Sections without SEC_HAS_CONTENTS avoid the file size checks, and of
course it doesn't make sense to read such as the contents are all
zero.
* som.c (som_set_reloc_info): Don't read sections without contents.
Code in som_write_symbol_strings neglected to allow for padding, which
can result in a buffer overflow. It also used xrealloc, which we're
not supposed to use in libbfd because libbfd isn't supposed to call
exit. Also a realloc is perhaps not a good idea when none of the
buffer contents are needed, so replace with free, bfd_malloc. There
were three copies of the string handling code, so rather than fix them
all I've extracted them to a function. This necessitated making one
of the fields in struct som_symbol unsigned.
* som.c (add_string): New function.
(som_write_space_strings, som_write_symbol_strings): Use it.
* som.h (som_symbol_type <stringtab_offset>): Make unsigned.
These were renamed from bfd_read and bfd_write back in 2001 when they
lost an unnecessary parameter. Rename them back, and get rid of a few
casts that are only needed without prototyped functions (K&R C).
doc/bfdint.texi and comments in the aout and som code about this
function are just wrong, and its name is not very apt. Better would
be _bfd_mostly_destroy, and we certainly should not be saying anything
about the possibility of later recreating anything lost by this
function. What's more, if _bfd_free_cached_info is called when
creating an archive map to reduce memory usage by throwing away
symbols, the target _close_and_cleanup function won't have access to
tdata or section bfd_user_data to tidy memory. This means most of the
target _close_and_cleanup function won't do anything, and therefore
sometimes will result in memory leaks.
This patch fixes the documentation problems and moves most of the
target _close_and_cleanup code to target _bfd_free_cached_info.
Another notable change is that bfd_generic_bfd_free_cached_info is now
defined as _bfd_free_cached_info rather than _bfd_bool_bfd_true,
ie. the default now frees objalloc memory.
bfd_free_cached_info is used in just one place in archive.c, which
means most times we reach bfd_close the function isn't called. On the
other hand, if bfd_free_cached_info is called we can't do much on the
bfd since it loses all its obj_alloc memory. This restricts what can
be done in a target _close_and_cleanup. In particular you can't look
at sections, which leads to duplication of code in target
close_and_cleanup and free_cached_info, eg. elfnn-aarch64.c.
* opncls.c (_bfd_delete_bfd): Call bfd_free_cached_info.
* elfnn-aarch64.c (elfNN_aarch64_close_and_cleanup): Delete.
(bfd_elfNN_close_and_cleanup): Don't define.
* som.c (som_bfd_free_cached_info): Don't call
_bfd_generic_close_and_cleanup here.
(som_close_and_cleanup): Define as _bfd_generic_close_and_cleanup.
The newer update-copyright.py fixes file encoding too, removing cr/lf
on binutils/bfdtest2.c and ld/testsuite/ld-cygwin/exe-export.exp, and
embedded cr in binutils/testsuite/binutils-all/ar.exp string match.
This extends the commit 4581a1c7d3 fix to more targets, which
hardens BFD a little. I think the real underlying problem was the
bfd_canonicalize_reloc call in load_specific_debug_section which
passed a NULL for "symbols". Fix that too.
PR 22509
bfd/
* aoutx.h (swap_ext_reloc_out): Gracefully handle NULL symbols.
* i386lynx.c (swap_ext_reloc_out): Likewise.
* pdp11.c (pdp11_aout_swap_reloc_out): Likewise.
* coff-tic30.c (reloc_processing): Likewise.
* coff-tic4x.c (tic4x_reloc_processing): Likewise.
* coff-tic54x.c (tic54x_reloc_processing): Likewise.
* coff-z80.c (reloc_processing): Likewise.
* coff-z8k.c (reloc_processing): Likewise.
* ecoff.c (ecoff_slurp_reloc_table): Likewise.
