[packages/binutils.git] / binutils-robustify5.patch

2005-06-17  Jakub Jelinek  <jakub@redhat.com>
bfd/
	* elf.c (bfd_section_from_shdr): Kill bogus warning.

	* elf.c (bfd_section_from_shdr): Fail if sh_entsize is bogus for
	symbol, relocation, group or versym sections.

	* coffcode.h (coff_slurp_reloc_table): Don't crash if native_relocs
	is NULL.
	* peXXigen.c (pe_print_idata): Don't crash if dll_name or start_address
	doesn't point into the section.
include/
	* elf/external.h (GRP_ENTRY_SIZE): Define.
binutils/
	* readelf.c (CHECK_ENTSIZE_VALUES, CHECK_ENTSIZE): Define.
	(process_section_headers): Use it.
	(process_relocs): Don't crash if symsec is not SHT_SYMTAB
	or SHT_DYNSYM.
	(process_version_sections): Use sizeof (Elf_External_Versym)
	instead of sh_entsize.

--- bfd/coffcode.h	9 Jun 2005 19:22:15 -0000	1.127
+++ bfd/coffcode.h	17 Jun 2005 13:39:56 -0000	1.128
@@ -4830,7 +4830,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_
   amt = (bfd_size_type) asect->reloc_count * sizeof (arelent);
   reloc_cache = bfd_alloc (abfd, amt);
 
-  if (reloc_cache == NULL)
+  if (reloc_cache == NULL || native_relocs == NULL)
     return FALSE;
 
   for (idx = 0; idx < asect->reloc_count; idx++)
--- bfd/elf.c	14 Jun 2005 11:04:22 -0000	1.301
+++ bfd/elf.c	17 Jun 2005 15:48:25 -0000	1.303
@@ -1811,7 +1811,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
       if (elf_onesymtab (abfd) == shindex)
 	return TRUE;
 
-      BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
+      if (hdr->sh_entsize != bed->s->sizeof_sym)
+	return FALSE;
       BFD_ASSERT (elf_onesymtab (abfd) == 0);
       elf_onesymtab (abfd) = shindex;
       elf_tdata (abfd)->symtab_hdr = *hdr;
@@ -1862,7 +1863,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
       if (elf_dynsymtab (abfd) == shindex)
 	return TRUE;
 
-      BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
+      if (hdr->sh_entsize != bed->s->sizeof_sym)
+	return FALSE;
       BFD_ASSERT (elf_dynsymtab (abfd) == 0);
       elf_dynsymtab (abfd) = shindex;
       elf_tdata (abfd)->dynsymtab_hdr = *hdr;
@@ -1946,6 +1948,11 @@ bfd_section_from_shdr (bfd *abfd, unsign
 	Elf_Internal_Shdr *hdr2;
 	unsigned int num_sec = elf_numsections (abfd);
 
+	if (hdr->sh_entsize
+	    != (bfd_size_type) (hdr->sh_type == SHT_REL
+				? bed->s->sizeof_rel : bed->s->sizeof_rela))
+	  return FALSE;
+
 	/* Check for a bogus link to avoid crashing.  */
 	if ((hdr->sh_link >= SHN_LORESERVE && hdr->sh_link <= SHN_HIRESERVE)
 	    || hdr->sh_link >= num_sec)
@@ -2004,10 +2011,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
 	  return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
 						  shindex);
 
-        /* Prevent endless recursion on broken objects.  */
-        if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
-            || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
-          return FALSE;
+	/* Prevent endless recursion on broken objects.  */
+	if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
+	    || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
+	  return FALSE;
 	if (! bfd_section_from_shdr (abfd, hdr->sh_info))
 	  return FALSE;
 	target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);
@@ -2047,6 +2054,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
       break;
 
