1 2005-06-15 Jakub Jelinek <jakub@redhat.com>
3 * libbfd-in.h (bfd_malloc2, bfd_realloc2, bfd_zmalloc2, bfd_alloc2,
4 bfd_zalloc2): New prototypes.
5 * bfd-in.h (HALF_BFD_SIZE_TYPE): Define.
6 * libbfd.c (bfd_malloc2, bfd_realloc2, bfd_zmalloc2): New functions.
7 * opncls.c (bfd_alloc2, bfd_zalloc2): New functions.
8 * elf.c (bfd_elf_get_elf_syms, setup_group, assign_section_numbers,
9 elf_map_symbols, map_sections_to_segments,
10 assign_file_positions_for_segments, copy_private_bfd_data,
11 swap_out_syms, _bfd_elf_slurp_version_tables): Use bfd_*alloc2
16 * elf.c (_bfd_elf_print_private_bfd_data): Don't crash on bogus
17 verdef or verneed section.
18 (_bfd_elf_slurp_version_tables): Handle corrupt verdef and/or
19 verneed sections gracefully.
20 * elf32-sparc.c (elf32_sparc_info_to_howto): Don't crash on
21 bogus relocation values.
22 * elf64-sparc.c (sparc64_elf_info_to_howto): Likewise.
23 * elf64-ppc.c (ppc64_elf_info_to_howto): Likewise.
24 * elf64-s390.c (elf_s390_info_to_howto): Likewise.
25 * elf32-s390.c (elf_s390_info_to_howto): Likewise.
26 * elf64-x86-64.c (elf64_x86_64_info_to_howto): Likewise.
27 * elfxx-ia64.c (lookup_howto): Likewise.
29 --- bfd/libbfd-in.h.jj 2004-11-22 15:33:31.000000000 -0500
30 +++ bfd/libbfd-in.h 2005-06-29 04:37:50.000000000 -0400
31 @@ -90,6 +90,12 @@ extern void *bfd_realloc
32 (void *, bfd_size_type);
33 extern void *bfd_zmalloc
35 +extern void *bfd_malloc2
36 + (bfd_size_type, bfd_size_type);
37 +extern void *bfd_realloc2
38 + (void *, bfd_size_type, bfd_size_type);
39 +extern void *bfd_zmalloc2
40 + (bfd_size_type, bfd_size_type);
42 extern void _bfd_default_error_handler (const char *s, ...);
43 extern bfd_error_handler_type _bfd_error_handler;
44 @@ -100,6 +106,10 @@ extern void *bfd_alloc
45 (bfd *, bfd_size_type);
46 extern void *bfd_zalloc
47 (bfd *, bfd_size_type);
48 +extern void *bfd_alloc2
49 + (bfd *, bfd_size_type, bfd_size_type);
50 +extern void *bfd_zalloc2
51 + (bfd *, bfd_size_type, bfd_size_type);
52 extern void bfd_release
55 --- bfd/bfd-in.h.jj 2004-12-20 14:16:48.000000000 -0500
56 +++ bfd/bfd-in.h 2005-06-29 04:37:50.000000000 -0400
57 @@ -144,6 +144,9 @@ typedef unsigned long bfd_size_type;
59 #endif /* not BFD64 */
61 +#define HALF_BFD_SIZE_TYPE \
62 + (((bfd_size_type) 1) << (8 * sizeof (bfd_size_type) / 2))
64 #ifndef BFD_HOST_64_BIT
65 /* Fall back on a 32 bit type. The idea is to make these types always
66 available for function return types, but in the case that
67 --- bfd/libbfd.c.jj 2004-09-15 15:05:03.000000000 -0400
68 +++ bfd/libbfd.c 2005-06-29 04:37:50.000000000 -0400
69 @@ -156,6 +156,36 @@ bfd_malloc (bfd_size_type size)
73 +/* Allocate memory using malloc, nmemb * size with overflow checking. */
76 +bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size)
80 + if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
82 + && nmemb > ~(bfd_size_type) 0 / size)
84 + bfd_set_error (bfd_error_no_memory);
90 + if (size != (size_t) size)
92 + bfd_set_error (bfd_error_no_memory);
96 + ptr = malloc ((size_t) size);
97 + if (ptr == NULL && (size_t) size != 0)
98 + bfd_set_error (bfd_error_no_memory);
103 /* Reallocate memory using realloc. */
106 @@ -180,6 +210,40 @@ bfd_realloc (void *ptr, bfd_size_type si
