smart_rename is capable of handling symlinks by copying and it also
tries to preserve ownership and permissions of files when they're
overwritten during the rename. This is useful in objcopy where the
file properties need to be preserved.
However because smart_rename does this using file names, it leaves a
race window between renames and permission fixes. This change removes
this race window by using file descriptors from the original BFDs that
were used to manipulate these files wherever possible.
The file that is to be renamed is also passed as a file descriptor so
that we use fchown/fchmod on the file descriptor, thus making sure
that we only modify the file we have opened to write. Further, in
case the file is to be overwritten (as is the case in ar or objcopy),
the permissions that need to be restored are taken from the file
descriptor that was opened for input so that integrity of the file
status is maintained all the way through to the rename.
binutils/
* rename.c
* ar.c
(write_archive) [!defined (_WIN32) || defined (__CYGWIN32__)]:
Initialize TARGET_STAT and OFD to pass to SMART_RENAME.
* arsup.c
(ar_save) [defined (_WIN32) || defined (__CYGWIN32__)]:
Likewise.
* bucomm.h (smart_rename): Add new arguments to declaration.
* objcopy.c
(strip_main)[defined (_WIN32) || defined (__CYGWIN32__)]:
Initialize COPYFD and pass to SMART_RENAME.
(copy_main) [defined (_WIN32) || defined (__CYGWIN32__)]:
Likewise.
* rename.c (try_preserve_permissions): New function.
(smart_rename): Use it and add new arguments.
Get file state from the descriptor opened by copy_file for the input
BFD. This ensures continuity in the view of the input file through
the descriptor. At the moment it is only to preserve timestamps
recorded at the point that we opened the file for input but in the
next patch this state will also be used to preserve ownership and
permissions wherever applicable.
binutils/
* objcopy.c (copy_file): New argument IN_STAT. Return stat of
ibfd through it.
(strip_main): Remove redundant stat calls. adjust copy_file
calls.
(copy_main): Likewise.
The purpose of creating a temporary file securely using mkstemp is
defeated if it is closed in make_tempname and reopened later for use;
it is as good as using mktemp. Get the file descriptor instead and
then use it to create the BFD object.
bfd/
* opncls.c (bfd_fdopenw): New function.
* bfd-in2.h: Regenerate.
binutils/
* bucomm.c (make_tempname): Add argument to return file
descriptor.
* bucomm.h (make_tempname): Likewise.
* ar.c: Include libbfd.h.
(write_archive): Adjust for change in make_tempname. Call
bfd_fdopenw instead of bfd_openw.
* objcopy.c: Include libbfd.h.
(copy_file): New argument OFD. Use bfd_fdopenw instead of
bfd_openw.
(strip_main): Adjust for change in make_tempname and
copy_file.
(copy_main): Likewise.
This adds a few more sanity checks on ELF objects, and a BFD flag to
disable objcopy and strip when fuzzed input files belong in the "too
hard" basket.
bfd/
PR 26348
* bfd.c (struct bfd): Add read_only.
* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
Set read_only on warning.
(elf_object_p): Sanity check program header alignment. Set
read_only on warning.
* bfd-in2.h: Regenerate.
binutils/
PR 26348
* objcopy.c (copy_object): Report file name with endian error.
Error and return on abfd->read_only.
PR binutils/pr25662
bfd * libcoff-in.h (struct pe_tdata): Rename the insert_timestamp
field to timestamp and make it an integer.
* libcoff.h: Regenerate.
* peXXigen.c (_bfd_XXi_only_swap_filehdr_out): Test the timestamp
field in the pe_data structure rather than the insert_timestamp
field.
binutils* objcopy.c (copy_object): When copying PE format files set the
timestamp field in the pe_data structure if the preserve_dates
flag is set.
* testsuite/binutils-all/objcopy.exp (objcopy_test) Use
--preserve-dates in place of the -p option, in order to make its
effect more obvious.
ld * emultempl/pe.em (after_open): Replace initialisation of the
insert_timestamp field in the pe_data structure with an
initialisation of the timestamp field.
* emultemp/pep.em: Likewise.
