Change-Id: If22ef63e52cdf5948d529c703dffdd7dda8fdf6d
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3958
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,20 +0,0 @@ |
1 |
-X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff_plain;f=bfd%2Farchive.c;h=885bf489c024a7a24444bb82740987dd20aff184;hp=f209babe149f3f5b302da64f593e039c9c79ea8c;hb=909e4e716c4d77e33357bbe9bc902bfaf2e1af24;hpb=62a5222fdab2acdc129b7c7d3713e7f349e26029 |
|
2 |
- |
|
3 |
-diff --git a/bfd/archive.c b/bfd/archive.c |
|
4 |
-index f209bab..885bf48 100644 |
|
5 |
-+++ b/bfd/archive.c |
|
6 |
-@@ -834,7 +834,12 @@ bfd_generic_archive_p (bfd *abfd) |
|
7 |
- if (strncmp (armag, ARMAG, SARMAG) != 0 |
|
8 |
- && strncmp (armag, ARMAGB, SARMAG) != 0 |
|
9 |
- && ! bfd_is_thin_archive (abfd)) |
|
10 |
-- return NULL; |
|
11 |
-+ { |
|
12 |
-+ bfd_set_error (bfd_error_wrong_format); |
|
13 |
-+ if (abfd->format == bfd_archive) |
|
14 |
-+ abfd->format = bfd_unknown; |
|
15 |
-+ return NULL; |
|
16 |
-+ } |
|
17 |
- |
|
18 |
- tdata_hold = bfd_ardata (abfd); |
|
19 |
- |
20 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,233 +0,0 @@ |
1 |
-From 8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Thu, 27 Jul 2017 12:04:50 +0100 |
|
4 |
-Subject: [PATCH 1/1] Fix address violation issues encountered when parsing |
|
5 |
- corrupt binaries. |
|
6 |
- |
|
7 |
- PR 21840 |
|
8 |
- * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab |
|
9 |
- size is -1. |
|
10 |
- * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion |
|
11 |
- with error return. |
|
12 |
- * section.c (bfd_make_section_with_flags): Fail if the name or bfd |
|
13 |
- are NULL. |
|
14 |
- * vms-alpha.c (bfd_make_section_with_flags): Correct computation |
|
15 |
- of end pointer. |
|
16 |
- (evax_bfd_print_emh): Check for invalid string lengths. |
|
17 |
- bfd/mach-o.c | 3 ++ |
|
18 |
- bfd/nlmcode.h | 4 ++- |
|
19 |
- bfd/section.c | 2 +- |
|
20 |
- bfd/vms-alpha.c | 91 ++++++++++++++++++++++++++++++++++++--------------------- |
|
21 |
- bfd/vms-misc.c | 8 ++--- |
|
22 |
- 6 files changed, 82 insertions(+), 39 deletions(-) |
|
23 |
- |
|
24 |
-diff --git a/bfd/mach-o.c b/bfd/mach-o.c |
|
25 |
-index 1807391..9fe6326 100644 |
|
26 |
-+++ b/bfd/mach-o.c |
|
27 |
-@@ -3749,6 +3749,9 @@ bfd_mach_o_read_symtab_strtab (bfd *abfd) |
|
28 |
- } |
|
29 |
- else |
|
30 |
- { |
|
31 |
-+ /* See PR 21840 for a reproducer. */ |
|
32 |
-+ if ((sym->strsize + 1) == 0) |
|
33 |
-+ return FALSE; |
|
34 |
- sym->strtab = bfd_alloc (abfd, sym->strsize + 1); |
|
35 |
- if (sym->strtab == NULL) |
|
36 |
- return FALSE; |
|
37 |
-diff --git a/bfd/nlmcode.h b/bfd/nlmcode.h |
|
38 |
-index 6d6aed0..350c83e 100644 |
|
39 |
-+++ b/bfd/nlmcode.h |
|
40 |
-@@ -351,7 +351,9 @@ nlm_swap_auxiliary_headers_in (bfd *abfd) |
|
41 |
- bfd_byte *contents; |
|
42 |
- bfd_byte *p, *pend; |
|
43 |
- |
|
44 |
-- BFD_ASSERT (hdrLength == 0 && hdr == NULL); |
|
45 |
-+ /* See PR 21840 for a reproducer. */ |
|
46 |
-+ if (hdrLength != 0 || hdr != NULL) |
|
47 |
-+ return FALSE; |
|
48 |
- |
|
49 |
- pos = bfd_tell (abfd); |
|
50 |
- if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0) |
|
51 |
-diff --git a/bfd/section.c b/bfd/section.c |
|
52 |
-index 28eee7f..811d42a 100644 |
|
53 |
-+++ b/bfd/section.c |
|
54 |
-@@ -1240,7 +1240,7 @@ bfd_make_section_with_flags (bfd *abfd, const char *name, |
|
55 |
- struct section_hash_entry *sh; |
|
56 |
- asection *newsect; |
|
57 |
- |
|
58 |
-- if (abfd->output_has_begun) |
|
59 |
-+ if (abfd == NULL || name == NULL || abfd->output_has_begun) |
|
60 |
- { |
|
61 |
- bfd_set_error (bfd_error_invalid_operation); |
|
62 |
- return NULL; |
|
63 |
-diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c |
|
64 |
-index 610b034..5595b61 100644 |
|
65 |
-+++ b/bfd/vms-alpha.c |
|
66 |
-@@ -903,7 +903,7 @@ _bfd_vms_slurp_ehdr (bfd *abfd) |
|
67 |
- |
|
68 |
- vms_rec = PRIV (recrd.rec); |
|
69 |
- /* PR 17512: file: 62736583. */ |
|
70 |
-- end = vms_rec + PRIV (recrd.buf_size); |
|
71 |
-+ end = PRIV (recrd.buf) + PRIV (recrd.buf_size); |
|
72 |
- |
|
73 |
- vms_debug2 ((2, "HDR/EMH\n")); |
|
74 |
- |
|
75 |
-@@ -5737,8 +5737,9 @@ evax_bfd_print_emh (FILE *file, unsigned char *rec, unsigned int rec_len) |
|
76 |
- { |
|
77 |
- struct vms_emh_common *emh = (struct vms_emh_common *)rec; |
|
78 |
- unsigned int subtype; |
|
79 |
-+ int extra; |
|
80 |
- |
|
81 |
-- subtype = (unsigned)bfd_getl16 (emh->subtyp); |
|
82 |
-+ subtype = (unsigned) bfd_getl16 (emh->subtyp); |
|
83 |
- |
|
84 |
- /* xgettext:c-format */ |
|
85 |
- fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len); |
|
86 |
-@@ -5749,58 +5750,82 @@ evax_bfd_print_emh (FILE *file, unsigned char *rec, unsigned int rec_len) |
|
87 |
- fprintf (file, _(" Error: The length is less than the length of an EMH record\n")); |
|
88 |
- return; |
|
89 |
- } |
|
90 |
-- |
|
91 |
-+ extra = rec_len - sizeof (struct vms_emh_common); |
|
92 |
-+ |
|
93 |
- switch (subtype) |
|
94 |
- { |
|
95 |
- case EMH__C_MHD: |
|
96 |
- { |
|
97 |
-- struct vms_emh_mhd *mhd = (struct vms_emh_mhd *)rec; |
|
98 |
-- const char *name; |
|
99 |
-+ struct vms_emh_mhd *mhd = (struct vms_emh_mhd *) rec; |
|
100 |
-+ const char * name; |
|
101 |
-+ const char * nextname; |
|
102 |
-+ const char * maxname; |
|
103 |
- |
|
104 |
-+ /* PR 21840: Check for invalid lengths. */ |
|
105 |
-+ if (rec_len < sizeof (* mhd)) |
|
106 |
-+ { |
|
107 |
-+ fprintf (file, _(" Error: The record length is less than the size of an EMH_MHD record\n")); |
|
108 |
-+ return; |
|
109 |
-+ } |
|
110 |
- fprintf (file, _("Module header\n")); |
|
111 |
- fprintf (file, _(" structure level: %u\n"), mhd->strlvl); |
|
112 |
- fprintf (file, _(" max record size: %u\n"), |
|
113 |
-- (unsigned)bfd_getl32 (mhd->recsiz)); |
|
114 |
-+ (unsigned) bfd_getl32 (mhd->recsiz)); |
|
115 |
- name = (char *)(mhd + 1); |
|
116 |
-+ maxname = (char *) rec + rec_len; |
|
117 |
-+ if (name > maxname - 2) |
|
118 |
-+ { |
|
119 |
-+ fprintf (file, _(" Error: The module name is missing\n")); |
|
120 |
-+ return; |
|
121 |
-+ } |
|
122 |
-+ nextname = name + name[0] + 1; |
|
123 |
-+ if (nextname >= maxname) |
|
124 |
-+ { |
|
125 |
-+ fprintf (file, _(" Error: The module name is too long\n")); |
|
126 |
-+ return; |
|
127 |
-+ } |
|
128 |
- fprintf (file, _(" module name : %.*s\n"), name[0], name + 1); |
|
129 |
-- name += name[0] + 1; |
|
130 |
-+ name = nextname; |
|
131 |
-+ if (name > maxname - 2) |
|
132 |
-+ { |
|
133 |
-+ fprintf (file, _(" Error: The module version is missing\n")); |
|
134 |
