Commit graph

200 commits

Author SHA1 Message Date
Nick Clifton
67f101eece Ignore DWARF debug information with a version of 0 - assume that it is padding.
PR 19872
bfd	* dwarf2.c (parse_comp_unit): Skip warning about unrecognised
	version number if the version is zero.

bin	* dwarf.c (display_debug_aranges): Skip warning about unrecognised
	version number if the version is zero.
2016-04-04 12:53:33 +01:00
Nick Clifton
34b9f7292f Fix unbounded stack usage warning inside the SAFE_BYTE_GET macro.
PR 19851
binutils * dwarf.c (SAFE_BYTE_GET): Replace local dynamic array allocation
	with run time size check.
2016-03-22 13:25:22 +00:00
Alan Modra
6f2750feaf Copyright update for binutils 2016-01-01 23:00:01 +10:30
Nick Clifton
7460c0abe8 Fix static analysis warning about undefined bheaviour.
PR binutils/19310
	* dwarf.c (display_debug_frames): Recode range test to avoid
	undefined behaviour.
2015-12-08 09:49:49 +00:00
Andrew Burgess
42bcef4ad6 objdump: Handle 32-bit base address in debug_ranges / debug_loc.
When the DWARF address size is 32-bit, but the host machine is 64-bit,
objdump fails to spot base addresses specified in the .debug_ranges and
.debug_loc lists.

As an example, here is the output when dumping an example .debug_ranges
section with the pre-patched objdump:

    Contents of the .debug_ranges section:

        Offset   Begin    End
        00000000 ffffffff 00000004 (start > end)
        00000000 00000000 00000004
        00000000 ffffffff 00000008 (start > end)
        00000000 00000000 00000004
        00000000 <End of list>

And this is what the same section looks like when dumped with the
patched version of objdump:

    Contents of the .debug_ranges section:

        Offset   Begin    End
        00000000 ffffffff 00000004 (base address)
        00000000 00000004 00000008
        00000000 ffffffff 00000008 (base address)
        00000000 00000008 0000000c
        00000000 <End of list>

binutils/ChangeLog:

	* dwarf.c (is_max_address): New function.
	(display_loc_list): Remove out of date comment, use
	is_max_address.
	(display_debug_ranges): Likewise.

binutils/testsuite/ChangeLog:

	* binutils-all/objdump.exp: Add test for .debug_ranges decode.
	* binutils-all/dw2-ranges.S: New file.
	* binutils-all/dw2-ranges.W: New file.
2015-11-30 13:28:26 +00:00
Dominik Vogt
c4e0beacd7 binutils: Fix left shift of negative value.
This patch fixes all occurences of left-shifting negative constants in C code
which is undefined by the C standard.

binutils/ChangeLog:

        * dwarf.c (read_leb128): Fix left shift of negative value.
2015-11-09 17:12:56 +01:00
H.J. Lu
3aade68889 Remove trailing spaces in binutils 2015-08-12 04:42:37 -07:00
Nick Clifton
8fcc61b42b Improves the detection of partial .debug_line sections.
* dwarf.c (read_debug_line_header): Use reloc_at to detect
	incomplete .debug_line headers
2015-06-05 16:58:35 +01:00
Nick Clifton
d1c4b12b9d Fix PR18374 by making readelf and objdump ignore end-of-list markers in the .debug_loc section if there are relocations against them.
PR binutils/18374
bin	* dwarf.h (struct dwarf_section): Add reloc_info and num_relocs
	fields.
	(struct dwarf_section_display): Change bitfield to boolean.
	(reloc_at): Add prototype.
	* dwarf.c (display_loc_list): Ignore list terminators if there are
	relocs against them.
	(display_debug_loc): Issue a warning if there are relocs against
	the .debug_loc section.
	(display_displays): Initialise reloc_info and num_relocs fields.
	* objdump.c (load_specific_debug_section): Initialise reloc_info
	and num_relocs fields.
	(reloc_at): New function.
	* readelf.c (is_32bit_abs_reloc): Add IA64's R_IA64_DIS32LSB
	reloc.
	(reloc_at): New function.
	(apply_relocations): Add relocs_return and num_relocs_return
	parameters.  Fill them in with the loaded relocs if non-NULL.
	(dump_section_as_bytes): Update call to apply_relocations.
	(load_specific_debug_section): Initialise reloc_info and
	num_relocs fields.

