From: Nick Clifton Date: Tue, 3 Feb 2015 14:34:54 +0000 (+0000) Subject: More fixes for illegal memory accesses triggered by running objdump on fuzzed binaries. X-Git-Tag: gdb-7.10-release~1756 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=64d2901806c171c0d949f8fb1b29b4e5ba8cf04d;p=external%2Fbinutils.git More fixes for illegal memory accesses triggered by running objdump on fuzzed binaries. PR binutils/17512 * objdump.c (display_any_bfd): Fail if archives nest too deeply. * ecoff.c: Use bfd_alloc2 to allocate space for structure arrays. (_bfd_ecoff_slurp_symbol_table): Check for a negative symbol index or an out of range fdr index. * elf-m10300.c (mn10300_info_to_howto): Fix typo in error message. * elf32-arc.c (arc_info_to_howto_rel): Likewise. * elf32-avr.c (avr_info_to_howto_rela): Likewise. * elf32-cr16.c (elf_cr16_info_to_howto): Likewise. * elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise. * elf32-cris.c (cris_info_to_howto_rela): Likewise. * elf32-crx.c (elf_crx_info_to_howto): Likewise. * elf32-d10v.c (d10v_info_to_howto_rel): Likewise. * elf32-d30v.c (d30v_info_to_howto_rel): Likewise. * elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise. * elf32-fr30.c (fr30_info_to_howto_rela): Likewise. * elf32-frv.c (frv_info_to_howto_rela): Likewise. * elf32-i370.c (i370_elf_info_to_howto): Likewise. * elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise. * elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise. * elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise. * elf32-lm32.c (lm32_info_to_howto_rela): Likewise. * elf32-m32c.c (m32c_info_to_howto_rela): Likewise. * elf32-m32r.c (m32r_info_to_howto_rel): Likewise. * elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise. * elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise. * elf32-mcore.c (mcore_elf_info_to_howto): Likewise. * elf32-mep.c (mep_info_to_howto_rela): Likewise. * elf32-metag.c (metag_info_to_howto_rela): Likewise. * elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise. * elf32-moxie.c (moxie_info_to_howto_rela): Likewise. * elf32-msp430.c (msp430_info_to_howto_rela): Likewise. * elf32-mt.c (mt_info_to_howto_rela): Likewise. * elf32-nds32.c (nds32_info_to_howto_rel): Likewise. * elf32-or1k.c (or1k_info_to_howto_rela): Likewise. * elf32-pj.c (pj_elf_info_to_howto): Likewise. * elf32-ppc.c (ppc_elf_info_to_howto): Likewise. * elf32-rl78.c (rl78_info_to_howto_rela): Likewise. * elf32-rx.c (rx_info_to_howto_rela): Likewise. * elf32-sh.c (sh_elf_info_to_howto): Likewise. * elf32-spu.c (spu_elf_info_to_howto): Likewise. * elf32-v850.c (v850_elf_perform_relocation): Likewise. * elf32-vax.c (rtype_to_howto): Likewise. * elf32-visium.c (visium_info_to_howto_rela): Likewise. * elf32-xgate.c (xgate_info_to_howto_rel): Likewise. * elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise. * elf64-alpha.c (elf64_alpha_info_to_howto): Likewise. * elf64-mmix.c (mmix_info_to_howto_rela): Likewise. * mach-o.c: Use bfd_alloc2 to allocate space for structure arrays. (bfd_mach_o_canonicalize_one_reloc): Fix check on out of range symbol indicies. (bfd_mach_o_canonicalize_relocs): Check for out of range alloc. (bfd_mach_o_canonicalize_dynamic_reloc): Likewise. (bfd_mach_o_build_dysymtab): Likewise. (bfd_mach_o_write_symtab_content): Set the string table size to zero upon error. (bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the read fails. * peXXigen.c (pe_print_edata): Check for numeric overflow in edt fields. * tekhex.c (first_phase): Check for src pointer reaching end of buffer. