if (set != NULL)
{
while ((i = *set++) > 0)
- if (streq (SECTION_NAME (section_headers + i), name))
- return section_headers + i;
+ {
+ /* See PR 21156 for a reproducer. */
+ if (i >= elf_header.e_shnum)
+ continue; /* FIXME: Should we issue an error message ? */
+
+ if (streq (SECTION_NAME (section_headers + i), name))
+ return section_headers + i;
+ }
}
return find_section (name);
if (elf_header.e_ident[EI_OSABI] == ELFOSABI_SOLARIS)
result = get_solaris_section_type (sh_type);
else
- result = NULL;
+ {
+ switch (sh_type)
+ {
+ case SHT_GNU_INCREMENTAL_INPUTS: result = "GNU_INCREMENTAL_INPUTS"; break;
+ case SHT_GNU_ATTRIBUTES: result = "GNU_ATTRIBUTES"; break;
+ case SHT_GNU_HASH: result = "GNU_HASH"; break;
+ case SHT_GNU_LIBLIST: result = "GNU_LIBLIST"; break;
+ default:
+ result = NULL;
+ break;
+ }
+ }
break;
}
}
static unsigned int
-get_compression_header (Elf_Internal_Chdr *chdr, unsigned char *buf)
+get_compression_header (Elf_Internal_Chdr *chdr, unsigned char *buf, bfd_size_type size)
{
if (is_32bit_elf)
{
Elf32_External_Chdr *echdr = (Elf32_External_Chdr *) buf;
+ if (size < sizeof (* echdr))
+ {
+ error (_("Compressed section is too small even for a compression header\n"));
+ return 0;
+ }
+
chdr->ch_type = BYTE_GET (echdr->ch_type);
chdr->ch_size = BYTE_GET (echdr->ch_size);
chdr->ch_addralign = BYTE_GET (echdr->ch_addralign);
{
Elf64_External_Chdr *echdr = (Elf64_External_Chdr *) buf;
+ if (size < sizeof (* echdr))
+ {
+ error (_("Compressed section is too small even for a compression header\n"));
+ return 0;
+ }
+
chdr->ch_type = BYTE_GET (echdr->ch_type);
chdr->ch_size = BYTE_GET (echdr->ch_size);
chdr->ch_addralign = BYTE_GET (echdr->ch_addralign);
{
Elf_Internal_Chdr chdr;
- (void) get_compression_header (&chdr, buf);
+ (void) get_compression_header (&chdr, buf, sizeof (buf));
if (chdr.ch_type == ELFCOMPRESS_ZLIB)
printf (" ZLIB, ");
ent.vd_ndx, ent.vd_cnt);
/* Check for overflow. */
- if (ent.vd_aux > (size_t) (endbuf - vstart))
+ if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
break;
vstart += ent.vd_aux;
return 1;
}
+#define IN_RANGE(START,END,ADDR,OFF) \
+ (((ADDR) >= (START)) && ((ADDR) + (OFF) < (END)))
+
/* Check to see if the given reloc needs to be handled in a target specific
manner. If so then process the reloc and return TRUE otherwise return
- FALSE. */
+ FALSE.
