From 81ff113f7852558610855261551410455886cb08 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 22 Feb 2023 07:47:36 +1030 Subject: Test SEC_HAS_CONTENTS before reading section contents bfd_malloc_and_get_section does size sanity checking before allocating memory and reading contents. These size checks are not done for bss style sections, because they typically don't occupy file space and thus can't be compared against file size. However, if you are expecting to look at something other than a whole lot of zeros, don't allow fuzzers to avoid the size checking. * cofflink.c (process_embedded_commands): Don't look at sections without SEC_HAS_CONTENTS set. * cpu-arm.c (bfd_arm_update_notes): Likewise. (bfd_arm_get_mach_from_notes): Likewise. * elf-eh-frame.c (_bfd_elf_parse_eh_frame): Likewise. * elf-hppa.h (elf_hppa_sort_unwind): Likewise. * elf-m10300.c (mn10300_elf_relax_section): Likewise. * elf-sframe.c (_bfd_elf_parse_sframe): Likewise. * elf.c (_bfd_elf_print_private_bfd_data): Likewise. * elf32-arm.c (bfd_elf32_arm_process_before_allocation): Likewise. * elf32-avr.c (avr_elf32_load_property_records): Likewise. * elf32-ppc.c (_bfd_elf_ppc_set_arch): Likewise. (ppc_elf_get_synthetic_symtab, ppc_elf_relax_section): Likewise. * elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise. (opd_entry_value, ppc64_elf_edit_opd, ppc64_elf_edit_toc): Likewise. * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. * elflink.c (elf_link_add_object_symbols): Likewise. (bfd_elf_get_bfd_needed_list): Likewise. * elfnn-aarch64.c (get_plt_type): Likewise. * elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise. * linker.c (_bfd_handle_already_linked): Likewise. * opncls.c (bfd_get_debug_link_info_1): Likewise. (bfd_get_alt_debug_link_info, get_build_id): Likewise. * peXXigen.c (pe_print_idata, pe_print_pdata): Likewise. (_bfd_XX_print_ce_compressed_pdata, pe_print_reloc): Likewise. * pei-x86_64.c (pex64_bfd_print_pdata_section): Likewise. * stabs.c (_bfd_link_section_stabs): Likewise. (_bfd_discard_section_stabs): Likewise. * xcofflink.c (_bfd_xcoff_get_dynamic_symtab_upper_bound): Likewise. (_bfd_xcoff_canonicalize_dynamic_symtab): Likewise. (_bfd_xcoff_get_dynamic_reloc_upper_bound): Likewise. (_bfd_xcoff_canonicalize_dynamic_reloc): Likewise. (xcoff_link_add_dynamic_symbols): Likewise. (xcoff_link_check_dynamic_ar_symbols): Likewise. (bfd_xcoff_build_dynamic_sections): Likewise. --- bfd/peXXigen.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'bfd/peXXigen.c') diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index fa2b429..43f3a83 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -1288,7 +1288,7 @@ pe_print_idata (bfd * abfd, void * vfile) { /* Maybe the extra header isn't there. Look for the section. */ section = bfd_get_section_by_name (abfd, ".idata"); - if (section == NULL) + if (section == NULL || (section->flags & SEC_HAS_CONTENTS) == 0) return true; addr = section->vma; @@ -1845,6 +1845,7 @@ pe_print_pdata (bfd * abfd, void * vfile) int onaline = PDATA_ROW_SIZE; if (section == NULL + || (section->flags & SEC_HAS_CONTENTS) == 0 || coff_section_data (abfd, section) == NULL || pei_section_data (abfd, section) == NULL) return true; @@ -2014,6 +2015,7 @@ _bfd_XX_print_ce_compressed_pdata (bfd * abfd, void * vfile) struct sym_cache cache = {0, 0} ; if (section == NULL + || (section->flags & SEC_HAS_CONTENTS) == 0 || coff_section_data (abfd, section) == NULL || pei_section_data (abfd, section) == NULL) return true; @@ -2147,7 +2149,9 @@ pe_print_reloc (bfd * abfd, void * vfile) asection *section = bfd_get_section_by_name (abfd, ".reloc"); bfd_byte *p, *end; - if (section == NULL || section->size == 0 || !(section->flags & SEC_HAS_CONTENTS)) + if (section == NULL + || section->size == 0 + || (section->flags & SEC_HAS_CONTENTS) == 0) return true; fprintf (file, -- cgit v1.1