tests	* binutils-all/pr18374.s: New test file.
	* binutils-all/readelf.exp: Assemble and run the new test.
	* binutils-all/readelf.pr18374: Expected output from readelf.
2015-05-15 11:24:33 +01:00
H.J. Lu
3d875af575 Add init_dwarf_regnames_iamcu
* dwarf.c (dwarf_regnames_iamcu): New.
	(init_dwarf_regnames_iamcu): Likewise.
	(init_dwarf_regnames): Call init_dwarf_regnames_iamcu for EM_IAMCU.
	* dwarf.h (init_dwarf_regnames_iamcu): New.
	* objdump.c (dump_dwarf): Call init_dwarf_regnames_iamcu for
	bfd_arch_iamcu.
2015-05-11 10:41:44 -07:00
H.J. Lu
22abe5566a Rename EM_486 to EM_IAMCU
bfd/

	* elfcode.h (elf_object_p): Replace EM_486 with EM_IAMCU.

binutils/

	* dwarf.c (init_dwarf_regnames): Replace EM_486 with EM_IAMCU.
	* readelf.c (guess_is_rela): Likewise.
	(dump_relocations): Likewise.
	(get_machine_name): Likewise.
	(get_elf_section_flags): Likewise.
	(process_section_headers): Likewise.
	(is_32bit_abs_reloc): Likewise.
	(is_32bit_pcrel_reloc): Likewise.

include/elf/

	* common.h (EM_486): Renamed to ...
	(EM_IAMCU): This.
2015-05-11 08:53:05 -07:00
Nick Clifton
153a27763c Fix handling of relocs for the MeP target.
bfd	PR 18317
	* elf32-mep.c (MEPREL): Use bfd_elf_generic_reloc instead of
	mep_reloc.
	(mep_reloc): Delete unused function.

bin	* readelf.c (get_machine_flags): Add description of MeP flags.

tests	* binutils-all/objdump.exp (cpus_expected): Add MeP CPU names.
2015-04-30 15:57:41 +01:00
Nick Clifton
c8071705c6 Fix undefined arithmetic operations detected by -fsanitize=undefined when running readelf on fuzzed binaries.
PR binutils/17512
	* dwarf.c (display_debug_loc): Pacify the undefined behaviour
	sanitizer by simplifying address difference calculation.
	(struct Frame_Chunk): Change type of cfa_offset to dwarf_vma in
	order to avoid arithmetic overflows.
	(frame_display_row): Cast cfa_offset before printing it.
	(display_debug_frames): Likewise.
	Check for an unexpected segment size.
	Chnage type of 'l' local to dwarf_vma and cast it back to an int
	when printing.
	(process_cu_tu_index): Tighten check for an invalid ncols value.
	* readelf.c (process_corefile_note_segment): Check for
	inote.descdata extending beyond the end of the section.
	(process_v850_notes): Likewise.
2015-02-26 14:23:27 +00:00
Nick Clifton
ffc0f143c7 Fixes for memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (display_debug_aranges): Add check for an excessive
	ar_length value.
	(process_cu_tu_index): Check for a row * columns sum being too
	large.
2015-02-13 14:17:18 +00:00
Nick Clifton
f641dd969f Fix mistake in recent code to check for an unterminated leb128 number.
* dwarf.c (read_leb128): Fix test for shift becoming too large.
2015-02-13 11:13:20 +00:00
Alan Modra
b4eb7656c2 binutils/dwarf.c white space
The style fix here is for num_units * sizeof * debug_information.

