| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* coff64-rs6000.c (_bfd_xcoff64_swap_aux_in): Use bfd_vma for h.
|
|
* vms-alpha.c (evax_bfd_print_image): Sanity check printing of
"image activator fixup" section.
(evax_bfd_print_relocation_records): Sanity check buffer offsets.
(evax_bfd_print_address_fixups): Likewise.
(evax_bfd_print_reference_fixups): Likewise.
|
|
|
|
Sometimes the investigation of a fuzzing bug report leads into areas
you'd rather not go. In this instance by the time I'd figured out the
real cause was a target variant that had never been properly supported
in binutils, the time needed to fix it was less than the time needed
to rip it out.
* coffcode.h (coff_set_alignment_hook): Call bfd_coff_swap_reloc_in
not coff_swap_reloc_in.
(coff_slurp_reloc_table): Likewise. Don't use RELOC type.
(ticoff0_swap_table): Use coff_swap_reloc_v0_out and
coff_swap_reloc_v0_in.
* coffswap.h (coff_swap_reloc_v0_in, coff_swap_reloc_v0_out): New.
* coff-tic54x.c (tic54x_lookup_howto): Don't abort.
* coffgen.c (coff_get_normalized_symtab): Use PTR_ADD.
* bfd-in.h (PTR_ADD, NPTR_ADD): Avoid warnings when passing an
expression.
* bfd-in2.h: Regenerate.
|
|
PR 21813
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Sanity
check PAIR reloc in other branch of condition as was done for
PR21813. Formatting. Delete debug printf.
|
|
* aoutx.h (aout_get_external_symbols): Sanity check before writing
zero index entry. Remove outdated comment.
* pdp11.c (aout_get_external_symbols): Likewise.
|
|
2021-10-22 Chenghua Xu <xuchenghua@loongson.cn>
Zhensong Liu <liuzhensong@loongson.cn>
Weinan Liu <liuweinan@loongson.cn>
bfd/
* Makefile.am: Add LoongArch.
* archures.c: Likewise.
* config.bfd: Likewise.
* configure.ac: Likewise.
* cpu-loongarch.c: New.
* elf-bfd.h: Add LoongArch.
* elf.c: Add LoongArch elfcore_grok_xxx.
* elfnn-loongarch.c: New.
* elfxx-loongarch.c: New.
* elfxx-loongarch.h: New.
* reloc.c: Add LoongArch BFD RELOC ENUM.
* targets.c: Add LoongArch target.
* Makefile.in: Regenerate.
* bfd-in2.h: Regenerate.
* configure: Regenerate.
* libbfd.h: Regenerate.
* po/BLD-POTFILES.in: Regenerate.
* po/SRC-POTFILES.in: Regenerate.
include/
* elf/common.h: Add NT_LARCH_{CPUCFG,CSR,LSX,LASX}.
* elf/loongarch.h: New.
|
|
|
|
|
|
Commit abd20cb637008da9d32018b4b03973e119388a0a and
ebdcad3fddf6ec21f6d4dcc702379a12718cf0c4 introduced additional
complexity into the paths run by the RISC-V relaxation pass in order to
resolve the issue of accurately keeping track of pcrel_hi and pcrel_lo
pairs. The first commit split up relaxation of these relocs into a pass
which occurred after other relaxations in order to prevent the situation
where bytes were deleted in between a pcrel_lo/pcrel_hi pair, inhibiting
our ability to find the corresponding pcrel_hi relocation from the
address attached to the pcrel_lo.
Since the relaxation was split into two passes the 'again' parameter
could not be used to perform the entire relaxation process again and so
the second commit added a way to restart ldelf_map_segments, thus
starting the whole process again.
Unfortunately this process could not account for the fact that we were
not finished with the relaxation process so in some cases - such as the
case where code would not fit in a memory region before the
R_RISCV_ALIGN relocation was relaxed - sanity checks in generic code
would fail.