110 +/* Reallocate memory using realloc, nmemb * size with overflow checking. */
113 +bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size)
117 + if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
119 + && nmemb > ~(bfd_size_type) 0 / size)
121 + bfd_set_error (bfd_error_no_memory);
127 + if (size != (size_t) size)
129 + bfd_set_error (bfd_error_no_memory);
134 + ret = malloc ((size_t) size);
136 + ret = realloc (ptr, (size_t) size);
138 + if (ret == NULL && (size_t) size != 0)
139 + bfd_set_error (bfd_error_no_memory);
144 /* Allocate memory using malloc and clear it. */
147 @@ -205,6 +269,44 @@ bfd_zmalloc (bfd_size_type size)
152 +/* Allocate memory using malloc (nmemb * size) with overflow checking
156 +bfd_zmalloc2 (bfd_size_type nmemb, bfd_size_type size)
160 + if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
162 + && nmemb > ~(bfd_size_type) 0 / size)
164 + bfd_set_error (bfd_error_no_memory);
170 + if (size != (size_t) size)
172 + bfd_set_error (bfd_error_no_memory);
176 + ptr = malloc ((size_t) size);
178 + if ((size_t) size != 0)
181 + bfd_set_error (bfd_error_no_memory);
183 + memset (ptr, 0, (size_t) size);
191 bfd_write_bigendian_4byte_int
192 --- bfd/opncls.c.jj 2004-11-22 15:33:31.000000000 -0500
193 +++ bfd/opncls.c 2005-06-29 04:41:50.000000000 -0400
194 @@ -849,6 +849,54 @@ bfd_zalloc (bfd *abfd, bfd_size_type siz
199 +bfd_alloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size)
203 + if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
205 + && nmemb > ~(bfd_size_type) 0 / size)
207 + bfd_set_error (bfd_error_no_memory);
213 + if (size != (unsigned long) size)
215 + bfd_set_error (bfd_error_no_memory);
219 + ret = objalloc_alloc (abfd->memory, (unsigned long) size);
221 + bfd_set_error (bfd_error_no_memory);
226 +bfd_zalloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size)
230 + if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
232 + && nmemb > ~(bfd_size_type) 0 / size)
234 + bfd_set_error (bfd_error_no_memory);
240 + res = bfd_alloc (abfd, size);
242 + memset (res, 0, (size_t) size);
246 /* Free a block allocated for a BFD.
247 Note: Also frees all more recently allocated blocks! */
249 --- bfd/elf.c.jj 2005-06-29 04:36:58.000000000 -0400
250 +++ bfd/elf.c 2005-06-29 04:46:03.000000000 -0400
251 @@ -340,7 +340,7 @@ bfd_elf_get_elf_syms (bfd *ibfd,
252 pos = symtab_hdr->sh_offset + symoffset * extsym_size;
253 if (extsym_buf == NULL)
255 - alloc_ext = bfd_malloc (amt);
256 + alloc_ext = bfd_malloc2 (symcount, extsym_size);
257 extsym_buf = alloc_ext;
259 if (extsym_buf == NULL
260 @@ -359,7 +359,8 @@ bfd_elf_get_elf_syms (bfd *ibfd,
261 pos = shndx_hdr->sh_offset + symoffset * sizeof (Elf_External_Sym_Shndx);
262 if (extshndx_buf == NULL)
264 - alloc_extshndx = bfd_malloc (amt);
265 + alloc_extshndx = bfd_malloc2 (symcount,
266 + sizeof (Elf_External_Sym_Shndx));
267 extshndx_buf = alloc_extshndx;
269 if (extshndx_buf == NULL
270 @@ -373,8 +374,7 @@ bfd_elf_get_elf_syms (bfd *ibfd,
272 if (intsym_buf == NULL)
274 - bfd_size_type amt = symcount * sizeof (Elf_Internal_Sym);
275 - intsym_buf = bfd_malloc (amt);
276 + intsym_buf = bfd_malloc2 (symcount, sizeof (Elf_Internal_Sym));
277 if (intsym_buf == NULL)