	* dwarf.c: Formatting, whitespace.
	(process_debug_info): Style fix.
2015-02-13 13:54:03 +10:30
Nick Clifton
362beea4b4 Fixes for invalid memory accesses triggered by running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (display_debug_pubnames_worker): Work around compiler
	bug checking address ranges.
	(display_debug_frames): Likewise.
	(display_gdb_index): Likewise.
	(process_cu_tu_index): Add range check on the ncols value.
2015-02-11 13:05:04 +00:00
Nick Clifton
834f871cdc Fix memory access violations discovered by running readelf compiled with undefined memory access sanitization on fuzzed binaries.
PR binutils/17531
	* dwarf.c (display_debug_pubnames_worker): Use dwarf_vma type for
	offset.
	* readelf.c (dump_relocations): Handle printing offsets which are
	MIN_INT.
	(process_corefile_note_segment): Add range check of the namesz
	field.
2015-02-10 17:53:53 +00:00
Nick Clifton
03a91817f1 Fixes for memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (process_debug_info): Zero the debug information array
	since correct initialisation cannot be relied upon.
	(process_cu_tu_index): Improve range checks.
2015-02-10 17:13:31 +00:00
Nick Clifton
77ef865475 Fix memory access violations triggered by running objdump compiled with out-of-bounds sanitization checking.
PR binutils/17512
	* dwarf.c (eh_addr_size): Use an unsigned type.
	(size_of_encoded_value): Return an unsigned type.
	(read_leb128): Break if the shift becomes too big.
	(process_extended_line_op): Do not read the address if the length
	is too long.
	(read_cie): Warn and fail if the pointer size or segment size are
	too big.
	* dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect
	structure definition.
	(DWARF2_External_PubNames): Likewise.
	(DWARF2_External_CompUnit): Likewise.
	(DWARF2_External_ARange): Likewise.
	(DWARF2_Internal_LineInfo): Use dwarf_vma type for
	li_prologue_length.
	(eh_addr_size): Update prototype.

	* coffcode.h (styp_to_sec_flags): Use an unsigned long type to
	hold the flag bits.
	* peXXigen.c (pe_print_reloc): Use unsigned types to hold the
	size and number of relocs.
	(pe_print_debugdata): Use a 32-bit aligned buffer to store the
	codeview record.
	* versados.c (process_otr): Check the esdid value before using it
	to access the EDATA.
2015-02-10 14:11:00 +00:00
Mark Wielaard
5a19504458 Recognize new DWARF5/GCC5 DW_LANG constants for Fortran 03 and Fortran 08.
DWARFv5 defines and GCC5 may output two new DW_LANG constants for the
Fortran 2003 and Fortran 2008 standards. Handle and display both in
binutils.

binutils/ChangeLog:

	* dwarf.c (read_and_display_attr_value): Handle DW_LANG_Fortran03
	and DW_LANG_Fortran08.

include/ChangeLog:

	* dwarf2.h: Add DW_LANG_Fortran03 and DW_LANG_Fortran08.

http://dwarfstd.org/ShowIssue.php?issue=141121.1
2015-02-10 09:07:25 +01:00
Nick Clifton
8490fb409a Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.
PR binutils/17531
	* dwarf.c (xcmalloc): Fail if the arguments are too big.
	(xcrealloc): Likewise.
	(xcalloc2): Likewise.
2015-02-06 12:19:20 +00:00
Nick Clifton
5929c344f9 Fixes illegal memory accesses triggereb by running a 32-bit binary version of objdump compiled on a 64-bit host.
PR binutils/17512
	* dwarf.c (display_debug_frames): Fix range checks to work on
	32-bit binaries complied on a 64-bit host.

	* peXXigen.c (rsrc_print_resource_entries): Add range check for
	addresses that wrap around the address space.
	(rsrc_parse_entry): Likewise.
2015-02-06 11:12:54 +00:00
Alan Modra
7cc78d0780 Don't refer to optarg in dwarf.c function
This one is passed in optarg as its argument.

	PR binutils/17926
	* dwarf.c (dwarf_select_sections_by_letters): Don't refer to optarg.
2015-02-05 17:50:37 +10:30
Nick Clifton
f3853b3444 More fixes for memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (read_and_display_attr_value): Test for a block length
	being so long that it wraps around to before the start of the block.
	(process_debug_info): Test for section_begin wrapping around to
	before the start of the section.
	(display_gdb_index): Test for num_cus being so large that the end
	address wraps around to before the start of the section.
	(process_cu_tu_index): Test for j being so large that the section
	index pool wraps around to before the start of the section.
2015-02-04 10:48:46 +00:00
Nick Clifton
570286220e Fix memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (process_debug_info): Add range check.
	(display_debug_pubnames_worker): Likewise.
	(display_gdb_index): Fix range check.
	(process_cu_tu_index): Add range check.
	* readelf.c (get_data): Change parameter types from size_t to
	bfd_size_type.  Add checks for loss of accuracy when casting from
	bfd_size_type to size_t.
	(get_dynamic_data): Likewise.
	(process_section_groups): Limit number of error messages.
2015-02-03 20:42:36 +00:00
H.J. Lu
a0a3b04c61 Properly check abbrev size
abbrev_base is independent of abbrev_size.  We should use abbrev_base +
abbrev_size to check abbrev section size.