This patch fixes all three of these concerns by reverting back to a
system of having only one target relax pass but updating entries in the
table of pcrel_hi/pcrel_lo relocs every time any bytes are deleted. Thus
we can keep track of the pairs accurately, and we can use the 'again'
parameter to restart the entire target relax pass, behaving in the way
that generic code expects. Unfortunately we must still have an
additional pass to delay deleting AUIPC bytes to avoid ambiguity between
pcrel_hi relocs stored in the table after deletion. This pass can only
be run once so we may potentially miss out on relaxation opportunities
but this is likely to be rare.
https://sourceware.org/bugzilla/show_bug.cgi?id=28410
bfd/
* elfnn-riscv.c (riscv_elf_link_hash_table): Removed restart_relax.
(riscv_elf_link_hash_table_create): Updated.
(riscv_relax_delete_bytes): Moved after the riscv_update_pcgp_relocs.
Update the pcgp_relocs table whenever bytes are deleted.
(riscv_update_pcgp_relocs): Add function to update the section
offset of pcrel_hi and pcrel_lo, and also update the symbol value
of pcrel_hi.
(_bfd_riscv_relax_call): Need to update the pcgp_relocs table
when deleting codes.
(_bfd_riscv_relax_lui): Likewise.
(_bfd_riscv_relax_tls_le): Likewise.
(_bfd_riscv_relax_align): Once we've handled an R_RISCV_ALIGN,
we can't relax anything else, so set the sec->sec_flg0 to true.
Besides, we don't need to update the pcgp_relocs table at this
stage, so just pass NULL pointer as the pcgp_relocs table for
riscv_relax_delete_bytes.
(_bfd_riscv_relax_section): Use only one pass for all target
relaxations.
(_bfd_riscv_relax_delete): Likewise, we don't need to update
the pcgp_relocs table at this stage, and don't need to set
the `again' since restart_relax mechanism is abandoned.
(bfd_elfNN_riscv_restart_relax_sections): Removed.
(_bfd_riscv_relax_section): Updated.
* elfxx-riscv.h (bfd_elf32_riscv_restart_relax_sections): Removed.
(bfd_elf64_riscv_restart_relax_sections): Likewise.
ld/
* emultempl/riscvelf.em: Revert restart_relax changes and set
relax_pass to 3.
* testsuite/ld-riscv-elf/align-small-region.d: New testcase.
* testsuite/ld-riscv-elf/align-small-region.ld: Likewise.
* testsuite/ld-riscv-elf/align-small-region.s: Likewise.
* testsuite/ld-riscv-elf/restart-relax.d: Removed sine the
restart_relax mechanism is abandoned.
* testsuite/ld-riscv-elf/restart-relax.s: Likewise.
* testsuite/ld-riscv-elf/ld-riscv-elf.exp: Updated.
|
|
|
|
|
|
|
|
name.
bfd * linker.c (_bfd_generic_link_add_one_symbol): Test for a NULL
name before checking to see if the symbol is __gnu_lto_slim.
* archive.c (_bfd_compute_and_write_armap): Likewise.
binutils
* nm.c (filter_symbols): Test for a NULL name before checking to
see if the symbol is __gnu_lto_slim.
* objcopy.c (filter_symbols): Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is not valid in ISO C. Instead, use a pointer to bfd_byte.
* peicode.h (pe_bfd_object_p): Remove use of void pointer
arithmetic.
|
|
|
|
|
|
PR 28415
PR 28416
* elf32-xtensa.c (xtensa_read_table_entries): Handle error
return from retrieve_contents.
|
|
|
|
|
|
This change adds the Zbs instructions from the Zbs 1.0.0 specification.
See
https://github.com/riscv/riscv-bitmanip/releases/tag/1.0.0
for the frozen specification.
2021-01-09 Philipp Tomsich <philipp.tomsich@vrull.eu>
bfd/
* elfxx-riscv.c (riscv_supported_std_z_ext): Added zbs.
gas/
* config/tc-riscv.c (riscv_multi_subset_supports): Handle INSN_CLASS_ZBS.
* testsuite/gas/riscv/b-ext.d: Test Zbs instructions.
