diff options
author | Alan Modra <amodra@gmail.com> | 2020-08-12 20:18:43 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2020-08-13 08:09:08 +0930 |
commit | 75e100a30d5dfdd3ac2b0391c17173645fc77633 (patch) | |
tree | a5543e1a6a43b603bc654afe5b81edcf8959b1a9 /bfd | |
parent | 6d8a0a5e90936d4bea9bf1ce9b4e1c22d9aaccae (diff) | |
download | gdb-75e100a30d5dfdd3ac2b0391c17173645fc77633.zip gdb-75e100a30d5dfdd3ac2b0391c17173645fc77633.tar.gz gdb-75e100a30d5dfdd3ac2b0391c17173645fc77633.tar.bz2 |
PR26348, Malloc error in write_zeros
This adds a few more sanity checks on ELF objects, and a BFD flag to
disable objcopy and strip when fuzzed input files belong in the "too
hard" basket.
bfd/
PR 26348
* bfd.c (struct bfd): Add read_only.
* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
Set read_only on warning.
(elf_object_p): Sanity check program header alignment. Set
read_only on warning.
* bfd-in2.h: Regenerate.
binutils/
PR 26348
* objcopy.c (copy_object): Report file name with endian error.
Error and return on abfd->read_only.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/ChangeLog | 10 | ||||
-rw-r--r-- | bfd/bfd-in2.h | 4 | ||||
-rw-r--r-- | bfd/bfd.c | 4 | ||||
-rw-r--r-- | bfd/elfcode.h | 22 |
4 files changed, 35 insertions, 5 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index a234258..0e22506 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,13 @@ +2020-08-13 Alan Modra <amodra@gmail.com> + + PR 26348 + * bfd.c (struct bfd): Add read_only. + * elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size. + Set read_only on warning. + (elf_object_p): Sanity check program header alignment. Set + read_only on warning. + * bfd-in2.h: Regenerate. + 2020-08-12 Jon Turney <jon.turney@dronecode.org.uk> * elf.c (elfcore_grok_win32pstatus): Use unsigned int for diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h index 35ef4d7..94d3195 100644 --- a/bfd/bfd-in2.h +++ b/bfd/bfd-in2.h @@ -6678,6 +6678,10 @@ struct bfd /* Set if this is a slim LTO object not loaded with a compiler plugin. */ unsigned int lto_slim_object : 1; + /* Do not attempt to modify this file. Set when detecting errors + that BFD is not prepared to handle for objcopy/strip. */ + unsigned int read_only : 1; + /* Set to dummy BFD created when claimed by a compiler plug-in library. */ bfd *plugin_dummy_bfd; @@ -245,6 +245,10 @@ CODE_FRAGMENT . {* Set if this is a slim LTO object not loaded with a compiler plugin. *} . unsigned int lto_slim_object : 1; . +. {* Do not attempt to modify this file. Set when detecting errors +. that BFD is not prepared to handle for objcopy/strip. *} +. unsigned int read_only : 1; +. . {* Set to dummy BFD created when claimed by a compiler plug-in . library. *} . bfd *plugin_dummy_bfd; diff --git a/bfd/elfcode.h b/bfd/elfcode.h index 2e2c534..84b08b5 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -321,11 +321,14 @@ elf_swap_shdr_in (bfd *abfd, { ufile_ptr filesize = bfd_get_file_size (abfd); - if (filesize != 0 && dst->sh_size > filesize) - _bfd_error_handler - (_("warning: %pB has a corrupt section with a size (%" - BFD_VMA_FMT "x) larger than the file size"), - abfd, dst->sh_size); + if (filesize != 0 + && ((ufile_ptr) dst->sh_offset > filesize + || dst->sh_size > filesize - dst->sh_offset)) + { + abfd->read_only = 1; + _bfd_error_handler (_("warning: %pB has a section " + "extending past end of file"), abfd); + } } dst->sh_link = H_GET_32 (abfd, src->sh_link); dst->sh_info = H_GET_32 (abfd, src->sh_info); @@ -764,6 +767,7 @@ elf_object_p (bfd *abfd) So we are kind, and reset the string index value to 0 so that at least some processing can be done. */ i_ehdrp->e_shstrndx = SHN_UNDEF; + abfd->read_only = 1; _bfd_error_handler (_("warning: %pB has a corrupt string table index - ignoring"), abfd); @@ -804,6 +808,14 @@ elf_object_p (bfd *abfd) if (bfd_bread (&x_phdr, sizeof x_phdr, abfd) != sizeof x_phdr) goto got_no_match; elf_swap_phdr_in (abfd, &x_phdr, i_phdr); + /* Too much code in BFD relies on alignment being a power of + two, as required by the ELF spec. */ + if (i_phdr->p_align != (i_phdr->p_align & -i_phdr->p_align)) + { + abfd->read_only = 1; + _bfd_error_handler (_("warning: %pB has a program header " + "with invalid alignment"), abfd); + } } } |