+2019-03-12 Alan Modra <amodra@gmail.com>
+
+ * coffcode.h (buy_and_read): Delete unnecessary forward decl. Add
+ nmemb parameter. Use bfd_alloc2.
+ (coff_slurp_line_table): Use bfd_alloc2. Update buy_and_read calls.
+ Delete assertion.
+ (coff_slurp_symbol_table): Use bfd_alloc2 and bfd_zalloc2.
+ (coff_slurp_reloc_table): Use bfd_alloc2. Update buy_and_read calls.
+ * coffgen.c (coff_get_reloc_upper_bound): Ensure size calculation
+ doesn't overflow.
+ * elf.c (bfd_section_from_shdr): Use bfd_zalloc2. Style fix.
+ (assign_section_numbers): Style fix.
+ (swap_out_syms): Use bfd_malloc2.
+ (_bfd_elf_get_reloc_upper_bound): Ensure size calculation doesn't
+ overflow.
+ (_bfd_elf_make_empty_symbol): Style fix.
+ (elfobj_grok_stapsdt_note_1): Formatting.
+ * elfcode.h (elf_object_p): Use bfd_alloc2.
+ (elf_write_relocs, elf_write_shdrs_and_ehdr): Likewise.
+ (elf_slurp_symbol_table): Use bfd_zalloc2.
+ (elf_slurp_reloc_table): Use bfd_alloc2.
+ (_bfd_elf_bfd_from_remote_memory): Use bfd_malloc2.
+ * elf64-sparc (elf64_sparc_get_reloc_upper_bound): Ensure
+ size calculation doesn't overflow.
+ (elf64_sparc_get_dynamic_reloc_upper_bound): Likewise.
+ * mach-o.c (bfd_mach_o_get_reloc_upper_bound): Likewise.
+ * pdp11.c (get_reloc_upper_bound): Copy aoutx.h version.
+
2019-03-08 Alan Modra <amodra@gmail.com>
PR 24311
(bfd *) ATTRIBUTE_UNUSED;
static bfd_boolean coff_set_section_contents
(bfd *, asection *, const void *, file_ptr, bfd_size_type);
-static void * buy_and_read
- (bfd *, file_ptr, bfd_size_type);
static bfd_boolean coff_slurp_line_table
(bfd *, asection *);
static bfd_boolean coff_slurp_symbol_table
}
static void *
-buy_and_read (bfd *abfd, file_ptr where, bfd_size_type size)
+buy_and_read (bfd *abfd, file_ptr where,
+ bfd_size_type nmemb, bfd_size_type size)
{
- void * area = bfd_alloc (abfd, size);
+ void *area = bfd_alloc2 (abfd, nmemb, size);
if (!area)
return NULL;
+ size *= nmemb;
if (bfd_seek (abfd, where, SEEK_SET) != 0
|| bfd_bread (area, size, abfd) != size)
return NULL;
{
LINENO *native_lineno;
alent *lineno_cache;
- bfd_size_type amt;
unsigned int counter;
alent *cache_ptr;
bfd_vma prev_offset = 0;
return FALSE;
}
- amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent);
- lineno_cache = (alent *) bfd_alloc (abfd, amt);
+ lineno_cache = (alent *) bfd_alloc2 (abfd,
+ (bfd_size_type) asect->lineno_count + 1,
+ sizeof (alent));
if (lineno_cache == NULL)
return FALSE;
- amt = (bfd_size_type) bfd_coff_linesz (abfd) * asect->lineno_count;
- native_lineno = (LINENO *) buy_and_read (abfd, asect->line_filepos, amt);
+ native_lineno = (LINENO *) buy_and_read (abfd, asect->line_filepos,
+ asect->lineno_count,
+ bfd_coff_linesz (abfd));
if (native_lineno == NULL)
{
_bfd_error_handler
alent *n_lineno_cache;
/* Create a table of functions. */
- func_table = (alent **) bfd_alloc (abfd, nbr_func * sizeof (alent *));
+ func_table = (alent **) bfd_alloc2 (abfd, nbr_func, sizeof (alent *));
if (func_table != NULL)
{
alent **p = func_table;
qsort (func_table, nbr_func, sizeof (alent *), coff_sort_func_alent);
/* Create the new sorted table. */
- amt = (bfd_size_type) asect->lineno_count * sizeof (alent);
- n_lineno_cache = (alent *) bfd_alloc (abfd, amt);
+ n_lineno_cache = (alent *) bfd_alloc2 (abfd, asect->lineno_count,
+ sizeof (alent));
if (n_lineno_cache != NULL)
{
alent *n_cache_ptr = n_lineno_cache;
*n_cache_ptr++ = *old_ptr++;
while (old_ptr->line_number != 0);
}
