X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=binutils%2Felfcomm.c;h=9bfc33c8f175ddf907f6fb6b29d46392ec5f44c8;hb=67ce483baa43121a17195efe4b14a183e9fd8232;hp=d5b4313880d3720b9700a60f167281d86959f69a;hpb=87bc83b328c32e82623df4c7689304c277106a3e;p=external%2Fbinutils.git diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c index d5b4313..9bfc33c 100644 --- a/binutils/elfcomm.c +++ b/binutils/elfcomm.c @@ -1,5 +1,5 @@ /* elfcomm.c -- common code for ELF format file. - Copyright 2010-2013 Free Software Foundation, Inc. + Copyright (C) 2010-2018 Free Software Foundation, Inc. Originally developed by Eric Youngdale Modifications by Nick Clifton @@ -51,7 +51,7 @@ warn (const char *message, ...) /* Try to keep warning messages in sync with the program's normal output. */ fflush (stdout); - + va_start (args, message); fprintf (stderr, _("%s: Warning: "), program_name); vfprintf (stderr, message, args); @@ -125,10 +125,10 @@ byte_put_big_endian (unsigned char * field, elf_vma value, int size) } } -elf_vma (*byte_get) (unsigned char *, int); +elf_vma (*byte_get) (const unsigned char *, int); elf_vma -byte_get_little_endian (unsigned char *field, int size) +byte_get_little_endian (const unsigned char *field, int size) { switch (size) { @@ -165,6 +165,7 @@ byte_get_little_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 8) | (((unsigned long) (field[2])) << 16) | (((unsigned long) (field[3])) << 24); + /* Fall through. */ case 6: if (sizeof (elf_vma) == 8) @@ -182,6 +183,7 @@ byte_get_little_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 8) | (((unsigned long) (field[2])) << 16) | (((unsigned long) (field[3])) << 24); + /* Fall through. */ case 7: if (sizeof (elf_vma) == 8) @@ -200,6 +202,7 @@ byte_get_little_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 8) | (((unsigned long) (field[2])) << 16) | (((unsigned long) (field[3])) << 24); + /* Fall through. */ case 8: if (sizeof (elf_vma) == 8) @@ -219,6 +222,7 @@ byte_get_little_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 8) | (((unsigned long) (field[2])) << 16) | (((unsigned long) (field[3])) << 24); + /* Fall through. */ default: error (_("Unhandled data length: %d\n"), size); @@ -227,7 +231,7 @@ byte_get_little_endian (unsigned char *field, int size) } elf_vma -byte_get_big_endian (unsigned char *field, int size) +byte_get_big_endian (const unsigned char *field, int size) { switch (size) { @@ -265,6 +269,7 @@ byte_get_big_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 16) | (((unsigned long) (field[0])) << 24); } + /* Fall through. */ case 6: if (sizeof (elf_vma) == 8) @@ -284,6 +289,7 @@ byte_get_big_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 16) | (((unsigned long) (field[0])) << 24); } + /* Fall through. */ case 7: if (sizeof (elf_vma) == 8) @@ -304,6 +310,7 @@ byte_get_big_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 16) | (((unsigned long) (field[0])) << 24); } + /* Fall through. */ case 8: if (sizeof (elf_vma) == 8) @@ -325,6 +332,7 @@ byte_get_big_endian (unsigned char *field, int size) | (((unsigned long) (field[1])) << 16) | (((unsigned long) (field[0])) << 24); } + /* Fall through. */ default: error (_("Unhandled data length: %d\n"), size); @@ -333,7 +341,7 @@ byte_get_big_endian (unsigned char *field, int size) } elf_vma -byte_get_signed (unsigned char *field, int size) +byte_get_signed (const unsigned char *field, int size) { elf_vma x = byte_get (field, size); @@ -365,7 +373,7 @@ byte_get_signed (unsigned char *field, int size) of an 8-byte value separately. */ void -byte_get_64 (unsigned char *field, elf_vma *high, elf_vma *low) +byte_get_64 (const unsigned char *field, elf_vma *high, elf_vma *low) { if (byte_get == byte_get_big_endian) { @@ -386,10 +394,11 @@ byte_get_64 (unsigned char *field, elf_vma *high, elf_vma *low) char * adjust_relative_path (const char *file_name, const char *name, - int name_len) + unsigned long name_len) { char * member_file_name; const char * base_name = lbasename (file_name); + size_t amt; /* This is a proxy entry for a thin archive member. If the extended name table contains an absolute path @@ -399,7 +408,10 @@ adjust_relative_path (const char *file_name, const char *name, archive is located. */ if (IS_ABSOLUTE_PATH (name) || base_name == file_name) { - member_file_name = (char *) malloc (name_len + 1); + amt = name_len + 1; + if (amt == 0) + return NULL; + member_file_name = (char *) malloc (amt); if (member_file_name == NULL) { error (_("Out of memory\n")); @@ -413,7 +425,18 @@ adjust_relative_path (const char *file_name, const char *name, /* Concatenate the path components of the archive file name to the relative path name from the extended name table. */ size_t prefix_len = base_name - file_name; - member_file_name = (char *) malloc (prefix_len + name_len + 1); + + amt = prefix_len + name_len + 1; + /* PR 17531: file: 2896dc8b + Catch wraparound. */ + if (amt < prefix_len || amt < name_len) + { + error (_("Abnormal length of thin archive member name: %lx\n"), + name_len); + return NULL; + } + + member_file_name = (char *) malloc (amt); if (member_file_name == NULL) { error (_("Out of memory\n")); @@ -443,8 +466,20 @@ process_archive_index_and_symbols (struct archive_info * arch, { size_t got; unsigned long size; + char fmag_save; + fmag_save = arch->arhdr.ar_fmag[0]; + arch->arhdr.ar_fmag[0] = 0; size = strtoul (arch->arhdr.ar_size, NULL, 10); + arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 912bd7de. */ + if ((signed long) size < 0) + { + error (_("%s: invalid archive header size: %ld\n"), + arch->file_name, size); + return FALSE; + } + size = size + (size & 1); arch->next_arhdr_offset += sizeof arch->arhdr + size; @@ -468,7 +503,7 @@ process_archive_index_and_symbols (struct archive_info * arch, unsigned char * index_buffer; assert (sizeof_ar_index <= sizeof integer_buffer); - + /* Check the size of the archive index. */ if (size < sizeof_ar_index) { @@ -487,9 +522,11 @@ process_archive_index_and_symbols (struct archive_info * arch, arch->index_num = byte_get_big_endian (integer_buffer, sizeof_ar_index); size -= sizeof_ar_index; - if (size < arch->index_num * sizeof_ar_index) + if (size < arch->index_num * sizeof_ar_index + /* PR 17531: file: 585515d1. */ + || size < arch->index_num) { - error (_("%s: the archive index is supposed to have %ld entries of %d bytes, but the size is only %ld\n"), + error (_("%s: the archive index is supposed to have 0x%lx entries of %d bytes, but the size is only 0x%lx\n"), arch->file_name, (long) arch->index_num, sizeof_ar_index, size); return FALSE; } @@ -585,7 +622,7 @@ setup_archive (struct archive_info *arch, const char *file_name, arch->longnames_size = 0; arch->nested_member_origin = 0; arch->is_thin_archive = is_thin_archive; - arch->uses_64bit_indicies = FALSE; + arch->uses_64bit_indices = FALSE; arch->next_arhdr_offset = SARMAG; /* Read the first archive member header. */ @@ -612,7 +649,7 @@ setup_archive (struct archive_info *arch, const char *file_name, } else if (const_strneq (arch->arhdr.ar_name, "/SYM64/ ")) { - arch->uses_64bit_indicies = TRUE; + arch->uses_64bit_indices = TRUE; if (! process_archive_index_and_symbols (arch, 8, read_symbols)) return 1; } @@ -622,10 +659,29 @@ setup_archive (struct archive_info *arch, const char *file_name, if (const_strneq (arch->arhdr.ar_name, "// ")) { /* This is the archive string table holding long member names. */ + char fmag_save = arch->arhdr.ar_fmag[0]; + arch->arhdr.ar_fmag[0] = 0; arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10); + arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 01068045. */ + if (arch->longnames_size < 8) + { + error (_("%s: long name table is too small, (size = %ld)\n"), + file_name, arch->longnames_size); + return 1; + } + /* PR 17531: file: 639d6a26. */ + if ((signed long) arch->longnames_size < 0) + { + error (_("%s: long name table is too big, (size = 0x%lx)\n"), + file_name, arch->longnames_size); + return 1; + } + arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size; - arch->longnames = (char *) malloc (arch->longnames_size); + /* Plus one to allow for a string terminator. */ + arch->longnames = (char *) malloc (arch->longnames_size + 1); if (arch->longnames == NULL) { error (_("Out of memory reading long symbol names in archive\n")); @@ -643,6 +699,8 @@ setup_archive (struct archive_info *arch, const char *file_name, if ((arch->longnames_size & 1) != 0) getc (file); + + arch->longnames[arch->longnames_size] = 0; } return 0; @@ -707,29 +765,47 @@ get_archive_member_name (struct archive_info *arch, char *endp; char *member_file_name; char *member_name; + char fmag_save; if (arch->longnames == NULL || arch->longnames_size == 0) { error (_("Archive member uses long names, but no longname table found\n")); return NULL; } - + arch->nested_member_origin = 0; + fmag_save = arch->arhdr.ar_fmag[0]; + arch->arhdr.ar_fmag[0] = 0; k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10); if (arch->is_thin_archive && endp != NULL && * endp == ':') arch->nested_member_origin = strtoul (endp + 1, NULL, 10); + arch->arhdr.ar_fmag[0] = fmag_save; + if (j > arch->longnames_size) + { + error (_("Found long name index (%ld) beyond end of long name table\n"),j); + return NULL; + } while ((j < arch->longnames_size) && (arch->longnames[j] != '\n') && (arch->longnames[j] != '\0')) j++; - if (arch->longnames[j-1] == '/') + if (j > 0 && arch->longnames[j-1] == '/') j--; + if (j > arch->longnames_size) + j = arch->longnames_size; arch->longnames[j] = '\0'; if (!arch->is_thin_archive || arch->nested_member_origin == 0) return arch->longnames + k; + /* PR 17531: file: 2896dc8b. */ + if (k >= j) + { + error (_("Invalid Thin archive member name\n")); + return NULL; + } + /* This is a proxy for a member of a nested archive. Find the name of the member in that archive. */ member_file_name = adjust_relative_path (arch->file_name, @@ -842,7 +918,7 @@ make_qualified_name (struct archive_info * arch, nested_arch->file_name, member_name); else snprintf (name, len, "%s[%s(%s)]", arch->file_name, - error_name, member_name); + error_name, member_name); } else if (arch->is_thin_archive) snprintf (name, len, "%s[%s]", arch->file_name, member_name);