187,8 @@ static reloc_howto_type ppc_elf_howto_raw[] = { /* This reloc does nothing. */ HOWTO (R_PPC_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ @@ -2057,9 +2057,6 @@ ppc_elf_addr16_ha_reloc (bfd *abfd ATTRIBUTE_UNUSED, return bfd_reloc_ok; } - if (reloc_entry->address > bfd_get_section_limit (abfd, input_section)) - return bfd_reloc_outofrange; - if (bfd_is_com_section (symbol->section)) relocation = 0; else diff --git a/bfd/elf32-rl78.c b/bfd/elf32-rl78.c index 2a5ec99..3574ed3 100644 --- a/bfd/elf32-rl78.c +++ b/bfd/elf32-rl78.c @@ -37,7 +37,7 @@ static reloc_howto_type rl78_elf_howto_table [] = { - RL78REL (NONE, 0, 0, 0, dont, FALSE), + RL78REL (NONE, 3, 0, 0, dont, FALSE), RL78REL (DIR32, 2, 32, 0, signed, FALSE), RL78REL (DIR24S, 2, 24, 0, signed, FALSE), RL78REL (DIR16, 1, 16, 0, dont, FALSE), diff --git a/bfd/elf32-rx.c b/bfd/elf32-rx.c index 5d09f21..3073b32 100644 --- a/bfd/elf32-rx.c +++ b/bfd/elf32-rx.c @@ -49,7 +49,7 @@ void rx_dump_symtab (bfd *, void *, void *); static reloc_howto_type rx_elf_howto_table [] = { - RXREL (NONE, 0, 0, 0, dont, FALSE), + RXREL (NONE, 3, 0, 0, dont, FALSE), RXREL (DIR32, 2, 32, 0, signed, FALSE), RXREL (DIR24S, 2, 24, 0, signed, FALSE), RXREL (DIR16, 1, 16, 0, dont, FALSE), diff --git a/bfd/elf32-s390.c b/bfd/elf32-s390.c index 73df41a..3b050a8 100644 --- a/bfd/elf32-s390.c +++ b/bfd/elf32-s390.c @@ -39,7 +39,7 @@ static reloc_howto_type elf_howto_table[] = { HOWTO (R_390_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */ + 3, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-score.c b/bfd/elf32-score.c index 1ab54cd..fc4df66 100644 --- a/bfd/elf32-score.c +++ b/bfd/elf32-score.c @@ -645,7 +645,7 @@ static reloc_howto_type elf32_score_howto_table[] = /* No relocation. */ HOWTO (R_SCORE_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-score7.c b/bfd/elf32-score7.c index 0b3cf20..d605a46 100644 --- a/bfd/elf32-score7.c +++ b/bfd/elf32-score7.c @@ -546,7 +546,7 @@ static reloc_howto_type elf32_score_howto_table[] = /* No relocation. */ HOWTO (R_SCORE_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-sh-relocs.h b/bfd/elf32-sh-relocs.h index fb54c9a..a20828d 100644 --- a/bfd/elf32-sh-relocs.h +++ b/bfd/elf32-sh-relocs.h @@ -20,7 +20,7 @@ /* No relocation. */ HOWTO (R_SH_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-sh.c b/bfd/elf32-sh.c index a737044..ecb8c17 100644 --- a/bfd/elf32-sh.c +++ b/bfd/elf32-sh.c @@ -255,6 +255,11 @@ sh_elf_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol_in, && bfd_is_und_section (symbol_in->section)) return bfd_reloc_undefined; + /* PR 17512: file: 9891ca98. */ + if (addr * bfd_octets_per_byte (abfd) + bfd_get_reloc_size (reloc_entry->howto) + > bfd_get_section_limit_octets (abfd, input_section)) + return bfd_reloc_outofrange; + if (bfd_is_com_section (symbol_in->section)) sym_value = 0; else diff --git a/bfd/elf32-spu.c b/bfd/elf32-spu.c index 13806ad..ce7001d 100644 --- a/bfd/elf32-spu.c +++ b/bfd/elf32-spu.c @@ -37,7 +37,7 @@ static bfd_reloc_status_type spu_elf_rel9 (bfd *, arelent *, asymbol *, array, so it must be declared in the order of that type. */ static reloc_howto_type elf_howto_table[] = { - HOWTO (R_SPU_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont, + HOWTO (R_SPU_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, bfd_elf_generic_reloc, "SPU_NONE", FALSE, 0, 0x00000000, FALSE), HOWTO (R_SPU_ADDR10, 4, 2, 10, FALSE, 14, complain_overflow_bitfield, @@ -105,6 +105,8 @@ spu_elf_bfd_to_reloc_type (bfd_reloc_code_real_type code) switch (code) { default: + return (enum elf_spu_reloc_type) -1; + case BFD_RELOC_NONE: return R_SPU_NONE; case BFD_RELOC_SPU_IMM10W: return R_SPU_ADDR10; diff --git a/bfd/elf32-tic6x.c b/bfd/elf32-tic6x.c index 9f17979..0f6f459 100644 --- a/bfd/elf32-tic6x.c +++ b/bfd/elf32-tic6x.c @@ -152,7 +152,7 @@ static reloc_howto_type elf32_tic6x_howto_table[] = { HOWTO (R_C6000_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ @@ -820,7 +820,7 @@ static reloc_howto_type elf32_tic6x_howto_table_rel[] = { HOWTO (R_C6000_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-tilepro.c b/bfd/elf32-tilepro.c index 0959924..9c8a478 100644 --- a/bfd/elf32-tilepro.c +++ b/bfd/elf32-tilepro.c @@ -34,11 +34,11 @@ static reloc_howto_type tilepro_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_TILEPRO_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_TILEPRO_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-v850.c b/bfd/elf32-v850.c index 2589a25..7f69acb 100644 --- a/bfd/elf32-v850.c +++ b/bfd/elf32-v850.c @@ -895,11 +895,11 @@ static reloc_howto_type v850_elf_howto_table[] = /* This reloc does nothing. */ HOWTO (R_V850_NONE, /* Type. */ 0, /* Rightshift. */ - 2, /* Size (0 = byte, 1 = short, 2 = long). */ - 32, /* Bitsize. */ + 3, /* Size (0 = byte, 1 = short, 2 = long). */ + 0, /* Bitsize. */ FALSE, /* PC_relative. */ 0, /* Bitpos. */ - complain_overflow_bitfield, /* Complain_on_overflow. */ + complain_overflow_dont, /* Complain_on_overflow. */ bfd_elf_generic_reloc, /* Special_function. */ "R_V850_NONE", /* Name. */ FALSE, /* Partial_inplace. */ diff --git a/bfd/elf32-vax.c b/bfd/elf32-vax.c index 05e65e9..943b230 100644 --- a/bfd/elf32-vax.c +++ b/bfd/elf32-vax.c @@ -56,7 +56,7 @@ static bfd_boolean elf32_vax_print_private_bfd_data (bfd *, void *); static reloc_howto_type howto_table[] = { HOWTO (R_VAX_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf32-xc16x.c b/bfd/elf32-xc16x.c index 9e7deca..348cd1f 100644 --- a/bfd/elf32-xc16x.c +++ b/bfd/elf32-xc16x.c @@ -32,11 +32,11 @@ static reloc_howto_type xc16x_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_XC16X_NONE, /* type */ 0, /* rightshift */ - 1, /* size (0 = byte, 1 = short, 2 = long) */ - 16, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_XC16X_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-xgate.c b/bfd/elf32-xgate.c index 01f39fa..1ee0ce4 100644 --- a/bfd/elf32-xgate.c +++ b/bfd/elf32-xgate.c @@ -52,8 +52,8 @@ static reloc_howto_type elf_xgate_howto_table[] = /* This reloc does nothing. */ HOWTO (R_XGATE_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont,/* complain_on_overflow */ diff --git a/bfd/elf32-xstormy16.c b/bfd/elf32-xstormy16.c index f918a1e..90c1171 100644 --- a/bfd/elf32-xstormy16.c +++ b/bfd/elf32-xstormy16.c @@ -73,11 +73,11 @@ static reloc_howto_type xstormy16_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_XSTORMY16_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_XSTORMY16_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c index e32496a..09476f2 100644 --- a/bfd/elf32-xtensa.c +++ b/bfd/elf32-xtensa.c @@ -161,7 +161,7 @@ int elf32xtensa_no_literal_movement = 1; static reloc_howto_type elf_howto_table[] = { - HOWTO (R_XTENSA_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont, + HOWTO (R_XTENSA_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, bfd_elf_xtensa_reloc, "R_XTENSA_NONE", FALSE, 0, 0, FALSE), HOWTO (R_XTENSA_32, 0, 2, 32, FALSE, 0, complain_overflow_bitfield, diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c index 1a4fc23..042dae3 100644 --- a/bfd/elf64-alpha.c +++ b/bfd/elf64-alpha.c @@ -486,8 +486,8 @@ static reloc_howto_type elf64_alpha_howto_table[] = { HOWTO (R_ALPHA_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ - 8, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ TRUE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c index eb7e1fb..cbf504a 100644 --- a/bfd/elf64-mips.c +++ b/bfd/elf64-mips.c @@ -145,7 +145,7 @@ static reloc_howto_type mips_elf64_howto_table_rel[] = /* No relocation. */ HOWTO (R_MIPS_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ @@ -908,7 +908,7 @@ static reloc_howto_type mips_elf64_howto_table_rela[] = /* No relocation. */ HOWTO (R_MIPS_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf64-mmix.c b/bfd/elf64-mmix.c index 58fca92..585dad9 100644 --- a/bfd/elf64-mmix.c +++ b/bfd/elf64-mmix.c @@ -192,11 +192,11 @@ static reloc_howto_type elf_mmix_howto_table[] = /* This reloc does nothing. */ HOWTO (R_MMIX_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_MMIX_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c index bcd1f6f..327004c 100644 --- a/bfd/elf64-ppc.c +++ b/bfd/elf64-ppc.c @@ -258,8 +258,8 @@ static reloc_howto_type ppc64_elf_howto_raw[] = { /* This reloc does nothing. */ HOWTO (R_PPC64_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ complain_overflow_dont, /* complain_on_overflow */ diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c index 1e68afb..9745ea4 100644 --- a/bfd/elf64-s390.c +++ b/bfd/elf64-s390.c @@ -42,7 +42,7 @@ static reloc_howto_type elf_howto_table[] = { HOWTO (R_390_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */ + 3, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf64-sh64.c b/bfd/elf64-sh64.c index 79cab57..b0208c0 100644 --- a/bfd/elf64-sh64.c +++ b/bfd/elf64-sh64.c @@ -105,7 +105,7 @@ static reloc_howto_type sh_elf64_howto_table[] = { /* No relocation. */ HOWTO (R_SH_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index a6a4bfc..08585de 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -54,7 +54,7 @@ special_function, name, partial_inplace, src_mask, dst_mask, pcrel_offset. */ static reloc_howto_type x86_64_elf_howto_table[] = { - HOWTO(R_X86_64_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont, + HOWTO(R_X86_64_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, bfd_elf_generic_reloc, "R_X86_64_NONE", FALSE, 