Commit graph

6554 commits

Author SHA1 Message Date
Andrew Bennett
538baf8b7e [MIPS] When calculating a relocation using an undefined weak symbol don't check for overflow.
In MIPS the relocation calculation only ignores the overflow checks for undefined
weak symbols on relocations associated with j/jal.   This patch extends this to
the relocations used by the: b* instructions; pc/gp relative symbol offsets; and the
lwpc/ldpc MIPS r6 instructions.

bfd/
	* elfxx-mips.c (mips_elf_calculate_relocation): Only check for overflow
	on non-weak undefined symbols.

ld/testsuite/
	* ld-mips-elf/mips-elf.exp: Add in undefined weak overflow tests for
	o32, n32 and n64.
	* ld-mips-elf/undefweak-overflow.s: New test.
	* ld-mips-elf/undefweak-overflow.d: New test.
	* ld-mips-elf/undefweak-overflow-n32.d: New test.
	* ld-mips-elf/undefweak-overflow-n64.d: New test.
2014-12-02 13:27:36 +00:00
Alan Modra
51aecdc532 ppc64_elf_edit_opd revamp
This patch sorts .opd relocs (see pr17666) and allows .opd sections
with a mix of 16 and 24 byte entries to be edited.

	* elf64-ppc.c (OPD_NDX): Define.  Use throughout for sizing/indexing
	_opd_sec_data array, halving required memory.
	(sort_r_offset): New function.
	(ppc64_elf_edit_opd): Sort incoming relocs.  Accept .opd
	sections with a mix of 16 and 24 byte OPD entries.  Don't
	attempt to honour --non-overlapping-opd for .opd sections with
	unexpected relocs.  Simplify opd entry size calculations by
	first finding the reloc for the next entry.  Make edit loop
	handle one opd entry per iteration, with an inner loop
	handling relocs per entry.
2014-12-02 23:13:30 +10:30
Nick Clifton
06614111d1 More fixes for memory access violations exposed by fuzzed binaries.
PR binutils/17512
	* dwarf.h (struct dwarf_section): Add user_data field.
	* dwarf.c (frame_need_space): Check for an over large register
	number.
	(display_debug_frames): Check the return value from
	frame_need_space.  Check for a CFA expression that is so long the
	start address wraps around.
	(debug_displays): Initialise the user_data field.
	* objdump.c (load_specific_debug_section): Save the BFD section
	pointer in the user_data field of the dwarf_section structure.
	(free_debug_section): Update BFD section data when freeing section
	contents.
	* readelf.c (load_specific_debug_section): Initialise the
	user_data field.

	* archive.c (do_slurp_coff_armap): Add range checks to prevent
	running off the end of the string table.
	* compress.c (bfd_get_full_section_contents): Return a NULL
	pointer for zero sized sections.  Do not attempt to copy a buffer
	onto itself.
	* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
	header.  Add range checks to avoid running off the end of the
	section.
	* elf.c (bfd_elf_get_str_section): Seek before allocating so that
	if the seek fails, no memory is allocated.
	(bfd_elf_string_from_elf_section): Do not allocate a string from a
	non string section.  It only leads to trouble later on.
	(_bfd_elf_print_private_bfd_data): Check for there being too
	little external dynamic data.
	(bfd_section_from_shdr): Replace assertion with a failure mode.
	(bfd_section_from_shdr): When walking a loaded group section use
	the internal structure size, not the external size.  Check for the
	group section being empty.
	* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
	failure mode.
	* elfcode.h (elf_slurp_reloc_table): Likewise.
	* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
	parameter is NULL.
2014-12-01 16:43:46 +00:00
Alan Modra
7b20f09964 Don't output symbol version definitions for non-DT_NEEDED libs
PR 16452, 16457
	* elflink.c (_bfd_elf_link_find_version_dependencies): Exclude
	symbols from libraries that won't be listed in DT_NEEDED.
	(elf_link_output_extsym): Don't output verdefs for such symbols.
2014-11-30 12:11:03 +10:30
Alan Modra
25ff461f19 Sanity checks on version section
* elf.c (_bfd_elf_slurp_version_tables): Exit loops when vn_next/
	vna_next/vd_next/vda_next is zero.  Correct counts.
2014-11-28 14:39:28 +10:30
Nick Clifton
1036838a77 Fixes a few more memory access violations exposed by fuzzed binaries.
PR binutils/17512
	* ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
	a discrepancy between the isymMax and ifdMax values in the
	symbolic header.
	* elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
	scanning the external dynamic entries.
2014-11-27 12:19:10 +00:00
Nick Clifton
a11652892c More fixes for memory access errors triggered by attemps to examine corrupted binaries.
PR binutils/17512
	* dwarf.c (display_block): Do nothing if the block starts after
	the end of the buffer.
	(read_and_display_attr_value): Add range checks.
	(struct Frame_Chunk): Make the ncols and ra fields unsigned.
	(frame_need_space): Test for an ncols of zero.
	(read_cie): Fail if the augmentation data extends off the end of
	the buffer.
	(display_debug_frames): Add checks for read_cie failing.  Add
	range checks.
	* coff-h8300.c (rtype2howto): Replace abort with returning a NULL
	value.
	* coff-h8500.c (rtype2howto): Likewise.
	* coff-tic30.c (rtype2howto): Likewise.
	* coff-z80.c (rtype2howto): Likewise.
	* coff-z8k.c (rtype2howto): Likewise.
	* coff-ia64.c (RTYPE2HOWTO): Always return a valid howto.
	* coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none
	could be found.
	* coff-mcore.c (RTYPE2HOWTO): Add range checking.
	* coff-w65.c (rtype2howto): Likewise.
	* coff-we32k.c (RTYPE2HOWTO): Likewise.
	* pe-mips.c (RTYPE2HOWTO): Likewise.
	* coff-x86_64.c (coff_amd64_reloc): Likewise.  Replace abort with
	an error return.
	* coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to
	be unused.
	* coffgen.c (make_a_section_from_file): Check the length of a
	section name before testing to see if it is a debug section name.
	(coff_object_p): Zero out any uninitialised bytes in the opt
	header.
	* ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw
	source being empty when there are values to be processed.
	(_bfd_ecoff_slurp_symbol_table): Add range check.
	* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
	(bfd_mach_o_mangle_sections): Move test for too many sections to
	before the allocation of the section table.
	(bfd_mach_o_read_symtab_strtab): If the read fails, free the
	memory and nullify the symbol pointer.
	* reloc.c (bfd_generic_get_relocated_section_contents): Add
	handling of a bfd_reloc_notsupported return value.
	* versados.c (EDATA): Add range checking.
	(get_record): Likewise.
	(process_otr): Check for contents being available before updating
	them.
	(versados_canonicalize_reloc): Add range check.
2014-11-26 14:11:23 +00:00
Alan Modra
601a03ba3d _bfd_elf_slurp_version_tables tidy
The internal verref buffer is allocated with bfd_zalloc, based on a
count given in headers.  If the headers are broken/fuzzed and contain
an enormous count the alloc can result in OOM.  If we first read the
external verrefs (into a buffer that isn't zeroed on allocation) then
the read provides a sanity check on the headers.