     case SHT_GNU_versym:
+      if (hdr->sh_entsize != sizeof (Elf_External_Versym))
+	return FALSE;
       elf_dynversym (abfd) = shindex;
       elf_tdata (abfd)->dynversym_hdr = *hdr;
       return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
@@ -2065,6 +2074,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
       /* We need a BFD section for objcopy and relocatable linking,
 	 and it's handy to have the signature available as the section
 	 name.  */
+      if (hdr->sh_entsize != GRP_ENTRY_SIZE)
+	return FALSE;
       name = group_signature (abfd, hdr);
       if (name == NULL)
 	return FALSE;
--- bfd/peXXigen.c	4 May 2005 15:53:37 -0000	1.30
+++ bfd/peXXigen.c	17 Jun 2005 13:39:56 -0000	1.31
@@ -1103,7 +1103,7 @@ pe_print_idata (bfd * abfd, void * vfile
       bfd_vma toc_address;
       bfd_vma start_address;
       bfd_byte *data;
-      int offset;
+      bfd_vma offset;
 
       if (!bfd_malloc_and_get_section (abfd, rel_section, &data))
 	{
@@ -1114,6 +1114,13 @@ pe_print_idata (bfd * abfd, void * vfile
 
       offset = abfd->start_address - rel_section->vma;
 
+      if (offset >= rel_section->size || offset + 8 > rel_section->size)
+        {
+          if (data != NULL)
+            free (data);
+          return FALSE;
+        }
+
       start_address = bfd_get_32 (abfd, data + offset);
       loadable_toc_address = bfd_get_32 (abfd, data + offset + 4);
       toc_address = loadable_toc_address - 32768;
@@ -1182,6 +1189,9 @@ pe_print_idata (bfd * abfd, void * vfile
       if (hint_addr == 0 && first_thunk == 0)
 	break;
 
+      if (dll_name - adj >= section->size)
+        break;
+
       dll = (char *) data + dll_name - adj;
       fprintf (file, _("\n\tDLL Name: %s\n"), dll);
 
 2005-06-08  Zack Weinberg  <zack@codesourcery.com>
 
 	* dis-asm.h (get_arm_regnames): Update prototype.
--- include/elf/external.h	10 May 2005 10:21:10 -0000	1.7
+++ include/elf/external.h	17 Jun 2005 13:37:23 -0000	1.8
@@ -272,5 +272,8 @@ typedef struct
   unsigned char		a_val[8];
 } Elf64_External_Auxv;
 
+/* Size of SHT_GROUP section entry.  */
+
+#define GRP_ENTRY_SIZE		4
 
 #endif /* _ELF_EXTERNAL_H */
--- binutils/readelf.c	14 Jun 2005 11:06:28 -0000	1.302
+++ binutils/readelf.c	17 Jun 2005 13:37:26 -0000	1.303
@@ -3754,6 +3754,22 @@ process_section_headers (FILE *file)
   dynamic_syminfo = NULL;
   symtab_shndx_hdr = NULL;
 
+#define CHECK_ENTSIZE_VALUES(section, i, size32, size64) \
+  do									    \
+    {									    \
+      size_t expected_entsize						    \
+	= is_32bit_elf ? size32 : size64;				    \
+      if (section->sh_entsize != expected_entsize)			    \
+	error (_("Section %d has invalid sh_entsize %lx (expected %lx)\n"), \
+	       i, (unsigned long int) section->sh_entsize,		    \
+	       (unsigned long int) expected_entsize);			    \
+      section->sh_entsize = expected_entsize;				    \
+    }									    \
+  while (0)
+#define CHECK_ENTSIZE(section, i, type) \
+  CHECK_ENTSIZE_VALUES (section, i, sizeof (Elf32_External_##type),	    \
+			sizeof (Elf64_External_##type))
+
   for (i = 0, section = section_headers;
        i < elf_header.e_shnum;
        i++, section++)
@@ -3768,6 +3784,7 @@ process_section_headers (FILE *file)
 	      continue;
 	    }
 