280 @@ -483,8 +483,9 @@ setup_group (bfd *abfd, Elf_Internal_Shd
282 /* We keep a list of elf section headers for group sections,
283 so we can find them quickly. */
284 - bfd_size_type amt = num_group * sizeof (Elf_Internal_Shdr *);
285 - elf_tdata (abfd)->group_sect_ptr = bfd_alloc (abfd, amt);
287 + elf_tdata (abfd)->group_sect_ptr
288 + = bfd_alloc2 (abfd, num_group, sizeof (Elf_Internal_Shdr *));
289 if (elf_tdata (abfd)->group_sect_ptr == NULL)
292 @@ -504,7 +506,8 @@ setup_group (bfd *abfd, Elf_Internal_Shd
293 /* Read the raw contents. */
294 BFD_ASSERT (sizeof (*dest) >= 4);
295 amt = shdr->sh_size * sizeof (*dest) / 4;
296 - shdr->contents = bfd_alloc (abfd, amt);
297 + shdr->contents = bfd_alloc2 (abfd, shdr->sh_size,
298 + sizeof (*dest) / 4);
299 if (shdr->contents == NULL
300 || bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
301 || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
302 @@ -1207,8 +1210,9 @@ _bfd_elf_print_private_bfd_data (bfd *ab
303 for (t = elf_tdata (abfd)->verdef; t != NULL; t = t->vd_nextdef)
305 fprintf (f, "%d 0x%2.2x 0x%8.8lx %s\n", t->vd_ndx,
306 - t->vd_flags, t->vd_hash, t->vd_nodename);
307 - if (t->vd_auxptr->vda_nextptr != NULL)
308 + t->vd_flags, t->vd_hash,
309 + t->vd_nodename ? t->vd_nodename : "<corrupt>");
310 + if (t->vd_auxptr != NULL && t->vd_auxptr->vda_nextptr != NULL)
312 Elf_Internal_Verdaux *a;
314 @@ -1216,7 +1220,8 @@ _bfd_elf_print_private_bfd_data (bfd *ab
315 for (a = t->vd_auxptr->vda_nextptr;
318 - fprintf (f, "%s ", a->vda_nodename);
320 + a->vda_nodename ? a->vda_nodename : "<corrupt>");
324 @@ -1231,10 +1236,12 @@ _bfd_elf_print_private_bfd_data (bfd *ab
326 Elf_Internal_Vernaux *a;
328 - fprintf (f, _(" required from %s:\n"), t->vn_filename);
329 + fprintf (f, _(" required from %s:\n"),
330 + t->vn_filename ? t->vn_filename : "<corrupt>");
331 for (a = t->vn_auxptr; a != NULL; a = a->vna_nextptr)
332 fprintf (f, " 0x%8.8lx 0x%2.2x %2.2d %s\n", a->vna_hash,
333 - a->vna_flags, a->vna_other, a->vna_nodename);
334 + a->vna_flags, a->vna_other,
335 + a->vna_nodename ? a->vna_nodename : "<corrupt>");
339 @@ -2760,7 +2767,6 @@ assign_section_numbers (bfd *abfd)
341 unsigned int section_number, secn;
342 Elf_Internal_Shdr **i_shdrp;
344 struct bfd_elf_section_data *d;
347 @@ -2851,13 +2857,11 @@ assign_section_numbers (bfd *abfd)
349 /* Set up the list of section header pointers, in agreement with the
351 - amt = section_number * sizeof (Elf_Internal_Shdr *);
352 - i_shdrp = bfd_zalloc (abfd, amt);
353 + i_shdrp = bfd_zalloc2 (abfd, section_number, sizeof (Elf_Internal_Shdr *));
357 - amt = sizeof (Elf_Internal_Shdr);
358 - i_shdrp[0] = bfd_zalloc (abfd, amt);
359 + i_shdrp[0] = bfd_zalloc (abfd, sizeof (Elf_Internal_Shdr));
360 if (i_shdrp[0] == NULL)
362 bfd_release (abfd, i_shdrp);
363 @@ -3089,7 +3093,6 @@ elf_map_symbols (bfd *abfd)
370 fprintf (stderr, "elf_map_symbols\n");
371 @@ -3103,8 +3106,7 @@ elf_map_symbols (bfd *abfd)
375 - amt = max_index * sizeof (asymbol *);
376 - sect_syms = bfd_zalloc (abfd, amt);
377 + sect_syms = bfd_zalloc2 (abfd, max_index, sizeof (asymbol *));
378 if (sect_syms == NULL)
380 elf_section_syms (abfd) = sect_syms;
381 @@ -3177,8 +3179,7 @@ elf_map_symbols (bfd *abfd)