* som.c (som_set_reloc_info): Likewise.
binutils/
* objdump.c (load_specific_debug_section): Pass syms to
bfd_canonicalize_reloc.
objcopy copy_object may omit the call to bfd_copy_private_bfd_data for
various conditions deemed non-fatal, in which case obj_som_exec_data
will be NULL for the output file.
* som.c (som_finish_writing): Don't dereference NULL
obj_som_exec_data.
This patch checks that relocations emitted in som_write_fixups have
offsets that are monotonic and within a section. To do that properly
using bfd_reloc_offset_in_range it is necessary to set the reloc howto
size field, which isn't used otherwise by the som backend. Note that
the sizes used are not exactly those in the old sizing switch
statement deleted from som_write_fixups, but all relocs handled by the
main switch statement there get the same size. Most unhandled relocs
get a zero size (exceptions being R_RELOCATION, R_SPACE_REF,
R_MILLI_REL, R_BREAKPOINT which all involve writing one word according
to my SOM reference). I figure it doesn't matter since any unhandled
reloc is converted to 0xff R_RESERVED, and a default of zero is better
for a "don't know" reloc.
Besides tidying the code, stringizing name from type in SOM_HOWTO
fixes R_REPEATED_INIT name.
* som.c (SOM_HOWTO): Add SIZE arg, delete NAME. Stringize type
to name.
(som_hppa_howto_table): Update with sizes.
(som_write_fixups): Delete sizing switch statement. Sanity check
bfd_reloc address against subsection size.
Fuzzed object files can put random values in bfd_reloc->address,
leading to large som_reloc_skip output.
* som.c (som_write_fixups): Allow for maximal som_reloc_skip.
Also a bugfix. The first time the section was read, the contents
didn't supply an addend.
* som.c (som_set_reloc_info): Sanity check offset. Do process
contents after reading. Tidy section->contents after freeing.
These two macros print either a 16 digit hex number or an 8 digit
hex number. Unfortunately they depend on both target and host, which
means that the output for 32-bit targets may be either 8 or 16 hex
digits.
Replace them in most cases with code that prints a bfd_vma using
PRIx64. In some cases, deliberately lose the leading zeros.
This change some output, notably in base/offset fields of m68k
disassembly which I think looks better that way, and in error
messages. I've kept leading zeros in symbol dumps (objdump -t)
and in PE header dumps.
bfd/
* bfd-in.h (fprintf_vma, sprintf_vma, printf_vma): Delete.
* bfd-in2.h: Regenerate.
* bfd.c (bfd_sprintf_vma): Don't use sprintf_vma.
(bfd_fprintf_vma): Don't use fprintf_vma.
* coff-rs6000.c (xcoff_reloc_type_tls): Don't use sprintf_vma.
Instead use PRIx64 to print bfd_vma values.
(xcoff_ppc_relocate_section): Likewise.
* cofflink.c (_bfd_coff_write_global_sym): Likewise.
* mmo.c (mmo_write_symbols_and_terminator): Likewise.
* srec.c (srec_write_symbols): Likewise.
* elf32-xtensa.c (print_r_reloc): Similarly for fprintf_vma.
* pei-x86_64.c (pex64_dump_xdata): Likewise.
(pex64_bfd_print_pdata_section): Likewise.
* som.c (som_print_symbol): Likewise.
* ecoff.c (_bfd_ecoff_print_symbol): Use bfd_fprintf_vma.
opcodes/
* dis-buf.c (perror_memory, generic_print_address): Don't use
sprintf_vma. Instead use PRIx64 to print bfd_vma values.
* i386-dis.c (print_operand_value, print_displacement): Likewise.
* m68k-dis.c (print_base, print_indexed): Likewise.
* ns32k-dis.c (print_insn_arg): Likewise.
* ia64-gen.c (_opcode_int64_low, _opcode_int64_high): Delete.
(opcode_fprintf_vma): Delete.
(print_main_table): Use PRIx64 to print opcode.
binutils/
* od-macho.c: Replace all uses of printf_vma with bfd_printf_vma.