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index e6ed9b6..4924f03 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,67 @@ +2015-02-03 Nick Clifton + + PR binutils/17512 + * ecoff.c: Use bfd_alloc2 to allocate space for structure arrays. + (_bfd_ecoff_slurp_symbol_table): Check for a negative symbol + index or an out of range fdr index. + * elf-m10300.c (mn10300_info_to_howto): Fix typo in error message. + * elf32-arc.c (arc_info_to_howto_rel): Likewise. + * elf32-avr.c (avr_info_to_howto_rela): Likewise. + * elf32-cr16.c (elf_cr16_info_to_howto): Likewise. + * elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise. + * elf32-cris.c (cris_info_to_howto_rela): Likewise. + * elf32-crx.c (elf_crx_info_to_howto): Likewise. + * elf32-d10v.c (d10v_info_to_howto_rel): Likewise. + * elf32-d30v.c (d30v_info_to_howto_rel): Likewise. + * elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise. + * elf32-fr30.c (fr30_info_to_howto_rela): Likewise. + * elf32-frv.c (frv_info_to_howto_rela): Likewise. + * elf32-i370.c (i370_elf_info_to_howto): Likewise. + * elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise. + * elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise. + * elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise. + * elf32-lm32.c (lm32_info_to_howto_rela): Likewise. + * elf32-m32c.c (m32c_info_to_howto_rela): Likewise. + * elf32-m32r.c (m32r_info_to_howto_rel): Likewise. + * elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise. + * elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise. + * elf32-mcore.c (mcore_elf_info_to_howto): Likewise. + * elf32-mep.c (mep_info_to_howto_rela): Likewise. + * elf32-metag.c (metag_info_to_howto_rela): Likewise. + * elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise. + * elf32-moxie.c (moxie_info_to_howto_rela): Likewise. + * elf32-msp430.c (msp430_info_to_howto_rela): Likewise. + * elf32-mt.c (mt_info_to_howto_rela): Likewise. + * elf32-nds32.c (nds32_info_to_howto_rel): Likewise. + * elf32-or1k.c (or1k_info_to_howto_rela): Likewise. + * elf32-pj.c (pj_elf_info_to_howto): Likewise. + * elf32-ppc.c (ppc_elf_info_to_howto): Likewise. + * elf32-rl78.c (rl78_info_to_howto_rela): Likewise. + * elf32-rx.c (rx_info_to_howto_rela): Likewise. + * elf32-sh.c (sh_elf_info_to_howto): Likewise. + * elf32-spu.c (spu_elf_info_to_howto): Likewise. + * elf32-v850.c (v850_elf_perform_relocation): Likewise. + * elf32-vax.c (rtype_to_howto): Likewise. + * elf32-visium.c (visium_info_to_howto_rela): Likewise. + * elf32-xgate.c (xgate_info_to_howto_rel): Likewise. + * elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise. + * elf64-alpha.c (elf64_alpha_info_to_howto): Likewise. + * elf64-mmix.c (mmix_info_to_howto_rela): Likewise. + * mach-o.c: Use bfd_alloc2 to allocate space for structure arrays. + (bfd_mach_o_canonicalize_one_reloc): Fix check on out + of range symbol indicies. + (bfd_mach_o_canonicalize_relocs): Check for out of range alloc. + (bfd_mach_o_canonicalize_dynamic_reloc): Likewise. + (bfd_mach_o_build_dysymtab): Likewise. + (bfd_mach_o_write_symtab_content): Set the string table size to + zero upon error. + (bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the + read fails. + * peXXigen.c (pe_print_edata): Check for numeric overflow in edt + fields. + * tekhex.c (first_phase): Check for src pointer reaching end of + buffer. + 2015-02-03 Will Newton * elfnn-aarch64.c (elfNN_aarch64_finish_dynamic_symbol): diff --git a/bfd/ecoff.c b/bfd/ecoff.c index 504d6b9..a8ba28a 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -504,7 +504,6 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, struct fdr *fdr_ptr; bfd_size_type raw_end; bfd_size_type cb_end; - bfd_size_type amt; file_ptr pos; BFD_ASSERT (debug == &ecoff_data (abfd)->debug_info); @@ -607,9 +606,8 