+
+ If called with reloc == NULL, then this is a signal that reloc processing
+ for the current section has finished, and any saved state should be
+ discarded. */
static bfd_boolean
target_specific_reloc_handling (Elf_Internal_Rela * reloc,
unsigned char * start,
unsigned char * end,
- Elf_Internal_Sym * symtab)
+ Elf_Internal_Sym * symtab,
+ unsigned long num_syms)
{
- unsigned int reloc_type = get_reloc_type (reloc->r_info);
+ unsigned int reloc_type = 0;
+ unsigned long sym_index = 0;
+
+ if (reloc)
+ {
+ reloc_type = get_reloc_type (reloc->r_info);
+ sym_index = get_reloc_symindex (reloc->r_info);
+ }
switch (elf_header.e_machine)
{
{
static Elf_Internal_Sym * saved_sym = NULL;
+ if (reloc == NULL)
+ {
+ saved_sym = NULL;
+ return TRUE;
+ }
+
switch (reloc_type)
{
case 10: /* R_MSP430_SYM_DIFF */
break;
/* Fall through. */
case 21: /* R_MSP430X_SYM_DIFF */
- saved_sym = symtab + get_reloc_symindex (reloc->r_info);
+ /* PR 21139. */
+ if (sym_index >= num_syms)
+ error (_("MSP430 SYM_DIFF reloc contains invalid symbol index %lu\n"),
+ sym_index);
+ else
+ saved_sym = symtab + sym_index;
return TRUE;
case 1: /* R_MSP430_32 or R_MSP430_ABS32 */
int reloc_size = reloc_type == 1 ? 4 : 2;
bfd_vma value;
- value = reloc->r_addend
- + (symtab[get_reloc_symindex (reloc->r_info)].st_value
- - saved_sym->st_value);
-
- if (start + reloc->r_offset + reloc_size >= end)
- /* PR 21137 */
- error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"),
- start + reloc->r_offset + reloc_size, end);
+ if (sym_index >= num_syms)
+ error (_("MSP430 reloc contains invalid symbol index %lu\n"),
+ sym_index);
else
- byte_put (start + reloc->r_offset, value, reloc_size);
+ {
+ value = reloc->r_addend + (symtab[sym_index].st_value
+ - saved_sym->st_value);
+
+ if (IN_RANGE (start, end, start + reloc->r_offset, reloc_size))
+ byte_put (start + reloc->r_offset, value, reloc_size);
+ else
+ /* PR 21137 */
+ error (_("MSP430 sym diff reloc contains invalid offset: 0x%lx\n"),
+ (long) reloc->r_offset);
+ }
saved_sym = NULL;
return TRUE;
{
static Elf_Internal_Sym * saved_sym = NULL;
+ if (reloc == NULL)
+ {
+ saved_sym = NULL;
+ return TRUE;
+ }
+
switch (reloc_type)
{
case 34: /* R_MN10300_ALIGN */
return TRUE;
case 33: /* R_MN10300_SYM_DIFF */
- saved_sym = symtab + get_reloc_symindex (reloc->r_info);
+ if (sym_index >= num_syms)
+ error (_("MN10300_SYM_DIFF reloc contains invalid symbol index %lu\n"),
+ sym_index);
+ else
+ saved_sym = symtab + sym_index;
return TRUE;
+
case 1: /* R_MN10300_32 */
case 2: /* R_MN10300_16 */
if (saved_sym != NULL)
int reloc_size = reloc_type == 1 ? 4 : 2;
bfd_vma value;
- value = reloc->r_addend
- + (symtab[get_reloc_symindex (reloc->r_info)].st_value
- - saved_sym->st_value);
-
- if (start + reloc->r_offset + reloc_size >= end)
- error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"),
- start + reloc->r_offset + reloc_size, end);
+ if (sym_index >= num_syms)
+ error (_("MN10300 reloc contains invalid symbol index %lu\n"),
+ sym_index);
else
- byte_put (start + reloc->r_offset, value, reloc_size);
+ {
+ value = reloc->r_addend + (symtab[sym_index].st_value
+ - saved_sym->st_value);
+
+ if (IN_RANGE (start, end, start + reloc->r_offset, reloc_size))
+ byte_put (start + reloc->r_offset, value, reloc_size);
+ else
+ error (_("MN10300 sym diff reloc contains invalid offset: 0x%lx\n"),
+ (long) reloc->r_offset);
+ }
saved_sym = NULL;
return TRUE;
static bfd_vma saved_sym2 = 0;
static bfd_vma value;
+ if (reloc == NULL)
+ {
+ saved_sym1 = saved_sym2 = 0;
+ return TRUE;
+ }
+
switch (reloc_type)
{
case 0x80: /* R_RL78_SYM. */
saved_sym1 = saved_sym2;
- saved_sym2 = symtab[get_reloc_symindex (reloc->r_info)].st_value;
- saved_sym2 += reloc->r_addend;
+ if (sym_index >= num_syms)
+ error (_("RL78_SYM reloc contains invalid symbol index %lu\n"),
+ sym_index);
+ else
+ {
+ saved_sym2 = symtab[sym_index].st_value;
+ saved_sym2 += reloc->r_addend;
+ }
return TRUE;
case 0x83: /* R_RL78_OPsub. */