	* dwarf.c (process_debug_info): Properly check abbrev size.
2015-01-12 13:34:24 -08:00
Nick Clifton
1306a7421c Another fix for memory access errors trigegred by running readelf on a corrupt binary.
PR binutils/17531
	* dwarf.c (display_debug_addr): Use xcalloc to allocate the debug_addr_info
	array.  Check for an address_base that is too large.
2015-01-12 17:28:55 +00:00
Nick Clifton
72c61a0d1e More fixes for memory access errors when running readelf on fuzzed binaries.
PR binutils/17531
	* dwarf.c (process_debug_info): Check for abbrev_base being larger
	than the section size.
	(process_cu_tu_index): Use xcalloc2 to allocate the CU and TU
	arrays.
	(xcalloc2): New function.  Like xcalloc, but checks for overflow.
	* dwarf.h (xcalloc2): Prototype.
2015-01-12 16:08:41 +00:00
Nick Clifton
82b1b41bcd More fixes for invalid memory accesses triggered by fuzzed binaries.
PR binutils/17531
	* dwarf.c (alloc_num_debug_info_entries): New variable.
	(process_debug_info): Set it.  Use it to avoid displaying
	attributes for which there is no info.
	(display_debug_abbrev): Check that the debug_info_entry index is
	valid before using it.
	(display_loc_list_dwo): Likewise.
	(process_cu_tu_index): Add range check for an overlarge dw_sect
	value.
	(free_debug_memory): Reset alloc_num_debug_info_entries.
	* readelf.c (slurp_ia64_unwind_table): Warn if the reloc could not
	be indentified.
	(dynamic_section_mips_val): Warn if the timestamp is invalid.
	(print_mips_got_entry): Add a data_end parameter.  Warn if a read
	would go beyond the end of the data, and return an error value.
	(process_mips_specific): Do not read options from beyond the end
	of the section.
	Correct code to display optional data at the end of an option.
	Warn if there are too many GOT symbols.
	Update calls to print_mips_got_entry, and handle error returns.
2015-01-05 13:54:22 +00:00
Alan Modra
b90efa5b79 ChangeLog rotatation and copyright year update 2015-01-02 00:53:45 +10:30
Nick Clifton
c361b9ac1f Reverts an "enhancement" made in a previous delta which complained of
unprocessed augmentation data at the end of a CIE.

	* dwarf.c (read_cie): Revert check for unused augmentation data -
	it was bogus.
2014-12-24 08:21:50 +00:00
H.J. Lu
926e166ccb Cast size to long to warn
* dwarf.c (read_cie): Cast size to long to warn.
2014-12-22 15:29:21 -08:00
Nick Clifton
058037d3a1 More fixes for invalid memory accesses exposed by fuzzed binaries.
PR binutils/17531
	* dwarf.c (decode_location_expression): Check for an out of range
	value for a DW_OP_GNU_entry_value expression.
	(display_debug_lines_raw): Check for a partial
	.debug_line. section being encountered without a prior, full
	.debug.line section.
	(display_debug_lines_decoded): Likewise.  Also check for
	li_line_range being zero.
	(display_debug_pubnames_worker): Check for an invalid pn_length
	field.
	(read_cie): Add range checks.
	* elfcomm.c (setup_archive): Check for a negative longnames_size.
2014-12-22 22:44:34 +00:00
Mark Wielaard
6ddfe5b4f9 Display DW_LANG_C11 as (C11).
* dwarf.c (read_and_display_attr_value): Change display name of
	DW_LANG_C11 from (ANSI C11) to (C11).
2014-12-18 13:07:49 +10:30
Nick Clifton
acff96643e Fix a few moere memory access violations.
PR binutils/17512
	* dwarf.c (display_gdb_index): Add more range checks.
2014-12-11 20:25:05 +00:00
Alan Modra
4c219c2e69 Use autoconf check for long long in binutils
Also fix a place where %lld was wrongly used to print a dwarf_vma.