* objcopy.c (copy_object): Don't use sprintf_vma. Instead use
PRIx64 to print bfd_vma values.
(copy_main): Likewise.
* readelf.c (CHECK_ENTSIZE_VALUES): Likewise.
(dynamic_section_mips_val): Likewise.
(print_vma): Don't use printf_vma. Instead use PRIx64 to print
bfd_vma values.
(dump_ia64_vms_dynamic_fixups): Likewise.
(process_version_sections): Likewise.
* rddbg.c (stab_context): Likewise.
gas/
* config/tc-i386.c (offset_in_range): Don't use sprintf_vma.
Instead use PRIx64 to print bfd_vma values.
(md_assemble): Likewise.
* config/tc-mips.c (load_register, macro): Likewise.
* messages.c (as_internal_value_out_of_range): Likewise.
* read.c (emit_expr_with_reloc): Likewise.
* config/tc-ia64.c (note_register_values): Don't use fprintf_vma.
Instead use PRIx64 to print bfd_vma values.
(print_dependency): Likewise.
* listing.c (list_symbol_table): Use bfd_sprintf_vma.
* symbols.c (print_symbol_value_1): Use %p to print pointers.
(print_binary): Likewise.
(print_expr_1): Use PRIx64 to print bfd_vma values.
* write.c (print_fixup): Use %p to print pointers. Don't use
fprintf_vma.
* testsuite/gas/all/overflow.l: Update expected output.
* testsuite/gas/m68k/mcf-mov3q.d: Likewise.
* testsuite/gas/m68k/operands.d: Likewise.
* testsuite/gas/s12z/truncated.d: Likewise.
ld/
* deffilep.y (def_file_print): Don't use fprintf_vma. Instead
use PRIx64 to print bfd_vma values.
* emultempl/armelf.em (gld${EMULATION_NAME}_finish): Don't use
sprintf_vma. Instead use PRIx64 to print bfd_vma values.
* emultempl/pe.em (gld${EMULATION_NAME}_finish): Likewise.
* ldlang.c (lang_map): Use %V to print region origin.
(lang_one_common): Don't use sprintf_vma.
* ldmisc.c (vfinfo): Don't use fprintf_vma or sprintf_vma.
* pe-dll.c (pe_dll_generate_def_file): Likewise.
gdb/
* remote.c (remote_target::trace_set_readonly_regions): Replace
uses of sprintf_vma with bfd_sprintf_vma.
The "HOWTO size encoding" patch put 1 as the HOWTO size arg for
numerous howtos that are unused, describe dynamic relocs, are markers,
or otherwise are special purpose reloc howtos that don't care about
the size. The idea was to ensure no howto changed by inspecting
object files. Revert those changes, making them zero size.
* coff-alpha.c: Give special purpose reloc howtos a size of zero.
* coff-mcore.c, * elf-hppa.h, * elf-m10300.c, * elf32-arm.c,
* elf32-csky.c, * elf32-m32c.c, * elf32-m68k.c, * elf32-mep.c,
* elf32-mips.c, * elf32-ppc.c, * elf32-rx.c, * elf32-s390.c,
* elf32-spu.c, * elf32-tic6x.c, * elf32-tilepro.c, *elf32-vax.c,
* elf32-xtensa.c, * elf64-alpha.c, * elf64-mips.c,
* elf64-mmix.c, * elf64-ppc.c, * elf64-s390.c, * elfn32-mips.c,
* elfxx-loongarch.c, * elfxx-riscv.c, * elfxx-sparc.c,
* elfxx-tilegx.c, * som.c, * vms-alpha.c: Likewise.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
PR 27793
* som.c (som_slurp_symbol_table): Assign symbols without any scope
to the undefined section.
(som_decode_symclass): Check for a missing symbol section.
* syms.c (bfd_decode_symclass): Likewise.
PR 27792
* som.c (som_slurp_string_table): Place a terminating NUL byte at
the end of the table.