* pe-dll.c (fill_edata): Use the timestamp field in the pe_data
structure instead of the insert_timestamp field.
With the right set of options, the second block of code dealing with
padding can see a different section count. So don't use the new count.
Since I was editing those lines, I've also changed the code allocating
arrays a little.
array = malloc (n * sizeof (*array));
for an array of ints is just better than
array = malloc (n * sizeof (int));
It's easier to write correctly in the first place and more robust
against code changes that might modify the array element type.
PR 25651
* objcopy.c (copy_object): Test "gaps" not gap_fill_set or
pad_to_set on second block of code dealing with padding.
Replace "c" with "num_sec" and don't recalculate number of
sections on second block. Size arrays using sizeof (element)
rather than sizeof (element type).
binutils* objcopy.c (check_new_section_flags): New function. Reject the
SEC_COFF_SHARED flag if the target is not a COFF binary.
(copy_object): Call check_new_section_flags.
(setup_section): Likewise.
* doc/binutils.texi (objcopy): Add a note that the 'share' section
flag cannot be applied to ELF binaries.
bfd * elf.c (_bfd_elf_set_section_contents): Replace call to abort
with error messages and failure return values.
On machines with more than one octet per byte, objcopy fills only a part
of the gap between sections.
* objcopy.c (copy_object): Convert from bytes to octets for
--gap-fill and --pad-to.
PR 25220
* objcopy.c (empty_name): New variable.
(need_sym_before): Prevent an attempt to free a static variable.
(filter_symbols): Avoid strcmp test by checking for pointer
equality.
objcopy --add-gnu-debuglink=foo.a.dbg foo.a just doesn't make any
sense. Who puts executables in archives?
PR 24499
* objcopy.c (copy_file): Ignore --add-gnu-debuglink for archives.
This should make objcopy -B redundant for the common case of producing
ELF output where the -O target defaults to the desired arch:mach.
PR 24968
* objcopy.c (copy_object): For ELF output and non-ELF input without
arch, take arch from output file if not given by -B. Don't
bfd_get_arch_info when we already have iarch.
This PR copies a fuzzed PE input file to ELF output, in the process
confusing the ELF backend by copying COFF-only section flags to the
output. SEC_COFF_SHARED has the same value as SEC_ELF_COMPRESS. One
approach to fixing this problem is of course not to reuse flag bits,
but we've run out. So this patch only copies section flags that are
in the bfd_applicable_section_flags set when changing the flavour of
the output file.
PR 25191
* objcopy.c (is_nondebug_keep_contents_section): Use bfd_get_flavour.
(copy_object): Likewise.
(setup_section): Likewise. If flavour of input and output files
differ, restrict section flags to the intersection of input and
output bfd_applicable_section_flags.
llvm-objcopy and llvm-strip support an option --keep-section that
keeps some sections from being removed.
* objcopy.c (enum option_values): Add OPTION_KEEP_SECTION.
(SECTION_CONTEXT_KEEP): Define. Adjust other SECTION_CONTEXT macros.
(copy_usage): Describe --keep-section.
(strip_usage): Likewise.
(copy_main): Handle SECTION_CONTEXT_KEEP.
(strip_main): Likewise.
(is_strip_section_1): Likewise.
* testsuite/binutils-all/objcopy.exp: Add tests.
* testsuite/binutils-all/keep-section-1.d: New test driver file.
* testsuite/binutils-all/keep-section-2.d: Likewise.
* doc/binutils.texi: Document the new feature.
* NEWS: Mention the new feature.
* objcopy.c (struct merged_note_section): New structure. Used to
chain together details of mergeable note sections.
(is_merged_note_section): Rename to is_megreable_note_section and
return true for note sections that use GNU_BUILD_ATTRS_SECTION_NAME
as a prefix.
(num_bytes): Delete
(objcoopy_internal_note): Add padded_namesz field.
(DEBUG_MERGE): New macro. Set to non-zero to enable debugging of
the note merging code.
(gap_exists): Rename to overlaps_or_adjoins and return TRUE for
overlapping notes or adjoining notes.
(contained_by, is_deleted_note, is_version_note)
(compare_gnu_build_notes, sort_gnu_build_notes): New functions.