	* configure.ac: Check for long long and sizes of long long and long.
	* elfcomm.h (HOST_WIDEST_INT): Test HAVE_LONG_LONG in place of
	__STDC_VERSION__ and __GNUC__.
	* strings.c (print_strings): Likewise.
	* dwarf.c (DWARF_VMA_FMT, DWARF_VMA_FMT_LONG): Likewise.
	(read_debug_line_header): Use dwarf_vmatoa to print warning.
	* configure: Regenerate.
	* config.in: Regenerate.
2014-12-11 17:07:46 +10:30
Nick Clifton
53774b7e76 More fixes for invalid memory accesses triggered by fuzzed binaries.
PR binutils/17531
	* dwarf.c (display_debug_frames): Check for a negative
	augmentation data length.
	(display_gdb_index): Check for invalid offsets.
	* elfcomm.c (process_archive_index_and_symbols): Check for an
	index number that overflows when multiplied by the ar index size.
	* readelf.c (dump_ia64_unwind): Add range checks.
	(slurp_ia64_unwind_table): Change to a boolean function.  Add
	range checks.
	(process_version_sections): Add range checks.
	(get_symbol_version_string): Add check for missing section
	headers.
2014-12-08 17:51:46 +00:00
H.J. Lu
ef77750ef7 Properly check for an out of range row index
* dwarf.c (process_cu_tu_index): Properly check for an out of
	range row index.
2014-12-01 09:12:37 -08:00
Nick Clifton
06614111d1 More fixes for memory access violations exposed by fuzzed binaries.
PR binutils/17512
	* dwarf.h (struct dwarf_section): Add user_data field.
	* dwarf.c (frame_need_space): Check for an over large register
	number.
	(display_debug_frames): Check the return value from
	frame_need_space.  Check for a CFA expression that is so long the
	start address wraps around.
	(debug_displays): Initialise the user_data field.
	* objdump.c (load_specific_debug_section): Save the BFD section
	pointer in the user_data field of the dwarf_section structure.
	(free_debug_section): Update BFD section data when freeing section
	contents.
	* readelf.c (load_specific_debug_section): Initialise the
	user_data field.

	* archive.c (do_slurp_coff_armap): Add range checks to prevent
	running off the end of the string table.
	* compress.c (bfd_get_full_section_contents): Return a NULL
	pointer for zero sized sections.  Do not attempt to copy a buffer
	onto itself.
	* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
	header.  Add range checks to avoid running off the end of the
	section.
	* elf.c (bfd_elf_get_str_section): Seek before allocating so that
	if the seek fails, no memory is allocated.
	(bfd_elf_string_from_elf_section): Do not allocate a string from a
	non string section.  It only leads to trouble later on.
	(_bfd_elf_print_private_bfd_data): Check for there being too
	little external dynamic data.
	(bfd_section_from_shdr): Replace assertion with a failure mode.
	(bfd_section_from_shdr): When walking a loaded group section use
	the internal structure size, not the external size.  Check for the
	group section being empty.
	* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
	failure mode.
	* elfcode.h (elf_slurp_reloc_table): Likewise.
	* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
	parameter is NULL.
2014-12-01 16:43:46 +00:00
Nick Clifton
591f7597d4 Add checks for memory access violations exposed by fuzzed archives.
PR binutils/17531
	* dwarf.c (process_cu_tu_index): Check for an out of range row
	index.
	* elfcomm.c (adjust_relative_path): Change name_len parameter to
	an unsigned long.  Check for path length overflow.
	(process_archive_index_and_symbols): Check for invalid header
	size.
	(setup_archive): Add checks for invalid archives.
	(get_archive_member_name): Add range checks.
	* elfcomm.h (adjust_relative_path): Update prototyoe.
	* readelf.c (process_archive): Add range checks.
2014-12-01 11:19:39 +00:00
Mark Wielaard
8bc106204c dwarf.c handle new DWARFv5 C11, C++11 and C++14 DW_LANG constants.
binutils/ChangeLog