Also prints an error for version info that fails other sanity checks.

	* elf.c (_bfd_elf_slurp_version_tables): Delay allocation of
	internal verref buffer.  Error for zero sh_info.  Print errors.
	Check for zero vd_ndx.  Use bfd_zalloc for vd_auxptr buffer.
2014-11-26 13:29:29 +10:30
H.J. Lu
60bb06bc89 Use get_symbol_version_string in BFD_JUMP_TABLE_SYMBOLS
This patch adds get_symbol_version_string to BFD_JUMP_TABLE_SYMBOLS so
that we can use bfd_get_symbol_version_string in objdump for non-ELF
targets.

bfd/

	* targets.c (BFD_JUMP_TABLE_SYMBOLS): Use
	NAME##_get_symbol_version_string.
	(bfd_get_symbol_version_string): New.
	* aout-adobe.c (aout_32_get_symbol_version_string): Define using
	_bfd_nosymbols define.
	* aout-target.h (MY_get_symbol_version_string): Likewise.
	* aout-tic30.c (MY_get_symbol_version_string): Likewise.
	* binary.c (binary_get_symbol_version_string): Likewise.
	* bout.c (aout_32_get_symbol_version_string): Likewise.
	* coff-rs6000.c (_bfd_xcoff_get_symbol_version_string): Likewise.
	* i386msdos.c (msdos_get_symbol_version_string): Likewise.
	* i386os9k.c (aout_32_get_symbol_version_string): Likewise.
	* ieee.c (ieee_get_symbol_version_string): Likewise.
	* ihex.c (ihex_get_symbol_version_string): Likewise.
	* libecoff.h (_bfd_ecoff_get_symbol_version_string): Likewise.
	* mach-o-target.c (bfd_mach_o_get_symbol_version_string): Likewise.
	* mmo.c (mmo_get_symbol_version_string): Likewise.
	* nlm-target.h (nlm_get_symbol_version_string): Likewise.
	* oasys.c (oasys_get_symbol_version_string): Likewise.
	* pef.c (bfd_pef_get_symbol_version_string): Likewise.
	* plugin.c (bfd_plugin_get_symbol_version_string): Likewise.
	* ppcboot.c (ppcboot_get_symbol_version_string): Likewise.
	* som.c (som_get_symbol_version_string): Likewise.
	* srec.c (srec_get_symbol_version_string): Likewise.
	* tekhex.c (tekhex_get_symbol_version_string): Likewise.
	* versados.c (versados_get_symbol_version_string): Likewise.
	* vms-alpha.c (alpha_vms_get_symbol_version_string): Likewise.
	* xsym.c (bfd_sym_get_symbol_version_string): Likewise.

	* coff64-rs6000.c (rs6000_xcoff64_vec): Use
	coff_get_symbol_version_string.
	(rs6000_xcoff64_aix_vec): Likewise.

	* elf-bfd.h (bfd_elf_get_symbol_version_string): Renamed to ...
	(_bfd_elf_get_symbol_version_string): This.
	* elf.c: Likewise.
	(bfd_elf_print_symbol): Updated.
	* elfxx-target.h (bfd_elfNN_get_symbol_version_string): Define.

	* libbfd-in.h (_bfd_nosymbols_get_symbol_version_string): Define.
	* libcoff-in.h (coff_get_symbol_version_string): Likewise.
	* bfd-in2.h: Regenerated.
	* libbfd.h: Likewise.
	* libcoff.h: Likewise.

binutils/

	* objdump.c (objdump_print_symname): Replace
	bfd_elf_get_symbol_version_string with
	bfd_get_symbol_version_string.
2014-11-25 09:28:32 -08:00
H.J. Lu
bb4d2ac2cc Display symbol version when dumping dynrelocs
Both readelf/objdump know how to get symbol version string for dynamic
symbols.  This patch extracts this functionality into a separate
function and uses it to add symbol version string to versioned symbol
names when dumping dynamic relocations.

bfd/

	PR binutils/16496
	* elf-bfd.h (bfd_elf_get_symbol_version_string): New.
	* elf.c (bfd_elf_get_symbol_version_string): New.  Extracted
	from bfd_elf_print_symbol.
	(bfd_elf_print_symbol): Use it.

binutils/

	PR binutils/16496
	* objdump.c (objdump_print_symname): Call
	bfd_elf_get_symbol_version_string to get ELF symbol version
	string.  Append version string if needed.