0x00000000, 0x00000000, FALSE), HOWTO(R_X86_64_64, 0, 4, 64, FALSE, 0, complain_overflow_bitfield, diff --git a/bfd/elflink.c b/bfd/elflink.c index f314842..8298124 100644 --- a/bfd/elflink.c +++ b/bfd/elflink.c @@ -10326,7 +10326,7 @@ elf_reloc_link_order (bfd *output_bfd, size = (bfd_size_type) bfd_get_reloc_size (howto); buf = (bfd_byte *) bfd_zmalloc (size); - if (buf == NULL) + if (buf == NULL && size != 0) return FALSE; rstat = _bfd_relocate_contents (howto, output_bfd, addend, buf); switch (rstat) diff --git a/bfd/elfn32-mips.c b/bfd/elfn32-mips.c index 9ddde24..d65e11b 100644 --- a/bfd/elfn32-mips.c +++ b/bfd/elfn32-mips.c @@ -108,7 +108,7 @@ static reloc_howto_type elf_mips_howto_table_rel[] = /* No relocation. */ HOWTO (R_MIPS_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c index be9ef6e..a00e228 100644 --- a/bfd/elfnn-aarch64.c +++ b/bfd/elfnn-aarch64.c @@ -296,7 +296,7 @@ static reloc_howto_type elfNN_aarch64_howto_table[] = #if ARCH_SIZE == 64 HOWTO (R_AARCH64_NULL, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ @@ -310,7 +310,7 @@ static reloc_howto_type elfNN_aarch64_howto_table[] = #else HOWTO (R_AARCH64_NONE, /* type */ 0, /* rightshift */ - 0, /* size (0 = byte, 1 = short, 2 = long) */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ diff --git a/bfd/elfxx-aarch64.c b/bfd/elfxx-aarch64.c index 6ae4adf..fdb09f0 100644 --- a/bfd/elfxx-aarch64.c +++ b/bfd/elfxx-aarch64.c @@ -187,6 +187,8 @@ _bfd_aarch64_elf_put_addend (bfd *abfd, size = bfd_get_reloc_size (howto); switch (size) { + case 0: + return status; case 2: contents = bfd_get_16 (abfd, address); break; diff --git a/bfd/elfxx-ia64.c b/bfd/elfxx-ia64.c index e9f884b..c3bc0a7 100644 --- a/bfd/elfxx-ia64.c +++ b/bfd/elfxx-ia64.c @@ -91,7 +91,7 @@ ia64_elf_reloc (bfd *abfd ATTRIBUTE_UNUSED, arelent *reloc, TYPE field. */ static reloc_howto_type ia64_howto_table[] = { - IA64_HOWTO (R_IA64_NONE, "NONE", 0, FALSE, TRUE), + IA64_HOWTO (R_IA64_NONE, "NONE", 3, FALSE, TRUE), IA64_HOWTO (R_IA64_IMM14, "IMM14", 0, FALSE, TRUE), IA64_HOWTO (R_IA64_IMM22, "IMM22", 0, FALSE, TRUE), diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c index 0df7abf..7bf545b 100644 --- a/bfd/elfxx-mips.c +++ b/bfd/elfxx-mips.c @@ -6194,11 +6194,13 @@ mips_elf_obtain_contents (reloc_howto_type *howto, const Elf_Internal_Rela *relocation, bfd *input_bfd, bfd_byte *contents) { - bfd_vma x; + bfd_vma x = 0; bfd_byte *location = contents + relocation->r_offset; + unsigned int size = bfd_get_reloc_size (howto); /* Obtain the bytes. */ - x = bfd_get ((8 * bfd_get_reloc_size (howto)), input_bfd, location); + if (size != 0) + x = bfd_get (8 * size, input_bfd, location); return x; } @@ -6223,6 +6225,7 @@ mips_elf_perform_relocation (struct bfd_link_info *info, bfd_vma x; bfd_byte *location; int r_type = ELF_R_TYPE (input_bfd, relocation->r_info); + unsigned int size; /* Figure out where the relocation is occurring. */ location = contents + relocation->r_offset; @@ -6316,7 +6319,9 @@ mips_elf_perform_relocation (struct bfd_link_info *info, } /* Put the value into the output. */ - bfd_put (8 * bfd_get_reloc_size (howto), input_bfd, x, location); + size = bfd_get_reloc_size (howto); + if (size != 0) + bfd_put (8 * size, input_bfd, x, location); _bfd_mips_elf_reloc_shuffle (input_bfd, r_type, !info->relocatable, location); diff --git a/bfd/elfxx-sparc.c b/bfd/elfxx-sparc.c index a56493f..2023229 100644 --- a/bfd/elfxx-sparc.c +++ b/bfd/elfxx-sparc.c @@ -209,7 +209,7 @@ sparc_elf_lox10_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol, static reloc_howto_type _bfd_sparc_elf_howto_table[] = { - HOWTO(R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, bfd_elf_generic_reloc, "R_SPARC_NONE", FALSE,0,0x00000000,TRUE), + HOWTO(R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, bfd_elf_generic_reloc, "R_SPARC_NONE", FALSE,0,0x00000000,TRUE), HOWTO(R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_8", FALSE,0,0x000000ff,TRUE), HOWTO(R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_16", FALSE,0,0x0000ffff,TRUE), HOWTO(R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_32", FALSE,0,0xffffffff,TRUE), diff --git a/bfd/elfxx-tilegx.c b/bfd/elfxx-tilegx.c index 90f4395..dcdec70 100644 --- a/bfd/elfxx-tilegx.c +++ b/bfd/elfxx-tilegx.c @@ -72,11 +72,11 @@ static reloc_howto_type tilegx_elf_howto_table [] = /* This reloc does nothing. */ HOWTO (R_TILEGX_NONE, /* type */ 0, /* rightshift */ - 2, /* size (0 = byte, 1 = short, 2 = long) */ - 32, /* bitsize */ + 3, /* size (0 = byte, 1 = short, 2 = long) */ + 0, /* bitsize */ FALSE, /* pc_relative */ 0, /* bitpos */ - complain_overflow_bitfield, /* complain_on_overflow */ + complain_overflow_dont,/* complain_on_overflow */ bfd_elf_generic_reloc, /* special_function */ "R_TILEGX_NONE", /* name */ FALSE, /* partial_inplace */ diff --git a/bfd/format.c b/bfd/format.c index c4bc944..f0d1e66 100644 --- a/bfd/format.c +++ b/bfd/format.c @@ -402,7 +402,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching) /* We still have more than one equally good match, and at least some of the targets support match priority. Choose the first of the best matches. */ - if (match_count > 1 && best_count != match_count) + if (matching_vector && match_count > 1 && best_count != match_count) { int i; @@ -170,9 +170,16 @@ ieee_write_id (bfd *abfd, const char *id) standard requires. */ #define this_byte(ieee) *((ieee)->input_p) -#define next_byte(ieee) ((ieee)->input_p++) #define this_byte_and_next(ieee) (*((ieee)->input_p++)) +static bfd_boolean +next_byte (common_header_type * ieee) +{ + ieee->input_p++; + + return ieee->input_p < ieee->last_byte; +} + static unsigned short read_2bytes (common_header_type *ieee) { @@ -348,15 +355,15 @@ parse_int (common_header_type *ieee, bfd_vma *value_ptr) if (value >= 0 && value <= 127) { *value_ptr = value; - next_byte (ieee); - return TRUE; + return next_byte (ieee); } else if (value >= 0x80 && value <= 0x88) { unsigned int count = value & 0xf; result = 0; - next_byte (ieee); + if (! next_byte (ieee)) + return FALSE; while (count) { result = (result << 8) | this_byte_and_next (ieee); @@ -496,7 +503,7 @@ static reloc_howto_type rel8_howto = static ieee_symbol_index_type NOSYMBOL = {0, 0}; -static void +static bfd_boolean parse_expression (ieee_data_type *ieee, bfd_vma *value, ieee_symbol_index_type *symbol, @@ -529,68 +536,83 @@ parse_expression (ieee_data_type *ieee, { int section_n; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; *pcrel = TRUE; section_n = must_parse_int (&(ieee->h)); (void) section_n; PUSH (NOSYMBOL, bfd_abs_section_ptr, 0); break; } + case ieee_variable_L_enum: /* L variable address of section N. */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; PUSH (NOSYMBOL, ieee->section_table[must_parse_int (&(ieee->h))], 0); break; + case ieee_variable_R_enum: /* R variable, logical address of section module. */ /* FIXME, this should be different to L. */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; PUSH (NOSYMBOL, ieee->section_table[must_parse_int (&(ieee->h))], 0); break; + case ieee_variable_S_enum: /* S variable, size in MAUS of section module. */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; PUSH (NOSYMBOL, 0, ieee->section_table[must_parse_int (&(ieee->h))]->size); break; + case ieee_variable_I_enum: /* Push the address of variable n. */ { ieee_symbol_index_type sy; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; sy.index = (int) must_parse_int (&(ieee->h)); sy.letter = 'I'; PUSH (sy, bfd_abs_section_ptr, 0); } break; + case ieee_variable_X_enum: /* Push the address of external variable n. */ { ieee_symbol_index_type sy; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; + sy.index = (int) (must_parse_int (&(ieee->h))); sy.letter = 'X'; PUSH (sy, bfd_und_section_ptr, 0); } break; + case ieee_function_minus_enum: { bfd_vma value1, value2; asection *section1, *section_dummy; ieee_symbol_index_type sy; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; POP (sy, section1, value1); POP (sy, section_dummy, value2); PUSH (sy, section1 ? section1 : section_dummy, value2 - value1); } break; + case ieee_function_plus_enum: { bfd_vma value1, value2; @@ -599,7 +621,8 @@ parse_expression (ieee_data_type *ieee, ieee_symbol_index_type sy1; ieee_symbol_index_type sy2; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; POP (sy1, section1, value1); POP (sy2, section2, value2); @@ -608,6 +631,7 @@ parse_expression (ieee_data_type *ieee, value1 + value2); } break; + default: { bfd_vma va; @@ -644,17 +668,9 @@ parse_expression (ieee_data_type *ieee, POP (*symbol, dummy, *value); if (section) *section = dummy; -} - -#define ieee_seek(ieee, offset) \ - do \ - { \ - ieee->h.input_p = ieee->h.first_byte + offset; \ - ieee->h.last_byte = (ieee->h.first_byte \ - + ieee_part_after (ieee, offset)); \ - } \ - while (0) + return TRUE; +} #define ieee_pos(ieee) \ (ieee->h.input_p - ieee->h.first_byte) @@ -676,6 +692,22 @@ ieee_part_after (ieee_data_type *ieee, file_ptr here) return after; } +static bfd_boolean +ieee_seek (ieee_data_type * ieee, file_ptr offset) +{ + /* PR 17512: file: 017-1157-0.004. */ + if (offset < 0 || (bfd_size_type) offset >= ieee->h.total_amt) + { + ieee->h.input_p = ieee->h.first_byte + ieee->h.total_amt; + ieee->h.last_byte = ieee->h.input_p; + return FALSE; + } + + ieee->h.input_p = ieee->h.first_byte + offset; + ieee->h.last_byte = (ieee->h.first_byte + ieee_part_after (ieee, offset)); + return TRUE; +} + static unsigned int last_index; static char last_type; /* Is the index for an X or a D. */ @@ -730,14 +762,16 @@ ieee_slurp_external_symbols (bfd *abfd) last_index = 0xffffff; ieee->symbol_table_full = TRUE; - ieee_seek (ieee, offset); + if (! ieee_seek (ieee, offset)) + return FALSE; while (loop) { switch (this_byte (&(ieee->h))) { case ieee_nn_record: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; symbol = get_symbol (abfd, ieee, symbol, &symbol_count, & prev_symbols_ptr, @@ -750,8 +784,10 @@ ieee_slurp_external_symbols (bfd *abfd) symbol->symbol.udata.p = NULL; symbol->symbol.flags = BSF_NO_FLAGS; break; + case ieee_external_symbol_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; symbol = get_symbol (abfd, ieee, symbol, &symbol_count, &prev_symbols_ptr, @@ -842,6 +878,7 @@ ieee_slurp_external_symbols (bfd *abfd) } } break; + case ieee_value_record_enum >> 8: { unsigned int symbol_name_index; @@ -849,17 +886,20 @@ ieee_slurp_external_symbols (bfd *abfd) bfd_boolean pcrel_ignore; unsigned int extra; - next_byte (&(ieee->h)); - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; + if (! next_byte (&(ieee->h))) + return FALSE; symbol_name_index = must_parse_int (&(ieee->h)); (void) symbol_name_index; - parse_expression (ieee, - &symbol->symbol.value, - &symbol_ignore, - &pcrel_ignore, - &extra, - &symbol->symbol.section); + if (! parse_expression (ieee, + &symbol->symbol.value, + &symbol_ignore, + &pcrel_ignore, + &extra, + &symbol->symbol.section)) + return FALSE; /* Fully linked IEEE-695 files tend to give every symbol an absolute value. Try to convert that back into a @@ -892,7 +932,9 @@ ieee_slurp_external_symbols (bfd *abfd) bfd_vma size; bfd_vma value; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; + /* Throw away the external reference index. */ (void) must_parse_int (&(ieee->h)); /* Fetch the default size if not resolved. */ @@ -907,7 +949,8 @@ ieee_slurp_external_symbols (bfd *abfd) break; case ieee_external_reference_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; symbol = get_symbol (abfd, ieee, symbol, &symbol_count, &prev_reference_ptr, @@ -1092,7 +1135,7 @@ get_section_entry (bfd *abfd, ieee_data_type *ieee, unsigned int sindex) return ieee->section_table[sindex]; } -static void +static bfd_boolean ieee_slurp_sections (bfd *abfd) { ieee_data_type *ieee = IEEE_DATA (abfd); @@ -1103,7 +1146,9 @@ ieee_slurp_sections (bfd *abfd) { bfd_byte section_type[3]; - ieee_seek (ieee, offset); + if (! ieee_seek (ieee, offset)) + return FALSE; + while (TRUE) { switch (this_byte (&(ieee->h))) @@ -1113,7 +1158,8 @@ ieee_slurp_sections (bfd *abfd) asection *section; unsigned int section_index; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section_index = must_parse_int (&(ieee->h)); section = get_section_entry (abfd, ieee, section_index); @@ -1132,22 +1178,26 @@ ieee_slurp_sections (bfd *abfd) { /* AS Absolute section attributes. */ case 0xD3: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section_type[2] = this_byte (&(ieee->h)); switch (section_type[2]) { case 0xD0: /* Normal code. */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section->flags |= SEC_CODE; break; case 0xC4: /* Normal data. */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section->flags |= SEC_DATA; break; case 0xD2: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; /* Normal rom data. */ section->flags |= SEC_ROM | SEC_DATA; break; @@ -1164,15 +1214,18 @@ ieee_slurp_sections (bfd *abfd) switch (section_type[1]) { case 0xD0: /* Normal code (CP). */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section->flags |= SEC_CODE; break; case 0xC4: /* Normal data (CD). */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section->flags |= SEC_DATA; break; case 0xD2: /* Normal rom data (CR). */ - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section->flags |= SEC_ROM | SEC_DATA; break; default: @@ -1201,7 +1254,8 @@ ieee_slurp_sections (bfd *abfd) bfd_vma value; asection *section; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section_index = must_parse_int (&ieee->h); section = get_section_entry (abfd, ieee, section_index); if (section_index > ieee->section_count) @@ -1251,15 +1305,17 @@ ieee_slurp_sections (bfd *abfd) (void) must_parse_int (&(ieee->h)); break; default: - return; + return TRUE; } } break; default: - return; + return TRUE; } } } + + return TRUE; } /* Make a section for the debugging information, if any. We don't try @@ -1323,7 +1379,8 @@ ieee_archive_p (bfd *abfd) if (this_byte (&(ieee->h)) != Module_Beginning) goto got_wrong_format_error; - next_byte (&(ieee->h)); + (void) next_byte (&(ieee->h)); + library = read_id (&(ieee->h)); if (strcmp (library, "LIBRARY") != 0) goto got_wrong_format_error; @@ -1334,7 +1391,7 @@ ieee_archive_p (bfd *abfd) ieee->element_count = 0; ieee->element_index = 0; - next_byte (&(ieee->h)); /* Drop the ad part. */ + (void) next_byte (&(ieee->h)); /* Drop the ad part. */ must_parse_int (&(ieee->h)); /* And the two dummy numbers. */ must_parse_int (&(ieee->h)); @@ -1407,8 +1464,9 @@ ieee_archive_p (bfd *abfd) ieee->h.first_byte = buffer; ieee->h.input_p = buffer; - next_byte (&(ieee->h)); /* Drop F8. */ - next_byte (&(ieee->h)); /* Drop 14. */ + (void) next_byte (&(ieee->h)); /* Drop F8. */ + if (! next_byte (&(ieee->h))) /* Drop 14. */ + goto error_return; must_parse_int (&(ieee->h)); /* Drop size of block. */ if (must_parse_int (&(ieee->h)) != 0) @@ -1467,7 +1525,8 @@ do_one (ieee_data_type *ieee, unsigned int number_of_maus; unsigned int i; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; number_of_maus = must_parse_int (&(ieee->h)); for (i = 0; i < number_of_maus; i++) @@ -1482,7 +1541,8 @@ do_one (ieee_data_type *ieee, { bfd_boolean loop = TRUE; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; while (loop) { switch (this_byte (&(ieee->h))) @@ -1505,13 +1565,16 @@ do_one (ieee_data_type *ieee, *(current_map->reloc_tail_ptr) = r; current_map->reloc_tail_ptr = &r->next; r->next = (ieee_reloc_type *) NULL; - next_byte (&(ieee->h)); -/* abort();*/ + if (! next_byte (&(ieee->h))) + return FALSE; + r->relent.sym_ptr_ptr = 0; - parse_expression (ieee, - &r->relent.addend, - &r->symbol, - &pcrel, &extra, §ion); + if (! parse_expression (ieee, + &r->relent.addend, + &r->symbol, + &pcrel, &extra, §ion)) + return FALSE; + r->relent.address = current_map->pc; s->flags |= SEC_RELOC; s->owner->flags |= HAS_RELOC; @@ -1521,7 +1584,8 @@ do_one (ieee_data_type *ieee, if (this_byte (&(ieee->h)) == (int) ieee_comma) { - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; /* Fetch number of bytes to pad. */ extra = must_parse_int (&(ieee->h)); }; @@ -1529,13 +1593,16 @@ do_one (ieee_data_type *ieee, switch (this_byte (&(ieee->h))) { case ieee_function_signed_close_b_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; break; case ieee_function_unsigned_close_b_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; break; case ieee_function_either_close_b_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; break; default: break; @@ -1634,7 +1701,8 @@ do_one (ieee_data_type *ieee, for (i = 0; i < this_size; i++) { location_ptr[current_map->pc++] = this_byte (&(ieee->h)); - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; } } else @@ -1667,7 +1735,9 @@ ieee_slurp_section_data (bfd *abfd) if (ieee->read_data) return TRUE; ieee->read_data = TRUE; - ieee_seek (ieee, ieee->w.r.data_part); + + if (! ieee_seek (ieee, ieee->w.r.data_part)) + return FALSE; /* Allocate enough space for all the section contents. */ for (s = abfd->sections; s != (asection *) NULL; s = s->next) @@ -1693,7 +1763,8 @@ ieee_slurp_section_data (bfd *abfd) return TRUE; case ieee_set_current_section_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; section_number = must_parse_int (&(ieee->h)); s = ieee->section_table[section_number]; s->flags |= SEC_LOAD | SEC_HAS_CONTENTS; @@ -1706,7 +1777,8 @@ ieee_slurp_section_data (bfd *abfd) break; case ieee_e2_first_byte_enum: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; switch (this_byte (&(ieee->h))) { case ieee_set_current_pc_enum & 0xff: @@ -1716,21 +1788,28 @@ ieee_slurp_section_data (bfd *abfd) unsigned int extra; bfd_boolean pcrel; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; must_parse_int (&(ieee->h)); /* Throw away section #. */ - parse_expression (ieee, &value, - &symbol, - &pcrel, &extra, - 0); + if (! parse_expression (ieee, &value, + &symbol, + &pcrel, &extra, + 0)) + return FALSE; + current_map->pc = value; BFD_ASSERT ((unsigned) (value - s->vma) <= s->size); } break; case ieee_value_starting_address_enum & 0xff: - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; if (this_byte (&(ieee->h)) == ieee_function_either_open_b_enum) - next_byte (&(ieee->h)); + { + if (! next_byte (&(ieee->h))) + return FALSE; + } abfd->start_address = must_parse_int (&(ieee->h)); /* We've got to the end of the data now - */ return TRUE; @@ -1748,7 +1827,8 @@ ieee_slurp_section_data (bfd *abfd) unsigned int iterations; unsigned char *start; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; iterations = must_parse_int (&(ieee->h)); start = ieee->h.input_p; if (start[0] == (int) ieee_load_constant_bytes_enum @@ -1759,9 +1839,10 @@ ieee_slurp_section_data (bfd *abfd) location_ptr[current_map->pc++] = start[2]; iterations--; } - next_byte (&(ieee->h)); - next_byte (&(ieee->h)); - next_byte (&(ieee->h)); + (void) next_byte (&(ieee->h)); + (void) next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + return FALSE; } else { @@ -1806,6 +1887,7 @@ ieee_object_p (bfd *abfd) goto got_wrong_format; ieee->h.input_p = buffer; + ieee->h.total_amt = sizeof (buffer); if (this_byte_and_next (&(ieee->h)) != Module_Beginning) goto got_wrong_format; @@ -1901,7 +1983,8 @@ ieee_object_p (bfd *abfd) if (this_byte (&(ieee->h)) != (int) ieee_address_descriptor_enum) goto fail; - next_byte (&(ieee->h)); + if (! next_byte (&(ieee->h))) + goto fail; if (! parse_int (&(ieee->h), &ieee->ad.number_of_bits_mau)) goto fail; @@ -1912,7 +1995,10 @@ ieee_object_p (bfd *abfd) /* If there is a byte order info, take it. */ if (this_byte (&(ieee->h)) == (int) ieee_variable_L_enum || this_byte (&(ieee->h)) == (int) ieee_variable_M_enum) - next_byte (&(ieee->h)); + { + if (! next_byte (&(ieee->h))) + goto fail; + } for (part = 0; part < N_W_VARIABLES; part++) { @@ -1943,12 +2029,17 @@ ieee_object_p (bfd *abfd) goto fail; if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0) goto fail; + /* FIXME: Check return value. I'm not sure whether it needs to read the entire buffer or not. */ - bfd_bread ((void *) (IEEE_DATA (abfd)->h.first_byte), - (bfd_size_type) ieee->w.r.me_record + 1, abfd); + amt = bfd_bread ((void *) (IEEE_DATA (abfd)->h.first_byte), + (bfd_size_type) ieee->w.r.me_record + 1, abfd); + if (amt <= 0) + goto fail; - ieee_slurp_sections (abfd); + IEEE_DATA (abfd)->h.total_amt = amt; + if (ieee_slurp_sections (abfd)) + goto fail; if (! ieee_slurp_debug (abfd)) goto fail; @@ -3737,6 +3828,8 @@ ieee_sizeof_headers (bfd *abfd ATTRIBUTE_UNUSED, #define ieee_update_armap_timestamp bfd_true #define ieee_get_elt_at_index _bfd_generic_get_elt_at_index +#define ieee_get_symbol_version_string \ + _bfd_nosymbols_get_symbol_version_string #define ieee_bfd_is_target_special_symbol \ ((bfd_boolean (*) (bfd *, asymbol *)) bfd_false) #define ieee_bfd_is_local_label_name bfd_generic_is_local_label_name diff --git a/bfd/libbfd-in.h b/bfd/libbfd-in.h index 50a46ac..ad27f2e 100644 --- a/bfd/libbfd-in.h +++ b/bfd/libbfd-in.h @@ -837,3 +837,5 @@ extern void bfd_section_already_linked_table_traverse extern bfd_vma read_unsigned_leb128 (bfd *, bfd_byte *, unsigned int *); extern bfd_signed_vma read_signed_leb128 (bfd *, bfd_byte *, unsigned int *); +extern bfd_vma safe_read_leb128 (bfd *, bfd_byte *, unsigned int *, + bfd_boolean, const bfd_byte * const); diff --git a/bfd/libbfd.c b/bfd/libbfd.c index 6352c9c..c079247 100644 --- a/bfd/libbfd.c +++ b/bfd/libbfd.c @@ -171,15 +171,18 @@ void * bfd_malloc (bfd_size_type size) { void *ptr; + size_t sz = (size_t) size; - if (size != (size_t) size) + if (size != sz + /* This is to pacify memory checkers like valgrind. */ + || ((signed long) sz) < 0) { bfd_set_error (bfd_error_no_memory); return NULL; } - ptr = malloc ((size_t) size); - if (ptr == NULL && (size_t) size != 0) + ptr = malloc (sz); + if (ptr == NULL && sz != 0) bfd_set_error (bfd_error_no_memory); return ptr; @@ -190,8 +193,6 @@ bfd_malloc (bfd_size_type size) void * bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size) { - void *ptr; - if ((nmemb | size) >= HALF_BFD_SIZE_TYPE && size != 0 && nmemb > ~(bfd_size_type) 0 / size) @@ -200,19 +201,7 @@ bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size) return NULL; } - size *= nmemb; - - if (size != (size_t) size) - { - bfd_set_error (bfd_error_no_memory); - return NULL; - } - - ptr = malloc ((size_t) size); - if (ptr == NULL && (size_t) size != 0) - bfd_set_error (bfd_error_no_memory); - - return ptr; + return bfd_malloc (size * nmemb); } /* Reallocate memory using realloc. */ @@ -221,19 +210,22 @@ void * bfd_realloc (void *ptr, bfd_size_type size) { void *ret; + size_t sz = (size_t) size; + + if (ptr == NULL) + return bfd_malloc (size); - if (size != (size_t) size) + if (size != sz + /* This is to pacify memory checkers like valgrind. */ + || ((signed long) sz) < 0) { bfd_set_error (bfd_error_no_memory); return NULL; } - if (ptr == NULL) - ret = malloc ((size_t) size); - else - ret = realloc (ptr, (size_t) size); + ret = realloc (ptr, sz); - if (ret == NULL && (size_t) size != 0) + if (ret == NULL && sz != 0) bfd_set_error (bfd_error_no_memory); return ret; @@ -244,8 +236,6 @@ bfd_realloc (void *ptr, bfd_size_type size) void * bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size) { - void *ret; - if ((nmemb | size) >= HALF_BFD_SIZE_TYPE && size != 0 && nmemb > ~(bfd_size_type) 0 / size) @@ -254,23 +244,7 @@ bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size) return NULL; } - size *= nmemb; - - if (size != (size_t) size) - { - bfd_set_error (bfd_error_no_memory); - return NULL; - } - - if (ptr == NULL) - ret = malloc ((size_t) size); - else - ret = realloc (ptr, (size_t) size); - - if (ret == NULL && (size_t) size != 0) - bfd_set_error (bfd_error_no_memory); - - return ret; + return bfd_realloc (ptr, size * nmemb); } /* Reallocate memory using realloc. @@ -279,24 +253,10 @@ bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size) void * bfd_realloc_or_free (void *ptr, bfd_size_type size) { - size_t amount = (size_t) size; - void *ret; + void *ret = bfd_realloc (ptr, size); - if (size != amount) - ret = NULL; - else if (ptr == NULL) - ret = malloc (amount); - else - ret = realloc (ptr, amount); - - if (ret == NULL) - { - if (amount > 0) - bfd_set_error (bfd_error_no_memory); - - if (ptr != NULL) - free (ptr); - } + if (ret == NULL && ptr != NULL) + free (ptr); return ret; } @@ -306,23 +266,10 @@ bfd_realloc_or_free (void *ptr, bfd_size_type size) void * bfd_zmalloc (bfd_size_type size) { - void *ptr; + void *ptr = bfd_malloc (size); - if (size != (size_t) size) - { - bfd_set_error (bfd_error_no_memory); - return NULL; - } - - ptr = malloc ((size_t) size); - - if ((size_t) size != 0) - { - if (ptr == NULL) - bfd_set_error (bfd_error_no_memory); - else - memset (ptr, 0, (size_t) size); - } + if (ptr != NULL && size > 0) + memset (ptr, 0, (size_t) size); return ptr; } @@ -333,32 +280,14 @@ bfd_zmalloc (bfd_size_type size) void * bfd_zmalloc2 (bfd_size_type nmemb, bfd_size_type size) { - void *ptr; + void *ptr = bfd_malloc2 (nmemb, size); - if ((nmemb | size) >= HALF_BFD_SIZE_TYPE - && size != 0 - && nmemb > ~(bfd_size_type) 0 / size) + if (ptr != NULL) { - bfd_set_error (bfd_error_no_memory); - return NULL; - } - - size *= nmemb; - - if (size != (size_t) size) - { - bfd_set_error (bfd_error_no_memory); - return NULL; - } + size_t sz = nmemb * size; - ptr = malloc ((size_t) size); - - if ((size_t) size != 0) - { - if (ptr == NULL) - bfd_set_error (bfd_error_no_memory); - else - memset (ptr, 0, (size_t) size); + if (sz > 0) + memset (ptr, 0, sz); } return ptr; @@ -1074,6 +1003,45 @@ read_unsigned_leb128 (bfd *abfd ATTRIBUTE_UNUSED, return result; } +/* Read in a LEB128 encoded value from ABFD starting at DATA. + If SIGN is true, return a signed LEB128 value. + If LENGTH_RETURN is not NULL, return in it the number of bytes read. + No bytes will be read at address END or beyond. */ + +bfd_vma +safe_read_leb128 (bfd *abfd ATTRIBUTE_UNUSED, + bfd_byte *data, + unsigned int *length_return, + bfd_boolean sign, + const bfd_byte * const end) +{ + bfd_vma result = 0; + unsigned int num_read = 0; + unsigned int shift = 0; + unsigned char byte = 0; + + while (data < end) + { + byte = bfd_get_8 (abfd, data); + data++; + num_read++; + + result |= ((bfd_vma) (byte & 0x7f)) << shift; + + shift += 7; + if ((byte & 0x80) == 0) + break; + } + + if (length_return != NULL) + *length_return = num_read; + + if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40)) + result |= (bfd_vma) -1 << shift; + + return result; +} + /* Helper function for reading sleb128 encoded data. */ bfd_signed_vma diff --git a/bfd/libbfd.h b/bfd/libbfd.h index 6c48f82..1c54d0f 100644 --- a/bfd/libbfd.h +++ b/bfd/libbfd.h @@ -842,6 +842,8 @@ extern void bfd_section_already_linked_table_traverse extern bfd_vma read_unsigned_leb128 (bfd *, bfd_byte *, unsigned int *); extern bfd_signed_vma read_signed_leb128 (bfd *, bfd_byte *, unsigned int *); +extern bfd_vma safe_read_leb128 (bfd *, bfd_byte *, unsigned int *, + bfd_boolean, const bfd_byte * const); /* Extracted from init.c. */ /* Extracted from libbfd.c. */ bfd_boolean bfd_write_bigendian_4byte_int (bfd *, unsigned int); diff --git a/bfd/libieee.h b/bfd/libieee.h index 7026b85..27fd467 100644 --- a/bfd/libieee.h +++ b/bfd/libieee.h @@ -66,6 +66,7 @@ typedef struct { unsigned char *input_p; unsigned char *first_byte; unsigned char *last_byte; + bfd_size_type total_amt; bfd *abfd; } common_header_type ; diff --git a/bfd/linker.c b/bfd/linker.c index 9223810..f7f32a3 100644 --- a/bfd/linker.c +++ b/bfd/linker.c @@ -2434,7 +2434,7 @@ _bfd_generic_reloc_link_order (bfd *abfd, size = bfd_get_reloc_size (r->howto); buf = (bfd_byte *) bfd_zmalloc (size); - if (buf == NULL) + if (buf == NULL && size != 0) return FALSE; rstat = _bfd_relocate_contents (r->howto, abfd, (bfd_vma) link_order->u.reloc.p->addend, diff --git a/bfd/mach-o.c b/bfd/mach-o.c index 3952689..5364c50 100644 --- a/bfd/mach-o.c +++ b/bfd/mach-o.c @@ -690,6 +690,20 @@ bfd_mach_o_bfd_copy_private_header_data (bfd *ibfd, bfd *obfd) ody->export_size = idy->export_size; ody->export_content = idy->export_content; } + /* PR 17512: file: 730e492d. */ + else + { + ody->rebase_size = + ody->bind_size = + ody->weak_bind_size = + ody->lazy_bind_size = + ody->export_size = 0; + ody->rebase_content = + ody->bind_content = + ody->weak_bind_content = + ody->lazy_bind_content = + ody->export_content = NULL; + } } break; @@ -790,18 +804,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, bfd_mach_o_dysymtab_command *dysymtab = mdata->dysymtab; bfd_mach_o_symtab_command *symtab = mdata->symtab; asymbol *s; + char * s_start; + char * s_end; unsigned long count, i, j, n; size_t size; char *names; char *nul_name; + const char stub [] = "$stub"; *ret = NULL; /* Stop now if no symbols or no indirect symbols. */ - if (dysymtab == NULL || symtab == NULL || symtab->symbols == NULL) - return 0; - - if (dysymtab->nindirectsyms == 0) + if (dysymtab == NULL || dysymtab->nindirectsyms == 0 + || symtab == NULL || symtab->symbols == NULL) return 0; /* We need to allocate a bfd symbol for every indirect symbol and to @@ -811,19 +826,23 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, for (j = 0; j < count; j++) { + const char * strng; unsigned int isym = dysymtab->indirect_syms[j]; /* Some indirect symbols are anonymous. */ - if (isym < symtab->nsyms && symtab->symbols[isym].symbol.name) - size += strlen (symtab->symbols[isym].symbol.name) + sizeof ("$stub"); + if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name)) + /* PR 17512: file: f5b8eeba. */ + size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub); } - s = *ret = (asymbol *) bfd_malloc (size); + s_start = bfd_malloc (size); + s = *ret = (asymbol *) s_start; if (s == NULL) return -1; names = (char *) (s + count); nul_name = names; *names++ = 0; + s_end = s_start + size; n = 0; for (i = 0; i < mdata->nsects; i++) @@ -843,10 +862,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, last = first + bfd_mach_o_section_get_nbr_indirect (abfd, sec); addr = sec->addr; entry_size = bfd_mach_o_section_get_entry_size (abfd, sec); + + /* PR 17512: file: 08e15eec. */ + if (first >= count || last >= count || first > last) + goto fail; + for (j = first; j < last; j++) { unsigned int isym = dysymtab->indirect_syms[j]; + /* PR 17512: file: 04d64d9b. */ + if (((char *) s) + sizeof (* s) > s_end) + goto fail; + s->flags = BSF_GLOBAL | BSF_SYNTHETIC; s->section = sec->bfdsection; s->value = addr - sec->addr; @@ -860,10 +888,16 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, s->name = names; len = strlen (sym); + /* PR 17512: file: 47dfd4d2. */ + if (names + len >= s_end) + goto fail; memcpy (names, sym, len); names += len; - memcpy (names, "$stub", sizeof ("$stub")); - names += sizeof ("$stub"); + /* PR 17512: file: 18f340a4. */ + if (names + sizeof (stub) >= s_end) + goto fail; + memcpy (names, stub, sizeof (stub)); + names += sizeof (stub); } else s->name = nul_name; @@ -879,6 +913,11 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, } return n; + + fail: + free (s_start); + * ret = NULL; + return -1; } void @@ -1349,8 +1388,14 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (reloc.r_extern) { - /* An external symbol number. */ - sym = syms + num; + /* PR 17512: file: 8396-1185-0.004. */ + if (num >= (unsigned) bfd_mach_o_count_symbols (abfd)) + sym = bfd_und_section_ptr->symbol_ptr_ptr; + else if (syms == NULL) + sym = bfd_und_section_ptr->symbol_ptr_ptr; + else + /* An external symbol number. */ + sym = syms + num; } else if (num == 0x00ffffff || num == 0) { @@ -1363,9 +1408,11 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, } else { + /* PR 17512: file: 006-2964-0.004. */ + if (num > mdata->nsects) + return -1; + /* A section number. */ - BFD_ASSERT (num <= mdata->nsects); - sym = mdata->sections[num - 1]->bfdsection->symbol_ptr_ptr; /* For a symbol defined in section S, the addend (stored in the binary) contains the address of the section. To comply with @@ -1394,6 +1441,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc)) return -1; + return 0; } @@ -1408,6 +1456,11 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos, /* Allocate and read relocs. */ native_size = count * BFD_MACH_O_RELENT_SIZE; + + /* PR 17512: file: 09477b57. */ + if (native_size < count) + return -1; + native_relocs = (struct mach_o_reloc_info_external *) bfd_malloc (native_size); if (native_relocs == NULL) @@ -1447,6 +1500,8 @@ bfd_mach_o_canonicalize_reloc (bfd *abfd, asection *asect, if (asect->relocation == NULL) { + if (asect->reloc_count * sizeof (arelent) < asect->reloc_count) + return -1; res = bfd_malloc (asect->reloc_count * sizeof (arelent)); if (res == NULL) return -1; @@ -1500,6 +1555,10 @@ bfd_mach_o_canonicalize_dynamic_reloc (bfd *abfd, arelent **rels, if (mdata->dyn_reloc_cache == NULL) { + if ((dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent) + < (dysymtab->nextrel + dysymtab->nlocrel)) + return -1; + res = bfd_malloc ((dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent)); if (res == NULL) @@ -1814,11 +1873,10 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym) mdata->filelen += sym->strsize; if (bfd_seek (abfd, sym->stroff, SEEK_SET) != 0) - return FALSE; + goto err; if (_bfd_stringtab_emit (abfd, strtab) != TRUE) goto err; - _bfd_stringtab_free (strtab); /* Pad string table. */ padlen = bfd_mach_o_pad4 (abfd, sym->strsize); @@ -1831,6 +1889,7 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym) err: _bfd_stringtab_free (strtab); + sym->strsize = 0; return FALSE; } @@ -1948,6 +2007,8 @@ bfd_mach_o_build_dysymtab (bfd *abfd, bfd_mach_o_dysymtab_command *cmd) cmd->indirectsymoff = mdata->filelen; mdata->filelen += cmd->nindirectsyms * 4; + if (cmd->nindirectsyms * 4 < cmd->nindirectsyms) + return FALSE; cmd->indirect_syms = bfd_zalloc (abfd, cmd->nindirectsyms * 4); if (cmd->indirect_syms == NULL) return FALSE; @@ -2334,17 +2395,20 @@ bfd_mach_o_mangle_sections (bfd *abfd, bfd_mach_o_data_struct *mdata) && (mdata->nsects == 0 || mdata->sections != NULL)) return TRUE; + /* We need to check that this can be done... */ + if (nsect > 255) + { + (*_bfd_error_handler) (_("mach-o: there are too many sections (%u)" + " maximum is 255,\n"), nsect); + return FALSE; + } + mdata->nsects = nsect; - mdata->sections = bfd_alloc (abfd, - mdata->nsects * sizeof (bfd_mach_o_section *)); + mdata->sections = bfd_alloc2 (abfd, + mdata->nsects, sizeof (bfd_mach_o_section *)); if (mdata->sections == NULL) return FALSE; - /* We need to check that this can be done... */ - if (nsect > 255) - (*_bfd_error_handler) (_("mach-o: there are too many sections (%d)" - " maximum is 255,\n"), nsect); - /* Create Mach-O sections. Section type, attribute and align should have been set when the section was created - either read in or specified. */ @@ -2726,7 +2790,14 @@ bfd_mach_o_build_exec_seg_command (bfd *abfd, bfd_mach_o_segment_command *seg) bfd_mach_o_append_section_to_segment (seg, s); - BFD_ASSERT (s->addr >= vma); + if (s->addr < vma) + { + (*_bfd_error_handler) + (_("section address (%lx) below start of segment (%lx)"), + (unsigned long) s->addr, (unsigned long) vma); + return FALSE; + } + vma = s->addr + s->size; } @@ -2801,7 +2872,7 @@ bfd_mach_o_build_exec_seg_command (bfd *abfd, bfd_mach_o_segment_command *seg) /* Layout the commands: set commands size and offset, set ncmds and sizeofcmds fields in header. */ -static void +static bfd_boolean bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata) { unsigned wide = mach_o_wide_p (&mdata->header); @@ -2809,6 +2880,7 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata) ufile_ptr offset; bfd_mach_o_load_command *cmd; unsigned int align; + bfd_boolean ret = TRUE; hdrlen = wide ? BFD_MACH_O_HEADER_64_SIZE : BFD_MACH_O_HEADER_SIZE; align = wide ? 8 - 1 : 4 - 1; @@ -2864,6 +2936,7 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata) (*_bfd_error_handler) (_("unable to layout unknown load command 0x%lx"), (unsigned long) cmd->type); + ret = FALSE; break; } @@ -2872,6 +2945,8 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata) } mdata->header.sizeofcmds = offset - hdrlen; mdata->filelen = offset; + + return ret; } /* Subroutine of bfd_mach_o_build_commands: set type, name and nsects of a @@ -3006,8 +3081,7 @@ bfd_mach_o_build_commands (bfd *abfd) if (nbr_commands == 0) { /* Layout commands (well none...) and set headers command fields. */ - bfd_mach_o_layout_commands (mdata); - return TRUE; + return bfd_mach_o_layout_commands (mdata); } /* Create commands for segments (and symtabs), prepend them. */ @@ -3090,7 +3164,8 @@ bfd_mach_o_build_commands (bfd *abfd) } /* Layout commands. */ - bfd_mach_o_layout_commands (mdata); + if (! bfd_mach_o_layout_commands (mdata)) + return FALSE; /* So, now we have sized the commands and the filelen set to that. Now we can build the segment command and set the section file offsets. */ @@ -3394,6 +3469,13 @@ bfd_mach_o_read_section_32 (bfd *abfd, section->size = bfd_h_get_32 (abfd, raw.size); section->offset = bfd_h_get_32 (abfd, raw.offset); section->align = bfd_h_get_32 (abfd, raw.align); + /* PR 17512: file: 0017eb76. */ + if (section->align > 64) + { + (*_bfd_error_handler) (_("bfd_mach_o_read_section_32: overlarge alignment value: 