Commit graph

6531 commits

Author SHA1 Message Date
Alan Modra
f9dffbf086 Default powerpc64 to --plt-thread-safe for Go
Go is multi-threaded, so use thread-safe plt stubs.  __go_go doesn't
actually start threads, but is a convenient libgo function with a
reasonably unique name that is called by all Go executables.  (Threads
are started by a static function of libgo, runtime_newosproc, called
by a whole lot of global functions, including runtime_starttheworld
and runtime_main.)

bfd/
	* elf64-ppc.c (ppc64_elf_size_stubs): Add __go_go to thread_starters.
gold/
	* powerpc.cc (Target_powerpc::do_relax): Add __go_go to thread_starters.
2014-11-20 08:57:31 +10:30
H.J. Lu
ab7fede88e Check PC-relative offset overflow in PLT entry
This patch checks PC-relative offset overflow in pushq instruction in
x86-64 PLT entry.

bfd/

	PR ld/17618
	* elf64-x86-64.c (elf_x86_64_finish_dynamic_symbol): Check
	PC-relative offset overflow in PLT entry.

ld/testsuite/

	PR ld/17618
	* ld-x86-64/x86-64.exp: Run pr17618 for Linux target.

	* ld-x86-64/pr17618.d: New file.
	* ld-x86-64/pr17618.s: Likewise.
2014-11-18 11:04:46 -08:00
Nick Clifton
6937bb54a9 More fixes for illegal memory accesses exposed by fuzzed binaries.
PR binutils/17512
	* peXXIgen.c (pe_print_pdata): Fail if the section's virtual size
	is larger than its real size.
	(rsrc_print_section): Fix off-by-one error checking for overflow.
	* pei-x86_64.c (pex64_bfd_print_pdata): Handle empty unwind
	sections.

	* dwarf.c (get_encoded_value): Warn and return if the encoded
	value is more than 64-bits long.
	(SAFE_BYTE_GET): Do not attempt to read more than 64-bits.
	(process_extended_line_op): Add more range checks.
	(decode_location_expression): Use the return value from
	display_block.  Add more range checks.
	(read_debug_line_header): Add range check.
	(display_debug_lines_raw): Add range checks.
	(display_debug_frames): Silently skip multiple zero terminators.
	Add range checks.
	(process_cu_tu_index): Check for non-existant or empty sections.
	Use SAFE_BYTE_GET instead of byte_get.
2014-11-18 14:40:05 +00:00
Igor Zamyatin
d258b82828 Add -z bndplt to generate BND prefix in PLT entries
This patch adds "-z bndplt" option Linux/x86-64 linker to generate BND
prefix in PLT entries.  It also updated Linux/x86-64 assembler not to
generate R_X86_64_PLT32_BND nor R_X86_64_PC32_BND relocations.

bfd/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* elf64-x86-64.c (elf_x86_64_check_relocs): Enable MPX PLT only
	for -z bndplt.

gas/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* config/tc-i386-intel.c (i386_operator): Remove last argument
	from lex_got call.
	* config/tc-i386.c (reloc): Remove bnd_prefix from parameters'
	list.  Return always BFD_RELOC_32_PCREL.
	* (output_branch): Remove condition for BFD_RELOC_X86_64_PC32_BND.
	* (output_jump): Update call to reloc accordingly.
	* (output_interseg_jump): Likewise.
	* (output_disp): Likewise.
	* (output_imm): Likewise.
	* (x86_cons_fix_new): Likewise.
	* (lex_got): Remove bnd_prefix from parameters' list in macro and
	declarations. Don't use BFD_RELOC_X86_64_PLT32_BND.
	* (x86_cons): Update call to lex_got accordingly.
	* (i386_immediate): Likewise.
	* (i386_displacement): Likewise.
	* (md_apply_fix): Don't use BFD_RELOC_X86_64_PLT32_BND nor
	BFD_RELOC_X86_64_PC32_BND.
	* (tc_gen_reloc): Likewise.

include/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* bfdlink.h (struct bfd_link_info): Add bndplt.

ld/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* emulparams/elf_x86_64.sh (BNDPLT): Set to yes for x86_64.
	* emultempl/elf32.em (gld${EMULATION_NAME}_handle_option): Handle
	"-z bndplt" if BNDPLT is yes.
	(gld${EMULATION_NAME}_list_options): Add "-z bndplt" entry.
	* ld.texinfo: Add description for bndplt.