- BFD_ASSERT ((bfd_size_type) (n_cache_ptr - n_lineno_cache) == (amt / sizeof (alent)));
- memcpy (lineno_cache, n_lineno_cache, amt);
+ memcpy (lineno_cache, n_lineno_cache,
+ asect->lineno_count * sizeof (alent));
}
else
ret = FALSE;
combined_entry_type *native_symbols;
coff_symbol_type *cached_area;
unsigned int *table_ptr;
- bfd_size_type amt;
unsigned int number_of_symbols = 0;
bfd_boolean ret = TRUE;
return FALSE;
/* Allocate enough room for all the symbols in cached form. */
- amt = obj_raw_syment_count (abfd);
- amt *= sizeof (coff_symbol_type);
- cached_area = (coff_symbol_type *) bfd_alloc (abfd, amt);
+ cached_area = (coff_symbol_type *) bfd_alloc2 (abfd,
+ obj_raw_syment_count (abfd),
+ sizeof (coff_symbol_type));
if (cached_area == NULL)
return FALSE;
- amt = obj_raw_syment_count (abfd);
- amt *= sizeof (unsigned int);
- table_ptr = (unsigned int *) bfd_zalloc (abfd, amt);
+ table_ptr = (unsigned int *) bfd_zalloc2 (abfd, obj_raw_syment_count (abfd),
+ sizeof (unsigned int));
if (table_ptr == NULL)
return FALSE;
arelent *reloc_cache;
arelent *cache_ptr;
unsigned int idx;
- bfd_size_type amt;
if (asect->relocation)
return TRUE;
if (!coff_slurp_symbol_table (abfd))
return FALSE;
- amt = (bfd_size_type) bfd_coff_relsz (abfd) * asect->reloc_count;
- native_relocs = (RELOC *) buy_and_read (abfd, asect->rel_filepos, amt);
- amt = (bfd_size_type) asect->reloc_count * sizeof (arelent);
- reloc_cache = (arelent *) bfd_alloc (abfd, amt);
+ native_relocs = (RELOC *) buy_and_read (abfd, asect->rel_filepos,
+ asect->reloc_count,
+ bfd_coff_relsz (abfd));
+ reloc_cache = (arelent *) bfd_alloc2 (abfd, asect->reloc_count,
+ sizeof (arelent));
if (reloc_cache == NULL || native_relocs == NULL)
return FALSE;
coff_data (abfd). */
#include "sysdep.h"
+#include <limits.h>
#include "bfd.h"
#include "libbfd.h"
#include "coff/internal.h"
return internal;
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wtype-limits"
+#endif
long
coff_get_reloc_upper_bound (bfd *abfd, sec_ptr asect)
{
bfd_set_error (bfd_error_invalid_operation);
return -1;
}
+ if (asect->reloc_count >= LONG_MAX / sizeof (arelent *))
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ return -1;
+ }
return (asect->reloc_count + 1) * sizeof (arelent *);
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic pop
+#endif
asymbol *
coff_make_empty_symbol (bfd *abfd)
sections_being_created = NULL;
if (sections_being_created == NULL)
{
- /* FIXME: It would be more efficient to attach this array to the bfd somehow. */
sections_being_created = (bfd_boolean *)
- bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
+ bfd_zalloc2 (abfd, elf_numsections (abfd), sizeof (bfd_boolean));
sections_being_created_abfd = abfd;
}
if (sections_being_created [shindex])
if (entry->ndx == shindex)
goto success;
- entry = bfd_alloc (abfd, sizeof * entry);
+ entry = bfd_alloc (abfd, sizeof (*entry));
if (entry == NULL)
goto fail;
entry->ndx = shindex;
_bfd_elf_strtab_addref (elf_shstrtab (abfd), t->symtab_hdr.sh_name);
if (section_number > ((SHN_LORESERVE - 2) & 0xFFFF))
{
- elf_section_list * entry;
+ elf_section_list *entry;
BFD_ASSERT (elf_symtab_shndx_list (abfd) == NULL);
- entry = bfd_zalloc (abfd, sizeof * entry);
+ entry = bfd_zalloc (abfd, sizeof (*entry));
entry->ndx = section_number++;
elf_symtab_shndx_list (abfd) = entry;
entry->hdr.sh_name
symstrtab_hdr->sh_type = SHT_STRTAB;
/* Allocate buffer to swap out the .strtab section. */
- symstrtab = (struct elf_sym_strtab *) bfd_malloc ((symcount + 1)
