OSDN > Developer >

alaskanemily > Chamber > binutils_os216 > Commit

alaskanemily

binutils_os216
Fork

Fork origin: git://...db.git

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revisão	896ca0981329171639b1fe0b934393a79ef4fdfb (tree)
Hora	2015-01-06 08:13:50
Autor	Nick Clifton <nickc@redh...>
Commiter	Nick Clifton

Mensagem de Log

More fixes for invalid memory accesses triggered by fuzzed binaries.

PR binutils/17512
* nm.c (print_symbol): Add 'is_synthetic' parameter. Use it to
help initialize the info.elfinfo field.
(print_size_symbols): Add 'synth_count' parameter. Use it to set
the is_synthetic parameter when calling print_symbol.
(print_symbols): Likewise.
(display_rel_file): Pass synth_count to printing function.
(display_archive): Break loop if the last archive displayed
matches the current archive.
* size.c (display_archive): Likewise.

* archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
is at least big enough for the header to be read.
* elf32-i386.c (elf_i386_get_plt_sym_val): Skip unknown relocs.
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
(bfd_mach_o_read_command): Prevetn duplicate error messages about
unrecognized commands.
* syms.c (_bfd_stab_section_find_nearest_line): Add range checks
when indexing into the string table.

Mudança Sumário

modified: bfd/ChangeLog (diff)
modified: bfd/archive.c (diff)
modified: bfd/elf32-i386.c (diff)
modified: bfd/elfcode.h (diff)
modified: bfd/mach-o.c (diff)
modified: bfd/syms.c (diff)
modified: binutils/ChangeLog (diff)
modified: binutils/nm.c (diff)
modified: binutils/size.c (diff)

Diff

--- a/bfd/ChangeLog

+++ b/bfd/ChangeLog

		@@ -1,3 +1,15 @@
	1	+2015-01-05 Nick Clifton <nickc@redhat.com>
	2	+
	3	+ PR binutils/17512
	4	+ * archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
	5	+ is at least big enough for the header to be read.
	6	+ * elf32-i386.c (elf_i386_get_plt_sym_val): Skip unknown relocs.
	7	+ * mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
	8	+ (bfd_mach_o_read_command): Prevetn duplicate error messages about
	9	+ unrecognized commands.
	10	+ * syms.c (_bfd_stab_section_find_nearest_line): Add range checks
	11	+ when indexing into the string table.
	12	+
1	13	2015-01-01 Alan Modra <amodra@gmail.com>
2	14
3	15	Update year range in copyright notice of all files.

--- a/bfd/archive.c

+++ b/bfd/archive.c

		@@ -903,7 +903,8 @@ do_slurp_bsd_armap (bfd *abfd)
903	903	parsed_size = mapdata->parsed_size;
904	904	free (mapdata);
905	905	/* PR 17512: file: 883ff754. */
906		- if (parsed_size == 0)
	906	+ /* PR 17512: file: 0458885f. */
	907	+ if (parsed_size < 4)
907	908	return FALSE;
908	909
909	910	raw_armap = (bfd_byte *) bfd_zalloc (abfd, parsed_size);

--- a/bfd/elf32-i386.c

+++ b/bfd/elf32-i386.c

		@@ -5194,8 +5194,9 @@ bad_return:
5194	5194	{
5195	5195	long reloc_index;
5196	5196
5197		- if (p->howto->type != R_386_JUMP_SLOT
5198		- && p->howto->type != R_386_IRELATIVE)
	5197	+ if (p->howto == NULL /* PR 17512: file: bc9d6cf5. */
	5198	+ \|\| (p->howto->type != R_386_JUMP_SLOT
	5199	+ && p->howto->type != R_386_IRELATIVE))
5199	5200	continue;
5200	5201
5201	5202	reloc_index = H_GET_32 (abfd, (plt_contents + plt_offset

--- a/bfd/elfcode.h

+++ b/bfd/elfcode.h

		@@ -1214,10 +1214,9 @@ elf_slurp_symbol_table (bfd abfd, asymbol *symptrs, bfd_boolean dynamic)
1214	1214	for (isym = isymbuf + 1, sym = symbase; isym < isymend; isym++, sym++)
1215	1215	{
1216	1216	memcpy (&sym->internal_elf_sym, isym, sizeof (Elf_Internal_Sym));
1217		- sym->symbol.the_bfd = abfd;
1218	1217
	1218	+ sym->symbol.the_bfd = abfd;
1219	1219	sym->symbol.name = bfd_elf_sym_name (abfd, hdr, isym, NULL);
1220		-
1221	1220	sym->symbol.value = isym->st_value;
1222	1221
1223	1222	if (isym->st_shndx == SHN_UNDEF)