	* readelf.c (versioned_symbol_info): New enum.
	(get_symbol_version_string): New.  Extracted from
	process_symbol_table.
	(dump_relocations): Add a new argument to indicate if dynamic
	symbol table is used.  Use get_symbol_version_string to get
	symbol version string for dynamic symbol.  Append version string
	if needed.
	(process_relocs): Updated dump_relocations call.
	(process_symbol_table): Use get_symbol_version_string.

ld/testsuite/

	PR binutils/16496
	* ld-cris/weakref3.d: Add symbol version string to versioned
	symbol names in dynamic relocation.
	* ld-cris/weakref4.d: Likewise.
	* ld-elfvers/vers24.rd: Likewise.

	* ld-elf/pr16496a.c: New file.
	* ld-elf/pr16496a.map: Likewise.
	* ld-elf/pr16496b.c: Likewise.
	* ld-elf/pr16496b.od: Likewise.

	* ld-elf/shared.exp (build_tests): Add libpr16496a.so and
	libpr16496b.so tests.
2014-11-25 06:47:44 -08:00
H.J. Lu
dd7e64d45b Optimize out i386/x86-64 JUMP_SLOT relocation
When there are both PLT and GOT references to the same function symbol,
linker will create a GOTPLT slot for PLT entry and a GOT slot for GOT
reference.  A run-time JUMP_SLOT relocation is created to update the
GOTPLT slot and a run-time GLOB_DAT relocation is created to update the
GOT slot.  Both JUMP_SLOT and GLOB_DAT relocations will apply the same
symbol value to GOTPLT and GOT slots, respectively, at run-time.

This optimization combines GOTPLT and GOT slots into a single GOT slot
and removes the run-time JUMP_SLOT relocation.  It replaces the regular
PLT entry:

	indirect jump	[GOTPLT slot]
	push		relocation index
	jump		PLT0

with an GOT PLT entry with an indirect jump via the GOT slot:

	indirect jump	[GOT slot]
	nop

and resolves PLT reference to the GOT PLT entry.

We must avoid this optimization if pointer equality is needed since
we don't clear symbol value in this case and the dynamic linker won't
update the GOT slot.  Otherwise, the resulting binary will get into an
infinite loop at run-time.

bfd/

	* elf32-i386.c (elf_i386_got_plt_entry): New.
	(elf_i386_pic_got_plt_entry): Likewise.
	(elf_i386_link_hash_entry): Add plt_got.
	(elf_i386_link_hash_table): Likewise.
	(elf_i386_link_hash_newfunc): Initialize plt_got.offset to -1.
	(elf_i386_get_local_sym_hash): Likewise.
	(elf_i386_check_relocs): Create the GOT PLT if there are both
	PLT and GOT references when the regular PLT is used.
	(elf_i386_allocate_dynrelocs): Use the GOT PLT if there are
	both PLT and GOT references unless pointer equality is needed.
	(elf_i386_relocate_section): Also check the GOT PLT when
	resolving R_386_PLT32.
	(elf_i386_finish_dynamic_symbol): Use the GOT PLT if it is
	available.

	* elf64-x86-64.c (elf_x86_64_link_hash_entry): Add plt_got.
	(elf_x86_64_link_hash_table): Likewise.
	(elf_x86_64_link_hash_newfunc): Initialize plt_got.offset to -1.
	(elf_x86_64_get_local_sym_hash): Likewise.
	(elf_x86_64_check_relocs): Create the GOT PLT if there are both
	PLT and GOT references when the regular PLT is used.
	(elf_x86_64_allocate_dynrelocs): Use the GOT PLT if there are
	both PLT and GOT references unless pointer equality is needed.
	(elf_x86_64_relocate_section): Also check the GOT PLT when
	resolving R_X86_64_PLT32.
	(elf_x86_64_finish_dynamic_symbol): Use the GOT PLT if it is
	available.

ld/

	* emulparams/elf_i386.sh (TINY_READONLY_SECTION): New.
	* emulparams/elf_x86_64.sh (TINY_READONLY_SECTION): Add .plt.got.

ld/testsuite/

	* ld-i386/i386.exp: Add run-time relocation tests for plt-main.
	* ld-i386/plt-main.rd: New file.
	* ld-x86-64/plt-main-bnd.dd: Likewise.
	* ld-x86-64/plt-main.rd: Likewise.
	* ld-x86-64/x86-64.exp: Add run-time relocation tests for
	plt-main.
2014-11-25 05:05:39 -08:00
H.J. Lu
6e733ccea9 Update libtool.m4 from GCC trunk
* libtool.m4: Updated from GCC trunk.

bfd/

	* configure: Regenerated.

binutils/

	* configure: Regenerated.

gas/

	* configure: Regenerated.

gprof/

	* configure: Regenerated.

ld/

	* configure: Regenerated.

opcodes/

	* configure: Regenerated.
2014-11-24 09:14:09 -08:00
Jiong Wang
520c7b56ac [AArch64] Cortex-A53 Erratum 835769 -- sort maps
2014-11-24  Tejas Belagod  <tejas.belagod@arm.com>

  bfd/
    * elfnn-aarch64.c (elf_aarch64_compare_mapping): New.
    (erratum_835769_scan): Sort map list.
2014-11-24 13:43:39 +00:00
Alan Modra
e05fa0bad2 PowerPC64 --plt-align
Alignment of plt stubs was broken, firstly because the option was
being dropped due to the alignment value not being set in the "params"
struct used in elf64-ppc.c, and secondly due to not calculating the
number of alignment boundary crossings correctly.

bfd/
	* elf64-ppc.c (plt_stub_pad): Correct.
ld/
	* ld.texinfo: Correct --plt-align documentation.
	* emultempl/ppc64elf.em (plt_stub_align): Delete.  Use and set
	params.plt_stub_align instead.
2014-11-24 12:56:59 +10:30
H.J. Lu
6db50b4cfe Assert size of elf_x86_64_{bnd|legacy}_plt2_entry
Assert size of elf_x86_64_bnd_plt2_entry and elf_x86_64_legacy_plt2_entry
only in elf_x86_64_check_relocs.