- * sizeof (*symstrtab));
+ symstrtab = (struct elf_sym_strtab *) bfd_malloc2 (symcount + 1,
+ sizeof (*symstrtab));
if (symstrtab == NULL)
{
_bfd_elf_strtab_free (stt);
return symtab_size;
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wtype-limits"
+#endif
long
_bfd_elf_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED,
sec_ptr asect)
{
+
+ if (asect->reloc_count >= LONG_MAX / sizeof (arelent *))
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ return -1;
+ }
return (asect->reloc_count + 1) * sizeof (arelent *);
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic pop
+#endif
/* Canonicalize the relocs. */
{
elf_symbol_type *newsym;
- newsym = (elf_symbol_type *) bfd_zalloc (abfd, sizeof * newsym);
+ newsym = (elf_symbol_type *) bfd_zalloc (abfd, sizeof (*newsym));
if (!newsym)
return NULL;
newsym->symbol.the_bfd = abfd;
elfobj_grok_stapsdt_note_1 (bfd *abfd, Elf_Internal_Note *note)
{
struct sdt_note *cur =
- (struct sdt_note *) bfd_alloc (abfd, sizeof (struct sdt_note)
- + note->descsz);
+ (struct sdt_note *) bfd_alloc (abfd,
+ sizeof (struct sdt_note) + note->descsz);
cur->next = (struct sdt_note *) (elf_tdata (abfd))->sdt_note_head;
cur->size = (bfd_size_type) note->descsz;
MA 02110-1301, USA. */
#include "sysdep.h"
+#include <limits.h>
#include "bfd.h"
#include "libbfd.h"
#include "elf-bfd.h"
section can represent up to two relocs, we must tell the user to allocate
more space. */
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wtype-limits"
+#endif
static long
elf64_sparc_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED, asection *sec)
{
+ if (sec->reloc_count >= LONG_MAX / 2 / sizeof (arelent *))
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ return -1;
+ }
return (sec->reloc_count * 2 + 1) * sizeof (arelent *);
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic pop
+#endif
static long
elf64_sparc_get_dynamic_reloc_upper_bound (bfd *abfd)
{
- return _bfd_elf_get_dynamic_reloc_upper_bound (abfd) * 2;
+ long ret = _bfd_elf_get_dynamic_reloc_upper_bound (abfd);
+ if (ret > LONG_MAX / 2)
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ ret = -1;
+ }
+ else if (ret > 0)
+ ret *= 2;
+ return ret;
}
/* Read relocations for ASECT from REL_HDR. There are RELOC_COUNT of
unsigned int shindex;
const struct elf_backend_data *ebd;
asection *s;
- bfd_size_type amt;
const bfd_target *target;
/* Read in the ELF header in external format. */
if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
goto got_wrong_format_error;
#endif
- amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum;
- i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
+ i_shdrp = (Elf_Internal_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
+ sizeof (*i_shdrp));
if (!i_shdrp)
goto got_no_match;
num_sec = i_ehdrp->e_shnum;
elf_numsections (abfd) = num_sec;
- amt = sizeof (i_shdrp) * num_sec;
- elf_elfsections (abfd) = (Elf_Internal_Shdr **) bfd_alloc (abfd, amt);
+ elf_elfsections (abfd)
+ = (Elf_Internal_Shdr **) bfd_alloc2 (abfd, num_sec, sizeof (i_shdrp));
if (!elf_elfsections (abfd))
goto got_no_match;
if (bfd_get_file_size (abfd) > 0
&& i_ehdrp->e_phnum > bfd_get_file_size (abfd))
goto got_no_match;
- amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
- elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
+ elf_tdata (abfd)->phdr
+ = (Elf_Internal_Phdr *) bfd_alloc2 (abfd, i_ehdrp->e_phnum,
+ sizeof (*i_phdr));
if (elf_tdata (abfd)->phdr == NULL)