--- a/bfd/mach-o.c

+++ b/bfd/mach-o.c

		@@ -790,18 +790,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
790	790	bfd_mach_o_dysymtab_command *dysymtab = mdata->dysymtab;
791	791	bfd_mach_o_symtab_command *symtab = mdata->symtab;
792	792	asymbol *s;
	793	+ char * s_start;
	794	+ char * s_end;
793	795	unsigned long count, i, j, n;
794	796	size_t size;
795	797	char *names;
796	798	char *nul_name;
	799	+ const char stub [] = "$stub";
797	800
798	801	*ret = NULL;
799	802
800	803	/* Stop now if no symbols or no indirect symbols. */
801		- if (dysymtab == NULL \|\| symtab == NULL \|\| symtab->symbols == NULL)
802		- return 0;
803		-
804		- if (dysymtab->nindirectsyms == 0)
	804	+ if (dysymtab == NULL \|\| dysymtab->nindirectsyms == 0
	805	+ \|\| symtab == NULL \|\| symtab->symbols == NULL)
805	806	return 0;
806	807
807	808	/* We need to allocate a bfd symbol for every indirect symbol and to

		@@ -811,19 +812,23 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
811	812
812	813	for (j = 0; j < count; j++)
813	814	{
	815	+ const char * strng;
814	816	unsigned int isym = dysymtab->indirect_syms[j];
815	817
816	818	/* Some indirect symbols are anonymous. */
817		- if (isym < symtab->nsyms && symtab->symbols[isym].symbol.name)
818		- size += strlen (symtab->symbols[isym].symbol.name) + sizeof ("$stub");
	819	+ if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
	820	+ /* PR 17512: file: f5b8eeba. */
	821	+ size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
819	822	}
820	823
821		- s = ret = (asymbol ) bfd_malloc (size);
	824	+ s_start = bfd_malloc (size);
	825	+ s = ret = (asymbol ) s_start;
822	826	if (s == NULL)
823	827	return -1;
824	828	names = (char *) (s + count);
825	829	nul_name = names;
826	830	*names++ = 0;
	831	+ s_end = s_start + size;
827	832
828	833	n = 0;
829	834	for (i = 0; i < mdata->nsects; i++)

		@@ -843,10 +848,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
843	848	last = first + bfd_mach_o_section_get_nbr_indirect (abfd, sec);
844	849	addr = sec->addr;
845	850	entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
	851	+
	852	+ /* PR 17512: file: 08e15eec. */
	853	+ if (first >= count \|\| last >= count \|\| first > last)
	854	+ goto fail;
	855	+
846	856	for (j = first; j < last; j++)
847	857	{
848	858	unsigned int isym = dysymtab->indirect_syms[j];
849	859
	860	+ /* PR 17512: file: 04d64d9b. */
	861	+ if (((char ) s) + sizeof ( s) > s_end)
	862	+ goto fail;
	863	+
850	864	s->flags = BSF_GLOBAL \| BSF_SYNTHETIC;
851	865	s->section = sec->bfdsection;
852	866	s->value = addr - sec->addr;

		@@ -860,10 +874,16 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
860	874
861	875	s->name = names;
862	876	len = strlen (sym);
	877	+ /* PR 17512: file: 47dfd4d2. */
	878	+ if (names + len >= s_end)
	879	+ goto fail;
863	880	memcpy (names, sym, len);
864	881	names += len;
865		- memcpy (names, "$stub", sizeof ("$stub"));
866		- names += sizeof ("$stub");
	882	+ /* PR 17512: file: 18f340a4. */
	883	+ if (names + sizeof (stub) >= s_end)
	884	+ goto fail;
	885	+ memcpy (names, stub, sizeof (stub));
	886	+ names += sizeof (stub);
867	887	}
868	888	else
869	889	s->name = nul_name;

		@@ -879,6 +899,11 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
879	899	}
880	900
881	901	return n;
	902	+
	903	+ fail:
	904	+ free (s_start);
	905	+ * ret = NULL;
	906	+ return -1;
882	907	}
883	908
884	909	void