	* dwarf.c (read_and_display_attr_value): Handle DW_LANG_C11,
	DW_LANG_C_plus_plus_11 and DW_LANG_C_plus_plus_14.
2014-11-27 00:35:18 +01:00
Nick Clifton
a11652892c More fixes for memory access errors triggered by attemps to examine corrupted binaries.
PR binutils/17512
	* dwarf.c (display_block): Do nothing if the block starts after
	the end of the buffer.
	(read_and_display_attr_value): Add range checks.
	(struct Frame_Chunk): Make the ncols and ra fields unsigned.
	(frame_need_space): Test for an ncols of zero.
	(read_cie): Fail if the augmentation data extends off the end of
	the buffer.
	(display_debug_frames): Add checks for read_cie failing.  Add
	range checks.
	* coff-h8300.c (rtype2howto): Replace abort with returning a NULL
	value.
	* coff-h8500.c (rtype2howto): Likewise.
	* coff-tic30.c (rtype2howto): Likewise.
	* coff-z80.c (rtype2howto): Likewise.
	* coff-z8k.c (rtype2howto): Likewise.
	* coff-ia64.c (RTYPE2HOWTO): Always return a valid howto.
	* coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none
	could be found.
	* coff-mcore.c (RTYPE2HOWTO): Add range checking.
	* coff-w65.c (rtype2howto): Likewise.
	* coff-we32k.c (RTYPE2HOWTO): Likewise.
	* pe-mips.c (RTYPE2HOWTO): Likewise.
	* coff-x86_64.c (coff_amd64_reloc): Likewise.  Replace abort with
	an error return.
	* coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to
	be unused.
	* coffgen.c (make_a_section_from_file): Check the length of a
	section name before testing to see if it is a debug section name.
	(coff_object_p): Zero out any uninitialised bytes in the opt
	header.
	* ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw
	source being empty when there are values to be processed.
	(_bfd_ecoff_slurp_symbol_table): Add range check.
	* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
	(bfd_mach_o_mangle_sections): Move test for too many sections to
	before the allocation of the section table.
	(bfd_mach_o_read_symtab_strtab): If the read fails, free the
	memory and nullify the symbol pointer.
	* reloc.c (bfd_generic_get_relocated_section_contents): Add
	handling of a bfd_reloc_notsupported return value.
	* versados.c (EDATA): Add range checking.
	(get_record): Likewise.
	(process_otr): Check for contents being available before updating
	them.
	(versados_canonicalize_reloc): Add range check.
2014-11-26 14:11:23 +00:00
Nick Clifton
0a9d414aa1 Fixes for memory access violations exposed by fuzzinf various binaries.
PR binutils/17512
	* dwarf.c (get_encoded_value): Check for an encoded size of 0.
	(display_debug_lines_raw): Check for an invalid line range value.
	(display_debug_frames): Check for corrupt augmentation data.

	* coffgen.c (coff_get_normalized_symtab): Check for an excessive
	number of auxillary entries.
	* ieee.c (next_byte): Convert to a function.  Return FALSE if the
	next byte is beyond the end of the buffer.
	(parse_int): Test the return value of next_byte.
	(parse_expression): Convert to boolean.  Return FALSE if the
	parsing failed.  Test the return value of next_byte.
	(ieee_seek): Convert to a function.  Return FALSE if the seek goes
	beyond the end of the buffer.
	(ieee_slurp_external_symbols): Test the return value of ieee_seek
	and next_byte.
	(ieee_slurp_sections): Convert to boolean.  Return FALSE if the
	operation failed.  Test the return value of ieee_seek and
	next_byte.
	(ieee_archive_p): Test the return value of ieee_seek and
	next_byte.
	(do_one): Likewise.
	(ieee_slurp_section_data): Likewise.
	(ieee_object_p): Likewise.  Store the size of the buffer in the
	total_amt field in the header.
	* libieee.h (common_header_type): Add amt field.
	* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
	reloc's value is within range.
	(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
	operation fails.
	* pei-x86_64.c (pex64_xdata_print_uwd_codes): Replace abort with
	an error message.
	(pex64_dump_xdata): Check for buffer overflows.
	* versados.c (process_otr): Check that the section exists before
	taking its size.
	(versados_object_p): Make sure that enough data was read for the
	header to be checked.
	* vms-alpha.c (vms_get_remaining_object_record): Change
	read_so_far parameter to an unsigned int.  Check that the amount
	read is in range.
2014-11-21 21:44:04 +00:00
Jan-Benedict Glaw
e44c58ce2f Fix signedness warning
This is the updated version using uintptr_t as Alan Modra suggested.

2014-11-18  Jan-Benedict Glaw  <jbglaw@lug-owl.de>

	* dwarf.c (process_extended_line_op): Fix signedness warning.
2014-11-19 14:13:30 +01:00
Nick Clifton
6937bb54a9 More fixes for illegal memory accesses exposed by fuzzed binaries.
PR binutils/17512
	* peXXIgen.c (pe_print_pdata): Fail if the section's virtual size
	is larger than its real size.
	(rsrc_print_section): Fix off-by-one error checking for overflow.
	* pei-x86_64.c (pex64_bfd_print_pdata): Handle empty unwind
	sections.