(som_slurp_symbol_table): Check for an over-large offset into the
string string table.
Certain library headers and functions are required by C99. This
removes configure tests for them. The patch also removes AC_ISC_POSIX
and AC_HEADER_DIRENT, which the autoconf manual states are obsolescent.
sys/time.h is no longer tangled up with time.h so it can be handled by
the gprof configure.
* configure.ac: Don't check for long long or long double type.
Don't check for alloca.h, limits.h, stddef.h, stdlib.h, string.h,
strings.h, time.h, wchar.h, wctype.h or sys/time.h. Don't check
for strtoull, free, malloc, realloc, getenv, strstr, snprintf,
vsnprintf, strlen or setitimer. Sort AC_CHECK_DECLS.
(AC_ISC_POSIX): Don't invoke.
(AC_HEADER_TIME, AC_HEADER_DIRENT, ACX_HEADER_STRING): Likewise.
* sysdep.h: Remove many HAVE_*_H checks and fallback declarations.
Do test HAVE_SYS_TYPES_H. Don't include sys/time.h. Reorder
header order as per automake AC_INCLUDES_DEFAULT.
* bfd-in.h: Include inttypes.h unconditionally.
* bfd.c (_bfd_doprnt, _bfd_doprnt_scan): Assume long long and
long double are available.
(bfd_scan_vma): Assume long long and strtoull are available.
* elflink.c: Include limits.h unconditionally.
* elfnn-riscv.c: Likewise.
* wasm-module.c: Likewise.
* hpux-core.c: Include dirent.h unconditionally.
* trad-core.c: Likewise.
* hosts/x86-64linux.h: Include stdlib.h unconditionally.
* peXXigen.c: Remove HAVE_WCHAR_H and HAVE_WCTYPE_H checks.
* elf32-m68hc1x.c: Don't include alloca-conf.h.
* elf64-hppa.c: Likewise.
* som.c: Likewise.
* wasm-module.c: Likewise.
* xsym.c: Likewise.
* bfd-in2.h: Regenerate.
* config.in: Regenerate.
* configure: Regenerate.
PR 26356
* som.c (som_bfd_copy_private_section_data): Issue error when a
subspace is specified without its containing space.
* testsuite/binutils-all/objcopy.exp (objcopy --reverse-bytes): Add
"-j $PRIVATE$" to command on hppa*-*-hpux*.
* testsuite/lib/utils-lib.exp (default_binutils_run): Remove existing
dollar-sign quotes before quoting. Do this prior to generating log
output.
The object_p (and archive_p, core_file_p) functions are not supposed
to have any target specific malloc'd memory attached to the bfd on
their return. This should be obvious on a failure return, but it's
also true for a successful return. The reason is that even though the
object_p recognises the file, that particular target may not be used
and thus the bfd won't be closed calling close_and_cleanup for the
target that allocated the memory.
It turns out that the object_p bfd_target* return value isn't needed.
In all cases except ld/plugin.c the target is abfd->xvec and with
ld/plugin.c the target isn't used. So this patch returns a cleanup
function from object_p instead, called in bfd_check_format_matches to
tidy the bfd before trying a different target match. The only cleanup
that does anything at this stage is the alpha-vms one.
bfd/
* targets.c (bfd_cleanup): New typedef.
(struct bfd <_bfd_check_format>): Return a bfd_cleanup.
* libbfd-in.h (_bfd_no_cleanup): Define.
* format.c (bfd_reinit): Add cleanup parameter, call it.
(bfd_check_format_matches): Set cleanup from _bfd_check_format
call and pass to bfd_reinit. Delete temp, use abfd->xvec instead.
* aout-target.h (callback, object_p): Return bfd_cleanup.
* aout-tic30.c (tic30_aout_callback, tic30_aout_object_p): Likewise.
* archive.c (bfd_generic_archive_p): Likewise.
* binary.c (binary_object_p): Likewise.
* coff-alpha.c (alpha_ecoff_object_p): Likewise.