384 /* Now sort the symbols so the local symbols are first. */
385 - amt = (num_locals + num_globals) * sizeof (asymbol *);
386 - new_syms = bfd_alloc (abfd, amt);
387 + new_syms = bfd_alloc2 (abfd, num_locals + num_globals, sizeof (asymbol *));
389 if (new_syms == NULL)
391 @@ -3437,8 +3438,7 @@ map_sections_to_segments (bfd *abfd)
393 /* Select the allocated sections, and sort them. */
395 - amt = bfd_count_sections (abfd) * sizeof (asection *);
396 - sections = bfd_malloc (amt);
397 + sections = bfd_malloc2 (bfd_count_sections (abfd), sizeof (asection *));
398 if (sections == NULL)
401 @@ -3870,7 +3870,6 @@ assign_file_positions_for_segments (bfd
402 bfd_vma filehdr_vaddr, filehdr_paddr;
403 bfd_vma phdrs_vaddr, phdrs_paddr;
404 Elf_Internal_Phdr *p;
407 if (elf_tdata (abfd)->segment_map == NULL)
409 @@ -3945,8 +3944,7 @@ assign_file_positions_for_segments (bfd
413 - amt = alloc * sizeof (Elf_Internal_Phdr);
414 - phdrs = bfd_alloc (abfd, amt);
415 + phdrs = bfd_alloc2 (abfd, alloc, sizeof (Elf_Internal_Phdr));
419 @@ -5214,8 +5212,7 @@ copy_private_bfd_data (bfd *ibfd, bfd *o
421 /* Gcc 2.96 miscompiles this code on mips. Don't do casting here
422 to work around this long long bug. */
423 - amt = section_count * sizeof (asection *);
424 - sections = bfd_malloc (amt);
425 + sections = bfd_malloc2 (section_count, sizeof (asection *));
426 if (sections == NULL)
429 @@ -5657,8 +5654,7 @@ swap_out_syms (bfd *abfd,
430 symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
431 symstrtab_hdr->sh_type = SHT_STRTAB;
433 - amt = (bfd_size_type) (1 + symcount) * bed->s->sizeof_sym;
434 - outbound_syms = bfd_alloc (abfd, amt);
435 + outbound_syms = bfd_alloc2 (abfd, 1 + symcount, bed->s->sizeof_sym);
436 if (outbound_syms == NULL)
438 _bfd_stringtab_free (stt);
439 @@ -5671,7 +5667,8 @@ swap_out_syms (bfd *abfd,
440 if (symtab_shndx_hdr->sh_name != 0)
442 amt = (bfd_size_type) (1 + symcount) * sizeof (Elf_External_Sym_Shndx);
443 - outbound_shndx = bfd_zalloc (abfd, amt);
444 + outbound_shndx = bfd_zalloc2 (abfd, 1 + symcount,
445 + sizeof (Elf_External_Sym_Shndx));
446 if (outbound_shndx == NULL)
448 _bfd_stringtab_free (stt);
449 @@ -6083,7 +6080,6 @@ bfd_boolean
450 _bfd_elf_slurp_version_tables (bfd *abfd, bfd_boolean default_imported_symver)
452 bfd_byte *contents = NULL;
454 unsigned int freeidx = 0;
456 if (elf_dynverref (abfd) != 0)
457 @@ -6092,11 +6088,12 @@ _bfd_elf_slurp_version_tables (bfd *abfd
458 Elf_External_Verneed *everneed;
459 Elf_Internal_Verneed *iverneed;
461 + bfd_byte *contents_end;
463 hdr = &elf_tdata (abfd)->dynverref_hdr;
465 - amt = (bfd_size_type) hdr->sh_info * sizeof (Elf_Internal_Verneed);
466 - elf_tdata (abfd)->verref = bfd_zalloc (abfd, amt);
467 + elf_tdata (abfd)->verref = bfd_zalloc2 (abfd, hdr->sh_info,
468 + sizeof (Elf_Internal_Verneed));
469 if (elf_tdata (abfd)->verref == NULL)
472 @@ -6104,11 +6101,22 @@ _bfd_elf_slurp_version_tables (bfd *abfd
474 contents = bfd_malloc (hdr->sh_size);
475 if (contents == NULL)
478 +error_return_verref:
479 + elf_tdata (abfd)->verref = NULL;
480 + elf_tdata (abfd)->cverrefs = 0;
483 if (bfd_seek (abfd, hdr->sh_offset, SEEK_SET) != 0
484 || bfd_bread (contents, hdr->sh_size, abfd) != hdr->sh_size)