+	  CHECK_ENTSIZE (section, i, Sym);
 	  num_dynamic_syms = section->sh_size / section->sh_entsize;
 	  dynamic_symbols = GET_ELF_SYMBOLS (file, section);
 	}
@@ -3793,6 +3810,14 @@ process_section_headers (FILE *file)
 	    }
 	  symtab_shndx_hdr = section;
 	}
+      else if (section->sh_type == SHT_SYMTAB)
+	CHECK_ENTSIZE (section, i, Sym);
+      else if (section->sh_type == SHT_GROUP)
+	CHECK_ENTSIZE_VALUES (section, i, GRP_ENTRY_SIZE, GRP_ENTRY_SIZE);
+      else if (section->sh_type == SHT_REL)
+	CHECK_ENTSIZE (section, i, Rel);
+      else if (section->sh_type == SHT_RELA)
+	CHECK_ENTSIZE (section, i, Rela);
       else if ((do_debugging || do_debug_info || do_debug_abbrevs
 		|| do_debug_lines || do_debug_pubnames || do_debug_aranges
 		|| do_debug_frames || do_debug_macinfo || do_debug_str
@@ -4311,6 +4336,10 @@ process_relocs (FILE *file)
 		  char *strtab = NULL;
 
 		  symsec = SECTION_HEADER (section->sh_link);
+		  if (symsec->sh_type != SHT_SYMTAB
+		      && symsec->sh_type != SHT_DYNSYM)
+                    continue;
+
 		  nsyms = symsec->sh_size / symsec->sh_entsize;
 		  symtab = GET_ELF_SYMBOLS (file, symsec);
 
@@ -6194,7 +6223,7 @@ process_version_sections (FILE *file)
 	      break;
 
 	    link_section = SECTION_HEADER (section->sh_link);
-	    total = section->sh_size / section->sh_entsize;
+	    total = section->sh_size / sizeof (Elf_External_Versym);
 