ld/testsuite/

2014-11-18  Igor Zamyatin  <igor.zamyatin@intel.com>

	* testsuite/ld-x86-64/bnd-ifunc-1.d: Add bndplt option.
	* testsuite/ld-x86-64/bnd-ifunc-2.d: Likewise.
	* testsuite/ld-x86-64/bnd-plt-1.d: Likewise.  Update dissassembly
	sections.
	* testsuite/ld-x86-64/mpx.exp: Handle mpx3 and mpx4 tests.
	* testsuite/ld-x86-64/mpx1a.rd: Remove _BND from relocation name.
	* testsuite/ld-x86-64/mpx1c.rd: Likewise.
	* testsuite/ld-x86-64/mpx2a.rd: Likewise.
	* testsuite/ld-x86-64/mpx2c.rd: Likewise.
	* testsuite/ld-x86-64/mpx3.dd: New file.
	* testsuite/ld-x86-64/mpx3a.s: Likewise.
	* testsuite/ld-x86-64/mpx3b.s: Likewise.
	* testsuite/ld-x86-64/mpx4.dd: Likewise.
	* testsuite/ld-x86-64/mpx4a.s: Likewise.
	* testsuite/ld-x86-64/mpx4b.s: Likewise.
2014-11-18 05:40:17 -08:00
Nick Clifton
470c009be8 Fix a null pointer dereference when reading the debug link info from a corrupt file.
PR binutils/17597
	* opncls.c (bfd_get_debug_link_info): Avoid reading off the end of
	the section.
	(bfd_get_alt_debug_link_info): Likewise.
2014-11-14 13:39:29 +00:00
Nick Clifton
041830e03c More fixes for invalid memory accesses triggered by corrupt binaries.
PR binutils/17512
	* dwarf.c (get_encoded_value): Add an 'end' parameter.  Change the
	'data' parameter to a double pointer and return the updated value.
	(decode_location_expression): Update call to get_encoded_value.
	(frame_need_space): Handle the case where one or both of the
	mallocs fails.
	(read_cie): Initialise the cie pointer, even if the read fails.
	(display_debug_frames): Warn if the calculated block_end is before
	the start of the block.  Break the loop if the CIE could not be
	read.  Update call to get_encoded_value.  Warn if the read CFA
	expressions are too big.

	* ieee.c (ieee_archive_p) Skip processing if no bytes are read at
	all.
	(ieee_object_p): Likewise.
2014-11-14 12:30:00 +00:00
H.J. Lu
57494d81b6 Add cast to unsigned int
* coffcode.h (coff_slurp_line_table): Add cast to unsigned int.
2014-11-13 12:56:18 -08:00
H.J. Lu
f8521a0358 Rename symbbol to symbol
* coffcode.h (coff_pointerize_aux_hook): Fix a typo.
2014-11-13 12:15:46 -08:00
H.J. Lu
553d1284b7 Add assembler support for @gotplt
Obsolete R_X86_64_GOTPLT64 and treat it the same as R_X86_64_GOT64.

bfd/

	PR gas/17598
	* elf64-x86-64.c (elf_x86_64_check_relocs): Treat
	R_X86_64_GOTPLT64 the same as R_X86_64_GOT64.
	(elf_x86_64_relocate_section): Likewise.

gas/

	PR gas/17598
	* config/tc-i386.c (reloc): Support BFD_RELOC_X86_64_GOTPLT64.

gas/testsuite/

	PR gas/17598
	* gas/i386/reloc64.s: Add @gotplt check.

	* gas/i386/reloc64.d: Updated.
	* gas/i386/reloc64.l: Likewise.

ld/testsuite/

	PR gas/17598
	* ld-x86-64/x86-64.exp: Run gotplt1.

	* ld-x86-64/gotplt1.d: New file.
	* ld-x86-64/gotplt1.s: Likewise.
2014-11-13 11:09:40 -08:00
Nick Clifton
a5c71af8d3 More fixes for memory access violations whilst scanning corrupt binaries.
PR binutils/17512
	* config/obj-coff.c (coff_obj_symbol_new_hook): Set the is_sym
	field.