goto got_no_match;
if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_phoff, SEEK_SET) != 0)
rela_hdr = elf_section_data (sec)->rel.hdr;
rela_hdr->sh_size = rela_hdr->sh_entsize * sec->reloc_count;
- rela_hdr->contents = (unsigned char *) bfd_alloc (abfd, rela_hdr->sh_size);
+ rela_hdr->contents = (unsigned char *) bfd_alloc2 (abfd, sec->reloc_count,
+ rela_hdr->sh_entsize);
if (rela_hdr->contents == NULL)
{
*failedp = TRUE;
i_shdrp[0]->sh_link = i_ehdrp->e_shstrndx;
/* at this point we've concocted all the ELF sections... */
- amt = i_ehdrp->e_shnum;
- amt *= sizeof (*x_shdrp);
- x_shdrp = (Elf_External_Shdr *) bfd_alloc (abfd, amt);
+ x_shdrp = (Elf_External_Shdr *) bfd_alloc2 (abfd, i_ehdrp->e_shnum,
+ sizeof (*x_shdrp));
if (!x_shdrp)
return FALSE;
#endif
elf_swap_shdr_out (abfd, *i_shdrp, x_shdrp + count);
}
+ amt = (bfd_size_type) i_ehdrp->e_shnum * sizeof (*x_shdrp);
if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0
|| bfd_bwrite (x_shdrp, amt, abfd) != amt)
return FALSE;
Elf_External_Versym *xver;
Elf_External_Versym *xverbuf = NULL;
const struct elf_backend_data *ebd;
- bfd_size_type amt;
/* Read each raw ELF symbol, converting from external ELF form to
internal ELF form, and then using the information to create a
if (isymbuf == NULL)
return -1;
- amt = symcount;
- amt *= sizeof (elf_symbol_type);
- symbase = (elf_symbol_type *) bfd_zalloc (abfd, amt);
+ symbase = (elf_symbol_type *) bfd_zalloc2 (abfd, symcount,
+ sizeof (elf_symbol_type));
if (symbase == (elf_symbol_type *) NULL)
goto error_return;
bfd_size_type reloc_count;
bfd_size_type reloc_count2;
arelent *relents;
- bfd_size_type amt;
if (asect->relocation != NULL)
return TRUE;
reloc_count2 = 0;
}
- amt = (reloc_count + reloc_count2) * sizeof (arelent);
- relents = (arelent *) bfd_alloc (abfd, amt);
+ relents = (arelent *) bfd_alloc2 (abfd, reloc_count + reloc_count2,
+ sizeof (arelent));
if (relents == NULL)
return FALSE;
return NULL;
}
- x_phdrs = (Elf_External_Phdr *)
- bfd_malloc (i_ehdr.e_phnum * (sizeof *x_phdrs + sizeof *i_phdrs));
+ x_phdrs
+ = (Elf_External_Phdr *) bfd_malloc2 (i_ehdr.e_phnum,
+ sizeof (*x_phdrs) + sizeof (*i_phdrs));
if (x_phdrs == NULL)
return NULL;
err = target_read_memory (ehdr_vma + i_ehdr.e_phoff, (bfd_byte *) x_phdrs,
MA 02110-1301, USA. */
#include "sysdep.h"
+#include <limits.h>
#include "bfd.h"
#include "libbfd.h"
#include "libiberty.h"
return TRUE;
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wtype-limits"
+#endif
long
bfd_mach_o_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED,
asection *asect)
{
- return (asect->reloc_count + 1) * sizeof (arelent *);
+ if (asect->reloc_count >= LONG_MAX / sizeof (arelent *))
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ return -1;
+ }
+ return (asect->reloc_count + 1) * sizeof (arelent *);
}
+#if GCC_VERSION >= 4003
+# pragma GCC diagnostic pop
+#endif
/* In addition to the need to byte-swap the symbol number, the bit positions
of the fields in the relocation information vary per target endian-ness. */
&& N_MAGIC(x) != ZMAGIC)
#include "sysdep.h"
+#include <limits.h>
#include "bfd.h"
#define external_exec pdp11_external_exec
long
NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect)
{
+ bfd_size_type count;
+
if (bfd_get_format (abfd) != bfd_object)
{
bfd_set_error (bfd_error_invalid_operation);
}
if (asect->flags & SEC_CONSTRUCTOR)
- return (sizeof (arelent *) * (asect->reloc_count + 1));
-