-+ return; |
|
135 |
-+ } |
|
136 |
-+ nextname = name + name[0] + 1; |
|
137 |
-+ if (nextname >= maxname) |
|
138 |
-+ { |
|
139 |
-+ fprintf (file, _(" Error: The module version is too long\n")); |
|
140 |
-+ return; |
|
141 |
-+ } |
|
142 |
- fprintf (file, _(" module version : %.*s\n"), name[0], name + 1); |
|
143 |
-- name += name[0] + 1; |
|
144 |
-- fprintf (file, _(" compile date : %.17s\n"), name); |
|
145 |
-+ name = nextname; |
|
146 |
-+ if ((maxname - name) < 17 && maxname[-1] != 0) |
|
147 |
-+ fprintf (file, _(" Error: The compile date is truncated\n")); |
|
148 |
-+ else |
|
149 |
-+ fprintf (file, _(" compile date : %.17s\n"), name); |
|
150 |
- } |
|
151 |
- break; |
|
152 |
-+ |
|
153 |
- case EMH__C_LNM: |
|
154 |
-- { |
|
155 |
-- fprintf (file, _("Language Processor Name\n")); |
|
156 |
-- fprintf (file, _(" language name: %.*s\n"), |
|
157 |
-- (int)(rec_len - sizeof (struct vms_emh_common)), |
|
158 |
-- (char *)rec + sizeof (struct vms_emh_common)); |
|
159 |
-- } |
|
160 |
-+ fprintf (file, _("Language Processor Name\n")); |
|
161 |
-+ fprintf (file, _(" language name: %.*s\n"), extra, (char *)(emh + 1)); |
|
162 |
- break; |
|
163 |
-+ |
|
164 |
- case EMH__C_SRC: |
|
165 |
-- { |
|
166 |
-- fprintf (file, _("Source Files Header\n")); |
|
167 |
-- fprintf (file, _(" file: %.*s\n"), |
|
168 |
-- (int)(rec_len - sizeof (struct vms_emh_common)), |
|
169 |
-- (char *)rec + sizeof (struct vms_emh_common)); |
|
170 |
-- } |
|
171 |
-+ fprintf (file, _("Source Files Header\n")); |
|
172 |
-+ fprintf (file, _(" file: %.*s\n"), extra, (char *)(emh + 1)); |
|
173 |
- break; |
|
174 |
-+ |
|
175 |
- case EMH__C_TTL: |
|
176 |
-- { |
|
177 |
-- fprintf (file, _("Title Text Header\n")); |
|
178 |
-- fprintf (file, _(" title: %.*s\n"), |
|
179 |
-- (int)(rec_len - sizeof (struct vms_emh_common)), |
|
180 |
-- (char *)rec + sizeof (struct vms_emh_common)); |
|
181 |
-- } |
|
182 |
-+ fprintf (file, _("Title Text Header\n")); |
|
183 |
-+ fprintf (file, _(" title: %.*s\n"), extra, (char *)(emh + 1)); |
|
184 |
- break; |
|
185 |
-+ |
|
186 |
- case EMH__C_CPR: |
|
187 |
-- { |
|
188 |
-- fprintf (file, _("Copyright Header\n")); |
|
189 |
-- fprintf (file, _(" copyright: %.*s\n"), |
|
190 |
-- (int)(rec_len - sizeof (struct vms_emh_common)), |
|
191 |
-- (char *)rec + sizeof (struct vms_emh_common)); |
|
192 |
-- } |
|
193 |
-+ fprintf (file, _("Copyright Header\n")); |
|
194 |
-+ fprintf (file, _(" copyright: %.*s\n"), extra, (char *)(emh + 1)); |
|
195 |
- break; |
|
196 |
-+ |
|
197 |
- default: |
|
198 |
- fprintf (file, _("unhandled emh subtype %u\n"), subtype); |
|
199 |
- break; |
|
200 |
-diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c |
|
201 |
-index 7497f02..91e2ec7 100644 |
|
202 |
-+++ b/bfd/vms-misc.c |
|
203 |
-@@ -135,8 +135,8 @@ _bfd_hexdump (int level, unsigned char *ptr, int size, int offset) |
|
204 |
- #endif |
|
205 |
- |
|
206 |
- |
|
207 |
--/* Copy sized string (string with fixed size) to new allocated area |
|
208 |
-- size is string size (size of record) */ |
|
209 |
-+/* Copy sized string (string with fixed size) to new allocated area. |
|
210 |
-+ Size is string size (size of record). */ |
|
211 |
- |
|
212 |
- char * |
|
213 |
- _bfd_vms_save_sized_string (unsigned char *str, unsigned int size) |
|
214 |
-@@ -151,8 +151,8 @@ _bfd_vms_save_sized_string (unsigned char *str, unsigned int size) |
|
215 |
- return newstr; |
|
216 |
- } |
|
217 |
- |
|
218 |
--/* Copy counted string (string with size at first byte) to new allocated area |
|
219 |
-- ptr points to size byte on entry */ |
|
220 |
-+/* Copy counted string (string with size at first byte) to new allocated area. |
|
221 |
-+ PTR points to size byte on entry. */ |
|
222 |
- |
|
223 |
- char * |
|
224 |
- _bfd_vms_save_counted_string (unsigned char *ptr, unsigned int maxlen) |
|
225 |
-2.9.3 |
|
226 |
- |
227 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,29 +0,0 @@ |
1 |
-From 8a2df5e2df374289e00ecd8f099eb46d76ef982e Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Mon, 24 Jul 2017 14:04:04 +0100 |
|
4 |
-Subject: [PATCH] Fix another memory access error triggered by attempting to |
|
5 |
- parse a corrupt binary. |
|
6 |
- |
|
7 |
- PR 21813 |
|
8 |
- (alpha_vms_object_p): Check for a truncated record. |
|
9 |
- bfd/vms-alpha.c | 3 +++ |
|
10 |
- 2 files changed, 5 insertions(+) |
|
11 |
- |
|
12 |
-diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c |
|
13 |
-index 5e9170d..610b034 100644 |
|
14 |
-+++ b/bfd/vms-alpha.c |
|
15 |
-@@ -2679,6 +2679,9 @@ alpha_vms_object_p (bfd *abfd) |
|
16 |
- PRIV (recrd.buf_size) = PRIV (recrd.rec_size); |
|
17 |
- } |
|
18 |
- |
|
19 |
-+ /* PR 21813: Check for a truncated record. */ |
|
20 |
-+ if (PRIV (recrd.rec_size < test_len)) |
|
21 |
-+ goto error_ret; |
|
22 |
- /* Read the remaining record. */ |
|
23 |
- remaining = PRIV (recrd.rec_size) - test_len; |
|
24 |
- to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining); |
|
25 |
-2.9.3 |
|
26 |
- |
27 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,289 +0,0 @@ |
1 |
-From 29866fa186ee3ebda5242221607dba360b2e541e Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Wed, 19 Jul 2017 11:07:43 +0100 |
|
4 |
-Subject: [PATCH] Fix address violation when attempting to read a corrupt field |
|
5 |
- in a COFF archive header structure. |
|
6 |
- |
|
7 |
- PR 21786 |
|
8 |
- * coff-rs6000.c (_bfd_strntol): New function. |
|
9 |
- (_bfd_strntoll): New function. |
|
10 |
- (GET_VALUE_IN_FIELD): New macro. |
|
11 |
- (EQ_VALUE_IN_FIELD): new macro. |
|
12 |
- (_bfd_xcoff_slurp_armap): Use new macros. |
|
13 |
- (_bfd_xcoff_archive_p): Likewise. |
|
14 |
- (_bfd_xcoff_read_ar_hdr): Likewise. |
|
15 |
- (_bfd_xcoff_openr_next_archived_file): Likewise. |
|
16 |
- (_bfd_xcoff_stat_arch_elt): Likewise. |
|
17 |
- bfd/coff-rs6000.c | 126 ++++++++++++++++++++++++++++++++---------------------- |
|
18 |
- 2 files changed, 89 insertions(+), 50 deletions(-) |
|
19 |
- |
|
20 |
-diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c |
|
21 |
-index 025c424..c72d0db 100644 |
|
22 |
-+++ b/bfd/coff-rs6000.c |
|
23 |
-@@ -203,7 +203,8 @@ bfd_boolean (*xcoff_complain_overflow[XCOFF_MAX_COMPLAIN_OVERFLOW]) |
|
24 |
- }; |
|
25 |
- |
|
26 |
- /* Information about one member of an archive. */ |
|
27 |
--struct member_layout { |
|
28 |
-+struct member_layout |
|
29 |
-+{ |
|
30 |
- /* The archive member that this structure describes. */ |
|
31 |
- bfd *member; |
|
32 |
- |
|
33 |
-@@ -237,7 +238,8 @@ struct member_layout { |
|
34 |
- }; |
|
35 |