	* dwarf.c (get_encoded_value): Warn and return if the encoded
	value is more than 64-bits long.
	(SAFE_BYTE_GET): Do not attempt to read more than 64-bits.
	(process_extended_line_op): Add more range checks.
	(decode_location_expression): Use the return value from
	display_block.  Add more range checks.
	(read_debug_line_header): Add range check.
	(display_debug_lines_raw): Add range checks.
	(display_debug_frames): Silently skip multiple zero terminators.
	Add range checks.
	(process_cu_tu_index): Check for non-existant or empty sections.
	Use SAFE_BYTE_GET instead of byte_get.
2014-11-18 14:40:05 +00:00
Nick Clifton
041830e03c More fixes for invalid memory accesses triggered by corrupt binaries.
PR binutils/17512
	* dwarf.c (get_encoded_value): Add an 'end' parameter.  Change the
	'data' parameter to a double pointer and return the updated value.
	(decode_location_expression): Update call to get_encoded_value.
	(frame_need_space): Handle the case where one or both of the
	mallocs fails.
	(read_cie): Initialise the cie pointer, even if the read fails.
	(display_debug_frames): Warn if the calculated block_end is before
	the start of the block.  Break the loop if the CIE could not be
	read.  Update call to get_encoded_value.  Warn if the read CFA
	expressions are too big.

	* ieee.c (ieee_archive_p) Skip processing if no bytes are read at
	all.
	(ieee_object_p): Likewise.
2014-11-14 12:30:00 +00:00
Nick Clifton
f41e4712a7 Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512
	* dwarf.c (read_and_display_attr_value): Check that we do not read
	past end.
	(display_debug_pubnames_worker): Add range checks.
	(process_debug_info): Check for invalid pointer sizes.
	(display_loc_list): Likewise.
	(display_loc_list_dwo): Likewise.
	(display_debug_ranges): Likewise.
	(display_debug_aranges): Check for invalid address size.
	(read_cie): Add range checks.  Replace call strchr with while loop.
	* objdump.c (dump_dwarf): Replace abort with a warning message.
	(print_section_stabs): Improve range checks.
	* rdcoff.c (coff_get_slot): Use long for indx parameter type.
	Add check for an excesively large index.
	* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
	string table.  Avoid walking off the end of the stabs data.
	* stabs.c (parse_stab_string): Add check for a NULL name.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Set the line number of
	corrupt entries to -1.
	(coff_slurp_symbol_table): Alway initialise the value of the
	symbol.
	* coffgen.c (coff_print_symbol): Check that the combined pointer
	is valid.
	(coff_print_symbol): Do not print negative line numbers.
	* peXXigen.c (pe_print_idata): Add range checking displaying
	member names.
2014-11-12 22:39:58 +00:00
Alan Modra
65879393f0 Avoid undefined behaviour with signed expressions
PR 17453
bfd/
	* libbfd.c (COERCE16, COERCE32, COERCE64): Use unsigned types.
	(EIGHT_GAZILLION): Delete.
binutils/
	* dwarf.c (read_leb128): Avoid signed overflow.
	(read_debug_line_header): Likewise.
gas/
	* config/tc-i386.c (fits_in_signed_long): Use unsigned param and
	expression to avoid signed overflow.
	(fits_in_signed_byte, fits_in_unsigned_byte, fits_in_unsigned_word,
	fits_in_signed_word, fits_in_unsigned_long): Similarly.
	* expr.c (operand <'-'>): Avoid signed overflow.
	* read.c (s_comm_internal): Likewise.
2014-10-14 14:36:35 +10:30
Alan Modra
49727e4617 Readelf: Handle forward references to CIEs
The linker side of pr16563 was fixed with commit 18cd5bce, but
unfortunately people continue to use older linkers with -flto.  This
means we have binaries with working .eh_frame that can't be dumped by
readelf, and I'm seeing internal IBM bug reports about this fact.

	PR 16563
	* dwarf.c (GET): Remove semicolon.
	(read_cie): New function, extracted from..
	(display_debug_frames): ..here.  Correctly handle signed offset
	from FDE to CIE in .eh_frame.  Decode forward referenced CIEs too.
2014-09-22 18:57:16 +09:30