	* elf64-x86-64.c (elf_x86_64_check_relocs): Assert size of
	elf_x86_64_bnd_plt2_entry and elf_x86_64_legacy_plt2_entry.
	(elf_x86_64_allocate_dynrelocs): Don't assert size of
	elf_x86_64_bnd_plt2_entry and elf_x86_64_legacy_plt2_entry.
2014-11-23 05:54:02 -08:00
H.J. Lu
35a14c6b54 Check branch displacement overflow in x86-64 PLT entry
Displacement of branch to PLT0 in x86-64 PLT entry is signed 32-bit.
This patch adds a sanity check.  We will only see the failure when PLT
size is > 2GB.

	* elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check
	branch displacement overflow in PLT entry.
2014-11-22 08:58:07 -08:00
Nick Clifton
0a9d414aa1 Fixes for memory access violations exposed by fuzzinf various binaries.
PR binutils/17512
	* dwarf.c (get_encoded_value): Check for an encoded size of 0.
	(display_debug_lines_raw): Check for an invalid line range value.
	(display_debug_frames): Check for corrupt augmentation data.

	* coffgen.c (coff_get_normalized_symtab): Check for an excessive
	number of auxillary entries.
	* ieee.c (next_byte): Convert to a function.  Return FALSE if the
	next byte is beyond the end of the buffer.
	(parse_int): Test the return value of next_byte.
	(parse_expression): Convert to boolean.  Return FALSE if the
	parsing failed.  Test the return value of next_byte.
	(ieee_seek): Convert to a function.  Return FALSE if the seek goes
	beyond the end of the buffer.
	(ieee_slurp_external_symbols): Test the return value of ieee_seek
	and next_byte.
	(ieee_slurp_sections): Convert to boolean.  Return FALSE if the
	operation failed.  Test the return value of ieee_seek and
	next_byte.
	(ieee_archive_p): Test the return value of ieee_seek and
	next_byte.
	(do_one): Likewise.
	(ieee_slurp_section_data): Likewise.
	(ieee_object_p): Likewise.  Store the size of the buffer in the
	total_amt field in the header.
	* libieee.h (common_header_type): Add amt field.
	* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
	reloc's value is within range.
	(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
	operation fails.
	* pei-x86_64.c (pex64_xdata_print_uwd_codes): Replace abort with
	an error message.
	(pex64_dump_xdata): Check for buffer overflows.
	* versados.c (process_otr): Check that the section exists before
	taking its size.
	(versados_object_p): Make sure that enough data was read for the
	header to be checked.
	* vms-alpha.c (vms_get_remaining_object_record): Change
	read_so_far parameter to an unsigned int.  Check that the amount
	read is in range.
2014-11-21 21:44:04 +00:00
H.J. Lu
5974eba65b Optimize PC-relative offset overflow check
* elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Optimize
	PC-relative offset overflow check.
2014-11-21 12:12:30 -08:00
Alexander Cherepanov
cd11f78f81 Fix a snafu setting up the string table read in from a COFF file.
PR binutils/17512
	* coffgen.c (_bfd_coff_read_string_table): Test allocation of
	string table before clearing the first few bytes.
2014-11-21 11:19:49 +00:00
Terry Guo
a715796ba1 Support ARM Cortex-M7
include/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* opcode/arm.h (FPU_VFP_EXT_ARMV8xD): New macro.
	(FPU_VFP_V5D16): Likewise.
	(FPU_VFP_V5_SP_D16): Likewise.
	(FPU_ARCH_VFP_V5D16): Likewise.
	(FPU_ARCH_VFP_V5_SP_D16): Likewise.

bfd/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* elf32-arm.c (elf32_arm_merge_eabi_attributes): Support FPv5.

binutils/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* readelf.c (arm_attr_tag_FP_arch): Extended to support FPv5.

gas/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* config/tc-arm.c (fpu_vfp_ext_armv8xd): New.
	(arm_cpus): Support cortex-m7.
	(arm_fpus): Support fpv5-sp-d16 and fpv5-d16.
	(do_vfp_nsyn_cvt_fpv8): Generate error when use D register for S
	register only target like FPv5-SP-D16.
	(do_neon_cvttb_1): Likewise.
	(do_vfp_nsyn_fpv8): Likewise.
	(do_vrint_1): Likewise.
	(aeabi_set_public_attributes): Set proper FP arch for FPv5.
	* doc/c-arm.texi: Document new cpu and fpu names for cortex-m7.

gas/testsuite/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* gas/arm/armv7e-m+fpv5-d16.s: New.
	* gas/arm/armv7e-m+fpv5-d16.d: Likewise.
	* gas/arm/armv7e-m+fpv5-sp-d16.s: Likewise.
	* gas/arm/armv7e-m+fpv5-sp-d16.d: Likewise.