* testsuite/gas/riscv/b-ext.s: Likewise.
* testsuite/gas/riscv/b-ext-64.d: Likewise.
* testsuite/gas/riscv/b-ext-64.s: Likewise.
include/
* opcode/riscv-opc.h: Added MASK/MATCH/DECLARE_INSN for Zbs.
* opcode/riscv.h (riscv_insn_class): Added INSN_CLASS_ZBS.
opcodes/
* riscv-opc.c (riscv_supported_std_z_ext): Add zbs.
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
|
|
2021-10-06 Philipp Tomsich <philipp.tomsich@vrull.eu>
bfd/
* elfxx-riscv.c (riscv_supported_std_z_ext): Update the version
number for zba, zbb and zbc to 1.0.0
Signed-off-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Version-changes: 3
- Updated version numbers for zba, zbb and zbc to 1.0.0
|
|
XCOFF archives use a bi-directional linked list for file members. So
one member points to both the previous member and the next member.
Members may not be sequentially ordered in the file. This of course
is over-engineered nonsense and an attractive target for fuzzers.
(There is even a free list of members!) The testcase in PR28423 is an
XCOFF archive with one member pointing to itself, which results in
lots of bad behaviour. For example, "ar t" never terminates.
The use-after-free with "objdump -r" happens like this: The first
archive element is opened, its symbols are read and "canonicalized"
for objdump, then relocations are read and printed. Those relocations
use the canonicalized symbols, and also happen to be cached by the
coff bfd backend support. objdump frees the symbols. The next
archive element is then opened. This must be done before the first
element is closed, because finding the next element uses data held in
the currect element. Unfortunately the next element happens to be the
original, so we aren't opening, we're reopening a bfd which has cached
data. When the relocations are printed they use the cached copy
containing references to the freed canonical symbols.
This patch adds a little sanity checking to the XCOFF "open next
archive file" support, so that it rejects archive members pointing at
themselves. That is sufficient to cure this problem. Anything more
is overkill. If someone deliberately fuzzes an XCOFF archive with an
element loop then reports an "ar" bug when it runs forever, they will
find their bug report closed WONTFIX.
PR 28423
* coff-rs6000.c (_bfd_xcoff_read_ar_hdr): Save size occupied
by member name in areltdata.extra_size.
(_bfd_xcoff_openr_next_archived_file): Sanity check nextoff.
* coff64-rs6000.c (xcoff64_openr_next_archived_file): Call
_bfd_xcoff_openr_next_archived_file.
|
|
This fixes a bug in commit 5d9bbb73c1df. All fields preserved from a
bfd in struct bfd_preserve need to be cleared in bfd_reinit.
PR 28422
* format.c (bfd_reinit): Clear build_id.
|
|
Rather than reporting "memory exhausted", report "file truncated".
You can hit this error on small fuzzed object files, or on files that
are actually truncated. In either case sizes can be such that an out
of memory error is a little confusing.
* compress.c (bfd_get_full_section_contents): Set
bfd_error_file_truncated rather than bfd_error_no_memory when
section size exceeds file size.
|
|
|
|
PR 28420
* coff-mips.c (mips_adjust_reloc_in): Replace abort with error
message and return.
* ecoff.c (ecoff_slurp_reloc_table): Remove assertion and aborts,
instead handle errors gracefully.
|
|
This fixes a situation where the COFF code allocated memory for
internal representaion arrays before reading the external file data.
That meant the allocation didn't have any sanity check against file
size.
PR 28402
* coffcode.h (buy_and_read): Malloc rather than alloc memory.
(coff_slurp_line_table): Read native line number info before
allocating memory for internal line number array. Adjust error
paths to suit. Remove now unnecessary line number count check.
(coff_slurp_reloc_table): Adjust to suit buy_and_read change.
|
|
Indexing of symbol and howto arrays wasn't checked in aout targets.
PR 28403
* aout-ns32k.c (MY (reloc_howto)): Sanity check howto_table index.
Make r_index unsigned.