		@@ -4660,9 +4685,21 @@ bfd_mach_o_read_command (bfd abfd, bfd_mach_o_load_command command)
4660	4685	return FALSE;
4661	4686	break;
4662	4687	default:
4663		- (*_bfd_error_handler)(_("%B: unknown load command 0x%lx"),
4664		- abfd, (unsigned long) command->type);
4665		- break;
	4688	+ {
	4689	+ static bfd_boolean unknown_set = FALSE;
	4690	+ static unsigned long unknown_command = 0;
	4691	+
	4692	+ /* Prevent reams of error messages when parsing corrupt binaries. */
	4693	+ if (!unknown_set)
	4694	+ unknown_set = TRUE;
	4695	+ else if (command->type == unknown_command)
	4696	+ break;
	4697	+ unknown_command = command->type;
	4698	+
	4699	+ (*_bfd_error_handler)(_("%B: unknown load command 0x%lx"),
	4700	+ abfd, (unsigned long) command->type);
	4701	+ break;
	4702	+ }
4666	4703	}
4667	4704
4668	4705	return TRUE;

--- a/bfd/syms.c

+++ b/bfd/syms.c

		@@ -823,6 +823,7 @@ _bfd_generic_read_minisymbols (bfd *abfd,
823	823
824	824	*minisymsp = syms;
825	825	sizep = sizeof (asymbol );
	826	+
826	827	return symcount;
827	828
828	829	error_return:

		@@ -1191,6 +1192,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
1191	1192	{
1192	1193	nul_fun = stab;
1193	1194	nul_str = str;
	1195	+ if (file_name >= (char *) info->strs + strsize)
	1196	+ file_name = NULL;
1194	1197	if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize
1195	1198	&& *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO)
1196	1199	{

		@@ -1200,6 +1203,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
1200	1203	directory_name = file_name;
1201	1204	file_name = ((char *) str
1202	1205	+ bfd_get_32 (abfd, stab + STRDXOFF));
	1206	+ if (file_name >= (char *) info->strs + strsize)
	1207	+ file_name = NULL;
1203	1208	}
1204	1209	}
1205	1210	break;

		@@ -1207,6 +1212,9 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
1207	1212	case N_SOL:
1208	1213	/* The name of an include file. */
1209	1214	file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
	1215	+ /* PR 17512: file: 0c680a1f. */
	1216	+ if (file_name >= (char *) info->strs + strsize)
	1217	+ file_name = NULL;
1210	1218	break;
1211	1219
1212	1220	case N_FUN:

		@@ -1214,6 +1222,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
1214	1222	function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
1215	1223	if (function_name == (char *) str)
1216	1224	continue;
	1225	+ if (function_name >= (char *) info->strs + strsize)
	1226	+ function_name = NULL;
1217	1227
1218	1228	nul_fun = NULL;
1219	1229	info->indextable[i].val = bfd_get_32 (abfd, stab + VALOFF);

		@@ -1321,6 +1331,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
1321	1331	if (val <= offset)
1322	1332	{
1323	1333	file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
	1334	+ if (file_name >= (char *) info->strs + strsize)
	1335	+ file_name = NULL;
1324	1336	*pline = 0;
1325	1337	}
1326	1338	break;

--- a/binutils/ChangeLog

+++ b/binutils/ChangeLog

		@@ -1,5 +1,18 @@
1	1	2015-01-05 Nick Clifton <nickc@redhat.com>
2	2
	3	+ PR binutils/17512
	4	+ * nm.c (print_symbol): Add 'is_synthetic' parameter. Use it to
	5	+ help initialize the info.elfinfo field.
	6	+ (print_size_symbols): Add 'synth_count' parameter. Use it to set
	7	+ the is_synthetic parameter when calling print_symbol.
	8	+ (print_symbols): Likewise.
	9	+ (display_rel_file): Pass synth_count to printing function.
	10	+ (display_archive): Break loop if the last archive displayed
	11	+ matches the current archive.
	12	+ * size.c (display_archive): Likewise.
	13	+
	14	+2015-01-05 Nick Clifton <nickc@redhat.com>
	15	+
3	16	PR binutils/17531
4	17	* dwarf.c (alloc_num_debug_info_entries): New variable.
5	18	(process_debug_info): Set it. Use it to avoid displaying