ld/testsuite/ChangeLog:
2014-11-21  Terry Guo  <terry.guo@arm.com>

	* ld-arm/attr-merge-vfp-4-sp.s: New test source file.
	* ld-arm/attr-merge-vfp-5-sp.s: Likewise.
	* ld-arm/attr-merge-vfp-5.s: Likewise.
	* ld-arm/attr-merge-vfp-8.d: New test.
	* ld-arm/attr-merge-vfp-8r.d: Likewise.
	* ld-arm/attr-merge-vfp-9.d: Likewise.
	* ld-arm/attr-merge-vfp-9r.d: Likewise.
	* ld-arm/attr-merge-vfp-10.d: Likewise.
	* ld-arm/attr-merge-vfp-10r.d: Likewise.
	* ld-arm/attr-merge-vfp-11.d: Likewise.
	* ld-arm/attr-merge-vfp-11r.d: Likewise.
	* ld-arm/attr-merge-vfp-12.d: Likewise.
	* ld-arm/attr-merge-vfp-12r.d: Likewise.
	* ld-arm/attr-merge-vfp-13.d: Likewise.
	* ld-arm/attr-merge-vfp-13r.d: Likewise.
	* ld-arm/attr-merge-vfp-14.d: Likewise.
	* ld-arm/attr-merge-vfp-14r.d: Likewise.
	* ld-arm/arm-elf.exp: Run the new tests.
2014-11-21 11:36:06 +08:00
Alan Modra
0cfb071748 PPC gold doesn't check for overflow properly
Corrects overflow test for rel14, addr14, rel24, addr24 branch relocs,
and prints an information message to give a hint as to how a branch
that can't reach a stub might be cured.

bfd/
	* elf64-ppc.c (group_sections): Init stub14_group_size from
	--stub-group-size parameter divided by 1024.
gold/
	* powerpc.cc (Stub_control::Stub_control): Init stub14_group_size_
	from --stub-group-size parameter divided by 1024.
	(Powerpc_relocate_functions::rela, rela_ua): Add fieldsize
	template parameter.  Update all uses.
	(Target_powerpc::Relocate::relocate): Rename has_plt_value to
	has_stub_value.  Set for long branches.  Don't report overflow for
	branch to undefined weak symbols.  Print info message on
	overflowing branch to stub.
2014-11-20 21:37:05 +10:30
Alan Modra
1e269e9b8f ppc476 workaround sizing
* elf32-ppc.c (ppc_elf_relax_section): Correct ppc476 workaround
	alignment calculation.
2014-11-20 21:37:02 +10:30
Terry Guo
9274e9de16 Enable to link ARM object file that hasn't attribute section.
bfd/ChangeLog

2014-11-20  Terry Guo  <terry.guo@arm.com>

	* elf32-arm.c (elf32_arm_merge_eabi_attributes): Skip if input bfd
	hasn't attribute section.

ld/testsuite/ChangeLog:

2014-11-20  Terry Guo  <terry.guo@arm.com>

	* ld-arm/attr-merge-nosection-1.d: New file.
	* ld-arm/attr-merge-nosection-1a.s: Likewise.
	* ld-arm/attr-merge-nosection-1b.s: Likewise.
	* ld-arm/arm-elf.exp: Include the new test.
2014-11-20 13:54:27 +08:00
Alan Modra
f9dffbf086 Default powerpc64 to --plt-thread-safe for Go
Go is multi-threaded, so use thread-safe plt stubs.  __go_go doesn't
actually start threads, but is a convenient libgo function with a
reasonably unique name that is called by all Go executables.  (Threads
are started by a static function of libgo, runtime_newosproc, called
by a whole lot of global functions, including runtime_starttheworld
and runtime_main.)

bfd/
	* elf64-ppc.c (ppc64_elf_size_stubs): Add __go_go to thread_starters.
gold/
	* powerpc.cc (Target_powerpc::do_relax): Add __go_go to thread_starters.
2014-11-20 08:57:31 +10:30
H.J. Lu
ab7fede88e Check PC-relative offset overflow in PLT entry
This patch checks PC-relative offset overflow in pushq instruction in
x86-64 PLT entry.

bfd/

	PR ld/17618
	* elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check
	PC-relative offset overflow in PLT entry.

ld/testsuite/

	PR ld/17618
	* ld-x86-64/x86-64.exp: Run pr17618 for Linux target.

	* ld-x86-64/pr17618.d: New file.
	* ld-x86-64/pr17618.s: Likewise.
2014-11-18 11:04:46 -08:00
Nick Clifton
6937bb54a9 More fixes for illegal memory accesses exposed by fuzzed binaries.
PR binutils/17512
	* peXXIgen.c (pe_print_pdata): Fail if the section's virtual size
	is larger than its real size.
	(rsrc_print_section): Fix off-by-one error checking for overflow.
	* pei-x86_64.c (pex64_bfd_print_pdata): Handle empty unwind
	sections.

	* dwarf.c (get_encoded_value): Warn and return if the encoded
	value is more than 64-bits long.
	(SAFE_BYTE_GET): Do not attempt to read more than 64-bits.
	(process_extended_line_op): Add more range checks.
	(decode_location_expression): Use the return value from
	display_block.  Add more range checks.
	(read_debug_line_header): Add range check.
	(display_debug_lines_raw): Add range checks.
	(display_debug_frames): Silently skip multiple zero terminators.
	Add range checks.
	(process_cu_tu_index): Check for non-existant or empty sections.
	Use SAFE_BYTE_GET instead of byte_get.
2014-11-18 14:40:05 +00:00
Igor Zamyatin
d258b82828 Add -z bndplt to generate BND prefix in PLT entries
This patch adds "-z bndplt" option Linux/x86-64 linker to generate BND
prefix in PLT entries.  It also updated Linux/x86-64 assembler not to
generate R_X86_64_PLT32_BND nor R_X86_64_PC32_BND relocations.

bfd/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* elf64-x86-64.c (elf_x86_64_check_relocs): Enable MPX PLT only
	for -z bndplt.