(MY_swap_std_reloc_in): Make r_index unsigned.
* aoutx.h (MOVE_ADDRESS): Sanity check symbol r_index.
(aout_link_input_section_std): Make r_index unsigned.
(aout_link_input_section_ext): Likewise.
* i386lynx.c (MOVE_ADDRESS): Sanity check symbol r_index.
(swap_ext_reloc_in, swap_std_reloc_in): Make r_index unsigned.
* pdp11.c (MOVE_ADDRESS): Sanity check symbol r_index.
|
|
|
|
|
|
|
|
|
|
|
|
2021-09-27 Andrea Corallo <andrea.corallo@arm.com>
* elf-bfd.h (NUM_KNOWN_OBJ_ATTRIBUTES): Update value to cover
'Tag_BTI_use' and 'Tag_PACRET_use'.
|
|
|
|
Patch is adding Cortex-R52+ as 'cortex-r52plus' command line
flag for -mcpu option.
bfd/
* cpu-arm.c: New Cortex-R52+ CPU.
gas/
* NEWS: Update docs.
* config/tc-arm.c: New Cortex-R52+ CPU.
* doc/c-arm.texi: Update docs.
* testsuite/gas/arm/cpu-cortex-r52plus.d: New test.
|
|
Add elfcore_grok_solaris_note function that enables to
obtain process status, register values, and program info
from Solaris's core files.
bfd/
* elf.c (elfcore_grok_solaris_note): Solaris specific ELF
note parser. Better GDB's coredump analysis on Solaris...
(elfcore_grok_solaris_note_impl): New function.
(elfcore_grok_solaris_prstatus): New function.
(elfcore_grok_solaris_info): New function.
(elfcore_grok_solaris_lwpstatus): New function.
(elf_parse_notes): Added "CORE" groker element.
include/
* elf/common.h: Add note segment constants for core files on
Solaris systems.
|
|
|
|
|
|
When specify a default version for p extension in
riscv_supported_std_ext[](elfxx-riscv.c) and assembling with
-march=rv32imacp, the c extension's version in attribute will become
0p0, the expectation is 2p0.
TODO: Remember to add testcase when we have supported standrad p in
the future.
bfd/
PR gas/28372
* elfxx-riscv.c (riscv_parsing_subset_version): Break if p
represent the 'p' extension.
Change-Id: Ia4e0cf26f3d7d07acaee8cefd86707ecac663a59
|
|
We need to allow adding numbers in the prefixed extension names, since
the zve<32,64><d,f,x> extensions are included in the forzen rvv v1.0 spec
recently. But there are two restrictions as follows,
* The extension name ends with <number>p is invalid, since this may
be confused with extension with <number>.0 version. We report errors
for this case.
Invalid format: [z|h|s|zvm|x][0-9a-z]+[0-9]+p
* The extension name ends with numbers is valid, but the numbers will
be parsed as major version, so try to avoid naming extensions like this.
bfd/
* elfxx-riscv.c (riscv_recognized_prefixed_ext): Renamed from
riscv_valid_prefixed_ext/
(riscv_parsing_subset_version): The extensions end with <number>p
is forbidden, we already report the detailed errors in the
riscv_parse_prefixed_ext, so clean the code and unused parameters.
(riscv_parse_std_ext): Updated.
(riscv_parse_prefixed_ext): Rewrite the parser to allow numbers
in the prefixed extension names.
gas/
* testsuite/gas/riscv/march-fail-invalid-x-01.d: New testcases.
* testsuite/gas/riscv/march-fail-invalid-x-02.d: Likewise.
* testsuite/gas/riscv/march-fail-invalid-z-01.d: Likewise.
* testsuite/gas/riscv/march-fail-invalid-z-02.d: Likewise.
* testsuite/gas/riscv/march-fail-invalid.l: Likewise.
* testsuite/gas/riscv/march-fail-version-x.d: Removed.
* testsuite/gas/riscv/march-fail-version-z.d: Likewise.
* testsuite/gas/riscv/march-fail-version.l: Likewise.
|