- |
|
36 |
- /* A structure used for iterating over the members of an archive. */ |
|
37 |
--struct archive_iterator { |
|
38 |
-+struct archive_iterator |
|
39 |
-+{ |
|
40 |
- /* The archive itself. */ |
|
41 |
- bfd *archive; |
|
42 |
- |
|
43 |
-@@ -654,8 +656,6 @@ _bfd_xcoff_swap_aux_out (bfd *abfd, void * inp, int type, int in_class, |
|
44 |
- end: |
|
45 |
- return bfd_coff_auxesz (abfd); |
|
46 |
- } |
|
47 |
-- |
|
48 |
-- |
|
49 |
- |
|
50 |
- /* The XCOFF reloc table. Actually, XCOFF relocations specify the |
|
51 |
- bitsize and whether they are signed or not, along with a |
|
52 |
-@@ -663,7 +663,6 @@ end: |
|
53 |
- different algorithms for putting in the reloc. Many of these |
|
54 |
- relocs need special_function entries, which I have not written. */ |
|
55 |
- |
|
56 |
-- |
|
57 |
- reloc_howto_type xcoff_howto_table[] = |
|
58 |
- { |
|
59 |
- /* 0x00: Standard 32 bit relocation. */ |
|
60 |
-@@ -1185,6 +1184,51 @@ bfd_xcoff_ar_archive_set_magic (bfd *abfd ATTRIBUTE_UNUSED, |
|
61 |
- /* bfd_xcoff_archive_set_magic (abfd, magic); */ |
|
62 |
- } |
|
63 |
- |
|
64 |
-+/* PR 21786: The PE/COFF standard does not require NUL termination for any of |
|
65 |
-+ the ASCII fields in the archive headers. So in order to be able to extract |
|
66 |
-+ numerical values we provide our own versions of strtol and strtoll which |
|
67 |
-+ take a maximum length as an additional parameter. Also - just to save space, |
|
68 |
-+ we omit the endptr return parameter, since we know that it is never used. */ |
|
69 |
-+ |
|
70 |
-+static long |
|
71 |
-+_bfd_strntol (const char * nptr, int base, unsigned int maxlen) |
|
72 |
-+{ |
|
73 |
-+ char buf[24]; /* Should be enough. */ |
|
74 |
-+ |
|
75 |
-+ BFD_ASSERT (maxlen < (sizeof (buf) - 1)); |
|
76 |
-+ |
|
77 |
-+ memcpy (buf, nptr, maxlen); |
|
78 |
-+ buf[maxlen] = 0; |
|
79 |
-+ return strtol (buf, NULL, base); |
|
80 |
-+} |
|
81 |
-+ |
|
82 |
-+static long long |
|
83 |
-+_bfd_strntoll (const char * nptr, int base, unsigned int maxlen) |
|
84 |
-+{ |
|
85 |
-+ char buf[32]; /* Should be enough. */ |
|
86 |
-+ |
|
87 |
-+ BFD_ASSERT (maxlen < (sizeof (buf) - 1)); |
|
88 |
-+ |
|
89 |
-+ memcpy (buf, nptr, maxlen); |
|
90 |
-+ buf[maxlen] = 0; |
|
91 |
-+ return strtoll (buf, NULL, base); |
|
92 |
-+} |
|
93 |
-+ |
|
94 |
-+/* Macro to read an ASCII value stored in an archive header field. */ |
|
95 |
-+#define GET_VALUE_IN_FIELD(VAR, FIELD) \ |
|
96 |
-+ do \ |
|
97 |
-+ { \ |
|
98 |
-+ (VAR) = sizeof (VAR) > sizeof (long) \ |
|
99 |
-+ ? _bfd_strntoll (FIELD, 10, sizeof FIELD) \ |
|
100 |
-+ : _bfd_strntol (FIELD, 10, sizeof FIELD); \ |
|
101 |
-+ } \ |
|
102 |
-+ while (0) |
|
103 |
-+ |
|
104 |
-+#define EQ_VALUE_IN_FIELD(VAR, FIELD) \ |
|
105 |
-+ (sizeof (VAR) > sizeof (long) \ |
|
106 |
-+ ? (VAR) ==_bfd_strntoll (FIELD, 10, sizeof FIELD) \ |
|
107 |
-+ : (VAR) == _bfd_strntol (FIELD, 10, sizeof FIELD)) |
|
108 |
-+ |
|
109 |
- /* Read in the armap of an XCOFF archive. */ |
|
110 |
- |
|
111 |
- bfd_boolean |
|
112 |
-@@ -1209,7 +1253,7 @@ _bfd_xcoff_slurp_armap (bfd *abfd) |
|
113 |
- /* This is for the old format. */ |
|
114 |
- struct xcoff_ar_hdr hdr; |
|
115 |
- |
|
116 |
-- off = strtol (xcoff_ardata (abfd)->symoff, (char **) NULL, 10); |
|
117 |
-+ GET_VALUE_IN_FIELD (off, xcoff_ardata (abfd)->symoff); |
|
118 |
- if (off == 0) |
|
119 |
- { |
|
120 |
- bfd_has_map (abfd) = FALSE; |
|
121 |
-@@ -1225,12 +1269,12 @@ _bfd_xcoff_slurp_armap (bfd *abfd) |
|
122 |
- return FALSE; |
|
123 |
- |
|
124 |
- /* Skip the name (normally empty). */ |
|
125 |
-- namlen = strtol (hdr.namlen, (char **) NULL, 10); |
|
126 |
-+ GET_VALUE_IN_FIELD (namlen, hdr.namlen); |
|
127 |
- off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG; |
|
128 |
- if (bfd_seek (abfd, off, SEEK_CUR) != 0) |
|
129 |
- return FALSE; |
|
130 |
- |
|
131 |
-- sz = strtol (hdr.size, (char **) NULL, 10); |
|
132 |
-+ GET_VALUE_IN_FIELD (sz, hdr.size); |
|
133 |
- |
|
134 |
- /* Read in the entire symbol table. */ |
|
135 |
- contents = (bfd_byte *) bfd_alloc (abfd, sz); |
|
136 |
-@@ -1264,7 +1308,7 @@ _bfd_xcoff_slurp_armap (bfd *abfd) |
|
137 |
- /* This is for the new format. */ |
|
138 |
- struct xcoff_ar_hdr_big hdr; |
|
139 |
- |
|
140 |
-- off = strtol (xcoff_ardata_big (abfd)->symoff, (char **) NULL, 10); |
|
141 |
-+ GET_VALUE_IN_FIELD (off, xcoff_ardata_big (abfd)->symoff); |
|
142 |
- if (off == 0) |
|
143 |
- { |
|
144 |
- bfd_has_map (abfd) = FALSE; |
|
145 |
-@@ -1280,15 +1324,12 @@ _bfd_xcoff_slurp_armap (bfd *abfd) |
|
146 |
- return FALSE; |
|
147 |
- |
|
148 |
- /* Skip the name (normally empty). */ |
|
149 |
-- namlen = strtol (hdr.namlen, (char **) NULL, 10); |
|
150 |
-+ GET_VALUE_IN_FIELD (namlen, hdr.namlen); |
|
151 |
- off = ((namlen + 1) & ~ (size_t) 1) + SXCOFFARFMAG; |
|
152 |
- if (bfd_seek (abfd, off, SEEK_CUR) != 0) |
|
153 |
- return FALSE; |
|
154 |
- |
|
155 |
-- /* XXX This actually has to be a call to strtoll (at least on 32-bit |
|
156 |
-- machines) since the field width is 20 and there numbers with more |
|
157 |
-- than 32 bits can be represented. */ |
|
158 |
-- sz = strtol (hdr.size, (char **) NULL, 10); |
|
159 |
-+ GET_VALUE_IN_FIELD (sz, hdr.size); |
|
160 |
- |
|
161 |
- /* Read in the entire symbol table. */ |
|
162 |
- contents = (bfd_byte *) bfd_alloc (abfd, sz); |
|
163 |
-@@ -1393,8 +1434,8 @@ _bfd_xcoff_archive_p (bfd *abfd) |
|
164 |
- goto error_ret; |
|
165 |
- } |
|
166 |
- |
|
167 |
-- bfd_ardata (abfd)->first_file_filepos = strtol (hdr.firstmemoff, |
|
168 |
-- (char **) NULL, 10); |
|
169 |
-+ GET_VALUE_IN_FIELD (bfd_ardata (abfd)->first_file_filepos, |
|
170 |
-+ hdr.firstmemoff); |
|
171 |
- |
|
172 |
- amt = SIZEOF_AR_FILE_HDR; |
|
173 |
- bfd_ardata (abfd)->tdata = bfd_zalloc (abfd, amt); |
|
174 |
-@@ -1469,7 +1510,7 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd) |
|
175 |
- return NULL; |
|
176 |
- } |
|
177 |
- |
|
178 |
-- namlen = strtol (hdr.namlen, (char **) NULL, 10); |
|
179 |
-+ GET_VALUE_IN_FIELD (namlen, hdr.namlen); |
|
180 |
- amt = SIZEOF_AR_HDR + namlen + 1; |
|
181 |
- hdrp = (struct xcoff_ar_hdr *) bfd_alloc (abfd, amt); |
|
182 |
- if (hdrp == NULL) |
|
183 |
-@@ -1486,7 +1527,7 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd) |
|
184 |
- ((char *) hdrp)[SIZEOF_AR_HDR + namlen] = '\0'; |
|
185 |
- |
|
186 |
- ret->arch_header = (char *) hdrp; |
|
187 |
-- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10); |
|
188 |
-+ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size); |
|
189 |