 	    if (SECTION_HEADER_INDEX (link_section->sh_link)
 		>= elf_header.e_shnum)
Commit	Line	Data
52cb69e7 AM	1	2005-06-17 Jakub Jelinek <jakub@redhat.com>
	2	bfd/
	3	* elf.c (bfd_section_from_shdr): Kill bogus warning.
	4
	5	* elf.c (bfd_section_from_shdr): Fail if sh_entsize is bogus for
	6	symbol, relocation, group or versym sections.
	7
	8	* coffcode.h (coff_slurp_reloc_table): Don't crash if native_relocs
	9	is NULL.
	10	* peXXigen.c (pe_print_idata): Don't crash if dll_name or start_address
	11	doesn't point into the section.
	12	include/
	13	* elf/external.h (GRP_ENTRY_SIZE): Define.
	14	binutils/
	15	* readelf.c (CHECK_ENTSIZE_VALUES, CHECK_ENTSIZE): Define.
	16	(process_section_headers): Use it.
	17	(process_relocs): Don't crash if symsec is not SHT_SYMTAB
	18	or SHT_DYNSYM.
	19	(process_version_sections): Use sizeof (Elf_External_Versym)
	20	instead of sh_entsize.
	21
	22	--- bfd/coffcode.h 9 Jun 2005 19:22:15 -0000 1.127
	23	+++ bfd/coffcode.h 17 Jun 2005 13:39:56 -0000 1.128
	24	@@ -4830,7 +4830,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_
	25	amt = (bfd_size_type) asect->reloc_count * sizeof (arelent);
	26	reloc_cache = bfd_alloc (abfd, amt);
	27
	28	- if (reloc_cache == NULL)
	29	+ if (reloc_cache == NULL \|\| native_relocs == NULL)
	30	return FALSE;
	31
	32	for (idx = 0; idx < asect->reloc_count; idx++)
	33	--- bfd/elf.c 14 Jun 2005 11:04:22 -0000 1.301
	34	+++ bfd/elf.c 17 Jun 2005 15:48:25 -0000 1.303
	35	@@ -1811,7 +1811,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
	36	if (elf_onesymtab (abfd) == shindex)
	37	return TRUE;
	38
	39	- BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
	40	+ if (hdr->sh_entsize != bed->s->sizeof_sym)
	41	+ return FALSE;
	42	BFD_ASSERT (elf_onesymtab (abfd) == 0);
	43	elf_onesymtab (abfd) = shindex;
	44	elf_tdata (abfd)->symtab_hdr = *hdr;
	45	@@ -1862,7 +1863,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
	46	if (elf_dynsymtab (abfd) == shindex)
	47	return TRUE;
	48
	49	- BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
	50	+ if (hdr->sh_entsize != bed->s->sizeof_sym)
	51	+ return FALSE;
	52	BFD_ASSERT (elf_dynsymtab (abfd) == 0);
	53	elf_dynsymtab (abfd) = shindex;
	54	elf_tdata (abfd)->dynsymtab_hdr = *hdr;
	55	@@ -1946,6 +1948,11 @@ bfd_section_from_shdr (bfd *abfd, unsign
	56	Elf_Internal_Shdr *hdr2;
	57	unsigned int num_sec = elf_numsections (abfd);
	58
	59	+ if (hdr->sh_entsize
	60	+ != (bfd_size_type) (hdr->sh_type == SHT_REL
	61	+ ? bed->s->sizeof_rel : bed->s->sizeof_rela))
	62	+ return FALSE;
	63	+
	64	/* Check for a bogus link to avoid crashing. */
65	if ((hdr->sh_link >= SHN_LORESERVE && hdr->sh_link <= SHN_HIRESERVE)
66	\|\| hdr->sh_link >= num_sec)
67	@@ -2004,10 +2011,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
68	return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
69	shindex);
70
71	- /* Prevent endless recursion on broken objects. */
72	- if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
73	- \|\| elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
74	- return FALSE;
75	+ /* Prevent endless recursion on broken objects. */
76	+ if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
77	+ \|\| elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
78	+ return FALSE;
79	if (! bfd_section_from_shdr (abfd, hdr->sh_info))
80	return FALSE;
81	target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);
82	@@ -2047,6 +2054,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
83	break;
84
85	case SHT_GNU_versym:
86	+ if (hdr->sh_entsize != sizeof (Elf_External_Versym))
87	+ return FALSE;
88	elf_dynversym (abfd) = shindex;
89	elf_tdata (abfd)->dynversym_hdr = *hdr;
90	return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex);
91	@@ -2065,6 +2074,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
92	/* We need a BFD section for objcopy and relocatable linking,
93	and it's handy to have the signature available as the section
94	name. */
95	+ if (hdr->sh_entsize != GRP_ENTRY_SIZE)
96	+ return FALSE;
97	name = group_signature (abfd, hdr);
98	if (name == NULL)
99	return FALSE;