486 + goto error_return_verref;
488 + if (hdr->sh_info && hdr->sh_size < sizeof (Elf_External_Verneed))
489 + goto error_return_verref;
491 + BFD_ASSERT (sizeof (Elf_External_Verneed)
492 + == sizeof (Elf_External_Vernaux));
493 + contents_end = contents + hdr->sh_size - sizeof (Elf_External_Verneed);
494 everneed = (Elf_External_Verneed *) contents;
495 iverneed = elf_tdata (abfd)->verref;
496 for (i = 0; i < hdr->sh_info; i++, iverneed++)
497 @@ -6125,11 +6133,21 @@ _bfd_elf_slurp_version_tables (bfd *abfd
498 bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
500 if (iverneed->vn_filename == NULL)
502 + goto error_return_verref;
504 - amt = iverneed->vn_cnt;
505 - amt *= sizeof (Elf_Internal_Vernaux);
506 - iverneed->vn_auxptr = bfd_alloc (abfd, amt);
507 + if (iverneed->vn_cnt == 0)
508 + iverneed->vn_auxptr = NULL;
511 + iverneed->vn_auxptr = bfd_alloc2 (abfd, iverneed->vn_cnt,
512 + sizeof (Elf_Internal_Vernaux));
513 + if (iverneed->vn_auxptr == NULL)
514 + goto error_return_verref;
517 + if (iverneed->vn_aux
518 + > (size_t) (contents_end - (bfd_byte *) everneed))
519 + goto error_return_verref;
521 evernaux = ((Elf_External_Vernaux *)
522 ((bfd_byte *) everneed + iverneed->vn_aux));
523 @@ -6142,13 +6160,17 @@ _bfd_elf_slurp_version_tables (bfd *abfd
524 bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
526 if (ivernaux->vna_nodename == NULL)
528 + goto error_return_verref;
530 if (j + 1 < iverneed->vn_cnt)
531 ivernaux->vna_nextptr = ivernaux + 1;
533 ivernaux->vna_nextptr = NULL;
535 + if (ivernaux->vna_next
536 + > (size_t) (contents_end - (bfd_byte *) evernaux))
537 + goto error_return_verref;
539 evernaux = ((Elf_External_Vernaux *)
540 ((bfd_byte *) evernaux + ivernaux->vna_next));
542 @@ -6161,6 +6183,10 @@ _bfd_elf_slurp_version_tables (bfd *abfd
544 iverneed->vn_nextref = NULL;
546 + if (iverneed->vn_next
547 + > (size_t) (contents_end - (bfd_byte *) everneed))
548 + goto error_return_verref;
550 everneed = ((Elf_External_Verneed *)
551 ((bfd_byte *) everneed + iverneed->vn_next));
553 @@ -6178,6 +6204,7 @@ _bfd_elf_slurp_version_tables (bfd *abfd
554 Elf_Internal_Verdef iverdefmem;
557 + bfd_byte *contents_end_def, *contents_end_aux;
559 hdr = &elf_tdata (abfd)->dynverdef_hdr;
561 @@ -6188,6 +6215,16 @@ _bfd_elf_slurp_version_tables (bfd *abfd
562 || bfd_bread (contents, hdr->sh_size, abfd) != hdr->sh_size)
565 + if (hdr->sh_info && hdr->sh_size < sizeof (Elf_External_Verdef))
568 + BFD_ASSERT (sizeof (Elf_External_Verdef)
569 + >= sizeof (Elf_External_Verdaux));
570 + contents_end_def = contents + hdr->sh_size
571 + - sizeof (Elf_External_Verdef);
572 + contents_end_aux = contents + hdr->sh_size
573 + - sizeof (Elf_External_Verdaux);
575 /* We know the number of entries in the section but not the maximum
576 index. Therefore we have to run through all entries and find
578 @@ -6200,6 +6237,10 @@ _bfd_elf_slurp_version_tables (bfd *abfd
579 if ((iverdefmem.vd_ndx & ((unsigned) VERSYM_VERSION)) > maxidx)
580 maxidx = iverdefmem.vd_ndx & ((unsigned) VERSYM_VERSION);
582 + if (iverdefmem.vd_next
583 + > (size_t) (contents_end_def - (bfd_byte *) everdef))
586 everdef = ((Elf_External_Verdef *)