- ret->filename = (char *) hdrp + SIZEOF_AR_HDR; |
|
190 |
- } |
|
191 |
- else |
|
192 |
-@@ -1501,7 +1542,7 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd) |
|
193 |
- return NULL; |
|
194 |
- } |
|
195 |
- |
|
196 |
-- namlen = strtol (hdr.namlen, (char **) NULL, 10); |
|
197 |
-+ GET_VALUE_IN_FIELD (namlen, hdr.namlen); |
|
198 |
- amt = SIZEOF_AR_HDR_BIG + namlen + 1; |
|
199 |
- hdrp = (struct xcoff_ar_hdr_big *) bfd_alloc (abfd, amt); |
|
200 |
- if (hdrp == NULL) |
|
201 |
-@@ -1518,10 +1559,7 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd) |
|
202 |
- ((char *) hdrp)[SIZEOF_AR_HDR_BIG + namlen] = '\0'; |
|
203 |
- |
|
204 |
- ret->arch_header = (char *) hdrp; |
|
205 |
-- /* XXX This actually has to be a call to strtoll (at least on 32-bit |
|
206 |
-- machines) since the field width is 20 and there numbers with more |
|
207 |
-- than 32 bits can be represented. */ |
|
208 |
-- ret->parsed_size = strtol (hdr.size, (char **) NULL, 10); |
|
209 |
-+ GET_VALUE_IN_FIELD (ret->parsed_size, hdr.size); |
|
210 |
- ret->filename = (char *) hdrp + SIZEOF_AR_HDR_BIG; |
|
211 |
- } |
|
212 |
- |
|
213 |
-@@ -1550,14 +1588,11 @@ _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file) |
|
214 |
- if (last_file == NULL) |
|
215 |
- filestart = bfd_ardata (archive)->first_file_filepos; |
|
216 |
- else |
|
217 |
-- filestart = strtol (arch_xhdr (last_file)->nextoff, (char **) NULL, |
|
218 |
-- 10); |
|
219 |
-+ GET_VALUE_IN_FIELD (filestart, arch_xhdr (last_file)->nextoff); |
|
220 |
- |
|
221 |
- if (filestart == 0 |
|
222 |
-- || filestart == strtol (xcoff_ardata (archive)->memoff, |
|
223 |
-- (char **) NULL, 10) |
|
224 |
-- || filestart == strtol (xcoff_ardata (archive)->symoff, |
|
225 |
-- (char **) NULL, 10)) |
|
226 |
-+ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->memoff) |
|
227 |
-+ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata (archive)->symoff)) |
|
228 |
- { |
|
229 |
- bfd_set_error (bfd_error_no_more_archived_files); |
|
230 |
- return NULL; |
|
231 |
-@@ -1568,20 +1603,11 @@ _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file) |
|
232 |
- if (last_file == NULL) |
|
233 |
- filestart = bfd_ardata (archive)->first_file_filepos; |
|
234 |
- else |
|
235 |
-- /* XXX These actually have to be a calls to strtoll (at least |
|
236 |
-- on 32-bit machines) since the fields's width is 20 and |
|
237 |
-- there numbers with more than 32 bits can be represented. */ |
|
238 |
-- filestart = strtol (arch_xhdr_big (last_file)->nextoff, (char **) NULL, |
|
239 |
-- 10); |
|
240 |
-- |
|
241 |
-- /* XXX These actually have to be calls to strtoll (at least on 32-bit |
|
242 |
-- machines) since the fields's width is 20 and there numbers with more |
|
243 |
-- than 32 bits can be represented. */ |
|
244 |
-+ GET_VALUE_IN_FIELD (filestart, arch_xhdr_big (last_file)->nextoff); |
|
245 |
-+ |
|
246 |
- if (filestart == 0 |
|
247 |
-- || filestart == strtol (xcoff_ardata_big (archive)->memoff, |
|
248 |
-- (char **) NULL, 10) |
|
249 |
-- || filestart == strtol (xcoff_ardata_big (archive)->symoff, |
|
250 |
-- (char **) NULL, 10)) |
|
251 |
-+ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->memoff) |
|
252 |
-+ || EQ_VALUE_IN_FIELD (filestart, xcoff_ardata_big (archive)->symoff)) |
|
253 |
- { |
|
254 |
- bfd_set_error (bfd_error_no_more_archived_files); |
|
255 |
- return NULL; |
|
256 |
-@@ -1606,20 +1632,20 @@ _bfd_xcoff_stat_arch_elt (bfd *abfd, struct stat *s) |
|
257 |
- { |
|
258 |
- struct xcoff_ar_hdr *hdrp = arch_xhdr (abfd); |
|
259 |
- |
|
260 |
-- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10); |
|
261 |
-- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10); |
|
262 |
-- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10); |
|
263 |
-- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8); |
|
264 |
-+ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date); |
|
265 |
-+ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid); |
|
266 |
-+ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid); |
|
267 |
-+ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode); |
|
268 |
- s->st_size = arch_eltdata (abfd)->parsed_size; |
|
269 |
- } |
|
270 |
- else |
|
271 |
- { |
|
272 |
- struct xcoff_ar_hdr_big *hdrp = arch_xhdr_big (abfd); |
|
273 |
- |
|
274 |
-- s->st_mtime = strtol (hdrp->date, (char **) NULL, 10); |
|
275 |
-- s->st_uid = strtol (hdrp->uid, (char **) NULL, 10); |
|
276 |
-- s->st_gid = strtol (hdrp->gid, (char **) NULL, 10); |
|
277 |
-- s->st_mode = strtol (hdrp->mode, (char **) NULL, 8); |
|
278 |
-+ GET_VALUE_IN_FIELD (s->st_mtime, hdrp->date); |
|
279 |
-+ GET_VALUE_IN_FIELD (s->st_uid, hdrp->uid); |
|
280 |
-+ GET_VALUE_IN_FIELD (s->st_gid, hdrp->gid); |
|
281 |
-+ GET_VALUE_IN_FIELD (s->st_mode, hdrp->mode); |
|
282 |
- s->st_size = arch_eltdata (abfd)->parsed_size; |
|
283 |
- } |
|
284 |
- |
|
285 |
-2.9.3 |
|
286 |
- |
287 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,319 +0,0 @@ |
1 |
-From ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Mon, 24 Jul 2017 13:49:22 +0100 |
|
4 |
-Subject: [PATCH 1/1] Fix address violation errors parsing corrupt binary |
|
5 |
- files. |
|
6 |
- |
|
7 |
- PR 21813 |
|
8 |
-binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty |
|
9 |
- string whilst concatenating symbol names. |
|
10 |
- |
|
11 |
-bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address |
|
12 |
- of the relocs to the canonicalize_one_reloc routine. |
|
13 |
- * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype |
|
14 |
- for the _bfd_mach_o_canonicalize_one_reloc field. |
|
15 |
- * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add |
|
16 |
- res_base parameter. Use to check for corrupt pair relocs. |
|
17 |
- * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc): |
|
18 |
- Likewise. |
|
19 |
- * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc): |
|
20 |
- Likewise. |
|
21 |
- * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc): |
|
22 |
- Likewise. |
|
23 |
- |
|
24 |
- * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is |
|
25 |
- enough data in the record before attempting to parse it. |
|
26 |
- (_bfd_vms_slurp_eeom): Likewise. |
|
27 |
- |
|
28 |
- (_bfd_vms_slurp_egsd): Check for an invalid section index. |
|
29 |
- (image_set_ptr): Likewise. |
|
30 |
- (alpha_vms_slurp_relocs): Likewise. |
|
31 |
- bfd/mach-o-aarch64.c | 8 ++++--- |
|
32 |
- bfd/mach-o-arm.c | 13 ++++++++---- |
|
33 |
- bfd/mach-o-i386.c | 17 +++++++++------ |
|
34 |
- bfd/mach-o-x86-64.c | 8 ++++--- |
|
35 |
- bfd/mach-o.c | 2 +- |
