_bfd_mul_overflow

This patch removes the bfd_alloc2 series of memory allocation functions,
replacing them with __builtin_mul_overflow followed by bfd_alloc.  Why
do that?  Well, a followup patch will implement _bfd_alloc_and_read
and I don't want to implement alloc2 variants as well.

	* coffcode.h (buy_and_read, coff_slurp_line_table),
	(coff_slurp_symbol_table, coff_slurp_reloc_table): Replace
	bfd_[z][m]alloc2 calls with _bfd_mul_overflow followed by the
	corresponding bfd_alloc call.  Adjust variables to suit.
	* coffgen.c (_bfd_coff_get_external_symbols): Likewise.
	* ecoff.c (_bfd_ecoff_slurp_symbolic_info),
	(_bfd_ecoff_slurp_symbol_table, READ): Likewise.
	* elf.c (bfd_elf_get_elf_syms, setup_group, bfd_section_from_shdr),
	(swap_out_syms, _bfd_elf_slurp_version_tables): Likewise.
	* elf32-m32c.c (m32c_elf_relax_section): Likewise.
	* elf32-rl78.c (rl78_elf_relax_section): Likewise.
	* elf32-rx.c (elf32_rx_relax_section): Likewise.
	* elf64-alpha.c (READ): Likewise.
	* elfcode.h (elf_object_p, elf_write_relocs, elf_write_shdrs_and_ehdr),
	(elf_slurp_symbol_table, elf_slurp_reloc_table),
	(bfd_from_remote_memory): Likewise.
	* elfcore.h (core_find_build_id): Likewise.
	* elfxx-mips.c (READ): Likewise.
	* mach-o.c (bfd_mach_o_mangle_sections),
	(bfd_mach_o_read_symtab_symbols, bfd_mach_o_read_thread),
	(bfd_mach_o_read_dysymtab, bfd_mach_o_flatten_sections),
	(bfd_mach_o_scan, bfd_mach_o_fat_archive_p): Likewise.
	* som.c (setup_sections, som_prep_for_fixups)
	(som_build_and_write_symbol_table, som_slurp_symbol_table),
	(som_slurp_reloc_table, som_bfd_count_ar_symbols),
	(som_bfd_fill_in_ar_symbols, som_slurp_armap),
	(som_bfd_ar_write_symbol_stuff): Likewise.
	* vms-alpha.c (vector_grow1): Likewise.
	* vms-lib.c (vms_add_index): Likewise.
	* wasm-module.c (wasm_scan_name_function_section): Likewise.
	* libbfd.c (bfd_malloc2, bfd_realloc2, bfd_zmalloc2): Delete.
	* opncls.c (bfd_alloc2, bfd_zalloc2): Delete.
	* libbfd-in.h (bfd_malloc2, bfd_realloc2, bfd_zmalloc2),
	(bfd_alloc2, bfd_zalloc2): Delete.
	(_bfd_mul_overflow): Define.
	* libbfd.h: Regenerate.

1 files changed, 43 insertions, 26 deletions

diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index a6b0c61..e7dfdee 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -687,19 +687,18 @@ elf_object_p (bfd *abfd)
     {
       Elf_Internal_Shdr *shdrp;
       unsigned int num_sec;
+      size_t amt;
 
-#ifndef BFD64
-      if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
+      if (_bfd_mul_overflow (i_ehdrp->e_shnum, sizeof (*i_shdrp), &amt))
 	goto got_wrong_format_error;
-#endif
-      i_shdrp = (Elf_Internal_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
-						  sizeof (*i_shdrp));
+      i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
       if (!i_shdrp)
 	goto got_no_match;
       num_sec = i_ehdrp->e_shnum;
       elf_numsections (abfd) = num_sec;
-      elf_elfsections (abfd)
-	= (Elf_Internal_Shdr **) bfd_alloc2 (abfd, num_sec, sizeof (i_shdrp));
+      if (_bfd_mul_overflow (num_sec, sizeof (i_shdrp), &amt))
+	goto got_wrong_format_error;
+      elf_elfsections (abfd) = (Elf_Internal_Shdr **) bfd_alloc (abfd, amt);
       if (!elf_elfsections (abfd))
 	goto got_no_match;
 
@@ -781,20 +780,18 @@ elf_object_p (bfd *abfd)
       Elf_Internal_Phdr *i_phdr;
       unsigned int i;
       ufile_ptr filesize;
+      size_t amt;
 
-#ifndef BFD64
-      if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
-	goto got_wrong_format_error;
-#endif
       /* Check for a corrupt input file with an impossibly large number
 	 of program headers.  */
       filesize = bfd_get_file_size (abfd);
       if (filesize != 0
 	  && i_ehdrp->e_phnum > filesize / sizeof (Elf_External_Phdr))
 	goto got_wrong_format_error;
+      if (_bfd_mul_overflow (i_ehdrp->e_phnum, sizeof (*i_phdr), &amt))
+	goto got_wrong_format_error;
       elf_tdata (abfd)->phdr
-	= (Elf_Internal_Phdr *) bfd_alloc2 (abfd, i_ehdrp->e_phnum,
-					    sizeof (*i_phdr));
+	= (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
       if (elf_tdata (abfd)->phdr == NULL)
 	goto got_no_match;
       if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_phoff, SEEK_SET) != 0)
@@ -881,6 +878,7 @@ elf_write_relocs (bfd *abfd, asection *sec, void *data)
   unsigned int idx;
   asymbol *last_sym;
   int last_sym_idx;
+  size_t amt;
 