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, We need to look at the fdr to deal with a lot of information in the symbols, so we swap them here. */ - amt = internal_symhdr->ifdMax; - amt *= sizeof (struct fdr); - debug->fdr = (FDR *) bfd_alloc (abfd, amt); + debug->fdr = (FDR *) bfd_alloc2 (abfd, internal_symhdr->ifdMax, + sizeof (struct fdr)); if (debug->fdr == NULL) return FALSE; external_fdr_size = backend->debug_swap.external_fdr_size; @@ -859,7 +857,6 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) = backend->debug_swap.swap_ext_in; void (* const swap_sym_in) (bfd *, void *, SYMR *) = backend->debug_swap.swap_sym_in; - bfd_size_type internal_size; ecoff_symbol_type *internal; ecoff_symbol_type *internal_ptr; char *eraw_src; @@ -878,9 +875,8 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) if (bfd_get_symcount (abfd) == 0) return TRUE; - internal_size = bfd_get_symcount (abfd); - internal_size *= sizeof (ecoff_symbol_type); - internal = (ecoff_symbol_type *) bfd_alloc (abfd, internal_size); + internal = (ecoff_symbol_type *) bfd_alloc2 (abfd, bfd_get_symcount (abfd), + sizeof (ecoff_symbol_type)); if (internal == NULL) return FALSE; @@ -896,20 +892,28 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) (*swap_ext_in) (abfd, (void *) eraw_src, &internal_esym); /* PR 17512: file: 3372-1000-0.004. */ - if (internal_esym.asym.iss >= ecoff_data (abfd)->debug_info.symbolic_header.issExtMax) + if (internal_esym.asym.iss >= ecoff_data (abfd)->debug_info.symbolic_header.issExtMax + || internal_esym.asym.iss < 0) return FALSE; internal_ptr->symbol.name = (ecoff_data (abfd)->debug_info.ssext + internal_esym.asym.iss); + if (!ecoff_set_symbol_info (abfd, &internal_esym.asym, &internal_ptr->symbol, 1, internal_esym.weakext)) return FALSE; - + /* The alpha uses a negative ifd field for section symbols. */ if (internal_esym.ifd >= 0) - internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr - + internal_esym.ifd); + { + /* PR 17512: file: 3372-1983-0.004. */ + if (internal_esym.ifd >= ecoff_data (abfd)->debug_info.symbolic_header.ifdMax) + internal_ptr->fdr = NULL; + else + internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr + + internal_esym.ifd); + } else internal_ptr->fdr = NULL; internal_ptr->local = FALSE; diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c index acb21ff..a6a22b3 100644 --- a/bfd/elf-m10300.c +++ b/bfd/elf-m10300.c @@ -808,7 +808,7 @@ mn10300_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_MN10300_MAX) { - (*_bfd_error_handler) (_("%A: unrecognised MN10300 reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised MN10300 reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_MN10300_NONE; diff --git a/bfd/elf32-arc.c b/bfd/elf32-arc.c index ef71b25..07af56b 100644 --- a/bfd/elf32-arc.c +++ b/bfd/elf32-arc.c @@ -174,7 +174,7 @@ arc_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_ARC_max) { - _bfd_error_handler (_("%A: invalid ARC reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid ARC reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_arc_howto_table[r_type]; diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c index c88b6aa..255a2c2 100644 --- a/bfd/elf32-avr.c +++ b/bfd/elf32-avr.c @@ -861,7 +861,7 @@ avr_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_AVR_max) { - _bfd_error_handler (_("%A: invalid AVR reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid AVR reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_avr_howto_table[r_type]; diff --git a/bfd/elf32-cr16.c b/bfd/elf32-cr16.c index 23ced9e..047d720 100644 --- a/bfd/elf32-cr16.c +++ b/bfd/elf32-cr16.c @@ -675,7 +675,7 @@ elf_cr16_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, if (r_type >= R_CR16_MAX) { - (*_bfd_error_handler) (_("%A: unrecognised CR16 reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised CR16 reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_CR16_NONE; diff --git a/bfd/elf32-cr16c.c b/bfd/elf32-cr16c.c index db908f0..6547ec1 100644 --- a/bfd/elf32-cr16c.c +++ b/bfd/elf32-cr16c.c @@ -182,7 +182,7 @@ elf_cr16c_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, if (r_type >= RINDEX_16C_MAX) { - _bfd_error_handler (_("%A; invalid CR16C reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid CR16C reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_howto_table[r_type]; diff --git a/bfd/elf32-cris.c b/bfd/elf32-cris.c index 46f5169..d5670ac 100644 --- a/bfd/elf32-cris.c +++ b/bfd/elf32-cris.c @@ -463,7 +463,7 @@ cris_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_CRIS_max) { - _bfd_error_handler (_("%A: invalid CRIS reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid CRIS reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & cris_elf_howto_table [r_type]; diff --git a/bfd/elf32-crx.c b/bfd/elf32-crx.c index 2b6411d..0f9069c 100644 --- a/bfd/elf32-crx.c +++ b/bfd/elf32-crx.c @@ -425,7 +425,7 @@ elf_crx_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, unsigned int r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_CRX_MAX) { - (*_bfd_error_handler) (_("%A: unrecognised CRX reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised CRX reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_CRX_NONE; diff --git a/bfd/elf32-d10v.c b/bfd/elf32-d10v.c index 951f7f5..a7d30c9 100644 --- a/bfd/elf32-d10v.c +++ b/bfd/elf32-d10v.c @@ -230,7 +230,7 @@ d10v_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_D10V_max) { - _bfd_error_handler (_("%A: invalid D10V reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid D10V reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_d10v_howto_table[r_type]; diff --git a/bfd/elf32-d30v.c b/bfd/elf32-d30v.c index fdf44ec..3976206 100644 --- a/bfd/elf32-d30v.c +++ b/bfd/elf32-d30v.c @@ -518,7 +518,7 @@ d30v_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_D30V_max) { - _bfd_error_handler (_("%A: invalid D30V reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid D30V reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_d30v_howto_table[r_type]; @@ -536,7 +536,7 @@ d30v_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_D30V_max) { - _bfd_error_handler (_("%A: invalid D30V reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid D30V reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_d30v_howto_table[r_type]; diff --git a/bfd/elf32-epiphany.c b/bfd/elf32-epiphany.c index bd640ae..6c57683 100644 --- a/bfd/elf32-epiphany.c +++ b/bfd/elf32-epiphany.c @@ -372,7 +372,7 @@ epiphany_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_EPIPHANY_max) { - _bfd_error_handler (_("%A: invalid Epiphany reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid Epiphany reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & epiphany_elf_howto_table [r_type]; diff --git a/bfd/elf32-fr30.c b/bfd/elf32-fr30.c index ba47a3d..13f6f19 100644 --- a/bfd/elf32-fr30.c +++ b/bfd/elf32-fr30.c @@ -377,7 +377,7 @@ fr30_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_FR30_max) { - _bfd_error_handler (_("%A: invalid FR30 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid FR30 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & fr30_elf_howto_table [r_type]; diff --git a/bfd/elf32-frv.c b/bfd/elf32-frv.c index deaa2e3..f374df0 100644 --- a/bfd/elf32-frv.c +++ b/bfd/elf32-frv.c @@ -2559,7 +2559,7 @@ frv_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, default: if (r_type >= (unsigned