|
36 |
- bfd/mach-o.h | 2 +- |
|
37 |
- bfd/vms-alpha.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++----- |
|
38 |
- binutils/rddbg.c | 3 ++- |
|
39 |
- 10 files changed, 118 insertions(+), 24 deletions(-) |
|
40 |
- |
|
41 |
-diff --git a/bfd/mach-o-aarch64.c b/bfd/mach-o-aarch64.c |
|
42 |
-index 12fc47e..5cf3364 100644 |
|
43 |
-+++ b/bfd/mach-o-aarch64.c |
|
44 |
-@@ -147,9 +147,11 @@ static reloc_howto_type arm64_howto_table[]= |
|
45 |
- }; |
|
46 |
- |
|
47 |
- static bfd_boolean |
|
48 |
--bfd_mach_o_arm64_canonicalize_one_reloc (bfd *abfd, |
|
49 |
-- struct mach_o_reloc_info_external *raw, |
|
50 |
-- arelent *res, asymbol **syms) |
|
51 |
-+bfd_mach_o_arm64_canonicalize_one_reloc (bfd * abfd, |
|
52 |
-+ struct mach_o_reloc_info_external * raw, |
|
53 |
-+ arelent * res, |
|
54 |
-+ asymbol ** syms, |
|
55 |
-+ arelent * res_base ATTRIBUTE_UNUSED) |
|
56 |
- { |
|
57 |
- bfd_mach_o_reloc_info reloc; |
|
58 |
- |
|
59 |
-diff --git a/bfd/mach-o-arm.c b/bfd/mach-o-arm.c |
|
60 |
-index 5139f79..9eb614c 100644 |
|
61 |
-+++ b/bfd/mach-o-arm.c |
|
62 |
-@@ -30,7 +30,7 @@ |
|
63 |
- #define bfd_mach_o_mkobject bfd_mach_o_arm_mkobject |
|
64 |
- |
|
65 |
- #define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_arm_canonicalize_one_reloc |
|
66 |
--#define bfd_mach_o_swap_reloc_out NULL |
|
67 |
-+#define bfd_mach_o_swap_reloc_out NULL |
|
68 |
- #define bfd_mach_o_bfd_reloc_type_lookup bfd_mach_o_arm_bfd_reloc_type_lookup |
|
69 |
- #define bfd_mach_o_bfd_reloc_name_lookup bfd_mach_o_arm_bfd_reloc_name_lookup |
|
70 |
- |
|
71 |
-@@ -147,9 +147,11 @@ static reloc_howto_type arm_howto_table[]= |
|
72 |
- }; |
|
73 |
- |
|
74 |
- static bfd_boolean |
|
75 |
--bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd, |
|
76 |
-- struct mach_o_reloc_info_external *raw, |
|
77 |
-- arelent *res, asymbol **syms) |
|
78 |
-+bfd_mach_o_arm_canonicalize_one_reloc (bfd * abfd, |
|
79 |
-+ struct mach_o_reloc_info_external * raw, |
|
80 |
-+ arelent * res, |
|
81 |
-+ asymbol ** syms, |
|
82 |
-+ arelent * res_base) |
|
83 |
- { |
|
84 |
- bfd_mach_o_reloc_info reloc; |
|
85 |
- |
|
86 |
-@@ -161,6 +163,9 @@ bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd, |
|
87 |
- switch (reloc.r_type) |
|
88 |
- { |
|
89 |
- case BFD_MACH_O_ARM_RELOC_PAIR: |
|
90 |
-+ /* PR 21813: Check for a corrupt PAIR reloc at the start. */ |
|
91 |
-+ if (res == res_base) |
|
92 |
-+ return FALSE; |
|
93 |
- if (reloc.r_length == 2) |
|
94 |
- { |
|
95 |
- res->howto = &arm_howto_table[7]; |
|
96 |
-diff --git a/bfd/mach-o-i386.c b/bfd/mach-o-i386.c |
|
97 |
-index ce0389e..803af98 100644 |
|
98 |
-+++ b/bfd/mach-o-i386.c |
|
99 |
-@@ -112,9 +112,11 @@ static reloc_howto_type i386_howto_table[]= |
|
100 |
- }; |
|
101 |
- |
|
102 |
- static bfd_boolean |
|
103 |
--bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd, |
|
104 |
-- struct mach_o_reloc_info_external *raw, |
|
105 |
-- arelent *res, asymbol **syms) |
|
106 |
-+bfd_mach_o_i386_canonicalize_one_reloc (bfd * abfd, |
|
107 |
-+ struct mach_o_reloc_info_external * raw, |
|
108 |
-+ arelent * res, |
|
109 |
-+ asymbol ** syms, |
|
110 |
-+ arelent * res_base) |
|
111 |
- { |
|
112 |
- bfd_mach_o_reloc_info reloc; |
|
113 |
- |
|
114 |
-@@ -126,6 +128,9 @@ bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd, |
|
115 |
- switch (reloc.r_type) |
|
116 |
- { |
|
117 |
- case BFD_MACH_O_GENERIC_RELOC_PAIR: |
|
118 |
-+ /* PR 21813: Check for a corrupt PAIR reloc at the start. */ |
|
119 |
-+ if (res == res_base) |
|
120 |
-+ return FALSE; |
|
121 |
- if (reloc.r_length == 2) |
|
122 |
- { |
|
123 |
- res->howto = &i386_howto_table[7]; |
|
124 |
-@@ -391,9 +396,9 @@ const mach_o_segment_name_xlat mach_o_i386_segsec_names_xlat[] = |
|
125 |
- { NULL, NULL } |
|
126 |
- }; |
|
127 |
- |
|
128 |
--#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc |
|
129 |
--#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out |
|
130 |
--#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread |
|
131 |
-+#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc |
|
132 |
-+#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out |
|
133 |
-+#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread |
|
134 |
- |
|
135 |
- #define bfd_mach_o_tgt_seg_table mach_o_i386_segsec_names_xlat |
|
136 |
- #define bfd_mach_o_section_type_valid_for_tgt NULL |
|
137 |
-diff --git a/bfd/mach-o-x86-64.c b/bfd/mach-o-x86-64.c |
|
138 |
-index 1c83b10..2c50476 100644 |
|
139 |
-+++ b/bfd/mach-o-x86-64.c |
|
140 |
-@@ -120,9 +120,11 @@ static reloc_howto_type x86_64_howto_table[]= |
|
141 |
- }; |
|
142 |
- |
|
143 |
- static bfd_boolean |
|
144 |
--bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *abfd, |
|
145 |
-- struct mach_o_reloc_info_external *raw, |
|
146 |
-- arelent *res, asymbol **syms) |
|
147 |
-+bfd_mach_o_x86_64_canonicalize_one_reloc (bfd * abfd, |
|
148 |
-+ struct mach_o_reloc_info_external * raw, |
|
149 |
-+ arelent * res, |
|
150 |
-+ asymbol ** syms, |
|
151 |
-+ arelent * res_base ATTRIBUTE_UNUSED) |
|
152 |
- { |
|
153 |
- bfd_mach_o_reloc_info reloc; |
|
154 |
- |
|
155 |
-diff --git a/bfd/mach-o.c b/bfd/mach-o.c |
|
156 |
-index be2fb17..1807391 100644 |
|
157 |
-+++ b/bfd/mach-o.c |
|
158 |
-@@ -1496,7 +1496,7 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos, |
|
159 |
- for (i = 0; i < count; i++) |
|
160 |
- { |
|
161 |
- if (!(*bed->_bfd_mach_o_canonicalize_one_reloc)(abfd, &native_relocs[i], |
|
162 |
-- &res[i], syms)) |
|
163 |
-+ &res[i], syms, res)) |
|
164 |
- goto err; |
|
165 |
- } |
|
166 |
- free (native_relocs); |
|
167 |
-diff --git a/bfd/mach-o.h b/bfd/mach-o.h |
|
168 |
-index 83660a4..0719b53 100644 |
|
169 |
-+++ b/bfd/mach-o.h |
|
170 |
-@@ -746,7 +746,7 @@ typedef struct bfd_mach_o_backend_data |
|
171 |
- enum bfd_architecture arch; |
|
172 |
- bfd_vma page_size; |
|
173 |
- bfd_boolean (*_bfd_mach_o_canonicalize_one_reloc) |
|
174 |
-- (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **); |
|
175 |
-+ (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **, arelent *); |
|
176 |
- bfd_boolean (*_bfd_mach_o_swap_reloc_out)(arelent *, bfd_mach_o_reloc_info *); |
|
177 |
- bfd_boolean (*_bfd_mach_o_print_thread)(bfd *, bfd_mach_o_thread_flavour *, |
|
178 |
- void *, char *); |
|
179 |
-diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c |
|
180 |
-index 991a1be..5e9170d 100644 |
|
181 |
-+++ b/bfd/vms-alpha.c |
|
182 |
-@@ -473,6 +473,14 @@ _bfd_vms_slurp_eihd (bfd *abfd, unsigned int *eisd_offset, |
|
183 |
- |
|
184 |