587 ((bfd_byte *) everdef + iverdefmem.vd_next));
589 @@ -6211,8 +6252,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
593 - amt = (bfd_size_type) maxidx * sizeof (Elf_Internal_Verdef);
594 - elf_tdata (abfd)->verdef = bfd_zalloc (abfd, amt);
595 + elf_tdata (abfd)->verdef = bfd_zalloc2 (abfd, maxidx,
596 + sizeof (Elf_Internal_Verdef));
597 if (elf_tdata (abfd)->verdef == NULL)
600 @@ -6228,15 +6269,32 @@ _bfd_elf_slurp_version_tables (bfd *abfd
602 _bfd_elf_swap_verdef_in (abfd, everdef, &iverdefmem);
604 + if ((iverdefmem.vd_ndx & VERSYM_VERSION) == 0)
606 +error_return_verdef:
607 + elf_tdata (abfd)->verdef = NULL;
608 + elf_tdata (abfd)->cverdefs = 0;
612 iverdef = &iverdefarr[(iverdefmem.vd_ndx & VERSYM_VERSION) - 1];
613 memcpy (iverdef, &iverdefmem, sizeof (Elf_Internal_Verdef));
615 iverdef->vd_bfd = abfd;
617 - amt = (bfd_size_type) iverdef->vd_cnt * sizeof (Elf_Internal_Verdaux);
618 - iverdef->vd_auxptr = bfd_alloc (abfd, amt);
619 - if (iverdef->vd_auxptr == NULL)
621 + if (iverdef->vd_cnt == 0)
622 + iverdef->vd_auxptr = NULL;
625 + iverdef->vd_auxptr = bfd_alloc2 (abfd, iverdef->vd_cnt,
626 + sizeof (Elf_Internal_Verdaux));
627 + if (iverdef->vd_auxptr == NULL)
628 + goto error_return_verdef;
631 + if (iverdef->vd_aux
632 + > (size_t) (contents_end_aux - (bfd_byte *) everdef))
633 + goto error_return_verdef;
635 everdaux = ((Elf_External_Verdaux *)
636 ((bfd_byte *) everdef + iverdef->vd_aux));
637 @@ -6249,20 +6307,25 @@ _bfd_elf_slurp_version_tables (bfd *abfd
638 bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
640 if (iverdaux->vda_nodename == NULL)
642 + goto error_return_verdef;
644 if (j + 1 < iverdef->vd_cnt)
645 iverdaux->vda_nextptr = iverdaux + 1;
647 iverdaux->vda_nextptr = NULL;
649 + if (iverdaux->vda_next
650 + > (size_t) (contents_end_aux - (bfd_byte *) everdaux))
651 + goto error_return_verdef;
653 everdaux = ((Elf_External_Verdaux *)
654 ((bfd_byte *) everdaux + iverdaux->vda_next));
657 - iverdef->vd_nodename = iverdef->vd_auxptr->vda_nodename;
658 + if (iverdef->vd_cnt)
659 + iverdef->vd_nodename = iverdef->vd_auxptr->vda_nodename;
661 - if (i + 1 < hdr->sh_info)
662 + if ((size_t) (iverdef - iverdefarr) + 1 < maxidx)
663 iverdef->vd_nextdef = iverdef + 1;
665 iverdef->vd_nextdef = NULL;
666 @@ -6281,8 +6344,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
670 - amt = (bfd_size_type) freeidx * sizeof (Elf_Internal_Verdef);
671 - elf_tdata (abfd)->verdef = bfd_zalloc (abfd, amt);
672 + elf_tdata (abfd)->verdef = bfd_zalloc2 (abfd, freeidx,
673 + sizeof (Elf_Internal_Verdef));
674 if (elf_tdata (abfd)->verdef == NULL)
677 @@ -6306,10 +6369,11 @@ _bfd_elf_slurp_version_tables (bfd *abfd
679 iverdef->vd_nodename = bfd_elf_get_dt_soname (abfd);
680 if (iverdef->vd_nodename == NULL)
682 + goto error_return_verdef;
683 iverdef->vd_nextdef = NULL;
684 - amt = (bfd_size_type) sizeof (Elf_Internal_Verdaux);
685 - iverdef->vd_auxptr = bfd_alloc (abfd, amt);
686 + iverdef->vd_auxptr = bfd_alloc (abfd, sizeof (Elf_Internal_Verdaux));
687 + if (iverdef->vd_auxptr == NULL)
688 + goto error_return_verdef;
690 iverdaux = iverdef->vd_auxptr;
691 iverdaux->vda_nodename = iverdef->vd_nodename;
692 --- bfd/elf64-ppc.c.jj 2004-12-20 14:16:48.000000000 -0500
