MatCat.OpenSource/8sa1-binutils-gdb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PR26348, Malloc error in write_zeros

Browse Source 
This adds a few more sanity checks on ELF objects, and a BFD flag to
disable objcopy and strip when fuzzed input files belong in the "too
hard" basket.

bfd/
	PR 26348
	* bfd.c (struct bfd): Add read_only.
	* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
	Set read_only on warning.
	(elf_object_p): Sanity check program header alignment.  Set
	read_only on warning.
	* bfd-in2.h: Regenerate.
binutils/
	PR 26348
	* objcopy.c (copy_object): Report file name with endian error.
	Error and return on abfd->read_only.
This commit is contained in:
Alan Modra 2020-08-12 20:18:43 +09:30
parent 6d8a0a5e90
commit 75e100a30d
6 changed files with 50 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bfd/ChangeLog
View File

@ -1,3 +1,13 @@
2020-08-13 Alan Modra <amodra@gmail.com>
PR 26348
* bfd.c (struct bfd): Add read_only.
* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
Set read_only on warning.
(elf_object_p): Sanity check program header alignment. Set
read_only on warning.
* bfd-in2.h: Regenerate.
2020-08-12 Jon Turney <jon.turney@dronecode.org.uk> 2020-08-12 Jon Turney <jon.turney@dronecode.org.uk>
* elf.c (elfcore_grok_win32pstatus): Use unsigned int for * elf.c (elfcore_grok_win32pstatus): Use unsigned int for

4
bfd/bfd-in2.h
View File

@ -6678,6 +6678,10 @@ struct bfd
/* Set if this is a slim LTO object not loaded with a compiler plugin. */ /* Set if this is a slim LTO object not loaded with a compiler plugin. */
unsigned int lto_slim_object : 1; unsigned int lto_slim_object : 1;
/* Do not attempt to modify this file. Set when detecting errors
that BFD is not prepared to handle for objcopy/strip. */
unsigned int read_only : 1;
/* Set to dummy BFD created when claimed by a compiler plug-in /* Set to dummy BFD created when claimed by a compiler plug-in
library. */ library. */
bfd *plugin_dummy_bfd; bfd *plugin_dummy_bfd;

4
bfd/bfd.c
View File

@ -245,6 +245,10 @@ CODE_FRAGMENT
. {* Set if this is a slim LTO object not loaded with a compiler plugin. *} . {* Set if this is a slim LTO object not loaded with a compiler plugin. *}
. unsigned int lto_slim_object : 1; . unsigned int lto_slim_object : 1;
. .
. {* Do not attempt to modify this file. Set when detecting errors
. that BFD is not prepared to handle for objcopy/strip. *}
. unsigned int read_only : 1;
.
. {* Set to dummy BFD created when claimed by a compiler plug-in . {* Set to dummy BFD created when claimed by a compiler plug-in
. library. *} . library. *}
. bfd *plugin_dummy_bfd; . bfd *plugin_dummy_bfd;

22
bfd/elfcode.h
View File

@ -321,11 +321,14 @@ elf_swap_shdr_in (bfd *abfd,
{ {
ufile_ptr filesize = bfd_get_file_size (abfd); ufile_ptr filesize = bfd_get_file_size (abfd);
if (filesize != 0 && dst->sh_size > filesize) if (filesize != 0
_bfd_error_handler && ((ufile_ptr) dst->sh_offset > filesize
(_("warning: %pB has a corrupt section with a size (%" || dst->sh_size > filesize - dst->sh_offset))
BFD_VMA_FMT "x) larger than the file size"), {
abfd, dst->sh_size); abfd->read_only = 1;
_bfd_error_handler (_("warning: %pB has a section "
"extending past end of file"), abfd);
}
} }
dst->sh_link = H_GET_32 (abfd, src->sh_link); dst->sh_link = H_GET_32 (abfd, src->sh_link);
dst->sh_info = H_GET_32 (abfd, src->sh_info); dst->sh_info = H_GET_32 (abfd, src->sh_info);
@ -764,6 +767,7 @@ elf_object_p (bfd *abfd)
So we are kind, and reset the string index value to 0 So we are kind, and reset the string index value to 0
so that at least some processing can be done. */ so that at least some processing can be done. */
i_ehdrp->e_shstrndx = SHN_UNDEF; i_ehdrp->e_shstrndx = SHN_UNDEF;
abfd->read_only = 1;
_bfd_error_handler _bfd_error_handler
(_("warning: %pB has a corrupt string table index - ignoring"), (_("warning: %pB has a corrupt string table index - ignoring"),
abfd); abfd);
@ -804,6 +808,14 @@ elf_object_p (bfd *abfd)
if (bfd_bread (&x_phdr, sizeof x_phdr, abfd) != sizeof x_phdr) if (bfd_bread (&x_phdr, sizeof x_phdr, abfd) != sizeof x_phdr)
goto got_no_match; goto got_no_match;
elf_swap_phdr_in (abfd, &x_phdr, i_phdr); elf_swap_phdr_in (abfd, &x_phdr, i_phdr);
/* Too much code in BFD relies on alignment being a power of
two, as required by the ELF spec. */
if (i_phdr->p_align != (i_phdr->p_align & -i_phdr->p_align))
{
abfd->read_only = 1;
_bfd_error_handler (_("warning: %pB has a program header "
"with invalid alignment"), abfd);
}
} }
} }

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2020-08-13 Alan Modra <amodra@gmail.com>
PR 26348
* objcopy.c (copy_object): Report file name with endian error.
Error and return on abfd->read_only.
2020-08-12 Tom Tromey <tromey@adacore.com> 2020-08-12 Tom Tromey <tromey@adacore.com>
* dwarf-mode.el (Version): Now 1.6. * dwarf-mode.el (Version): Now 1.6.

10
binutils/objcopy.c
View File

@ -2604,7 +2604,15 @@ copy_object (bfd *ibfd, bfd *obfd, const bfd_arch_info_type *input_arch)
{ {
/* PR 17636: Call non-fatal so that we return to our parent who /* PR 17636: Call non-fatal so that we return to our parent who
may need to tidy temporary files. */ may need to tidy temporary files. */
non_fatal (_("Unable to change endianness of input file(s)")); non_fatal (_("unable to change endianness of '%s'"),
bfd_get_archive_filename (ibfd));
return FALSE;
}
if (ibfd->read_only)
{
non_fatal (_("unable to modify '%s' due to errors"),
bfd_get_archive_filename (ibfd));
return FALSE; return FALSE;
} }