100	--- bfd/peXXigen.c 4 May 2005 15:53:37 -0000 1.30
101	+++ bfd/peXXigen.c 17 Jun 2005 13:39:56 -0000 1.31
102	@@ -1103,7 +1103,7 @@ pe_print_idata (bfd * abfd, void * vfile
103	bfd_vma toc_address;
104	bfd_vma start_address;
105	bfd_byte *data;
106	- int offset;
107	+ bfd_vma offset;
108
109	if (!bfd_malloc_and_get_section (abfd, rel_section, &data))
110	{
111	@@ -1114,6 +1114,13 @@ pe_print_idata (bfd * abfd, void * vfile
112
113	offset = abfd->start_address - rel_section->vma;
114
115	+ if (offset >= rel_section->size \|\| offset + 8 > rel_section->size)
116	+ {
117	+ if (data != NULL)
118	+ free (data);
119	+ return FALSE;
120	+ }
121	+
122	start_address = bfd_get_32 (abfd, data + offset);
123	loadable_toc_address = bfd_get_32 (abfd, data + offset + 4);
124	toc_address = loadable_toc_address - 32768;
125	@@ -1182,6 +1189,9 @@ pe_print_idata (bfd * abfd, void * vfile
126	if (hint_addr == 0 && first_thunk == 0)
127	break;
128
129	+ if (dll_name - adj >= section->size)
130	+ break;
131	+
132	dll = (char *) data + dll_name - adj;
133	fprintf (file, _("\n\tDLL Name: %s\n"), dll);
134
135	2005-06-08 Zack Weinberg <zack@codesourcery.com>
136
137	* dis-asm.h (get_arm_regnames): Update prototype.
138	--- include/elf/external.h 10 May 2005 10:21:10 -0000 1.7
139	+++ include/elf/external.h 17 Jun 2005 13:37:23 -0000 1.8
140	@@ -272,5 +272,8 @@ typedef struct
141	unsigned char a_val[8];
142	} Elf64_External_Auxv;
143
144	+/* Size of SHT_GROUP section entry. */
145	+
146	+#define GRP_ENTRY_SIZE 4
147
148	#endif /* _ELF_EXTERNAL_H */
149	--- binutils/readelf.c 14 Jun 2005 11:06:28 -0000 1.302
150	+++ binutils/readelf.c 17 Jun 2005 13:37:26 -0000 1.303
151	@@ -3754,6 +3754,22 @@ process_section_headers (FILE *file)
152	dynamic_syminfo = NULL;
153	symtab_shndx_hdr = NULL;
154
155	+#define CHECK_ENTSIZE_VALUES(section, i, size32, size64) \
156	+ do \
157	+ { \
158	+ size_t expected_entsize \
159	+ = is_32bit_elf ? size32 : size64; \
160	+ if (section->sh_entsize != expected_entsize) \
161	+ error (_("Section %d has invalid sh_entsize %lx (expected %lx)\n"), \
162	+ i, (unsigned long int) section->sh_entsize, \
163	+ (unsigned long int) expected_entsize); \
164	+ section->sh_entsize = expected_entsize; \
165	+ } \
166	+ while (0)
167	+#define CHECK_ENTSIZE(section, i, type) \
168	+ CHECK_ENTSIZE_VALUES (section, i, sizeof (Elf32_External_##type), \
169	+ sizeof (Elf64_External_##type))
170	+
171	for (i = 0, section = section_headers;
172	i < elf_header.e_shnum;
173	i++, section++)
174	@@ -3768,6 +3784,7 @@ process_section_headers (FILE *file)
175	continue;
176	}
177
178	+ CHECK_ENTSIZE (section, i, Sym);
179	num_dynamic_syms = section->sh_size / section->sh_entsize;
180	dynamic_symbols = GET_ELF_SYMBOLS (file, section);
181	}
182	@@ -3793,6 +3810,14 @@ process_section_headers (FILE *file)
183	}
184	symtab_shndx_hdr = section;
185	}
186	+ else if (section->sh_type == SHT_SYMTAB)
187	+ CHECK_ENTSIZE (section, i, Sym);
188	+ else if (section->sh_type == SHT_GROUP)
189	+ CHECK_ENTSIZE_VALUES (section, i, GRP_ENTRY_SIZE, GRP_ENTRY_SIZE);
190	+ else if (section->sh_type == SHT_REL)
191	+ CHECK_ENTSIZE (section, i, Rel);
192	+ else if (section->sh_type == SHT_RELA)
193	+ CHECK_ENTSIZE (section, i, Rela);
194	else if ((do_debugging \|\| do_debug_info \|\| do_debug_abbrevs
195	\|\| do_debug_lines \|\| do_debug_pubnames \|\| do_debug_aranges
196	\|\| do_debug_frames \|\| do_debug_macinfo \|\| do_debug_str
197	@@ -4311,6 +4336,10 @@ process_relocs (FILE *file)
198	char *strtab = NULL;
199
200	symsec = SECTION_HEADER (section->sh_link);
201	+ if (symsec->sh_type != SHT_SYMTAB
202	+ && symsec->sh_type != SHT_DYNSYM)
203	+ continue;
204	+
205	nsyms = symsec->sh_size / symsec->sh_entsize;
206	symtab = GET_ELF_SYMBOLS (file, symsec);
207
208	@@ -6194,7 +6223,7 @@ process_version_sections (FILE *file)
209	break;
210
211	link_section = SECTION_HEADER (section->sh_link);
212	- total = section->sh_size / section->sh_entsize;
213	+ total = section->sh_size / sizeof (Elf_External_Versym);
214
215	if (SECTION_HEADER_INDEX (link_section->sh_link)
216	>= elf_header.e_shnum)