* coff-ia64.c (ia64coff_object_p): Likewise.
* coff-rs6000.c (_bfd_xcoff_archive_p, rs6000coff_core_p): Likewise.
* coff-sh.c (coff_small_object_p): Likewise.
* coff-stgo32.c (go32_check_format): Likewise.
* coff64-rs6000.c (xcoff64_archive_p, rs6000coff_core_p),
(xcoff64_core_p): Likewise.
* coffgen.c (coff_real_object_p, coff_object_p): Likewise.
* elf-bfd.h (bfd_elf32_object_p, bfd_elf32_core_file_p),
(bfd_elf64_object_p, bfd_elf64_core_file_p): Likewise.
* elfcode.h (elf_object_p): Likewise.
* elfcore.h (elf_core_file_p): Likewise.
* i386msdos.c (msdos_object_p): Likewise.
* ihex.c (ihex_object_p): Likewise.
* libaout.h (some_aout_object_p): Likewise.
* libbfd-in.h (bfd_generic_archive_p, _bfd_dummy_target),
(_bfd_vms_lib_alpha_archive_p, _bfd_vms_lib_ia64_archive_p): Likewise.
* libbfd.c (_bfd_dummy_target): Likewise.
* libcoff-in.h (coff_object_p): Likewise.
* mach-o-aarch64.c (bfd_mach_o_arm64_object_p),
(bfd_mach_o_arm64_core_p): Likewise.
* mach-o-arm.c (bfd_mach_o_arm_object_p),
(bfd_mach_o_arm_core_p): Likewise.
* mach-o-i386.c (bfd_mach_o_i386_object_p),
(bfd_mach_o_i386_core_p): Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_object_p),
(bfd_mach_o_x86_64_core_p): Likewise.
* mach-o.c (bfd_mach_o_header_p, bfd_mach_o_gen_object_p),
(bfd_mach_o_gen_core_p, bfd_mach_o_fat_archive_p): Likewise.
* mach-o.h (bfd_mach_o_object_p, bfd_mach_o_core_p),
(bfd_mach_o_fat_archive_p, bfd_mach_o_header_p): Likewise.
* mmo.c (mmo_object_p): Likewise.
* pef.c (bfd_pef_object_p, bfd_pef_xlib_object_p): Likewise.
* peicode.h (coff_real_object_p, pe_ILF_object_p),
(pe_bfd_object_p): Likewise.
* plugin.c (ld_plugin_object_p, bfd_plugin_object_p): Likewise.
* ppcboot.c (ppcboot_object_p): Likewise.
* rs6000-core.c (rs6000coff_core_p): Likewise.
* som.c (som_object_setup, som_object_p): Likewise.
* srec.c (srec_object_p, symbolsrec_object_p): Likewise.
* tekhex.c (tekhex_object_p): Likewise.
* vms-alpha.c (alpha_vms_object_p): Likewise.
* vms-lib.c (_bfd_vms_lib_archive_p, _bfd_vms_lib_alpha_archive_p),
(_bfd_vms_lib_ia64_archive_p, _bfd_vms_lib_txt_archive_p): Likewise.
* wasm-module.c (wasm_object_p): Likewise.
* xsym.c (bfd_sym_object_p): Likewise.
* xsym.h (bfd_sym_object_p): Likewise.
* aoutx.h (some_aout_object_p): Likewise, and callback parameter
return type.
* pdp11.c (some_aout_object_p): Likewise.
* plugin.c (register_ld_plugin_object_p): Update object_p
parameter type.
* plugin.h (register_ld_plugin_object_p): Likewise.
* bfd-in2.h: Regenerate.
* libbfd.h: Regenerate.
* libcoff.h: Regenerate.
ld/
* plugin.c (plugin_object_p): Return a bfd_cleanup.
(plugin_cleanup): New function.
Some minor tidies. Allocating memory for internal relocs and symbols
after reading external relocs is slightly better with fuzzed files.