gas/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* config/tc-i386-intel.c (i386_operator): Remove last argument
	from lex_got call.
	* config/tc-i386.c (reloc): Remove bnd_prefix from parameters'
	list.  Return always BFD_RELOC_32_PCREL.
	* (output_branch): Remove condition for BFD_RELOC_X86_64_PC32_BND.
	* (output_jump): Update call to reloc accordingly.
	* (output_interseg_jump): Likewise.
	* (output_disp): Likewise.
	* (output_imm): Likewise.
	* (x86_cons_fix_new): Likewise.
	* (lex_got): Remove bnd_prefix from parameters' list in macro and
	declarations. Don't use BFD_RELOC_X86_64_PLT32_BND.
	* (x86_cons): Update call to lex_got accordingly.
	* (i386_immediate): Likewise.
	* (i386_displacement): Likewise.
	* (md_apply_fix): Don't use BFD_RELOC_X86_64_PLT32_BND nor
	BFD_RELOC_X86_64_PC32_BND.
	* (tc_gen_reloc): Likewise.

include/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* bfdlink.h (struct bfd_link_info): Add bndplt.

ld/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* emulparams/elf_x86_64.sh (BNDPLT): Set to yes for x86_64.
	* emultempl/elf32.em (gld${EMULATION_NAME}_handle_option): Handle
	"-z bndplt" if BNDPLT is yes.
	(gld${EMULATION_NAME}_list_options): Add "-z bndplt" entry.
	* ld.texinfo: Add description for bndplt.

ld/testsuite/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* testsuite/ld-x86-64/bnd-ifunc-1.d: Add bndplt option.
	* testsuite/ld-x86-64/bnd-ifunc-2.d: Likewise.
	* testsuite/ld-x86-64/bnd-plt-1.d: Likewise.  Update dissassembly
	sections.
	* testsuite/ld-x86-64/mpx.exp: Handle mpx3 and mpx4 tests.
	* testsuite/ld-x86-64/mpx1a.rd: Remove _BND from relocation name.
	* testsuite/ld-x86-64/mpx1c.rd: Likewise.
	* testsuite/ld-x86-64/mpx2a.rd: Likewise.
	* testsuite/ld-x86-64/mpx2c.rd: Likewise.
	* testsuite/ld-x86-64/mpx3.dd: New file.
	* testsuite/ld-x86-64/mpx3a.s: Likewise.
	* testsuite/ld-x86-64/mpx3b.s: Likewise.
	* testsuite/ld-x86-64/mpx4.dd: Likewise.
	* testsuite/ld-x86-64/mpx4a.s: Likewise.
	* testsuite/ld-x86-64/mpx4b.s: Likewise.
2014-11-18 05:40:17 -08:00
Nick Clifton
470c009be8 Fix a null pointer dereference when reading the debug link info from a corrupt file.
PR binutils/17597
	* opncls.c (bfd_get_debug_link_info): Avoid reading off the end of
	the section.
	(bfd_get_alt_debug_link_info): Likewise.
2014-11-14 13:39:29 +00:00
Nick Clifton
041830e03c More fixes for invalid memory accesses triggered by corrupt binaries.
PR binutils/17512
	* dwarf.c (get_encoded_value): Add an 'end' parameter.  Change the
	'data' parameter to a double pointer and return the updated value.
	(decode_location_expression): Update call to get_encoded_value.
	(frame_need_space): Handle the case where one or both of the
	mallocs fails.
	(read_cie): Initialise the cie pointer, even if the read fails.
	(display_debug_frames): Warn if the calculated block_end is before
	the start of the block.  Break the loop if the CIE could not be
	read.  Update call to get_encoded_value.  Warn if the read CFA
	expressions are too big.

	* ieee.c (ieee_archive_p) Skip processing if no bytes are read at
	all.
	(ieee_object_p): Likewise.
2014-11-14 12:30:00 +00:00
H.J. Lu
57494d81b6 Add cast to unsigned int
* coffcode.h (coff_slurp_line_table): Add cast to unsigned int.
2014-11-13 12:56:18 -08:00
H.J. Lu
f8521a0358 Rename symbbol to symbol
* coffcode.h (coff_pointerize_aux_hook): Fix a typo.
2014-11-13 12:15:46 -08:00
H.J. Lu
553d1284b7 Add assembler support for @gotplt
Obsolete R_X86_64_GOTPLT64 and treat it the same as R_X86_64_GOT64.

bfd/

	PR gas/17598
	* elf64-x86-64.c (elf_x86_64_check_relocs): Treat
	R_X86_64_GOTPLT64 the same as R_X86_64_GOT64.
	(elf_x86_64_relocate_section): Likewise.

gas/

	PR gas/17598
	* config/tc-i386.c (reloc): Support BFD_RELOC_X86_64_GOTPLT64.

gas/testsuite/

	PR gas/17598
	* gas/i386/reloc64.s: Add @gotplt check.

	* gas/i386/reloc64.d: Updated.
	* gas/i386/reloc64.l: Likewise.

ld/testsuite/

	PR gas/17598
	* ld-x86-64/x86-64.exp: Run gotplt1.

	* ld-x86-64/gotplt1.d: New file.
	* ld-x86-64/gotplt1.s: Likewise.
2014-11-13 11:09:40 -08:00
Nick Clifton
a5c71af8d3 More fixes for memory access violations whilst scanning corrupt binaries.
PR binutils/17512
	* config/obj-coff.c (coff_obj_symbol_new_hook): Set the is_sym
	field.