	* coffcode.h (coff_ptr_struct): Add is_sym field.
	(coff_new_section_hook): Set the is_sym field.
	(coff_pointerize_aux_hook): Check the is_sym field.
	(coff_print_aux): Likewise.
	(coff_compute_section_file_positions): Likewise.
	(coff_write_object_contents): Likewise.
	(coff_slurp_line_table): Likewise.
	(coff_slurp_symbol_table): Likewise.
	(CALC_ADDEND): Likewise.
	* coffgen.c (coff_renumber_symbols): Likewise.
	(coff_mangle_symbols): Likewise.
	(coff_fix_symbol_name): Likewise.
	(coff_write_symbol): Likewise.
	(coff_write_alien_symbol): Likewise.
	(coff_write_native_symbol): Likewise.
	(coff_write_symbols): Likewise.
	(coff_write_linenumbers): Likewise.
	(coff_pointerize_aux): Likewise.
	(coff_get_normalized_symtab): Likewise.
	(coff_get_symbol_info): Likewise.
	(bfd_coff_get_syment): Likewise.
	(bfd_coff_get_auxent): Likewise.
	(coff_print_symbol): Likewise.
	(coff_find_nearest_line_with_names): Likewise.
	(bfd_coff_set_symbol_class): Likewise.
	(coff_make_empty_symbol): Set the is_sym field.
	(coff_bfd_make_debug_symbol): Likewise.
	* peicode.h (pe_ILF_make_a_symbol): Likewise.
	* libcoff.h: Regenerate.
	* libcoff-in.h: Regenerate.
2014-11-13 17:46:11 +00:00
Nick Clifton
f41e4712a7 Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512
	* dwarf.c (read_and_display_attr_value): Check that we do not read
	past end.
	(display_debug_pubnames_worker): Add range checks.
	(process_debug_info): Check for invalid pointer sizes.
	(display_loc_list): Likewise.
	(display_loc_list_dwo): Likewise.
	(display_debug_ranges): Likewise.
	(display_debug_aranges): Check for invalid address size.
	(read_cie): Add range checks.  Replace call strchr with while loop.
	* objdump.c (dump_dwarf): Replace abort with a warning message.
	(print_section_stabs): Improve range checks.
	* rdcoff.c (coff_get_slot): Use long for indx parameter type.
	Add check for an excesively large index.
	* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
	string table.  Avoid walking off the end of the stabs data.
	* stabs.c (parse_stab_string): Add check for a NULL name.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Set the line number of
	corrupt entries to -1.
	(coff_slurp_symbol_table): Alway initialise the value of the
	symbol.
	* coffgen.c (coff_print_symbol): Check that the combined pointer
	is valid.
	(coff_print_symbol): Do not print negative line numbers.
	* peXXigen.c (pe_print_idata): Add range checking displaying
	member names.
2014-11-12 22:39:58 +00:00
Alan Modra
6bb3e67958 Throw away dodgy coff line number info earlier
PR 17521
	* coffcode.h (coff_slurp_line_table): Drop line number info
	not preceded by a valid function entry.  Revert last change.
2014-11-12 15:15:03 +10:30
Nick Clifton
201159ecec More fixes for invalid memory accesses, uncovered by valgrind and binary fuzzers.
PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Initialise the parts of the
	line number cache that would not be initialised by the copy from
	the new line number table.
	(coff_classify_symbol): Allow for _bfd_coff_internal_syment_name
	returning NULL.
	* coffgen.c (coff_get_normalized_symbols): Get the external
	symbols before allocating space for the internal symbols, in case
	the get fails.
	* elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref
	array if one is needed.  Likewise with the verdef array.
	* peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error
	messages.
	(_bfd_XXi_swap_aux_in): Make sure that all fields of the aux
	structure are initialised.
	(pe_print_edata): Avoid reading off the end of the data buffer.
2014-11-11 15:34:27 +00:00
Alan Modra
0ac2337434 coff coff
I missed this use of the loop induction variable outside the loop.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Use updated lineno_count
	when building func_table.
2014-11-11 22:45:25 +10:30
Alan Modra
fcfa62408a Avoid coff OOM
bfd_zalloc/bfd_zmalloc to fix uninitialized memory reads is too big a
hammer, when the size allocated depends on user input.  A typical
bfd_alloc, bfd_seek, bfd_bread sequence will give an error or warning
at the point the file read fails when some enormous item as described
by headers is not actually present in the file.  Nice operating system
allow memory overcommit.  But not if you write to the memory.  So
bfd_zalloc can cause an OOM, thrashing, or system hangs.