- vms_debug2 ((8, "_bfd_vms_slurp_eihd\n")); |
|
185 |
- |
|
186 |
-+ /* PR 21813: Check for an undersized record. */ |
|
187 |
-+ if (PRIV (recrd.buf_size) < sizeof (* eihd)) |
|
188 |
-+ { |
|
189 |
-+ _bfd_error_handler (_("Corrupt EIHD record - size is too small")); |
|
190 |
-+ bfd_set_error (bfd_error_bad_value); |
|
191 |
-+ return FALSE; |
|
192 |
-+ } |
|
193 |
-+ |
|
194 |
- size = bfd_getl32 (eihd->size); |
|
195 |
- imgtype = bfd_getl32 (eihd->imgtype); |
|
196 |
- |
|
197 |
-@@ -1312,19 +1320,38 @@ _bfd_vms_slurp_egsd (bfd *abfd) |
|
198 |
- if (old_flags & EGSY__V_DEF) |
|
199 |
- { |
|
200 |
- struct vms_esdf *esdf = (struct vms_esdf *)vms_rec; |
|
201 |
-+ long psindx; |
|
202 |
- |
|
203 |
- entry->value = bfd_getl64 (esdf->value); |
|
204 |
- if (PRIV (sections) == NULL) |
|
205 |
- return FALSE; |
|
206 |
-- entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)]; |
|
207 |
-+ |
|
208 |
-+ psindx = bfd_getl32 (esdf->psindx); |
|
209 |
-+ /* PR 21813: Check for an out of range index. */ |
|
210 |
-+ if (psindx < 0 || psindx >= (int) PRIV (section_count)) |
|
211 |
-+ { |
|
212 |
-+ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), |
|
213 |
-+ psindx); |
|
214 |
-+ bfd_set_error (bfd_error_bad_value); |
|
215 |
-+ return FALSE; |
|
216 |
-+ } |
|
217 |
-+ entry->section = PRIV (sections)[psindx]; |
|
218 |
- |
|
219 |
- if (old_flags & EGSY__V_NORM) |
|
220 |
- { |
|
221 |
- PRIV (norm_sym_count)++; |
|
222 |
- |
|
223 |
- entry->code_value = bfd_getl64 (esdf->code_address); |
|
224 |
-- entry->code_section = |
|
225 |
-- PRIV (sections)[bfd_getl32 (esdf->ca_psindx)]; |
|
226 |
-+ psindx = bfd_getl32 (esdf->ca_psindx); |
|
227 |
-+ /* PR 21813: Check for an out of range index. */ |
|
228 |
-+ if (psindx < 0 || psindx >= (int) PRIV (section_count)) |
|
229 |
-+ { |
|
230 |
-+ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), |
|
231 |
-+ psindx); |
|
232 |
-+ bfd_set_error (bfd_error_bad_value); |
|
233 |
-+ return FALSE; |
|
234 |
-+ } |
|
235 |
-+ entry->code_section = PRIV (sections)[psindx]; |
|
236 |
- } |
|
237 |
- } |
|
238 |
- } |
|
239 |
-@@ -1351,9 +1378,20 @@ _bfd_vms_slurp_egsd (bfd *abfd) |
|
240 |
- |
|
241 |
- if (old_flags & EGSY__V_REL) |
|
242 |
- { |
|
243 |
-+ long psindx; |
|
244 |
-+ |
|
245 |
- if (PRIV (sections) == NULL) |
|
246 |
- return FALSE; |
|
247 |
-- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; |
|
248 |
-+ psindx = bfd_getl32 (egst->psindx); |
|
249 |
-+ /* PR 21813: Check for an out of range index. */ |
|
250 |
-+ if (psindx < 0 || psindx >= (int) PRIV (section_count)) |
|
251 |
-+ { |
|
252 |
-+ _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), |
|
253 |
-+ psindx); |
|
254 |
-+ bfd_set_error (bfd_error_bad_value); |
|
255 |
-+ return FALSE; |
|
256 |
-+ } |
|
257 |
-+ entry->section = PRIV (sections)[psindx]; |
|
258 |
- } |
|
259 |
- else |
|
260 |
- entry->section = bfd_abs_section_ptr; |
|
261 |
-@@ -1446,6 +1484,9 @@ image_set_ptr (bfd *abfd, bfd_vma vma, int sect, struct bfd_link_info *info) |
|
262 |
- |
|
263 |
- if (PRIV (sections) == NULL) |
|
264 |
- return; |
|
265 |
-+ if (sect < 0 || sect >= (int) PRIV (section_count)) |
|
266 |
-+ return; |
|
267 |
-+ |
|
268 |
- sec = PRIV (sections)[sect]; |
|
269 |
- |
|
270 |
- if (info) |
|
271 |
-@@ -2450,6 +2491,14 @@ _bfd_vms_slurp_eeom (bfd *abfd) |
|
272 |
- |
|
273 |
- vms_debug2 ((2, "EEOM\n")); |
|
274 |
- |
|
275 |
-+ /* PR 21813: Check for an undersized record. */ |
|
276 |
-+ if (PRIV (recrd.buf_size) < sizeof (* eeom)) |
|
277 |
-+ { |
|
278 |
-+ _bfd_error_handler (_("Corrupt EEOM record - size is too small")); |
|
279 |
-+ bfd_set_error (bfd_error_bad_value); |
|
280 |
-+ return FALSE; |
|
281 |
-+ } |
|
282 |
-+ |
|
283 |
- PRIV (eom_data).eom_l_total_lps = bfd_getl32 (eeom->total_lps); |
|
284 |
- PRIV (eom_data).eom_w_comcod = bfd_getl16 (eeom->comcod); |
|
285 |
- if (PRIV (eom_data).eom_w_comcod > 1) |
|
286 |
-@@ -5173,7 +5222,7 @@ alpha_vms_slurp_relocs (bfd *abfd) |
|
287 |
- } |
|
288 |
- else if (cur_psidx >= 0) |
|
289 |
- { |
|
290 |
-- if (PRIV (sections) == NULL) |
|
291 |
-+ if (PRIV (sections) == NULL || cur_psidx >= (int) PRIV (section_count)) |
|
292 |
- return FALSE; |
|
293 |
- reloc->sym_ptr_ptr = |
|
294 |
- PRIV (sections)[cur_psidx]->symbol_ptr_ptr; |
|
295 |
-diff --git a/binutils/rddbg.c b/binutils/rddbg.c |
|
296 |
-index 1d8c447..b978060 100644 |
|
297 |
-+++ b/binutils/rddbg.c |
|
298 |
-@@ -303,7 +303,8 @@ read_symbol_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount, |
|
299 |
- return FALSE; |
|
300 |
- f = NULL; |
|
301 |
- |
|
302 |
-- while (s[strlen (s) - 1] == '\\' |
|
303 |
-+ while (strlen (s) > 0 |
|
304 |
-+ && s[strlen (s) - 1] == '\\' |
|
305 |
- && ps + 1 < symend) |
|
306 |
- { |
|
307 |
- char *sc, *n; |
|
308 |
-2.9.3 |
|
309 |
- |
310 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,50 @@ |
0 |
+From 56933f9e3e90eebf1018ed7417d6c1184b91db6b Mon Sep 17 00:00:00 2001 |
|
1 |
+From: "H.J. Lu" <hjl.tools@gmail.com> |
|
2 |
+Date: Fri, 22 Sep 2017 14:15:40 -0700 |
|
3 |
+Subject: [PATCH 1/1] x86: Guard against corrupted PLT |
|
4 |
+ |
|
5 |
+There should be only one entry in PLT for a given symbol. Set howto to |
|
6 |
+NULL after processing a PLT entry to guard against corrupted PLT so that |
|
7 |
+the duplicated PLT entries are skipped. |
|
8 |
+ |
|
9 |
+ PR binutils/22170 |
|
10 |
+ * elf32-i386.c (elf_i386_get_synthetic_symtab): Guard against |
|
11 |
+ corrupted PLT. |
|
12 |
+ * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. |
|
13 |
+ |
|
14 |
+(cherry picked from commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360) |
|
15 |
+--- |
|
16 |
+ bfd/elf32-i386.c | 4 ++++ |
|
17 |
+ bfd/elf64-x86-64.c | 4 ++++ |
|
18 |
+ 2 files changed, 8 insertions(+) |
|
19 |
+ |
|
20 |
+diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c |
|
21 |
+index 9dc2d25..ba50c93 100644 |
|
22 |
+--- a/bfd/elf32-i386.c |
|
23 |
+@@ -6616,6 +6616,10 @@ bad_return: |
|
24 |
+ size += sizeof ("+0x") - 1 + 8; |
|
25 |
+ n++; |
|
26 |
+ s++; |
|
27 |
++ /* There should be only one entry in PLT for a given |
|
28 |
++ symbol. Set howto to NULL after processing a PLT |
|
29 |
++ entry to guard against corrupted PLT. */ |
|
30 |
++ p->howto = NULL; |
|
31 |
+ } |
|
32 |
+ offset += plt_entry_size; |
|
33 |
+ } |
|
34 |
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c |
|
35 |
+index 558db98..d9225ad 100644 |
|
36 |
+--- a/bfd/elf64-x86-64.c |
|
37 |
+@@ -6970,6 +6970,10 @@ bad_return: |
|
38 |
+ size += sizeof ("+0x") - 1 + 8 + 8 * ABI_64_P (abfd); |