693 +++ bfd/elf64-ppc.c 2005-06-29 04:38:02.000000000 -0400
694 @@ -2118,8 +2118,13 @@ ppc64_elf_info_to_howto (bfd *abfd ATTRI
697 type = ELF64_R_TYPE (dst->r_info);
698 - BFD_ASSERT (type < (sizeof (ppc64_elf_howto_table)
699 - / sizeof (ppc64_elf_howto_table[0])));
700 + if (type >= (sizeof (ppc64_elf_howto_table)
701 + / sizeof (ppc64_elf_howto_table[0])))
703 + (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
705 + type = R_PPC64_NONE;
707 cache_ptr->howto = ppc64_elf_howto_table[type];
710 --- bfd/elf64-s390.c.jj 2004-11-22 15:33:31.000000000 -0500
711 +++ bfd/elf64-s390.c 2005-06-29 04:38:02.000000000 -0400
712 @@ -372,7 +372,8 @@ elf_s390_info_to_howto (abfd, cache_ptr,
714 Elf_Internal_Rela *dst;
716 - switch (ELF64_R_TYPE(dst->r_info))
717 + unsigned int r_type = ELF64_R_TYPE(dst->r_info);
720 case R_390_GNU_VTINHERIT:
721 cache_ptr->howto = &elf64_s390_vtinherit_howto;
722 @@ -383,8 +384,13 @@ elf_s390_info_to_howto (abfd, cache_ptr,
726 - BFD_ASSERT (ELF64_R_TYPE(dst->r_info) < (unsigned int) R_390_max);
727 - cache_ptr->howto = &elf_howto_table[ELF64_R_TYPE(dst->r_info)];
728 + if (r_type >= sizeof (elf_howto_table) / sizeof (elf_howto_table[0]))
730 + (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
731 + abfd, (int) r_type);
732 + r_type = R_390_NONE;
734 + cache_ptr->howto = &elf_howto_table[r_type];
738 --- bfd/elf32-s390.c.jj 2004-11-22 15:33:30.000000000 -0500
739 +++ bfd/elf32-s390.c 2005-06-29 04:38:02.000000000 -0400
740 @@ -350,7 +350,8 @@ elf_s390_info_to_howto (abfd, cache_ptr,
742 Elf_Internal_Rela *dst;
744 - switch (ELF32_R_TYPE(dst->r_info))
745 + unsigned int r_type = ELF32_R_TYPE(dst->r_info);
748 case R_390_GNU_VTINHERIT:
749 cache_ptr->howto = &elf32_s390_vtinherit_howto;
750 @@ -361,8 +362,13 @@ elf_s390_info_to_howto (abfd, cache_ptr,
754 - BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_390_max);
755 - cache_ptr->howto = &elf_howto_table[ELF32_R_TYPE(dst->r_info)];
756 + if (r_type >= sizeof (elf_howto_table) / sizeof (elf_howto_table[0]))
758 + (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
759 + abfd, (int) r_type);
760 + r_type = R_390_NONE;
762 + cache_ptr->howto = &elf_howto_table[r_type];
766 --- bfd/elf64-x86-64.c.jj 2005-02-07 14:42:44.000000000 -0500
767 +++ bfd/elf64-x86-64.c 2005-06-29 04:38:02.000000000 -0400
768 @@ -176,16 +176,19 @@ elf64_x86_64_info_to_howto (bfd *abfd AT
771 r_type = ELF64_R_TYPE (dst->r_info);
772 - if (r_type < (unsigned int) R_X86_64_GNU_VTINHERIT)
773 + if (r_type < (unsigned int) R_X86_64_GNU_VTINHERIT
774 + || r_type >= (unsigned int) R_X86_64_max)
776 - BFD_ASSERT (r_type <= (unsigned int) R_X86_64_TPOFF32);
777 + if (r_type > (unsigned int) R_X86_64_TPOFF32)
779 + (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
780 + abfd, (int) r_type);
781 + r_type = R_X86_64_NONE;
787 - BFD_ASSERT (r_type < (unsigned int) R_X86_64_max);
788 - i = r_type - ((unsigned int) R_X86_64_GNU_VTINHERIT - R_X86_64_TPOFF32 - 1);
790 + i = r_type - ((unsigned int) R_X86_64_GNU_VTINHERIT - R_X86_64_TPOFF32 - 1);
791 cache_ptr->howto = &x86_64_elf_howto_table[i];
792 BFD_ASSERT (r_type == cache_ptr->howto->type);
794 --- bfd/elfxx-ia64.c.jj 2005-02-18 01:14:30.000000000 -0500