The patch also fixes a recently introduced endless loop on bad input.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
	memset the particular bits we need.  Update src after hitting loop
	"continue".  Don't count lineno omitted due to invalid symbols in
	nbr_func, and update lineno_count.  Init entire terminating
	lineno.  Don't both allocating terminator in n_lineno_cache.
	Redirect sym->lineno pointer to where n_lineno_cache will be
	copied, and free n_lineno_cache.
	* pe-mips.c (NUM_HOWTOS): Typo fix.
2014-11-11 22:13:57 +10:30
Alan Modra
4de1599bcf ld -r abort in _bfd_elf_write_section_eh_frame
Turning on .eh_frame processing for ld -r resulted in systemtap
tickling a ld bug.  Triggered by the zero terminator not being added
to .eh_frame in a separate file as it usually is (crtend.o), but
instead being present in the last .eh_frame section along with CIEs
and FDEs.  The 4-byte terminator makes the section size check fail
on 64-bit targets.

	* elf-eh-frame (_bfd_elf_write_section_eh_frame): Adjust section
	size check to account for possible zero terminator.
2014-11-11 20:28:46 +10:30
Richard Sandiford
fd6f9d1747 bfd/
2014-11-10  James Cowgill  <James.Cowgill@imgtec.com>

	* elfxx-mips.c (_bfd_mips_elf_section_processing): don't force small
	data sections to be PROGBITS
2014-11-10 20:51:16 +00:00
Nick Clifton
36e9d67b86 More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.

	PR binutils/17521
	* coff-i386.c (NUM_HOWTOS): New define.
	(RTYPE2HOWTO): Use it.
	(coff_i386_rtype_to_howto): Likewise.
	(coff_i386_reloc_name_lookup): Likewise.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* coff-x86_64.c (NUM_HOWTOS): New define.
	(RTYPE2HOWTO): Use it.
	(coff_amd64_rtype_to_howto): Likewise.
	(coff_amd64_reloc_name_lookup): Likewise.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* coffcode.h (coff_slurp_line_table): Check for symbol table
	indexing underflow.
	(coff_slurp_symbol_table): Use zalloc to ensure that all table
	entries are initialised.
	* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
	in the string table.  Also ensure that the table is 0 terminated.
	(coff_get_normalized_symtab): Check for symbol table indexing
	underflow.
	* opncls.c (bfd_alloc): Catch the case where a small negative size
	can result in only 1 byte being allocated.
	(bfd_alloc2): Use bfd_alloc.
	* pe-mips.c (NUM_HOWTOS): New define.
	(coff_mips_reloc_name_lookup): Use it.
	(CALC_ADDEND): Check that reloc r_type field is valid.
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
	in the DataDirectory.
	(pe_print_idata): Avoid reading beyond the end of the data block
	wen printing strings.
	(pe_print_edata): Likewise.
	Check for table indexing underflow.
	* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
	(pe_bfd_object_p): Allocate and initialize enough space to hold a
	PEAOUTHDR, even if the opt_hdr field specified less.
2014-11-10 14:27:38 +00:00
Alan Modra
d1f5d98a18 Correct buffer overrun test
* peXXigen.c (pe_print_idata): Revert last patch, cast lhs instead.
2014-11-08 12:40:09 +10:30
H.J. Lu
0115826241 Cast to unsigned long in range checks
* peXXigen.c (pe_print_idata): Cast to unsigned long in range
	checks.
2014-11-07 13:39:15 -08:00
H.J. Lu
cf61b7473a X32: Add REX prefix to encode R_X86_64_GOTTPOFF
Structions with R_X86_64_GOTTPOFF relocation must be encoded with REX
prefix even if it isn't required by destination register.  Otherwise
linker can't safely perform IE -> LE optimization.

bfd/

	PR ld/17482
	* elf64-x86-64.c (elf_x86_64_relocate_section): Update comments
	for IE->LE transition.