0x%x, using 32 instead"), + section->align); + section->align = 32; + } section->reloff = bfd_h_get_32 (abfd, raw.reloff); section->nreloc = bfd_h_get_32 (abfd, raw.nreloc); section->flags = bfd_h_get_32 (abfd, raw.flags); @@ -3433,6 +3515,12 @@ bfd_mach_o_read_section_64 (bfd *abfd, section->size = bfd_h_get_64 (abfd, raw.size); section->offset = bfd_h_get_32 (abfd, raw.offset); section->align = bfd_h_get_32 (abfd, raw.align); + if (section->align > 64) + { + (*_bfd_error_handler) (_("bfd_mach_o_read_section_64: overlarge alignment value: 0x%x, using 32 instead"), + section->align); + section->align = 32; + } section->reloff = bfd_h_get_32 (abfd, raw.reloff); section->nreloc = bfd_h_get_32 (abfd, raw.nreloc); section->flags = bfd_h_get_32 (abfd, raw.flags); @@ -3637,16 +3725,21 @@ bfd_mach_o_read_symtab_strtab (bfd *abfd) } else { - sym->strtab = bfd_alloc (abfd, sym->strsize); + sym->strtab = bfd_alloc (abfd, sym->strsize + 1); if (sym->strtab == NULL) return FALSE; if (bfd_seek (abfd, sym->stroff, SEEK_SET) != 0 || bfd_bread (sym->strtab, sym->strsize, abfd) != sym->strsize) { + /* PR 17512: file: 10888-1609-0.004. */ + bfd_release (abfd, sym->strtab); + sym->strtab = NULL; bfd_set_error (bfd_error_file_truncated); return FALSE; } + /* Zero terminate the string table. */ + sym->strtab[sym->strsize] = 0; } return TRUE; @@ -3660,29 +3753,31 @@ bfd_mach_o_read_symtab_symbols (bfd *abfd) unsigned long i; if (sym == NULL || sym->symbols) - { - /* Return now if there are no symbols or if already loaded. */ - return TRUE; - } - - sym->symbols = bfd_alloc (abfd, sym->nsyms * sizeof (bfd_mach_o_asymbol)); + /* Return now if there are no symbols or if already loaded. */ + return TRUE; + sym->symbols = bfd_alloc2 (abfd, sym->nsyms, sizeof (bfd_mach_o_asymbol)); if (sym->symbols == NULL) { (*_bfd_error_handler) (_("bfd_mach_o_read_symtab_symbols: unable to allocate memory for symbols")); + sym->nsyms = 0; return FALSE; } if (!bfd_mach_o_read_symtab_strtab (abfd)) - return FALSE; + goto fail; for (i = 0; i < sym->nsyms; i++) - { - if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i)) - return FALSE; - } + if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i)) + goto fail; return TRUE; + + fail: + bfd_release (abfd, sym->symbols); + sym->symbols = NULL; + sym->nsyms = 0; + return FALSE; } static const char * @@ -3915,8 +4010,8 @@ bfd_mach_o_read_thread (bfd *abfd, bfd_mach_o_load_command *command) } /* Allocate threads. */ - cmd->flavours = bfd_alloc - (abfd, nflavours * sizeof (bfd_mach_o_thread_flavour)); + cmd->flavours = bfd_alloc2 + (abfd, nflavours, sizeof (bfd_mach_o_thread_flavour)); if (cmd->flavours == NULL) return FALSE; cmd->nflavours = nflavours; @@ -4039,7 +4134,7 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) unsigned int module_len = wide ? 56 : 52; cmd->dylib_module = - bfd_alloc (abfd, cmd->nmodtab * sizeof (bfd_mach_o_dylib_module)); + bfd_alloc2 (abfd, cmd->nmodtab, sizeof (bfd_mach_o_dylib_module)); if (cmd->dylib_module == NULL) return FALSE; @@ -4085,10 +4180,10 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) if (cmd->ntoc != 0) { - unsigned int i; + unsigned long i; - cmd->dylib_toc = bfd_alloc - (abfd, cmd->ntoc * sizeof (bfd_mach_o_dylib_table_of_content)); + cmd->dylib_toc = bfd_alloc2 + (abfd, cmd->ntoc, sizeof (bfd_mach_o_dylib_table_of_content)); if (cmd->dylib_toc == NULL) return FALSE; @@ -4112,8 +4207,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) { unsigned int i; - cmd->indirect_syms = bfd_alloc - (abfd, cmd->nindirectsyms * sizeof (unsigned int)); + cmd->indirect_syms = bfd_alloc2 + (abfd, cmd->nindirectsyms, sizeof (unsigned int)); if (cmd->indirect_syms == NULL) return FALSE; @@ -4137,8 +4232,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) unsigned long v; unsigned int i; - cmd->ext_refs = bfd_alloc - (abfd, cmd->nextrefsyms * sizeof (bfd_mach_o_dylib_reference)); + cmd->ext_refs = bfd_alloc2 + (abfd, cmd->nextrefsyms, sizeof (bfd_mach_o_dylib_reference)); if (cmd->ext_refs == NULL) return FALSE; @@ -4638,9 +4733,10 @@ bfd_mach_o_read_command (bfd *abfd, bfd_mach_o_load_command *command) return FALSE; break; default: + command->len = 0; (*_bfd_error_handler)(_("%B: unknown load command 0x%lx"), - abfd, (unsigned long) command->type); - break; + abfd, (unsigned long) command->type); + return FALSE; } return TRUE; @@ -4668,8 +4764,8 @@ bfd_mach_o_flatten_sections (bfd *abfd) } /* Allocate sections array. */ - mdata->sections = bfd_alloc (abfd, - mdata->nsects * sizeof (bfd_mach_o_section *)); + mdata->sections = bfd_alloc2 (abfd, + mdata->nsects, sizeof (bfd_mach_o_section *)); /* Fill the array. */ csect = 0; @@ -4841,7 +4937,8 @@ bfd_mach_o_scan (bfd *abfd, mdata->first_command = NULL; mdata->last_command = NULL; - cmd = bfd_alloc (abfd, header->ncmds * sizeof (bfd_mach_o_load_command)); + + cmd = bfd_alloc2 (abfd, header->ncmds, sizeof (bfd_mach_o_load_command)); if (cmd == NULL) return FALSE; @@ -5077,7 +5174,7 @@ bfd_mach_o_archive_p (bfd *abfd) goto error; adata->archentries = - bfd_alloc (abfd, adata->nfat_arch * sizeof (mach_o_fat_archentry)); + bfd_alloc2 (abfd, adata->nfat_arch, sizeof (mach_o_fat_archentry)); if (adata->archentries == NULL) goto error; @@ -5094,6 +5191,7 @@ bfd_mach_o_archive_p (bfd *abfd) } abfd->tdata.mach_o_fat_data = adata; + return abfd->xvec; error: diff --git a/bfd/nlm32-sparc.c b/bfd/nlm32-sparc.c index 4a68fa2..815c0fa 100644 --- a/bfd/nlm32-sparc.c +++ b/bfd/nlm32-sparc.c @@ -49,7 +49,7 @@ enum reloc_type static reloc_howto_type nlm32_sparc_howto_table[] = { - HOWTO (R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, 0,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE), + HOWTO (R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, 0,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE), HOWTO (R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_8", FALSE,0,0x000000ff,TRUE), HOWTO (R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_16", FALSE,0,0x0000ffff,TRUE), HOWTO (R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_32", FALSE,0,0xffffffff,TRUE), diff --git a/bfd/pdp11.c b/bfd/pdp11.c index 593c5ca..39e0583 100644 --- a/bfd/pdp11.c +++ b/bfd/pdp11.c @@ -1172,6 +1172,14 @@ NAME (aout, set_section_contents) (bfd *abfd, if (bfd_seek (abfd, section->filepos + offset, SEEK_SET) != 0 || bfd_bwrite (location, count, abfd) != count) return FALSE; + + /* If necessary, pad the section to its aligned size. */ + if ((section == obj_datasec (abfd) + || section == obj_textsec (abfd)) + && count < section->size + && (bfd_seek (abfd, section->filepos + offset + section->size - 1, SEEK_SET) != 0 + || bfd_bwrite ("", 1, abfd) != 1)) + return FALSE; } return TRUE; @@ -1189,6 +1197,14 @@ aout_get_external_symbols (bfd *abfd) count = exec_hdr (abfd)->a_syms / EXTERNAL_NLIST_SIZE; + /* PR 17512: file: 011f5a08. */ + if (count == 0) + { + obj_aout_external_syms (abfd) = NULL; + obj_aout_external_sym_count (abfd) = count; + return TRUE; + } + #ifdef USE_MMAP if (! bfd_get_file_window (abfd, obj_sym_filepos (abfd), exec_hdr (abfd)->a_syms, @@ -3152,7 +3168,7 @@ aout_link_reloc_link_order (struct aout_final_link_info *flaginfo, size = bfd_get_reloc_size (howto); buf = bfd_zmalloc (size); - if (buf == NULL) + if (buf == NULL && size != 0) return FALSE; r = MY_relocate_contents (howto, flaginfo->output_bfd, pr->addend, buf); diff --git a/bfd/reloc.c b/bfd/reloc.c index dc47173..ba73ef7 100644 --- a/bfd/reloc.c +++ b/bfd/reloc.c @@ -437,6 +437,7 @@ bfd_get_reloc_size (reloc_howto_type *howto) case 3: return 0; case 4: return 8; case 8: return 16; + case -1: return 2; case -2: return 4; default: abort (); } @@ -578,7 +579,7 @@ bfd_perform_relocation (bfd *abfd, { bfd_vma relocation; bfd_reloc_status_type flag = bfd_reloc_ok; - bfd_size_type octets = reloc_entry->address * bfd_octets_per_byte (abfd); + bfd_size_type octets; bfd_vma output_base = 0; reloc_howto_type *howto = reloc_entry->howto; asection *reloc_target_output_section; @@ -592,6 +593,10 @@ bfd_perform_relocation (bfd *abfd, return bfd_reloc_ok; } + /* PR 17512: file: 0f67f69d. */ + if (howto == NULL) + return bfd_reloc_undefined; + /* If we are not producing relocatable output, return an error if the symbol is not defined. An undefined weak symbol is considered to have a value of zero (SVR4 ABI, p. 4-27). */ @@ -613,8 +618,12 @@ bfd_perform_relocation (bfd *abfd, return cont; } - /* Is the address of the relocation really within the section? */ - if (reloc_entry->address > bfd_get_section_limit (abfd, input_section)) + /* Is the address of the relocation really within the section? + Include the size of the reloc in the test for out of range addresses. + PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); + if (octets + bfd_get_reloc_size (howto) + > bfd_get_section_limit_octets (abfd, input_section)) return bfd_reloc_outofrange; /* Work out which section the relocation is targeted at and the @@ -964,7 +973,7 @@ bfd_install_relocation (bfd *abfd, { bfd_vma relocation; bfd_reloc_status_type flag = bfd_reloc_ok; - bfd_size_type octets = reloc_entry->address * bfd_octets_per_byte (abfd); + bfd_size_type octets; bfd_vma output_base = 0; reloc_howto_type *howto = reloc_entry->howto; asection *reloc_target_output_section; @@ -997,7 +1006,9 @@ bfd_install_relocation (bfd *abfd, } /* Is the address of the