   /* If we have already failed, don't do anything.  */
   if (*failedp)
@@ -907,10 +905,10 @@ elf_write_relocs (bfd *abfd, asection *sec, void *data)
     rela_hdr = elf_section_data (sec)->rel.hdr;
 
   rela_hdr->sh_size = rela_hdr->sh_entsize * sec->reloc_count;
-  rela_hdr->contents = (unsigned char *) bfd_alloc2 (abfd, sec->reloc_count,
-						     rela_hdr->sh_entsize);
-  if (rela_hdr->contents == NULL)
+  if (_bfd_mul_overflow (sec->reloc_count, rela_hdr->sh_entsize, &amt)
+      || (rela_hdr->contents = bfd_alloc (abfd, amt)) == NULL)
     {
+      bfd_set_error (bfd_error_no_memory);
       *failedp = TRUE;
       return;
     }
@@ -1019,7 +1017,7 @@ elf_write_shdrs_and_ehdr (bfd *abfd)
   Elf_External_Shdr *x_shdrp;	/* Section header table, external form */
   Elf_Internal_Shdr **i_shdrp;	/* Section header table, internal form */
   unsigned int count;
-  bfd_size_type amt;
+  size_t amt;
 
   i_ehdrp = elf_elfheader (abfd);
   i_shdrp = elf_elfsections (abfd);
@@ -1045,8 +1043,12 @@ elf_write_shdrs_and_ehdr (bfd *abfd)
     i_shdrp[0]->sh_link = i_ehdrp->e_shstrndx;
 
   /* at this point we've concocted all the ELF sections...  */
-  x_shdrp = (Elf_External_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
-					      sizeof (*x_shdrp));
+  if (_bfd_mul_overflow (i_ehdrp->e_shnum, sizeof (*x_shdrp), &amt))
+    {
+      bfd_set_error (bfd_error_no_memory);
+      return FALSE;
+    }
+  x_shdrp = (Elf_External_Shdr *) bfd_alloc (abfd, amt);
   if (!x_shdrp)
     return FALSE;
 
@@ -1157,6 +1159,7 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptrs, bfd_boolean dynamic)
   Elf_External_Versym *xver;
   Elf_External_Versym *xverbuf = NULL;
   const struct elf_backend_data *ebd;
+  size_t amt;
 
   /* Read each raw ELF symbol, converting from external ELF form to
      internal ELF form, and then using the information to create a
@@ -1201,8 +1204,12 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptrs, bfd_boolean dynamic)
       if (isymbuf == NULL)
 	return -1;
 
-      symbase = (elf_symbol_type *) bfd_zalloc2 (abfd, symcount,
-						 sizeof (elf_symbol_type));
+      if (_bfd_mul_overflow (symcount, sizeof (elf_symbol_type), &amt))
+	{
+	  bfd_set_error (bfd_error_file_too_big);
+	  goto error_return;
+	}
+      symbase = (elf_symbol_type *) bfd_zalloc (abfd, amt);
       if (symbase == (elf_symbol_type *) NULL)
 	goto error_return;
 
@@ -1522,6 +1529,7 @@ elf_slurp_reloc_table (bfd *abfd,
   bfd_size_type reloc_count;
   bfd_size_type reloc_count2;
   arelent *relents;
+  size_t amt;
 
   if (asect->relocation != NULL)
     return TRUE;
@@ -1559,8 +1567,12 @@ elf_slurp_reloc_table (bfd *abfd,
       reloc_count2 = 0;
     }
 
-  relents = (arelent *) bfd_alloc2 (abfd, reloc_count + reloc_count2,
-				    sizeof (arelent));
+  if (_bfd_mul_overflow (reloc_count + reloc_count2, sizeof (arelent), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return FALSE;
+    }
+  relents = (arelent *) bfd_alloc (abfd, amt);
   if (relents == NULL)
     return FALSE;
 
@@ -1660,6 +1672,7 @@ NAME(_bfd_elf,bfd_from_remote_memory)
   bfd_vma shdr_end;
   bfd_vma loadbase;
   char *filename;
+  size_t amt;
 
   /* Read in the ELF header in external format.  */
   err = target_read_memory (ehdr_vma, (bfd_byte *) &x_ehdr, sizeof x_ehdr);
@@ -1716,9 +1729,13 @@ NAME(_bfd_elf,bfd_from_remote_memory)
       return NULL;
     }
 
-  x_phdrs
-    = (Elf_External_Phdr *) bfd_malloc2 (i_ehdr.e_phnum,
-					 sizeof (*x_phdrs) + sizeof (*i_phdrs));
+  if (_bfd_mul_overflow (i_ehdr.e_phnum,
+			 sizeof (*x_phdrs) + sizeof (*i_phdrs), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return NULL;
+    }
+  x_phdrs = (Elf_External_Phdr *) bfd_malloc (amt);
   if (x_phdrs == NULL)
     return NULL;
   err = target_read_memory (ehdr_vma + i_ehdr.e_phoff, (bfd_byte *) x_phdrs,