gas/

	PR ld/17482
	* config/tc-i386.c (output_insn): Add a dummy REX_OPCODE prefix
	for structions with R_X86_64_GOTTPOFF relocation for x32 if needed.

gas/testsuite/

	PR ld/17482
	* gas/i386/ilp32/x32-tls.d: New file.
	* gas/i386/ilp32/x32-tls.s: Likewise.

ld/testsuite/

	PR ld/17482
	* ld-x86-64/tlsie4.dd: Updated.
2014-11-07 12:22:53 -08:00
Alan Modra
56aedec7ab tekhex architecure
is a don't care.

	* tekhex.c (tekhex_set_arch_mach): Ignore unknown arch errors.
2014-11-07 21:24:49 +10:30
Alan Modra
e5242d4bed tekhex buffer management and symbol types
Dramatically reduces memory consumption and processing time for large
all-zero data segments.  Allows multiple symbol types attached to a
given segment to survive objcopy.

	* tekhex.c (CHUNK_SPAN): Define.
	(struct data_struct <chunk_init>): Use one byte per span, update
	all code accessing this field.
	(find_chunk): Add create param, don't create new entry unless set.
	(insert_byte): Don't save zeros.
	(first_phase): Set section SEC_CODE or SEC_DATA flag depending
	on symbol type.  Create an alternate section if both types of
	symbol are given.  Attach type '2' and '6' symbols to absolute
	section.
	(move_section_contents): Fix caching of chunk.  Don't create chunk
	when reading, or for writing zeros.
	(tekhex_set_section_contents): Don't create initial chunks.
	(tekhex_write_object_contents): Use CHUNK_SPAN.
2014-11-07 20:40:42 +10:30
Alan Modra
7c53fd1ca3 aoutx.h tidy
Save a multiplication, and any concern that the buffer allocation
might be smaller than the amount read (as it could be if the header
size isn't a multiple of EXTERNAL_NLIST_SIZE).

	* aoutx.h (aout_get_external_symbols): Tidy allocation of symbol buffer.
2014-11-07 20:40:41 +10:30
Alan Modra
4057240502 Revert bfd_get_size checks
* archive.c (_bfd_slurp_extended_name_table): Revert bfd_get_size check.
	* coffcode.h (coff_set_alignment_hook): Likewise.
	(coff_slurp_line_table): Likewise.
	* coffgen.c (coff_get_normalized_symtab): Likewise.
	(_bfd_coff_get_external_symbols): Likewise.
	* elf.c (bfd_elf_get_str_section): Likewise.
	* tekhex.c (first_phase): Likewise.
2014-11-07 13:19:15 +10:30
Nick Clifton
834107255b Revert changes in previous deltas that introduced new failures into
the linker testsuite.

	* aoutx.h (slurp_symbol_table): Revert previous delta.
	(slurp_reloc_table): Likewise.
	* compress.c (bfd_get_full_section_contents): Remove file size
	test.
	* coffgen.c (coff_get_normalized_symtab): Allow zero-sized symtabs
	and do not complain about linker generated files.
2014-11-06 14:39:58 +00:00
Will Newton
1fe9dc4519 bfd/elf-attrs.c: Fix possible infinite loop parsing attributes
Handle the case of a zero length section or sub-section in
_bfd_elf_parse_attributes and in doing so prevent an infinite loop
in the parser.

bfd/ChangeLog:

2014-11-06  Will Newton  <will.newton@linaro.org>

	* elf-attrs.c (_bfd_elf_parse_attributes): Handle zero
	length sections and sub-sections.
2014-11-06 13:01:18 +00:00
Nick Clifton
a6f921c877 More fixes for memory problems uncovered by file fuzzers.
PR binutils/17512
	* coffcode.h (handle_COMDAT): Replace abort with BFD_ASSERT.
	Replace another abort with an error message.
	(coff_slurp_line_table): Add more range checking.
	* peXXigen.c (pe_print_debugdata): Add range checking.
2014-11-05 17:57:54 +00:00
Matthew Fortune
131e2f8ea1 Fix segfault when creating a dso with discarded .dynsym section.
bfd/