You can at least do something about silly sizes that way.
* aoutx.h (slurp_reloc_table): Allocate reloc_cache after
reading external relocs.
* ecoff.c (ecoff_slurp_reloc_table): Likewise.
* archive.c (_bfd_write_archive_contents): Don't twiddle bfd_error
after bfd_bread.
* archive64.c (_bfd_archive_64_bit_slurp_armap): Remove unnecessary
bfd_release.
* elf32-m32c.c (m32c_offset_for_reloc): Make shndx_buf a bfd_byte*.
(m32c_elf_relax_section): Likewise.
* elf32-rl78.c (rl78_offset_for_reloc): Likewise.
(rl78_elf_relax_section): Likewise.
* elf32-rx.c (rx_offset_for_reloc): Likewise.
(elf32_rx_relax_section): Likewise.
* mach-o.c (bfd_mach_o_alloc_and_read): Move earlier with better
parameter types and use..
(bfd_mach_o_read_dylinker, bfd_mach_o_read_dylib),
(bfd_mach_o_read_fvmlib, bfd_mach_o_read_str): ..in these functions.
* peicode.h (pe_bfd_object_p): Don't zero the part of opthdr
being read from file, just the extra.
* som.c (som_slurp_symbol_table): Allocate internal symbol buffer
after reading external syms. Free on failure.
This fixes a number of places that call a memory allocation function
without checking for a NULL return before using.
* mach-o.c (bfd_mach_o_flatten_sections): Return a bfd_boolean,
FALSE if memory alloc fails. Adjust calls.
* som.c (som_prep_for_fixups): Likewise.
* vms-alpha.c (alpha_vms_add_fixup_lp, alpha_vms_add_fixup_ca),
(alpha_vms_add_fixup_qr, alpha_vms_add_fixup_lr),
(alpha_vms_add_lw_reloc, alpha_vms_add_qw_reloc): Likewise.
* som.c (som_build_and_write_symbol_table): Return via error_return
on seek failure.
* vms-alpha.c (VEC_APPEND): Adjust for vector_grow1 changes.
(VEC_APPEND_EL): Delete.
(vector_grow1): Return pointer to element. Catch overflow.
Return NULL on memory allocation failure.
(alpha_vms_add_fixup_lp): Replace VEC_APPEND_EL with VEC_APPEND.
(alpha_vms_add_fixup_ca): Likewise.
(alpha_vms_link_add_object_symbols): Check VEC_APPEND result
before using.
* elf.c (bfd_section_from_shdr): Check bfd_zalloc2 result.
Triggered by overflow of size calulation resulting in a too small
buffer. The testcase found one of the som_bfd_count_ar_symbols
problems.
* som.c (setup_sections): Don't overflow space_strings_size. Use
bfd_malloc2 to catch overflow of size calculation.
(som_prep_for_fixups): Use bfd_zalloc2 to catch overflow of size
calculation.
(som_build_and_write_symbol_table): Similarly use bfd_zmalloc2.
(som_slurp_symbol_table): Similarly use bfd_zmalloc2, bfd_malloc2,
and bfd_zalloc2.
(bfd_som_attach_aux_hdr): Use size_t vars for string length.
(som_bfd_count_ar_symbols): Use bfd_malloc2 to catch overflow of
size calculation. Use size_t vars for length and catch overflow.
(som_slurp_armap): Use bfd_alloc2 to catch overflow of size
calculation.
(som_bfd_ar_write_symbol_stuff): Similarly use bfd_zmalloc2 and
bfd_malloc2. Perform size calculations in bfd_size_type.
The archive element cache needs tidying when closing an archive element.
This patch fixes these failures:
-FAIL: ar long file names (bfdtest1)
-FAIL: ar thin archive (bfdtest1)
-FAIL: ar thin archive with nested archive (bfdtest1)
* som.c (som_bfd_free_cached_info): Call
_bfd_generic_close_and_cleanup.