(merge_gnu_build_notes): Rework. Sort notes into a mergeable
order first. Merge them. Then sort them into an ascending
address order before writing them out.
(copy_object): Handle more than one mergeable note section.
* testsuite/binutils-all/note-2-32.d: Update for new merging
behaviour.
* testsuite/binutils-all/note-2-32.s: Likewise.
* testsuite/binutils-all/note-2-64.d: Likewise.
* testsuite/binutils-all/note-2-64.s: Likewise.
* testsuite/binutils-all/note-3-32.d: Likewise.
* testsuite/binutils-all/note-3-32.s: Likewise.
* testsuite/binutils-all/note-3-64.d: Likewise.
* testsuite/binutils-all/note-3-64.s: Likewise.
* testsuite/binutils-all/note-4-32.d: Likewise.
* testsuite/binutils-all/note-4-32.s: Likewise.
* testsuite/binutils-all/note-4-64.d: Likewise.
* testsuite/binutils-all/note-4-64.s: Likewise.
* testsuite/binutils-all/note-6-32.s: New test source file.
* testsuite/binutils-all/note-6-64.s: New test source file.
* testsuite/binutils-all/note-6-32.d: New test driver file.
* testsuite/binutils-all/note-6-64.d: New test driver file.
* testsuite/binutils-all/objcopy.exp: Run the new test.
PR 24942
* objcopy.c (copy_usage): Update description of
--set-section-alignment.
(copy_main): Interpret numeric argument of --set-section-alignment
as a byte alignment, not a power of two alignment.
* doc/binutils.texi: Update description of
--set-section-alignment.
* testsuite/binutils-all/set-section-alignment.d: New test.
* testsuite/binutils-all/objcopy.exp: Run the new test.
This constifies the argument to make_tempname and make_tempdir,
removing some casts.
I initially thought that this obsoleted the allocation in
write_archive, but write_archive closes the BFD before using the name,
so this appears not to be the case.
binutils/ChangeLog
2019-09-11 Tom Tromey <tom@tromey.com>
* objcopy.c (copy_archive): Update.
* bucomm.h (make_tempname, make_tempdir): Make argument const.
* bucomm.c (make_tempname, make_tempdir): Make argument const.
PR 19921
binutils* objcopy.c: Add new option --verilog-data-width. Use it to set
the value of VerilogDataWidth.
* doc/binutils.texi: Document the new option.
* testsuite/binutils-all/objcopy.exp: Run tests of new option.
* testsuite/binutils-all/verilog-1.hex: New file.
* testsuite/binutils-all/verilog-2.hex: New file.
* testsuite/binutils-all/verilog-4.hex: New file.
* testsuite/binutils-all/verilog-8.hex: New file.
* NEWS: Mention the new feature.
bfd * verilog.c: (VerilogDataWidth): New variable.
(verilog_write_record): Emit bytes in VerilogDataWidth bundles.
* objcopy.c (strip_main): Do not enable note merging by default if
just stripping debug or dwo information.
* doc/binutils.texi (strip): Update documentation.
PR 24001
* objcopy.c (copy_object): Free dhandle after writing out the
debug information.
* objdump.c (dump_bfd): Free dhandle after printing out the debug
information.
This patch performs a run-time test that a shared libbfd.so has been
compiled with the same size bfd_vma as that of apps using the library.
On a 32-bit host it is easily possible to have one libbfd.so compiled
to support 64-bit targets (or configured with --enable-64-bit-bfd)
while another only supports 32-bit targets. The two libraries will
have differently sized bfd_vma types, and if the wrong one is loaded
all sorts of weird behaviour might be seen.
bfd/
PR 23534
* init.c (BFD_INIT_MAGIC): Define.
(bfd_init): Return BFD_INIT_MAGIC.
bfd-in2.h: Regenerate.
binutils/
PR 23534
* addr2line.c (main): Exit with fatal error if bfd_init
returns an unexpected value.
* ar.c (main): Likewise.
* dlltool.c (identify_dll_for_implib): Likewise.
* nm.c (main): Likewise.
* objcopy.c (main): Likewise.