	* elfxx-mips.c (_bfd_mips_elf_finish_dynamic_sections): Fix segfault
	when creating a dso with discarded dynsym section.
2014-11-05 10:56:59 +00:00
Matthew Fortune
09c14161c5 Update .MIPS.abiflags to support MIPS R6
bfd/

	* elfxx-mips.c (update_mips_abiflags_isa): Add E_MIPS_ARCH_32R6
	and E_MIPS_ARCH_64R6 support.

ld/testsuite/

	* ld-mips-elf/abiflags-strip10-ph.d: New file.
	* ld-mips-elf/mips-eld.exp: Run the new test.

gas/

	* config/tc-mips.c (mips_elf_final_processing): Add INSN_ISA32R6
	and INSN_ISA64R6 support.

gas/testsuite/

	* gas/mips/elf_arch_mips32r6.d: New file.
	* gas/mips/elf_arch_mips64r6.d: New file.
	* gas/mips/mips.exp: Run the new tests.
2014-11-05 10:48:38 +00:00
Nick Clifton
20ad5e2842 More fixes for processing corrupt files.
PR binutils/17512
	* coffcode.h (coff_set_alignment_hook): Warn if the file lies
	about the number of relocations it contains.
	(coff_sort_func_alent): Return 0 if the pointers are NULL.
	(coff_slurp_line_table): Add more range checks.  Do not free new
	tables created when sorting line numbers.
	* peXXigen.c (pe_print_idata): Add range checks.
	(pe_print_edata): Likewise.
	(rsrc_print_resource_entries): Likewise.  Avoid printing control
	characters.  Terminate priniting if corruption is detected.
	(rsrc_print_resource_directory): Terminate printing if an unknown
	directory type is encountered.
	(pe_print_debugdata): Fix off-by-one error.
	(rsrc_count_entries): Add range checking.
	(rsrc_parse_entry): Likewise.
2014-11-05 10:13:16 +00:00
Nick Clifton
79f2a78e76 Fix problem with linker created sections being mistakenly flagged
as corrupt by the new error checking code in bfd_get_full_section_contents.

	PR binutils/17512
	* compress.c (bfd_get_full_section_contents): Improve test for
	linker created objects.
2014-11-04 16:00:10 +00:00
Nick Clifton
bb0d867169 Fix a seg-fault triggered by reading a mal-formed archive.
PR binutils/17533
	* archive.c (_bfd_slurp_extended_name_table): Handle archives with
	corrupt extended name tables.
2014-11-04 13:15:37 +00:00
Alan Modra
ef42b83ec0 Provide stat function for spu overlay manager iovec
Commit f54498b4 broke spu-elf, specifically the change "Do not try to
load a string table bigger than the file", because bfd_get_size
returns zero for the spu built-in overlay manager bfd.

	* elf32-spu.c (ovl_mgr_stat): New function.
	(spu_elf_open_builtin_lib): Pass to bfd_openr_iovec.
2014-11-04 22:36:13 +10:30
Andrew Burgess
931b79ccd6 When relaxing, update size of symbols.
When performing linker relaxation, reduce the size of symbols that span
the deleted bytes.  This ensures that, for example, function symbols
will have the correct size.

bfd/ChangeLog:

	* elf32-avr.c (elf32_avr_relax_delete_bytes): During linker
	relaxation, reduce the size of symbols that span the deleted
	bytes.

ld/ChangeLog:

	* testsuite/ld-avr/relax-02.d: Update to check size of symbols has
	changed.
	* testsuite/ld-avr/relax-03.d: Likewise.
2014-11-03 20:34:13 +00:00
Andrew Burgess
a12d0ffc72 When relaxing, update symbols at the very end of the section.
Symbols at the very end of a section were not being updated correctly
when linker relaxation takes place due to the use of '<' instead of
'<='.  Added a couple of tests to cover this behaviour.

bfd/ChangeLog:

	* elf32-avr.c (elf32_avr_relax_delete_bytes): Modify symbols
	located at the very end of the section.

ld/ChangeLog:

	* ld/testsuite/ld-avr/relax-02.d: New file.
	* ld/testsuite/ld-avr/relax-02.s: New file.
	* ld/testsuite/ld-avr/relax-03.d: New file.
	* ld/testsuite/ld-avr/relax-03.s: New file.
2014-11-03 20:33:25 +00:00
Nick Clifton
5a3f568b70 More fixes for buffer overruns instigated by corrupt binaries.
PR binutils/17512
	* objdump.c (slurp_symtab): Fail gracefully if the table could not
	be read.
	(dump_relocs_in_section): Likewise.