relocation really within the section? */ - if (reloc_entry->address > bfd_get_section_limit (abfd, input_section)) + octets = reloc_entry->address * bfd_octets_per_byte (abfd); + if (octets + bfd_get_reloc_size (howto) + > bfd_get_section_limit_octets (abfd, input_section)) return bfd_reloc_outofrange; /* Work out which section the relocation is targeted at and the @@ -1332,9 +1343,11 @@ _bfd_final_link_relocate (reloc_howto_type *howto, bfd_vma addend) { bfd_vma relocation; + bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); /* Sanity check the address. */ - if (address > bfd_get_section_limit (input_bfd, input_section)) + if (octets + bfd_get_reloc_size (howto) + > bfd_get_section_limit_octets (input_bfd, input_section)) return bfd_reloc_outofrange; /* This function assumes that we are dealing with a basic relocation @@ -1389,8 +1402,9 @@ _bfd_relocate_contents (reloc_howto_type *howto, switch (size) { default: - case 0: abort (); + case 0: + return bfd_reloc_ok; case 1: x = bfd_get_8 (input_bfd, location); break; @@ -1557,8 +1571,9 @@ _bfd_clear_contents (reloc_howto_type *howto, switch (size) { default: - case 0: abort (); + case 0: + return; case 1: x = bfd_get_8 (input_bfd, location); break; @@ -7655,11 +7670,23 @@ bfd_generic_get_relocated_section_contents (bfd *abfd, abfd, input_section, * parent); goto error_return; + case bfd_reloc_notsupported: + /* PR ld/17512 + This error can result when processing a corrupt binary. + Do not abort. Issue an error message instead. */ + link_info->callbacks->einfo + (_("%X%P: %B(%A): relocation \"%R\" is not supported\n"), + abfd, input_section, * parent); + goto error_return; + default: - abort (); + /* PR 17512; file: 90c2a92e. + Report unexpected results, without aborting. */ + link_info->callbacks->einfo + (_("%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"), + abfd, input_section, * parent, r); break; } - } } } @@ -1191,6 +1191,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, { nul_fun = stab; nul_str = str; + if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) + file_name = NULL; if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize && *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO) { @@ -1200,6 +1202,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, directory_name = file_name; file_name = ((char *) str + bfd_get_32 (abfd, stab + STRDXOFF)); + if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) + file_name = NULL; } } break; @@ -1207,6 +1211,10 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, case N_SOL: /* The name of an include file. */ file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + /* PR 17512: file: 0c680a1f. */ + /* PR 17512: file: 5da8aec4. */ + if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) + file_name = NULL; break; case N_FUN: @@ -1214,6 +1222,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); if (function_name == (char *) str) continue; + if (function_name >= (char *) info->strs + strsize) + function_name = NULL; nul_fun = NULL; info->indextable[i].val = bfd_get_32 (abfd, stab + VALOFF); @@ -1321,6 +1331,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, if (val <= offset) { file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) + file_name = NULL; *pline = 0; } break; diff --git a/bfd/tekhex.c b/bfd/tekhex.c index 0328689..5620e85 100644 --- a/bfd/tekhex.c +++ b/bfd/tekhex.c @@ -267,7 +267,7 @@ typedef struct tekhex_data_struct #define enda(x) (x->vma + x->size) static bfd_boolean -getvalue (char **srcp, bfd_vma *valuep) +getvalue (char **srcp, bfd_vma *valuep, char * endp) { char *src = *srcp; bfd_vma value = 0; @@ -279,7 +279,7 @@ getvalue (char **srcp, bfd_vma *valuep) len = hex_value (*src++); if (len == 0) len = 16; - while (len--) + while (len-- && src < endp) { if (!ISHEX (*src)) return FALSE; @@ -288,11 +288,11 @@ getvalue (char **srcp, bfd_vma *valuep) *srcp = src; *valuep = value; - return TRUE; + return len == -1U; } static bfd_boolean -getsym (char *dstp, char **srcp, unsigned int *lenp) +getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp) { char *src = *srcp; unsigned int i; @@ -304,12 +304,12 @@ getsym (char *dstp, char **srcp, unsigned int *lenp) len = hex_value (*src++); if (len == 0) len = 16; - for (i = 0; i < len; i++) + for (i = 0; i < len && src < endp; i++) dstp[i] = src[i]; dstp[i] = 0; *srcp = src + i; *lenp = len; - return TRUE; + return i == len; } static struct data_struct * @@ -354,7 +354,7 @@ insert_byte (bfd *abfd, int value, bfd_vma addr) how big the data is. */ static bfd_boolean -first_phase (bfd *abfd, int type, char *src) +first_phase (bfd *abfd, int type, char *src, char * src_end) { asection *section, *alt_section; unsigned int len; @@ -368,21 +368,21 @@ first_phase (bfd *abfd, int type, char *src) { bfd_vma addr; - if (!getvalue (&src, &addr)) + if (!getvalue (&src, &addr, src_end)) return FALSE; - while (*src) + while (*src && src < src_end - 1) { insert_byte (abfd, HEX (src), addr); src += 2; addr++; } + return TRUE; } - return TRUE; case '3': /* Symbol record, read the segment. */ - if (!getsym (sym, &src, &len)) + if (!getsym (sym, &src, &len, src_end)) return FALSE; section = bfd_get_section_by_name (abfd, sym); if (section == NULL) @@ -397,17 +397,23 @@ first_phase (bfd *abfd, int type, char *src) return FALSE; } alt_section = NULL; - while (*src) + while (src < src_end && *src) { switch (*src) { case '1': /* Section range. */ src++; - if (!getvalue (&src, §ion->vma)) + if (!getvalue (&src, §ion->vma, src_end)) return FALSE; - if (!getvalue (&src, &val)) + if (!getvalue (&src, &val, src_end)) return FALSE; + if (val < section->vma) + val = section->vma; section->size = val - section->vma; + /* PR 17512: file: objdump-s-endless-loop.tekhex. + Check for overlarge section sizes. */ + if (section->size & 0x80000000) + return FALSE; section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC; break; case '0': @@ -432,7 +438,7 @@ first_phase (bfd *abfd, int type, char *src) abfd->flags |= HAS_SYMS; new_symbol->prev = abfd->tdata.tekhex_data->symbols; abfd->tdata.tekhex_data->symbols = new_symbol; - if (!getsym (sym, &src, &len)) + if (!getsym (sym, &src, &len, src_end)) return FALSE; new_symbol->symbol.name = (const char *) bfd_alloc (abfd, (bfd_size_type) len + 1); @@ -480,7 +486,7 @@ first_phase (bfd *abfd, int type, char *src) new_symbol->symbol.section = alt_section; } } - if (!getvalue (&src, &val)) + if (!getvalue (&src, &val, src_end)) return FALSE; new_symbol->symbol.value = val - section->vma; break; @@ -498,7 +504,7 @@ first_phase (bfd *abfd, int type, char *src) record. */ static bfd_boolean -pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *)) +pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *)) { unsigned int chars_on_line; bfd_boolean is_eof = FALSE; @@ -539,8 +545,7 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *)) /* Put a null at the end. */ src[chars_on_line] = 0; - - if (!func (abfd, type, src)) + if (!func (abfd, type, src, src + chars_on_line)) return FALSE; } @@ -957,6 +962,7 @@ tekhex_print_symbol (bfd *abfd, #define tekhex_find_nearest_line _bfd_nosymbols_find_nearest_line #define tekhex_find_line _bfd_nosymbols_find_line #define tekhex_find_inliner_info _bfd_nosymbols_find_inliner_info +#define tekhex_get_symbol_version_string _bfd_nosymbols_get_symbol_version_string #define tekhex_bfd_make_debug_symbol _bfd_nosymbols_bfd_make_debug_symbol #define tekhex_read_minisymbols _bfd_generic_read_minisymbols #define tekhex_minisymbol_to_symbol _bfd_generic_minisymbol_to_symbol diff --git a/bfd/versados.c b/bfd/versados.c index 42bf36c..fecfdde 100644 --- a/bfd/versados.c +++ b/bfd/versados.c @@ -57,6 +57,7 @@ struct esdid { asection *section; /* Ptr to bfd version. */ unsigned char *contents; /* Used to build image. */ + bfd_size_type content_size; /* The size of the contents buffer. */ int pc; int relocs; /* Reloc count, valid end of pass 1. */ int donerel; /* Have relocs been translated. */ @@ -85,8 +86,8 @@ typedef struct versados_data_struct tdata_type; #define VDATA(abfd) (abfd->tdata.versados_data) -#define EDATA(abfd, n) (abfd->tdata.versados_data->e[n]) -#define RDATA(abfd, n) (abfd->tdata.versados_data->rest[n]) +#define EDATA(abfd, n) (abfd->tdata.versados_data->e[(n) < 16 ? (n) : 0]) +#define RDATA(abfd, n) (abfd->tdata.versados_data->rest[(n) < 240 ? (n) : 0]) struct ext_otr { @@ -181,14 +182,22 @@ versados_new_symbol (bfd *abfd, return n; } -static int +static bfd_boolean get_record (bfd *abfd, union ext_any *ptr) { if (bfd_bread (&ptr->size, (bfd_size_type) 1, abfd) != 1 || (bfd_bread ((char *) ptr + 1, (bfd_size_type) ptr->size, abfd) != ptr->size)) - return 0; - return 1; + return FALSE; + + { + bfd_size_type amt = ptr->size + 1; + + if (amt < sizeof (* ptr)) + memset ((char *) ptr + amt, 0, sizeof (* ptr) - amt); + } + + return TRUE; } static int @@ -364,11 +373,19 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) | (otr->map[2] << 8) | (otr->map[3] << 0); - struct esdid *esdid = &EDATA (abfd, otr->esdid - 1); - unsigned char *contents = esdid->contents; - int need_contents = 0; - unsigned int dst_idx = esdid->pc; - + struct esdid *esdid; + unsigned char *contents; + bfd_boolean need_contents = FALSE; + unsigned int dst_idx; + + /* PR 17512: file: ac7da425. */ + if (otr->esdid == 0) + return; + + esdid = &EDATA (abfd, otr->esdid - 1); + contents = esdid->contents; + dst_idx = esdid->pc; + for (shift = ((unsigned long) 1 << 31); shift && srcp < endp; shift >>= 1) { if (bits & shift) @@ -390,8 +407,8 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) int val = get_offset (offsetlen, srcp + esdids); if (pass == 1) - need_contents = 1; - else + need_contents = TRUE; + else if (contents && dst_idx < esdid->content_size - sizeinwords * 2) for (j = 0; j < sizeinwords * 2; j++) { contents[dst_idx + (sizeinwords * 2) - j - 1] = val; @@ -413,10 +430,13 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) } else { - arelent *n = - EDATA (abfd, otr->esdid - 1).section->relocation + rn; - n->address = dst_idx; + arelent *n; + /* PR 17512: file: 54f733e0. */ + if (EDATA (abfd, otr->esdid - 1).section == NULL) + continue; + n = EDATA (abfd, otr->esdid - 1).section->relocation + rn; + n->address = dst_idx; n->sym_ptr_ptr = (asymbol **) (size_t) id; n->addend = 0; n->howto = versados_howto_table + ((j & 1) * 2) + (sizeinwords - 1); @@ -429,31 +449,42 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) } else { - need_contents = 1; - if (dst_idx < esdid->section->size) + need_contents = TRUE; + + if (esdid->section && contents && dst_idx < esdid->content_size - 1) if (pass == 2) { /* Absolute code, comes in 16 bit lumps. */ contents[dst_idx] = srcp[0]; contents[dst_idx + 1] = srcp[1]; } + dst_idx += 2; srcp += 2; } } + EDATA (abfd, otr->esdid - 1).pc = dst_idx; if (!contents && need_contents) { - bfd_size_type size = esdid->section->size; - esdid->contents = bfd_alloc (abfd, size); + if (esdid->section) + { + bfd_size_type size; + + size = esdid->section->size; + esdid->contents = bfd_alloc (abfd, size); + esdid->content_size = size; + } + else + esdid->contents = NULL; } } static bfd_boolean versados_scan (bfd *abfd) { - int loop = 1; + bfd_boolean loop = TRUE; int i; int j; int nsecs = 0; @@ -471,13 +502,13 @@ versados_scan (bfd *abfd) union ext_any any; if (!get_record (abfd, &any)) - return TRUE; + return FALSE; switch (any.header.type) { case VHEADER: break; case VEND: - loop = 0; + loop = FALSE; break; case VESTDEF: process_esd (abfd, &any.esd, 1); @@ -504,7 +535,6 @@ versados_scan (bfd *abfd) { amt = (bfd_size_type) esdid->relocs * sizeof (arelent); esdid->section->relocation = bfd_alloc (abfd, amt); - esdid->pc = 0; if (esdid->contents) @@ -563,7 +593,7 @@ versados_scan (bfd *abfd) VDATA (abfd)->ref_idx = 0; - return 1; + return TRUE; } /* Check whether an existing file is a versados file. */ @@ -585,6 +615,13 @@ versados_object_p (bfd *abfd) return NULL; } + /* PR 17512: file: 726-2128-0.004. */ + if (len < 13) + { + bfd_set_error (bfd_error_wrong_format); + return NULL; + } + if (bfd_bread (&ext.type, (bfd_size_type) len, abfd) != len) { if (bfd_get_error () != bfd_error_system_call) @@ -652,12 +689,20 @@ versados_get_section_contents (bfd *abfd, file_ptr offset, bfd_size_type count) { + struct esdid *esdid; + if (!versados_pass_2 (abfd)) return FALSE; - memcpy (location, - EDATA (abfd, section->target_index).contents + offset, - (size_t) count); + esdid = &EDATA (abfd, section->target_index); + + if (esdid->contents == NULL + || offset < 0 + || (bfd_size_type) offset > esdid->content_size + || offset + count > esdid->content_size) + return FALSE; + + memcpy (location, esdid->contents + offset, (size_t) count); return TRUE; } @@ -758,6 +803,7 @@ versados_canonicalize_reloc (bfd *abfd, versados_pass_2 (abfd); src = section->relocation; + if (!EDATA (abfd, section->target_index).donerel) { EDATA (abfd, section->target_index).donerel = 1; @@ -773,8 +819,15 @@ versados_canonicalize_reloc (bfd *abfd, /* Section relative thing. */ struct esdid *e = &EDATA (abfd, esdid - 1); - src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr; + /* PR 17512: file:cd92277c. */ + if (e->section) + src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr; + else + src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr; } + /* PR 17512: file:3757-2936-0.004. */ + else if ((unsigned) (esdid - ES_BASE) >= bfd_get_symcount (abfd)) + src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr; else src[count].sym_ptr_ptr = symbols + esdid - ES_BASE; } @@ -796,6 +849,7 @@ versados_canonicalize_reloc (bfd *abfd, #define versados_find_nearest_line _bfd_nosymbols_find_nearest_line #define versados_find_line _bfd_nosymbols_find_line #define versados_find_inliner_info _bfd_nosymbols_find_inliner_info +#define versados_get_symbol_version_string _bfd_nosymbols_get_symbol_version_string #define versados_make_empty_symbol _bfd_generic_make_empty_symbol #define versados_bfd_make_debug_symbol _bfd_nosymbols_bfd_make_debug_symbol #define versados_read_minisymbols _bfd_generic_read_minisymbols diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 5ff5bfd..006928f 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -364,18 +364,18 @@ struct vms_section_data_struct ((struct vms_section_data_struct *)sec->used_by_bfd) /* To be called from the debugger. */ -struct vms_private_data_struct *bfd_vms_get_data (bfd *abfd); +struct vms_private_data_struct *bfd_vms_get_data (bfd *); -static int vms_get_remaining_object_record (bfd *abfd, int read_so_far); -static bfd_boolean _bfd_vms_slurp_object_records (bfd * abfd); +static int vms_get_remaining_object_record (bfd *, unsigned int); +static bfd_boolean _bfd_vms_slurp_object_records (bfd *); static void alpha_vms_add_fixup_lp (struct bfd_link_info *, bfd *, bfd *); static void alpha_vms_add_fixup_ca (struct bfd_link_info *, bfd *, bfd *); static void alpha_vms_add_fixup_qr (struct bfd_link_info *, bfd *, bfd *, bfd_vma); static void alpha_vms_add_fixup_lr (struct bfd_link_info *, unsigned int, bfd_vma); -static void alpha_vms_add_lw_reloc (struct bfd_link_info *info); -static void alpha_vms_add_qw_reloc (struct bfd_link_info *info); +static void alpha_vms_add_lw_reloc (struct bfd_link_info *); +static void alpha_vms_add_qw_reloc (struct bfd_link_info *); struct vector_type { @@ -521,6 +521,9 @@ _bfd_vms_slurp_eisd (bfd *abfd, unsigned int offset) asection *section; flagword bfd_flags; + /* PR 17512: file: 3d9e9fe9. */ + if (offset >= PRIV (recrd.rec_size)) + return FALSE; eisd = (struct vms_eisd *)(PRIV (recrd.rec) + offset); rec_size = bfd_getl32 (eisd->eisdsize); @@ -788,7 +791,7 @@ _bfd_vms_get_object_record (bfd *abfd) Return the size of the record or 0 on failure. */ static int -vms_get_remaining_object_record (bfd *abfd, int read_so_far) +vms_get_remaining_object_record (bfd *abfd, unsigned int read_so_far) { unsigned int to_read; @@ -824,6 +827,9 @@ vms_get_remaining_object_record (bfd *abfd, int read_so_far) return 0; PRIV (recrd.buf_size) = to_read; } + /* PR 17512: file: 025-1974-0.004. */ + else if (to_read <= read_so_far) + return 0; /* Read the remaining record. */ to_read -= read_so_far; @@ -854,9 +860,12 @@ _bfd_vms_slurp_ehdr (bfd *abfd) { unsigned char *ptr; unsigned char *vms_rec; + unsigned char *end; int subtype; vms_rec = PRIV (recrd.rec); + /* PR 17512: file: 62736583. */ + end = PRIV (recrd.buf) + PRIV (recrd.buf_size); vms_debug2 ((2, "HDR/EMH\n")); @@ -868,28 +877,42 @@ _bfd_vms_slurp_ehdr (bfd *abfd) { case EMH__C_MHD: /* Module header. */ + if (vms_rec + 21 >= end) + goto fail; PRIV (hdr_data).hdr_b_strlvl = vms_rec[6]; PRIV (hdr_data).hdr_l_arch1 = bfd_getl32 (vms_rec + 8); PRIV (hdr_data).hdr_l_arch2 = bfd_getl32 (vms_rec + 12); PRIV (hdr_data).hdr_l_recsiz = bfd_getl32 (vms_rec + 16); + if ((vms_rec + 20 + vms_rec[20] + 1) >= end) + goto fail; PRIV (hdr_data).hdr_t_name = _bfd_vms_save_counted_string (vms_rec + 20); ptr = vms_rec + 20 + vms_rec[20] + 1; + if ((ptr + *ptr + 1) >= end) + goto fail; PRIV (hdr_data).hdr_t_version =_bfd_vms_save_counted_string (ptr); ptr += *ptr + 1; + if (ptr + 17 >= end) + goto fail; PRIV (hdr_data).hdr_t_date = _bfd_vms_save_sized_string (ptr, 17); break; case EMH__C_LNM: + if (vms_rec + PRIV (recrd.rec_size - 6) > end) + goto fail; PRIV (hdr_data).hdr_c_lnm = _bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6)); break; case EMH__C_SRC: + if (vms_rec + PRIV (recrd.rec_size - 6) > end) + goto fail; PRIV (hdr_data).hdr_c_src = _bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6)); break; case EMH__C_TTL: + if (vms_rec + PRIV (recrd.rec_size - 6) > end) + goto fail; PRIV (hdr_data).hdr_c_ttl = _bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6)); break; @@ -900,6 +923,7 @@ _bfd_vms_slurp_ehdr (bfd *abfd) break; default: + fail: bfd_set_error (bfd_error_wrong_format); return FALSE; } @@ -2524,6 +2548,9 @@ alpha_vms_object_p (bfd *abfd) /* Reset the record pointer. */ PRIV (recrd.rec) = buf; + /* PR 17512: file: 7d7c57c2. */ + if (PRIV (recrd.rec_size) < sizeof (struct vms_eihd)) + goto error_ret; vms_debug2 ((2, "file type is image\n")); if (_bfd_vms_slurp_eihd (abfd, &eisd_offset, &eihs_offset) != TRUE) @@ -9188,6 +9215,9 @@ bfd_vms_get_data (bfd *abfd) ((bfd_boolean (*) (bfd *, asymbol *)) bfd_false) #define alpha_vms_print_symbol vms_print_symbol #define alpha_vms_get_symbol_info vms_get_symbol_info +#define alpha_vms_get_symbol_version_string \ + _bfd_nosymbols_get_symbol_version_string + #define alpha_vms_read_minisymbols _bfd_generic_read_minisymbols #define alpha_vms_minisymbol_to_symbol _bfd_generic_minisymbol_to_symbol #define alpha_vms_get_lineno _bfd_nosymbols_get_lineno |