--- a/binutils/nm.c

+++ b/binutils/nm.c

		@@ -806,7 +806,11 @@ get_relocs (bfd abfd, asection sec, void *dataarg)
806	806	/* Print a single symbol. */
807	807
808	808	static void
809		-print_symbol (bfd abfd, asymbol sym, bfd_vma ssize, bfd *archive_bfd)
	809	+print_symbol (bfd * abfd,
	810	+ asymbol * sym,
	811	+ bfd_vma ssize,
	812	+ bfd * archive_bfd,
	813	+ bfd_boolean is_synthetic)
810	814	{
811	815	symbol_info syminfo;
812	816	struct extended_symbol_info info;

		@@ -816,12 +820,12 @@ print_symbol (bfd abfd, asymbol sym, bfd_vma ssize, bfd *archive_bfd)
816	820	format->print_symbol_filename (archive_bfd, abfd);
817	821
818	822	bfd_get_symbol_info (abfd, sym, &syminfo);
	823	+
819	824	info.sinfo = &syminfo;
820	825	info.ssize = ssize;
821		- if (bfd_get_flavour (abfd) == bfd_target_elf_flavour)
822		- info.elfinfo = (elf_symbol_type *) sym;
823		- else
824		- info.elfinfo = NULL;
	826	+ /* Synthetic symbols do not have a full elf_symbol_type set of data available. */
	827	+ info.elfinfo = is_synthetic ? NULL : elf_symbol_from (abfd, sym);
	828	+
825	829	format->print_symbol_info (&info, abfd);
826	830
827	831	if (line_numbers)

		@@ -941,12 +945,17 @@ print_symbol (bfd abfd, asymbol sym, bfd_vma ssize, bfd *archive_bfd)
941	945	/* Print the symbols when sorting by size. */
942	946
943	947	static void
944		-print_size_symbols (bfd *abfd, bfd_boolean is_dynamic,
945		- struct size_sym *symsizes, long symcount,
946		- bfd *archive_bfd)
	948	+print_size_symbols (bfd * abfd,
	949	+ bfd_boolean is_dynamic,
	950	+ struct size_sym * symsizes,
	951	+ long symcount,
	952	+ long synth_count,
	953	+ bfd * archive_bfd)
947	954	{
948	955	asymbol *store;
949		- struct size_sym from, fromend;
	956	+ struct size_sym *from;
	957	+ struct size_sym *fromend;
	958	+ struct size_sym *fromsynth;
950	959
951	960	store = bfd_make_empty_symbol (abfd);
952	961	if (store == NULL)

		@@ -954,6 +963,8 @@ print_size_symbols (bfd *abfd, bfd_boolean is_dynamic,
954	963
955	964	from = symsizes;
956	965	fromend = from + symcount;
	966	+ fromsynth = symsizes + (symcount - synth_count);
	967	+
957	968	for (; from < fromend; from++)
958	969	{
959	970	asymbol *sym;

		@@ -962,20 +973,34 @@ print_size_symbols (bfd *abfd, bfd_boolean is_dynamic,
962	973	if (sym == NULL)
963	974	bfd_fatal (bfd_get_filename (abfd));
964	975
965		- print_symbol (abfd, sym, from->size, archive_bfd);
	976	+ print_symbol (abfd, sym, from->size, archive_bfd, from >= fromsynth);
966	977	}
967	978	}
968	979
969	980
970		-/* Print the symbols. If ARCHIVE_BFD is non-NULL, it is the archive
971		- containing ABFD. */
	981	+/* Print the symbols of ABFD that are held in MINISYMS.
	982	+
	983	+ If ARCHIVE_BFD is non-NULL, it is the archive containing ABFD.
	984	+
	985	+ SYMCOUNT is the number of symbols in MINISYMS and SYNTH_COUNT
	986	+ is the number of these that are synthetic. Synthetic symbols,
	987	+ if any are present, always come at the end of the MINISYMS.
	988	+
	989	+ SIZE is the size of a symbol in MINISYMS. */
972	990
973	991	static void
974		-print_symbols (bfd abfd, bfd_boolean is_dynamic, void minisyms, long symcount,
975		- unsigned int size, bfd *archive_bfd)
	992	+print_symbols (bfd * abfd,
	993	+ bfd_boolean is_dynamic,
	994	+ void * minisyms,
	995	+ long symcount,
	996	+ long synth_count,
	997	+ unsigned int size,
	998	+ bfd * archive_bfd)
976	999	{
977	1000	asymbol *store;
978		- bfd_byte from, fromend;
	1001	+ bfd_byte *from;
	1002	+ bfd_byte *fromend;
	1003	+ bfd_byte *fromsynth;
979	1004
980	1005	store = bfd_make_empty_symbol (abfd);
981	1006	if (store == NULL)