break;
case 0x41: /* R_RL78_ABS32. */
- if (start + reloc->r_offset + 4 >= end)
- error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"),
- start + reloc->r_offset + 2, end);
- else
+ if (IN_RANGE (start, end, start + reloc->r_offset, 4))
byte_put (start + reloc->r_offset, value, 4);
+ else
+ error (_("RL78 sym diff reloc contains invalid offset: 0x%lx\n"),
+ (long) reloc->r_offset);
value = 0;
return TRUE;
case 0x43: /* R_RL78_ABS16. */
- if (start + reloc->r_offset + 2 >= end)
- error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"),
- start + reloc->r_offset + 2, end);
- else
+ if (IN_RANGE (start, end, start + reloc->r_offset, 2))
byte_put (start + reloc->r_offset, value, 2);
+ else
+ error (_("RL78 sym diff reloc contains invalid offset: 0x%lx\n"),
+ (long) reloc->r_offset);
value = 0;
return TRUE;
reloc_type = get_reloc_type (rp->r_info);
- if (target_specific_reloc_handling (rp, start, end, symtab))
+ if (target_specific_reloc_handling (rp, start, end, symtab, num_syms))
continue;
else if (is_none_reloc (reloc_type))
continue;
}
free (symtab);
+ /* Let the target specific reloc processing code know that
+ we have finished with these relocs. */
+ target_specific_reloc_handling (NULL, NULL, NULL, NULL, 0);
if (relocs_return)
{
{
Elf_Internal_Chdr chdr;
unsigned int compression_header_size
- = get_compression_header (& chdr, (unsigned char *) start);
+ = get_compression_header (& chdr, (unsigned char *) start,
+ num_bytes);
if (chdr.ch_type != ELFCOMPRESS_ZLIB)
{
new_size -= 12;
}
- if (uncompressed_size
- && uncompress_section_contents (& start,
- uncompressed_size, & new_size))
- num_bytes = new_size;
+ if (uncompressed_size)
+ {
+ if (uncompress_section_contents (& start,
+ uncompressed_size, & new_size))
+ num_bytes = new_size;
+ else
+ {
+ error (_("Unable to decompress section %s\n"),
+ printable_section_name (section));
+ return;
+ }
+ }
+ else
+ start = real_start;
}
/* If the section being dumped has relocations against it the user might
{
Elf_Internal_Chdr chdr;
unsigned int compression_header_size
- = get_compression_header (& chdr, start);
+ = get_compression_header (& chdr, start, section_size);
if (chdr.ch_type != ELFCOMPRESS_ZLIB)
{
new_size -= 12;
}
- if (uncompressed_size
- && uncompress_section_contents (& start, uncompressed_size,
- & new_size))
- section_size = new_size;
+ if (uncompressed_size)
+ {
+ if (uncompress_section_contents (& start, uncompressed_size,
+ & new_size))
+ {
+ section_size = new_size;
+ }
+ else
+ {
+ error (_("Unable to decompress section %s\n"),
+ printable_section_name (section));
+ /* FIXME: Print the section anyway ? */
+ return;
+ }
+ }
+ else
+ start = real_start;
}
if (relocate)
return 0;
}
- compression_header_size = get_compression_header (&chdr, start);
+ compression_header_size = get_compression_header (&chdr, start, size);
if (chdr.ch_type != ELFCOMPRESS_ZLIB)
{
size -= 12;
}
- if (uncompressed_size
- && uncompress_section_contents (&start, uncompressed_size,
- &size))
+ if (uncompressed_size)
{
- /* Free the compressed buffer, update the section buffer
- and the section size if uncompress is successful. */
- free (section->start);
- section->start = start;
+ if (uncompress_section_contents (&start, uncompressed_size,
+ &size))
+ {
+ /* Free the compressed buffer, update the section buffer
+ and the section size if uncompress is successful. */
+ free (section->start);
+ section->start = start;
+ }
+ else
+ {
+ error (_("Unable to decompress section %s\n"),
+ printable_section_name (sec));
+ return 0;
+ }
}
+
section->size = size;
}
/* Check to see if the user requested a
dump of a section that does not exist. */
- while (i++ < num_dump_sects)
- if (dump_sects[i])
- warn (_("Section %d was not dumped because it does not exist!\n"), i);
+ while (i < num_dump_sects)
+ {
+ if (dump_sects[i])
+ warn (_("Section %d was not dumped because it does not exist!\n"), i);
+ i++;
+ }
}
static void
projects / binutils-gdb.git / blobdiff