|
39 |
+ n++; |
|
40 |
+ s++; |
|
41 |
++ /* There should be only one entry in PLT for a given |
|
42 |
++ symbol. Set howto to NULL after processing a PLT |
|
43 |
++ entry to guard against corrupted PLT. */ |
|
44 |
++ p->howto = NULL; |
|
45 |
+ } |
|
46 |
+ offset += plt_entry_size; |
|
47 |
+ } |
... | ... |
@@ -1,22 +1,15 @@ |
1 | 1 |
Summary: Contains a linker, an assembler, and other tools |
2 | 2 |
Name: binutils |
3 |
-Version: 2.29 |
|
4 |
-Release: 3%{?dist} |
|
3 |
+Version: 2.29.1 |
|
4 |
+Release: 1%{?dist} |
|
5 | 5 |
License: GPLv2+ |
6 | 6 |
URL: http://www.gnu.org/software/binutils |
7 | 7 |
Group: System Environment/Base |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz |
11 |
-%define sha1 binutils=47817089b3867baf307365004c51677174a27000 |
|
12 |
-Patch0: check-elf-section-header-only-for-elf-output.patch |
|
13 |
-Patch1: elf-checks-for-orphan-placement.patch |
|
14 |
-Patch2: CVE-2017-12448.patch |
|
15 |
-Patch3: CVE-2017-12449_12455_12457_12458_12459.patch |
|
16 |
-Patch4: CVE-2017-12450.patch |
|
17 |
-Patch5: CVE-2017-12451.patch |
|
18 |
-Patch6: CVE-2017-12452_12453_12454_12456.patch |
|
19 |
- |
|
11 |
+%define sha1 binutils=172244a349d07ec205c39c0321cbc354c125e78e |
|
12 |
+Patch0: binutils-2.29.1-CVE-2017-14729.patch |
|
20 | 13 |
%description |
21 | 14 |
The Binutils package contains a linker, an assembler, |
22 | 15 |
and other tools for handling object files. |
... | ... |
@@ -29,12 +22,6 @@ for handling compiled objects. |
29 | 29 |
%prep |
30 | 30 |
%setup -q |
31 | 31 |
%patch0 -p1 |
32 |
-%patch1 -p1 |
|
33 |
-%patch2 -p1 |
|
34 |
-%patch3 -p1 |
|
35 |
-%patch4 -p1 |
|
36 |
-%patch5 -p1 |
|
37 |
-%patch6 -p1 |
|
38 | 32 |
%build |
39 | 33 |
install -vdm 755 ../binutils-build |
40 | 34 |
cd ../binutils-build |
... | ... |
@@ -203,6 +190,8 @@ make %{?_smp_mflags} check |
203 | 203 |
%{_libdir}/libopcodes.so |
204 | 204 |
|
205 | 205 |
%changelog |
206 |
+* Mon Oct 2 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-1 |
|
207 |
+- Version update to 2.29.1, fix CVEs CVE-2017-12799, CVE-2017-14729,CVE-2017-14745 |
|
206 | 208 |
* Fri Aug 11 2017 Anish Swaminathan <anishs@vmware.com> 2.29-3 |
207 | 209 |
- Apply patches for CVE-2017-12448,CVE-2017-12449,CVE-2017-12450,CVE-2017-12451, |
208 | 210 |
- CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12455,CVE-2017-12456, |
209 | 211 |
deleted file mode 100644 |
... | ... |
@@ -1,85 +0,0 @@ |
1 |
-From db99ecc08f5b66fbe9cb72e90352c7f77ec71a6e Mon Sep 17 00:00:00 2001 |
|
2 |
-From: "H.J. Lu" <hjl.tools@gmail.com> |
|
3 |
-Date: Wed, 2 Aug 2017 05:10:29 -0700 |
|
4 |
-Subject: [PATCH] Check ELF section header only for ELF output |
|
5 |
- |
|
6 |
-When placing an orphan input section, check ELF section header only for |
|
7 |
-ELF output. |
|
8 |
- |
|
9 |
- PR ld/21884 |
|
10 |
- * emultempl/elf32.em (gld${EMULATION_NAME}_place_orphan): Check |
|
11 |
- ELF section header only for ELF output. |
|
12 |
- * testsuite/ld-elf/pr21884.d: New test. |
|
13 |
- * testsuite/ld-elf/pr21884.t: Likewise. |
|
14 |
- * testsuite/ld-elf/pr21884a.s: Likewise. |
|
15 |
- * testsuite/ld-elf/pr21884b.s: Likewise. |
|
16 |
-diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em |
|
17 |
-index d2551b6..75ded12 100644 |
|
18 |
-+++ b/ld/emultempl/elf32.em |
|
19 |
-@@ -2136,7 +2136,8 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
20 |
- } |
|
21 |
- |
|
22 |
- /* Look through the script to see where to place this section. */ |
|
23 |
-- if (constraint == 0) |
|
24 |
-+ if (constraint == 0 |
|
25 |
-+ && link_info.output_bfd->xvec->flavour == bfd_target_elf_flavour) |
|
26 |
- for (os = lang_output_section_find (secname); |
|
27 |
- os != NULL; |
|
28 |
- os = next_matching_output_section_statement (os, 0)) |
|
29 |
-diff --git a/ld/testsuite/ld-elf/pr21884.d b/ld/testsuite/ld-elf/pr21884.d |
|
30 |
-new file mode 100644 |
|
31 |
-index 0000000..52cd2c1 |
|
32 |
-+++ b/ld/testsuite/ld-elf/pr21884.d |
|
33 |
-@@ -0,0 +1,11 @@ |
|
34 |
-+#source: pr21884a.s |
|
35 |
-+#source: pr21884b.s |
|
36 |
-+#ld: -T pr21884.t |
|
37 |
-+#objdump: -b binary -s |
|
38 |
-+#notarget: aarch64*-*-* arm*-*-* nds32*-*-* |
|
39 |
-+# Skip targets which can't change output format to binary. |
|
40 |
-+ |
|
41 |
-+.*: file format binary |
|
42 |
-+ |
|
43 |
-+Contents of section .data: |
|
44 |
-+#pass |
|
45 |
-diff --git a/ld/testsuite/ld-elf/pr21884.t b/ld/testsuite/ld-elf/pr21884.t |
|
46 |
-new file mode 100644 |
|
47 |
-index 0000000..d483911 |
|
48 |
-+++ b/ld/testsuite/ld-elf/pr21884.t |
|
49 |
-@@ -0,0 +1,7 @@ |
|
50 |
-+OUTPUT_FORMAT("binary") |
|
51 |
-+ |
|
52 |
-+ENTRY(_main); |
|
53 |
-+SECTIONS { |
|
54 |
-+ . = 0; |
|
55 |
-+ .setup : { *(.setup) } |
|
56 |
-+} |
|
57 |
-diff --git a/ld/testsuite/ld-elf/pr21884a.s b/ld/testsuite/ld-elf/pr21884a.s |
|
58 |
-new file mode 100644 |
|
59 |
-index 0000000..a3361b2 |
|
60 |
-+++ b/ld/testsuite/ld-elf/pr21884a.s |
|
61 |
-@@ -0,0 +1,5 @@ |
|
62 |
-+ .text |
|
63 |
-+ .globl _main |
|
64 |
-+ .type _main,%function |
|
65 |
-+_main: |
|
66 |
-+ .dc.a bar |
|
67 |
-diff --git a/ld/testsuite/ld-elf/pr21884b.s b/ld/testsuite/ld-elf/pr21884b.s |
|
68 |
-new file mode 100644 |
|
69 |
-index 0000000..e533837 |
|
70 |
-+++ b/ld/testsuite/ld-elf/pr21884b.s |
|
71 |
-@@ -0,0 +1,5 @@ |
|
72 |
-+ .text |
|
73 |
-+ .globl bar |
|
74 |
-+ .type bar,%function |
|
75 |
-+bar: |
|
76 |
-+ .byte 0 |
|
77 |
-2.9.3 |
|
78 |
- |
79 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,157 +0,0 @@ |
1 |
-From 36088682f447540fd8666a2c437fa232064044a7 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Alan Modra <amodra@gmail.com> |
|
3 |
-Date: Thu, 3 Aug 2017 14:01:34 +0930 |
|
4 |
-Subject: [PATCH] ELF checks for orphan placement |
|
5 |
- |
|
6 |
-The loop checking for previous orphan placement should run even when |
|
7 |
-the output is non-ELF. |
|
8 |
- |
|
9 |
- PR ld/21884 |
|
10 |
- * emultempl/elf32.em (gld${EMULATION_NAME}_place_orphan): Revert |
|
11 |
- last change. Rename iself to elfinput. Expand comments. Condition |
|
12 |
- ELF checks on having both input and output ELF files. Extract.. |
|
13 |
- (elf_orphan_compatible): ..this new function. |
|
14 |
-diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em |
|
15 |
-index 75ded12..9ac1840 100644 |
|
16 |
-+++ b/ld/emultempl/elf32.em |
|
17 |
-@@ -2008,6 +2008,29 @@ output_rel_find (asection *sec, int isdyn) |
|
18 |
- return last; |
|
19 |
- } |
|
20 |
- |
|
21 |
-+/* Return whether IN is suitable to be part of OUT. */ |
|
22 |
-+ |
|
23 |
-+static bfd_boolean |