		@@ -983,6 +1008,8 @@ print_symbols (bfd abfd, bfd_boolean is_dynamic, void minisyms, long symcount,
983	1008
984	1009	from = (bfd_byte *) minisyms;
985	1010	fromend = from + symcount * size;
	1011	+ fromsynth = (bfd_byte ) minisyms + ((symcount - synth_count) size);
	1012	+
986	1013	for (; from < fromend; from += size)
987	1014	{
988	1015	asymbol *sym;

		@@ -991,7 +1018,7 @@ print_symbols (bfd abfd, bfd_boolean is_dynamic, void minisyms, long symcount,
991	1018	if (sym == NULL)
992	1019	bfd_fatal (bfd_get_filename (abfd));
993	1020
994		- print_symbol (abfd, sym, (bfd_vma) 0, archive_bfd);
	1021	+ print_symbol (abfd, sym, (bfd_vma) 0, archive_bfd, from >= fromsynth);
995	1022	}
996	1023	}
997	1024

		@@ -1001,6 +1028,7 @@ static void
1001	1028	display_rel_file (bfd abfd, bfd archive_bfd)
1002	1029	{
1003	1030	long symcount;
	1031	+ long synth_count = 0;
1004	1032	void *minisyms;
1005	1033	unsigned int size;
1006	1034	struct size_sym *symsizes;

		@@ -1031,11 +1059,10 @@ display_rel_file (bfd abfd, bfd archive_bfd)
1031	1059	non_fatal (_("%s: no symbols"), bfd_get_filename (abfd));
1032	1060	return;
1033	1061	}
1034		-
	1062	+
1035	1063	if (show_synthetic && size == sizeof (asymbol *))
1036	1064	{
1037	1065	asymbol *synthsyms;
1038		- long synth_count;
1039	1066	asymbol **static_syms = NULL;
1040	1067	asymbol **dyn_syms = NULL;
1041	1068	long static_count = 0;

		@@ -1061,6 +1088,7 @@ display_rel_file (bfd abfd, bfd archive_bfd)
1061	1088	bfd_fatal (bfd_get_filename (abfd));
1062	1089	}
1063	1090	}
	1091	+
1064	1092	synth_count = bfd_get_synthetic_symtab (abfd, static_count, static_syms,
1065	1093	dyn_count, dyn_syms, &synthsyms);
1066	1094	if (synth_count > 0)

		@@ -1106,9 +1134,9 @@ display_rel_file (bfd abfd, bfd archive_bfd)
1106	1134	}
1107	1135
1108	1136	if (! sort_by_size)
1109		- print_symbols (abfd, dynamic, minisyms, symcount, size, archive_bfd);
	1137	+ print_symbols (abfd, dynamic, minisyms, symcount, synth_count, size, archive_bfd);
1110	1138	else
1111		- print_size_symbols (abfd, dynamic, symsizes, symcount, archive_bfd);
	1139	+ print_size_symbols (abfd, dynamic, symsizes, symcount, synth_count, archive_bfd);
1112	1140
1113	1141	free (minisyms);
1114	1142	free (symsizes);

		@@ -1181,6 +1209,8 @@ display_archive (bfd *file)
1181	1209	bfd_close (last_arfile);
1182	1210	lineno_cache_bfd = NULL;
1183	1211	lineno_cache_rel_bfd = NULL;
	1212	+ if (arfile == last_arfile)
	1213	+ return;
1184	1214	}
1185	1215	last_arfile = arfile;
1186	1216	}

		@@ -1434,7 +1464,6 @@ print_symbol_info_bsd (struct extended_symbol_info info, bfd abfd)
1434	1464	print_value (abfd, SYM_SIZE (info));
1435	1465	else
1436	1466	print_value (abfd, SYM_VALUE (info));
1437		-
1438	1467	if (print_size && SYM_SIZE (info))
1439	1468	{
1440	1469	printf (" ");

--- a/binutils/size.c

+++ b/binutils/size.c

		@@ -365,7 +365,14 @@ display_archive (bfd *file)
365	365	display_bfd (arfile);
366	366
367	367	if (last_arfile != NULL)
368		- bfd_close (last_arfile);
	368	+ {
	369	+ bfd_close (last_arfile);
	370	+
	371	+ /* PR 17512: file: a244edbc. */
	372	+ if (last_arfile == arfile)
	373	+ return;
	374	+ }
	375	+
369	376	last_arfile = arfile;
370	377	}
371	378

binutils_os216 Fork