	* coffcode.h (coff_ptr_struct): Add is_sym field.
	(coff_new_section_hook): Set the is_sym field.
	(coff_pointerize_aux_hook): Check the is_sym field.
	(coff_print_aux): Likewise.
	(coff_compute_section_file_positions): Likewise.
	(coff_write_object_contents): Likewise.
	(coff_slurp_line_table): Likewise.
	(coff_slurp_symbol_table): Likewise.
	(CALC_ADDEND): Likewise.
	* coffgen.c (coff_renumber_symbols): Likewise.
	(coff_mangle_symbols): Likewise.
	(coff_fix_symbol_name): Likewise.
	(coff_write_symbol): Likewise.
	(coff_write_alien_symbol): Likewise.
	(coff_write_native_symbol): Likewise.
	(coff_write_symbols): Likewise.
	(coff_write_linenumbers): Likewise.
	(coff_pointerize_aux): Likewise.
	(coff_get_normalized_symtab): Likewise.
	(coff_get_symbol_info): Likewise.
	(bfd_coff_get_syment): Likewise.
	(bfd_coff_get_auxent): Likewise.
	(coff_print_symbol): Likewise.
	(coff_find_nearest_line_with_names): Likewise.
	(bfd_coff_set_symbol_class): Likewise.
	(coff_make_empty_symbol): Set the is_sym field.
	(coff_bfd_make_debug_symbol): Likewise.
	* peicode.h (pe_ILF_make_a_symbol): Likewise.
	* libcoff.h: Regenerate.
	* libcoff-in.h: Regenerate.
2014-11-13 17:46:11 +00:00
Nick Clifton
f41e4712a7 Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512
	* dwarf.c (read_and_display_attr_value): Check that we do not read
	past end.
	(display_debug_pubnames_worker): Add range checks.
	(process_debug_info): Check for invalid pointer sizes.
	(display_loc_list): Likewise.
	(display_loc_list_dwo): Likewise.
	(display_debug_ranges): Likewise.
	(display_debug_aranges): Check for invalid address size.
	(read_cie): Add range checks.  Replace call strchr with while loop.
	* objdump.c (dump_dwarf): Replace abort with a warning message.
	(print_section_stabs): Improve range checks.
	* rdcoff.c (coff_get_slot): Use long for indx parameter type.
	Add check for an excesively large index.
	* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
	string table.  Avoid walking off the end of the stabs data.
	* stabs.c (parse_stab_string): Add check for a NULL name.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Set the line number of
	corrupt entries to -1.
	(coff_slurp_symbol_table): Alway initialise the value of the
	symbol.
	* coffgen.c (coff_print_symbol): Check that the combined pointer
	is valid.
	(coff_print_symbol): Do not print negative line numbers.
	* peXXigen.c (pe_print_idata): Add range checking displaying
	member names.
2014-11-12 22:39:58 +00:00
Alan Modra
6bb3e67958 Throw away dodgy coff line number info earlier
PR 17521
	* coffcode.h (coff_slurp_line_table): Drop line number info
	not preceded by a valid function entry.  Revert last change.
2014-11-12 15:15:03 +10:30
Nick Clifton
201159ecec More fixes for invalid memory accesses, uncovered by valgrind and binary fuzzers.
PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Initialise the parts of the
	line number cache that would not be initialised by the copy from
	the new line number table.
	(coff_classify_symbol): Allow for _bfd_coff_internal_syment_name
	returning NULL.
	* coffgen.c (coff_get_normalized_symbols): Get the external
	symbols before allocating space for the internal symbols, in case
	the get fails.
	* elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref
	array if one is needed.  Likewise with the verdef array.
	* peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error
	messages.
	(_bfd_XXi_swap_aux_in): Make sure that all fields of the aux
	structure are initialised.
	(pe_print_edata): Avoid reading off the end of the data buffer.
2014-11-11 15:34:27 +00:00
Alan Modra
0ac2337434 coff coff
I missed this use of the loop induction variable outside the loop.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Use updated lineno_count
	when building func_table.
2014-11-11 22:45:25 +10:30
Alan Modra
fcfa62408a Avoid coff OOM
bfd_zalloc/bfd_zmalloc to fix uninitialized memory reads is too big a
hammer, when the size allocated depends on user input.  A typical
bfd_alloc, bfd_seek, bfd_bread sequence will give an error or warning
at the point the file read fails when some enormous item as described
by headers is not actually present in the file.  Nice operating system
allow memory overcommit.  But not if you write to the memory.  So
bfd_zalloc can cause an OOM, thrashing, or system hangs.

The patch also fixes a recently introduced endless loop on bad input.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
	memset the particular bits we need.  Update src after hitting loop
	"continue".  Don't count lineno omitted due to invalid symbols in
	nbr_func, and update lineno_count.  Init entire terminating
	lineno.  Don't both allocating terminator in n_lineno_cache.
	Redirect sym->lineno pointer to where n_lineno_cache will be
	copied, and free n_lineno_cache.
	* pe-mips.c (NUM_HOWTOS): Typo fix.
2014-11-11 22:13:57 +10:30
Alan Modra
4de1599bcf ld -r abort in _bfd_elf_write_section_eh_frame
Turning on .eh_frame processing for ld -r resulted in systemtap
tickling a ld bug.  Triggered by the zero terminator not being added
to .eh_frame in a separate file as it usually is (crtend.o), but
instead being present in the last .eh_frame section along with CIEs
and FDEs.  The 4-byte terminator makes the section size check fail
on 64-bit targets.

	* elf-eh-frame (_bfd_elf_write_section_eh_frame): Adjust section
	size check to account for possible zero terminator.
2014-11-11 20:28:46 +10:30
Richard Sandiford
fd6f9d1747 bfd/
2014-11-10  James Cowgill  <James.Cowgill@imgtec.com>

	* elfxx-mips.c (_bfd_mips_elf_section_processing): don't force small
	data sections to be PROGBITS
2014-11-10 20:51:16 +00:00
Nick Clifton
36e9d67b86 More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.