|
24 |
-+elf_orphan_compatible (asection *in, asection *out) |
|
25 |
-+{ |
|
26 |
-+ /* Non-zero sh_info implies a section with SHF_INFO_LINK with |
|
27 |
-+ unknown semantics for the generic linker, or a SHT_REL/SHT_RELA |
|
28 |
-+ section where sh_info specifies a symbol table. (We won't see |
|
29 |
-+ SHT_GROUP, SHT_SYMTAB or SHT_DYNSYM sections here.) We clearly |
|
30 |
-+ can't merge SHT_REL/SHT_RELA using differing symbol tables, and |
|
31 |
-+ shouldn't merge sections with differing unknown semantics. */ |
|
32 |
-+ if (elf_section_data (out)->this_hdr.sh_info |
|
33 |
-+ != elf_section_data (in)->this_hdr.sh_info) |
|
34 |
-+ return FALSE; |
|
35 |
-+ /* We can't merge two sections with differing SHF_EXCLUDE when doing |
|
36 |
-+ a relocatable link. */ |
|
37 |
-+ if (bfd_link_relocatable (&link_info) |
|
38 |
-+ && ((elf_section_flags (out) ^ elf_section_flags (in)) & SHF_EXCLUDE) != 0) |
|
39 |
-+ return FALSE; |
|
40 |
-+ return _bfd_elf_match_sections_by_type (link_info.output_bfd, out, |
|
41 |
-+ in->owner, in); |
|
42 |
-+} |
|
43 |
-+ |
|
44 |
- /* Place an orphan section. We use this to put random SHF_ALLOC |
|
45 |
- sections in the right segment. */ |
|
46 |
- |
|
47 |
-@@ -2064,8 +2087,9 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
48 |
- lang_output_section_statement_type *os; |
|
49 |
- lang_output_section_statement_type *match_by_name = NULL; |
|
50 |
- int isdyn = 0; |
|
51 |
-- int iself = s->owner->xvec->flavour == bfd_target_elf_flavour; |
|
52 |
-- unsigned int sh_type = iself ? elf_section_type (s) : SHT_NULL; |
|
53 |
-+ int elfinput = s->owner->xvec->flavour == bfd_target_elf_flavour; |
|
54 |
-+ int elfoutput = link_info.output_bfd->xvec->flavour == bfd_target_elf_flavour; |
|
55 |
-+ unsigned int sh_type = elfinput ? elf_section_type (s) : SHT_NULL; |
|
56 |
- flagword flags; |
|
57 |
- asection *nexts; |
|
58 |
- |
|
59 |
-@@ -2073,7 +2097,7 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
60 |
- && link_info.combreloc |
|
61 |
- && (s->flags & SEC_ALLOC)) |
|
62 |
- { |
|
63 |
-- if (iself) |
|
64 |
-+ if (elfinput) |
|
65 |
- switch (sh_type) |
|
66 |
- { |
|
67 |
- case SHT_RELA: |
|
68 |
-@@ -2095,6 +2119,8 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
69 |
- } |
|
70 |
- |
|
71 |
- if (!bfd_link_relocatable (&link_info) |
|
72 |
-+ && elfinput |
|
73 |
-+ && elfoutput |
|
74 |
- && (s->flags & SEC_ALLOC) != 0 |
|
75 |
- && (elf_section_flags (s) & SHF_GNU_MBIND) != 0) |
|
76 |
- { |
|
77 |
-@@ -2135,9 +2161,11 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
78 |
- secname = ".mbind.text"; |
|
79 |
- } |
|
80 |
- |
|
81 |
-- /* Look through the script to see where to place this section. */ |
|
82 |
-- if (constraint == 0 |
|
83 |
-- && link_info.output_bfd->xvec->flavour == bfd_target_elf_flavour) |
|
84 |
-+ /* Look through the script to see where to place this section. The |
|
85 |
-+ script includes entries added by previous lang_insert_orphan |
|
86 |
-+ calls, so this loop puts multiple compatible orphans of the same |
|
87 |
-+ name into a single output section. */ |
|
88 |
-+ if (constraint == 0) |
|
89 |
- for (os = lang_output_section_find (secname); |
|
90 |
- os != NULL; |
|
91 |
- os = next_matching_output_section_statement (os, 0)) |
|
92 |
-@@ -2146,29 +2174,19 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
93 |
- lang_insert_orphan to create a new output section. */ |
|
94 |
- constraint = SPECIAL; |
|
95 |
- |
|
96 |
-- /* SEC_EXCLUDE is cleared when doing a relocatable link. But |
|
97 |
-- we can't merge 2 input sections with the same name when only |
|
98 |
-- one of them has SHF_EXCLUDE. Don't merge 2 sections with |
|
99 |
-- different sh_info. */ |
|
100 |
-+ /* Check to see if we already have an output section statement |
|
101 |
-+ with this name, and its bfd section has compatible flags. |
|
102 |
-+ If the section already exists but does not have any flags |
|
103 |
-+ set, then it has been created by the linker, possibly as a |
|
104 |
-+ result of a --section-start command line switch. */ |
|
105 |
- if (os->bfd_section != NULL |
|
106 |
-- && (elf_section_data (os->bfd_section)->this_hdr.sh_info |
|
107 |
-- == elf_section_data (s)->this_hdr.sh_info) |
|
108 |
- && (os->bfd_section->flags == 0 |
|
109 |
-- || ((!bfd_link_relocatable (&link_info) |
|
110 |
-- || (iself && (((elf_section_flags (s) |
|
111 |
-- ^ elf_section_flags (os->bfd_section)) |
|
112 |
-- & SHF_EXCLUDE) == 0))) |
|
113 |
-- && ((s->flags ^ os->bfd_section->flags) |
|
114 |
-+ || (((s->flags ^ os->bfd_section->flags) |
|
115 |
- & (SEC_LOAD | SEC_ALLOC)) == 0 |
|
116 |
-- && _bfd_elf_match_sections_by_type (link_info.output_bfd, |
|
117 |
-- os->bfd_section, |
|
118 |
-- s->owner, s)))) |
|
119 |
-+ && (!elfinput |
|
120 |
-+ || !elfoutput |
|
121 |
-+ || elf_orphan_compatible (s, os->bfd_section))))) |
|
122 |
- { |
|
123 |
-- /* We already have an output section statement with this |
|
124 |
-- name, and its bfd section has compatible flags. |
|
125 |
-- If the section already exists but does not have any flags |
|
126 |
-- set, then it has been created by the linker, probably as a |
|
127 |
-- result of a --section-start command line switch. */ |
|
128 |
- lang_add_section (&os->children, s, NULL, os); |
|
129 |
- return os; |
|
130 |
- } |
|
131 |
-@@ -2244,8 +2262,8 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
132 |
- else if ((flags & SEC_ALLOC) == 0) |
|
133 |
- ; |
|
134 |
- else if ((flags & SEC_LOAD) != 0 |
|
135 |
-- && ((iself && sh_type == SHT_NOTE) |
|
136 |
-- || (!iself && CONST_STRNEQ (secname, ".note")))) |
|
137 |
-+ && ((elfinput && sh_type == SHT_NOTE) |
|
138 |
-+ || (!elfinput && CONST_STRNEQ (secname, ".note")))) |
|
139 |
- place = &hold[orphan_interp]; |
|
140 |
- else if ((flags & (SEC_LOAD | SEC_HAS_CONTENTS | SEC_THREAD_LOCAL)) == 0) |
|
141 |
- place = &hold[orphan_bss]; |
|
142 |
-@@ -2255,8 +2273,8 @@ gld${EMULATION_NAME}_place_orphan (asection *s, |
|
143 |
- place = &hold[orphan_tdata]; |
|
144 |
- else if ((flags & SEC_READONLY) == 0) |
|
145 |
- place = &hold[orphan_data]; |
|
146 |
-- else if (((iself && (sh_type == SHT_RELA || sh_type == SHT_REL)) |
|
147 |
-- || (!iself && CONST_STRNEQ (secname, ".rel"))) |
|
148 |
-+ else if (((elfinput && (sh_type == SHT_RELA || sh_type == SHT_REL)) |
|
149 |
-+ || (!elfinput && CONST_STRNEQ (secname, ".rel"))) |
|
150 |
- && (flags & SEC_LOAD) != 0) |
|
151 |
- place = &hold[orphan_rel]; |
|
152 |
- else if ((flags & SEC_CODE) == 0) |
|
153 |
-2.9.3 |
|
154 |
- |