795 +++ bfd/elfxx-ia64.c 2005-06-29 04:38:02.000000000 -0400
796 @@ -479,7 +479,8 @@ lookup_howto (rtype)
797 elf_code_to_howto_index[ia64_howto_table[i].type] = i;
800 - BFD_ASSERT (rtype <= R_IA64_MAX_RELOC_CODE);
801 + if (rtype > R_IA64_MAX_RELOC_CODE)
803 i = elf_code_to_howto_index[rtype];
804 if (i >= NELEMS (ia64_howto_table))
806 --- bfd/bfd-in2.h.jj 2004-12-20 14:16:48.000000000 -0500
807 +++ bfd/bfd-in2.h 2005-06-29 04:38:02.000000000 -0400
808 @@ -151,6 +151,9 @@ typedef unsigned long bfd_size_type;
810 #endif /* not BFD64 */
812 +#define HALF_BFD_SIZE_TYPE \
813 + (((bfd_size_type) 1) << (8 * sizeof (bfd_size_type) / 2))
815 #ifndef BFD_HOST_64_BIT
816 /* Fall back on a 32 bit type. The idea is to make these types always
817 available for function return types, but in the case that
818 --- bfd/libbfd.h.jj 2004-12-20 14:16:48.000000000 -0500
819 +++ bfd/libbfd.h 2005-06-29 04:38:02.000000000 -0400
820 @@ -95,6 +95,12 @@ extern void *bfd_realloc
821 (void *, bfd_size_type);
822 extern void *bfd_zmalloc
824 +extern void *bfd_malloc2
825 + (bfd_size_type, bfd_size_type);
826 +extern void *bfd_realloc2
827 + (void *, bfd_size_type, bfd_size_type);
828 +extern void *bfd_zmalloc2
829 + (bfd_size_type, bfd_size_type);
831 extern void _bfd_default_error_handler (const char *s, ...);
832 extern bfd_error_handler_type _bfd_error_handler;
833 @@ -105,6 +111,10 @@ extern void *bfd_alloc
834 (bfd *, bfd_size_type);
835 extern void *bfd_zalloc
836 (bfd *, bfd_size_type);
837 +extern void *bfd_alloc2
838 + (bfd *, bfd_size_type, bfd_size_type);
839 +extern void *bfd_zalloc2
840 + (bfd *, bfd_size_type, bfd_size_type);
841 extern void bfd_release
844 --- bfd/elf32-sparc.c.jj 2004-11-22 15:33:30.000000000 -0500
845 +++ bfd/elf32-sparc.c 2005-06-29 04:48:04.000000000 -0400
846 @@ -313,7 +313,8 @@ elf32_sparc_info_to_howto (abfd, cache_p
848 Elf_Internal_Rela *dst;
850 - switch (ELF32_R_TYPE(dst->r_info))
851 + unsigned int r_type = ELF32_R_TYPE(dst->r_info);
854 case R_SPARC_GNU_VTINHERIT:
855 cache_ptr->howto = &elf32_sparc_vtinherit_howto;
856 @@ -328,8 +329,13 @@ elf32_sparc_info_to_howto (abfd, cache_p
860 - BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_SPARC_max_std);
861 - cache_ptr->howto = &_bfd_sparc_elf_howto_table[ELF32_R_TYPE(dst->r_info)];
862 + if (r_type >= (unsigned int) R_SPARC_max_std)
864 + (*_bfd_error_handler) (_("invalid relocation type %d"),
866 + r_type = R_SPARC_NONE;
868 + cache_ptr->howto = &_bfd_sparc_elf_howto_table[r_type];
872 --- bfd/elf64-sparc.c.jj 2004-11-22 15:33:31.000000000 -0500
873 +++ bfd/elf64-sparc.c 2005-06-29 04:49:42.000000000 -0400
874 @@ -310,8 +310,14 @@ sparc64_elf_info_to_howto (abfd, cache_p
876 Elf_Internal_Rela *dst;
878 - BFD_ASSERT (ELF64_R_TYPE_ID (dst->r_info) < (unsigned int) R_SPARC_max_std);
879 - cache_ptr->howto = &sparc64_elf_howto_table[ELF64_R_TYPE_ID (dst->r_info)];
880 + unsigned int r_type = ELF64_R_TYPE_ID (dst->r_info);
881 + if (r_type >= (unsigned int) R_SPARC_max_std)
883 + (*_bfd_error_handler) (_("invalid relocation type %d"),
885 + r_type = R_SPARC_NONE;
887 + cache_ptr->howto = &sparc64_elf_howto_table[r_type];
890 struct sparc64_elf_section_data
projects / packages / binutils.git / blob