	PR binutils/17521
	* coff-i386.c (NUM_HOWTOS): New define.
	(RTYPE2HOWTO): Use it.
	(coff_i386_rtype_to_howto): Likewise.
	(coff_i386_reloc_name_lookup): Likewise.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* coff-x86_64.c (NUM_HOWTOS): New define.
	(RTYPE2HOWTO): Use it.
	(coff_amd64_rtype_to_howto): Likewise.
	(coff_amd64_reloc_name_lookup): Likewise.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* coffcode.h (coff_slurp_line_table): Check for symbol table
	indexing underflow.
	(coff_slurp_symbol_table): Use zalloc to ensure that all table
	entries are initialised.
	* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
	in the string table.  Also ensure that the table is 0 terminated.
	(coff_get_normalized_symtab): Check for symbol table indexing
	underflow.
	* opncls.c (bfd_alloc): Catch the case where a small negative size
	can result in only 1 byte being allocated.
	(bfd_alloc2): Use bfd_alloc.
	* pe-mips.c (NUM_HOWTOS): New define.
	(coff_mips_reloc_name_lookup): Use it.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
	in the DataDirectory.
	(pe_print_idata): Avoid reading beyond the end of the data block
	wen printing strings.
	(pe_print_edata): Likewise.
	Check for table indexing underflow.
	* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
	(pe_bfd_object_p): Allocate and initialize enough space to hold a
	PEAOUTHDR, even if the opt_hdr field specified less.
2014-11-10 14:27:38 +00:00
Alan Modra
d1f5d98a18 Correct buffer overrun test
* peXXigen.c (pe_print_idata): Revert last patch, cast lhs instead.
2014-11-08 12:40:09 +10:30
H.J. Lu
0115826241 Cast to unsigned long in range checks
* peXXigen.c (pe_print_idata): Cast to unsigned long in range
	checks.
2014-11-07 13:39:15 -08:00
H.J. Lu
cf61b7473a X32: Add REX prefix to encode R_X86_64_GOTTPOFF
Structions with R_X86_64_GOTTPOFF relocation must be encoded with REX
prefix even if it isn't required by destination register.  Otherwise
linker can't safely perform IE -> LE optimization.

bfd/

	PR ld/17482
	* elf64-x86-64.c (elf_x86_64_relocate_section): Update comments
	for IE->LE transition.

gas/

	PR ld/17482
	* config/tc-i386.c (output_insn): Add a dummy REX_OPCODE prefix
	for structions with R_X86_64_GOTTPOFF relocation for x32 if needed.

gas/testsuite/

	PR ld/17482
	* gas/i386/ilp32/x32-tls.d: New file.
	* gas/i386/ilp32/x32-tls.s: Likewise.

ld/testsuite/

	PR ld/17482
	* ld-x86-64/tlsie4.dd: Updated.
2014-11-07 12:22:53 -08:00
Alan Modra
56aedec7ab tekhex architecure
is a don't care.

	* tekhex.c (tekhex_set_arch_mach): Ignore unknown arch errors.
2014-11-07 21:24:49 +10:30
Alan Modra
e5242d4bed tekhex buffer management and symbol types
Dramatically reduces memory consumption and processing time for large
all-zero data segments.  Allows multiple symbol types attached to a
given segment to survive objcopy.

	* tekhex.c (CHUNK_SPAN): Define.
	(struct data_struct <chunk_init>): Use one byte per span, update
	all code accessing this field.
	(find_chunk): Add create param, don't create new entry unless set.
	(insert_byte): Don't save zeros.
	(first_phase): Set section SEC_CODE or SEC_DATA flag depending
	on symbol type.  Create an alternate section if both types of
	symbol are given.  Attach type '2' and '6' symbols to absolute
	section.
	(move_section_contents): Fix caching of chunk.  Don't create chunk
	when reading, or for writing zeros.
	(tekhex_set_section_contents): Don't create initial chunks.
	(tekhex_write_object_contents): Use CHUNK_SPAN.
2014-11-07 20:40:42 +10:30
Alan Modra
7c53fd1ca3 aoutx.h tidy
Save a multiplication, and any concern that the buffer allocation
might be smaller than the amount read (as it could be if the header
size isn't a multiple of EXTERNAL_NLIST_SIZE).

	* aoutx.h (aout_get_external_symbols): Tidy allocation of symbol buffer.
2014-11-07 20:40:41 +10:30
Alan Modra
4057240502 Revert bfd_get_size checks
* archive.c (_bfd_slurp_extended_name_table): Revert bfd_get_size check.
	* coffcode.h (coff_set_alignment_hook): Likewise.
	(coff_slurp_line_table): Likewise.
	* coffgen.c (coff_get_normalized_symtab): Likewise.
	(_bfd_coff_get_external_symbols): Likewise.
	* elf.c (bfd_elf_get_str_section): Likewise.
	* tekhex.c (first_phase): Likewise.
2014-11-07 13:19:15 +10:30
Nick Clifton
834107255b Revert changes in previous deltas that introduced new failures into
the linker testsuite.

	* aoutx.h (slurp_symbol_table): Revert previous delta.
	(slurp_reloc_table): Likewise.
	* compress.c (bfd_get_full_section_contents): Remove file size
	test.
	* coffgen.c (coff_get_normalized_symtab): Allow zero-sized symtabs
	and do not complain about linker generated files.
2014-11-06 14:39:58 +00:00
Will Newton
1fe9dc4519 bfd/elf-attrs.c: Fix possible infinite loop parsing attributes
Handle the case of a zero length section or sub-section in
_bfd_elf_parse_attributes and in doing so prevent an infinite loop
in the parser.

bfd/ChangeLog:

2014-11-06  Will Newton  <will.newton@linaro.org>

	* elf-attrs.c (_bfd_elf_parse_attributes): Handle zero
	length sections and sub-sections.
2014-11-06 13:01:18 +00:00