* objdump.c (main): Likewise.
* size.c (main): Likewise.
* strings.c (main): Likewise.
* windmc.c (main): Likewise.
* windres.c (main): Likewise.
gas/
PR 23534
* as.c (main): Exit with fatal error if bfd_init returns an
unexpected value.
ld/
PR 23534
* ldmain.c (main): Exit with fatal error if bfd_init returns
an unexpected value.
This is the result of an email thread starting here:
https://sourceware.org/ml/binutils/2018-09/msg00031.html
The main point of the thread is this observation:
* Supposing we had an object file with two globals, SomeGlobal and
SomeOtherGlobal, if one were to do "--globalize-symbol SomeGlobal
--keep-global-symbol SomeOtherGlobal", you might expect that both
SomeGlobal and SomeOtherGlobal are global in the output file... but it
isn't. Because --keep-global-symbol is set and doesn't include
SomeGlobal, SomeGlobal will be demoted to a local symbol. And because
the check to see if we should apply the --globalize-symbol flag checks
"flags" (the original flag set), and not "sym->flags", it decides not
to do anything, so SomeGlobal remains a local symbol. Although this is
a weird edge case, should this be changed so that --keep-global-symbol
implicitly keeps anything also specified via --globalize-symbol? (The
code seems technically correct with respect to the documentation, but
IMO the behavior is counter-intuitive).
binutils* objcopy.c (copy_main): Issue a fata error if the
--keep-global-symbol(s) and the --globalize-symbol(s) options are
used together.
* doc/binutils.texi: Document that the two options are
incompatible.
* testsuite/binutils-all/copy-5.d: New test.
* testsuite/binutils-all/objcopy.exp: Run the new test.
add_specific_symbols allocates a buffer to hold symbols. It should be
freed only if it is no longer in use.
PR binutils/23633
* objcopy.c (strip_specific_buffer): New.
(strip_unneeded_buffer): Likewise.
(keep_specific_buffer): Likewise.
(localize_specific_buffer): Likewise.
(globalize_specific_buffer): Likewise.
(keepglobal_specific_buffer): Likewise.
(weaken_specific_buffer): Likewise.
(add_specific_symbols): Add an argument to return pointer to
allocated buffer.
(copy_main): Update add_specific_symbols to update pointers to
allocated buffer. Free pointers to allocated buffer before
return.
* objcopy.c (handle_remove_section_option): Don't require a dot
after .rela and .rel to handle a possible relocation section.
* testsuite/binutils-all/remove-relocs-07.s,
* testsuite/binutils-all/remove-relocs-07.d,
* testsuite/binutils-all/remove-relocs-08.d: New tests.
* testsuite/binutils-all/remove-relocs-01.d,
* testsuite/binutils-all/remove-relocs-04.d,
* testsuite/binutils-all/remove-relocs-05.d,
* testsuite/binutils-all/remove-relocs-06.d: Exclude mips64-openbsd.
BFD handles ELF relocation sections in an executable differently to
relocation sections in a relocatable object. For a relocatable
object, BFD carries the relocations as data associated with the
section to which they apply; The relocation section doesn't appear as
a separate section. For an executable, dynamic relocation sections do
appear as separate sections. This means that objcopy needs to use
different strategies when dealing with relocations.
When --remove-relocations was added to objcopy with commit
d3e5f6c8f1, objcopy lost the ability to remove dynamic relocation
sections such as .rela.plt from executables using the option
"--remove-section=.rela.plt". This patch reinstates that
functionality.
I thought it best to keep --remove-relocations as is, rather than
extending to handle dynamic relocations as per the patch in the PR,
because executables linked with --emit-relocs may have both dynamic
and non-dynamic relocations. In that case --remove-relocataions=* is
useful to remove all the non-dynamic relocations.
PR binutils/23611
* objcopy.c (handle_remove_section_option): Consider .rela and
.rel sections for stripping directly as well as attached to the
associated section they relocate.
* doc/binutils.texi (remove-relocations): Specify that this
option removes non-dynamic relocation sections.
* testsuite/binutils-all/objcopy.exp
(objcopy_remove_relocations_from_executable): New test.