	* aoutx.h (slurp_symbol_table): Check that computed table size is
	not bigger than the file from which is it being read.
	(slurp_reloc_table): Likewise.
	* coffcode.h (coff_slurp_line_table): Remove unneeded local
	'warned'.  Do not try to print the details of a symbol with an
	invalid index.
	* coffgen.c (make_a_sectiobn_from_file): Check computed string
	index against length of string table.
	(bfd_coff_internal_syment_name): Check read in string offset
	against length of string table.
	(build_debug_section): Return a pointer to the section used.
	(_bfd_coff_read_string_table): Store the length of the string
	table in the coff_tdata structure.
	(bfd_coff_free_symbols): Set the length of the string table to
	zero when it is freed.
	(coff_get_normalized_symtab): Check offsets against string table
	or data table lengths as appropriate.
	* cofflink.c (_bfd_coff_link_input_bfd): Check offset against
	length of string table.
	* compress.c (bfd_get_full_section_contents): Check computed size
	against the size of the file.
	* libcoff-in.h (obj_coff_strings_len): Define.
	(struct coff_tdata): Add strings_len field.
	* libcoff.h: Regenerate.
	* peXXigen.c (pe_print_debugdata): Do not attempt to print the
	data if the debug section is too small.
	* xcofflink.c (xcoff_link_input_bfd):  Check offset against
	length of string table.
2014-11-03 17:44:00 +00:00
Nick Clifton
ba241f2d5a Import updated translations supplied by the Translation Project.
bfd, binutils, gprof, opcodes:
	* po/fi.po: Updated Finnish translation.

	binutils:
	* po/sv.po: Updated Swedish translation.

	gprof:
	* po/hu.po: New Hungarian translation.
2014-11-03 12:26:48 +00:00
Naveen H.S
2c62985659 MIPS: Add Octeon 3 support
binutils:
2014-10-31  Andrew Pinski  <apinski@cavium.com>
            Naveen H.S  <Naveen.Hurugalawadi@caviumnetworks.com>

	* readelf.c (print_mips_isa_ext): Print the value of Octeon3.

gas:
2014-10-31  Andrew Pinski  <apinski@cavium.com>
            Naveen H.S  <Naveen.Hurugalawadi@caviumnetworks.com>

	* config/tc-mips.c (CPU_IS_OCTEON): Handle CPU_OCTEON3.
	(mips_cpu_info_table): Octeon3 enables virt ase.
	* doc/c-mips.texi: Document octeon3 as an acceptable value for
	-march=.

gas/testsuite:
2014-10-31  Andrew Pinski  <apinski@cavium.com>
            Naveen H.S  <Naveen.Hurugalawadi@caviumnetworks.com>

	* gas/mips/mips.exp: Add support for Octeon3 architecture.
	Also add in support for running Octeon3 tests.
	* gas/mips/octeon3.d: New test.
	* gas/mips/octeon3.s: New test source.

opcodes:
2014-10-31  Andrew Pinski  <apinski@cavium.com>
            Naveen H.S  <Naveen.Hurugalawadi@caviumnetworks.com>

	* mips-dis.c (mips_arch_choices): Add octeon3.
	* mips-opc.c (IOCT): Include INSN_OCTEON3.
	(IOCT2): Likewise.
	(IOCT3): New define.
	(IVIRT): New define.
	(mips_builtin_opcodes): Add dmfgc0, dmtgc0, hypcall, mfgc0, mtgc0,
	tlbinv, tlbinvf, tlbgr, tlbgwi, tlbginv, tlbginvf, tlbgwr, tlbgp, tlti
	IVIRT instructions.
	Extend mtm0, mtm1, mtm2, mtp0, mtp1, mtp2 instructions to take another
	operand for IOCT3.

bfd:
2014-10-31  Andrew Pinski  <apinski@cavium.com>
            Naveen H.S  <Naveen.Hurugalawadi@caviumnetworks.com>