- if (asect == obj_datasec (abfd))
- return (sizeof (arelent *)
- * ((exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd))
- + 1));
-
- if (asect == obj_textsec (abfd))
- return (sizeof (arelent *)
- * ((exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd))
- + 1));
-
- /* TODO: why are there two if statements for obj_bsssec()? */
-
- if (asect == obj_bsssec (abfd))
- return sizeof (arelent *);
-
- if (asect == obj_bsssec (abfd))
- return 0;
+ count = asect->reloc_count;
+ else if (asect == obj_datasec (abfd))
+ count = exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd);
+ else if (asect == obj_textsec (abfd))
+ count = exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd);
+ else if (asect == obj_bsssec (abfd))
+ count = 0;
+ else
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return -1;
+ }
- bfd_set_error (bfd_error_invalid_operation);
- return -1;
+ if (count >= LONG_MAX / sizeof (arelent *))
+ {
+ bfd_set_error (bfd_error_file_too_big);
+ return -1;
+ }
+ return (count + 1) * sizeof (arelent *);
}
\f
+2019-03-12 Alan Modra <amodra@gmail.com>
+
+ * objdump.c (load_specific_debug_section): Don't compare section
+ size against file size.
+ (dump_relocs_in_section): Don't compare reloc size against file size.
+ Print "failed to read relocs" on bfd_get_reloc_upper_bound error.
+
2019-03-05 Nick Clifton <nickc@redhat.com>
PR 24295
section->user_data = sec;
section->size = bfd_get_section_size (sec);
amt = section->size + 1;
- if (amt == 0 || amt > bfd_get_file_size (abfd))
+ if (amt == 0)
{
section->start = NULL;
free_debug_section (debug);
|| ((section->flags & SEC_RELOC) == 0))
return;
- relsize = bfd_get_reloc_upper_bound (abfd, section);
- if (relsize < 0)
- bfd_fatal (bfd_get_filename (abfd));
-
printf ("RELOCATION RECORDS FOR [%s]:", sanitize_string (section->name));
+ relsize = bfd_get_reloc_upper_bound (abfd, section);
if (relsize == 0)
{
printf (" (none)\n\n");
return;
}
- if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
- && (/* Check that the size of the relocs is reasonable. Note that some
- file formats, eg aout, can have relocs whose internal size is
- larger than their external size, thus we check the size divided
- by four against the file size. See PR 23931 for an example of
- this. */
- ((ufile_ptr) (relsize / 4) > bfd_get_file_size (abfd))
- /* Also check the section's reloc count since if this is negative
- (or very large) the computation in bfd_get_reloc_upper_bound
- may have resulted in returning a small, positive integer.
- See PR 22508 for a reproducer.
-
- Note - we check against file size rather than section size as
- it is possible for there to be more relocs that apply to a
- section than there are bytes in that section. */
- || (section->reloc_count > bfd_get_file_size (abfd))))
+ if (relsize < 0)
+ relcount = relsize;
+ else
{
- printf (" (too many: %#x relocs)\n", section->reloc_count);
- bfd_set_error (bfd_error_file_truncated);
- bfd_fatal (bfd_get_filename (abfd));
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
}
- relpp = (arelent **) xmalloc (relsize);
- relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
-
if (relcount < 0)
{
printf ("\n");
- non_fatal (_("failed to read relocs in: %s"), sanitize_string (bfd_get_filename (abfd)));
+ non_fatal (_("failed to read relocs in: %s"),
+ sanitize_string (bfd_get_filename (abfd)));
bfd_fatal (_("error message was"));
}
else if (relcount == 0)
projects / binutils-gdb.git / commitdiff