	* archures.c: Add octeon3 for mips target.
	* bfd-in2.h: Regenerate.
	* bfd/cpu-mips.c: Define I_mipsocteon3.
	nfo_struct): Add octeon3 support.
	* bfd/elfxx-mips.c: (_bfd_elf_mips_mach): Add support for
	octeon3.
	(mips_set_isa_flags): Add support for octeon3.
	(bfd_mips_isa_ext): Add bfd_mach_mips_octeon3.
	(mips_mach_extensions): Make bfd_mach_mips_octeon3 an
	extension of bfd_mach_mips_octeon2.
	(print_mips_isa_ext): Print the value of Octeon3.
2014-10-31 13:50:10 -07:00
Nick Clifton
690725fa0d Fix an (almost) infinite loop in the tekhex parser.
PR binutils/17512
	* tekhex.c (first_phase): Check that the section range is sane.
2014-10-31 18:00:55 +00:00
Nick Clifton
f54498b457 Avoid allocating over-large buffers when parsing corrupt binaries.
PR binutils/17512
	* coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a
	symbol table bigger than the file.
	* elf.c (bfd_elf_get_str_section): Do not try to load a string
	table bigger than the file.

	* readelf.c (process_program_headers): Avoid memory exhaustion due
	to corrupt values in a dynamis segment header.
	(get_32bit_elf_symbols): Do not attempt to read an over-large
	section.
	(get_64bit_elf_symbols): Likewise.
2014-10-31 16:36:31 +00:00
Nick Clifton
0102ea8cec Fixes a seg-fault in the ihex parser when it encounters a malformed ihex file.
PR binutils/17512
	* ihex.c (ihex_scan): Fix typo in invocation of ihex_bad_byte.
2014-10-30 17:16:17 +00:00
Nick Clifton
7e760b06b2 Closes another memory corruption, this time due to heap overrun.
PR binutils/17512
	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
2014-10-30 15:52:10 +00:00
Nick Clifton
e5b470e24c Fixes another memory corruption bug introduced by patches for PR 17512.
* elf.c (bfd_section_from_shdr): Fix heap use after free memory
	leak.
2014-10-29 20:58:13 +00:00
Dennis Brueni
d1e8523e40 Thix fixes an obvious coding error that led to a GDB crash on AIX or HPUX.
* elf.c (elfcore_write_lwpstatus): fix typo in call to memcpy
2014-10-29 17:17:32 +00:00
Nick Clifton
5a4b0ccc20 More fixes for corrupt binaries crashing the binutils.
PR binutils/17512
	* elf.c (bfd_section_from_shdr): Allocate and free the recursion
	detection table on a per-bfd basis.
	* peXXigen.c (pe_print_edata): Handle binaries with a truncated
	export table.
2014-10-28 15:42:56 +00:00
Nick Clifton
708d7d0d11 This patch fixes a flaw in the SREC parser which could cause a stack overflow
and potential secuiryt breach.

	PR binutils/17510
	* srec.c (srec_bad_byte): Increase size of buf to allow for
	negative values.
	(srec_scan): Use an unsigned char buffer to hold header bytes.
2014-10-28 10:48:14 +00:00
Nick Clifton
bf67003b45 This fixes more seg-faults in tools like "strings" and "objdump" when
presented with corrupt binaries.

	PR binutils/17512
	* elf.c (bfd_section_from_shdr): Detect and warn about ELF
	binaries with a group of sections linked by the string table
	indicies.
	* peXXigen.c (pe_print_edata): Detect out of range rvas and
	entry counts for the Export Address table, Name Pointer table
	 and Ordinal table.
2014-10-27 18:05:37 +00:00
Nick Clifton
7e1e19887a Fix a seg-fault in strings and other binutuils when parsing a corrupt PE
executable with an invalid value in the NumberOfRvaAndSizes field of the
AOUT header.

	PR binutils/17512
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
	with an invalid value for NumberOfRvaAndSizes.
2014-10-27 14:45:06 +00:00
Nick Clifton
493a33860c This patch closes a potential security hole in applications that use
the bfd library to parse binaries containing maliciously corrupt section
group headers.

	PR binutils/17510
	* elf.c (setup_group): Improve handling of corrupt group
	sections.
2014-10-27 12:45:36 +00:00