int) R_FRV_max) { - _bfd_error_handler (_("%A: invalid FRV reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid FRV reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & elf32_frv_howto_table [r_type]; diff --git a/bfd/elf32-i370.c b/bfd/elf32-i370.c index 7d92fe5..6e6c8e8 100644 --- a/bfd/elf32-i370.c +++ b/bfd/elf32-i370.c @@ -303,7 +303,7 @@ i370_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_I370_max) { - (*_bfd_error_handler) (_("%A: unrecognised I370 reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised I370 reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_I370_NONE; diff --git a/bfd/elf32-i960.c b/bfd/elf32-i960.c index 978f2a1b..ff51bcd 100644 --- a/bfd/elf32-i960.c +++ b/bfd/elf32-i960.c @@ -136,7 +136,7 @@ elf32_i960_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, /* PR 17521: file: 9609b8d6. */ if (type >= R_960_max) { - _bfd_error_handler (_("%A; invalid i960 reloc number: %d"), abfd, type); + _bfd_error_handler (_("%B: invalid i960 reloc number: %d"), abfd, type); type = 0; } diff --git a/bfd/elf32-ip2k.c b/bfd/elf32-ip2k.c index c06860d..1379446 100644 --- a/bfd/elf32-ip2k.c +++ b/bfd/elf32-ip2k.c @@ -1241,7 +1241,7 @@ ip2k_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_IP2K_max) { - _bfd_error_handler (_("%A: invalid IP2K reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid IP2K reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & ip2k_elf_howto_table [r_type]; diff --git a/bfd/elf32-iq2000.c b/bfd/elf32-iq2000.c index 500dcd4..ef43595 100644 --- a/bfd/elf32-iq2000.c +++ b/bfd/elf32-iq2000.c @@ -437,7 +437,7 @@ iq2000_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, default: if (r_type >= (unsigned int) R_IQ2000_max) { - _bfd_error_handler (_("%A: invalid IQ2000 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid IQ2000 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & iq2000_elf_howto_table [r_type]; diff --git a/bfd/elf32-lm32.c b/bfd/elf32-lm32.c index 6aca848..0c01e08 100644 --- a/bfd/elf32-lm32.c +++ b/bfd/elf32-lm32.c @@ -590,7 +590,7 @@ lm32_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_LM32_max) { - _bfd_error_handler (_("%A: invalid LM32 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid LM32 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &lm32_elf_howto_table[r_type]; diff --git a/bfd/elf32-m32c.c b/bfd/elf32-m32c.c index 7572581..70e9174 100644 --- a/bfd/elf32-m32c.c +++ b/bfd/elf32-m32c.c @@ -301,7 +301,7 @@ m32c_info_to_howto_rela r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_M32C_max) { - _bfd_error_handler (_("%A: invalid M32C reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid M32C reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & m32c_elf_howto_table [r_type]; diff --git a/bfd/elf32-m32r.c b/bfd/elf32-m32r.c index 51aff55..85949b1 100644 --- a/bfd/elf32-m32r.c +++ b/bfd/elf32-m32r.c @@ -1282,7 +1282,7 @@ m32r_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type > (unsigned int) R_M32R_GNU_VTENTRY) { - _bfd_error_handler (_("%A: invalid M32R reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid M32R reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &m32r_elf_howto_table[r_type]; diff --git a/bfd/elf32-m68hc11.c b/bfd/elf32-m68hc11.c index 7f70a1c..b7a728f 100644 --- a/bfd/elf32-m68hc11.c +++ b/bfd/elf32-m68hc11.c @@ -386,7 +386,7 @@ m68hc11_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_M68HC11_max) { - _bfd_error_handler (_("%A: invalid M68HC11 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid M68HC11 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_m68hc11_howto_table[r_type]; diff --git a/bfd/elf32-m68hc12.c b/bfd/elf32-m68hc12.c index 1df3491..74361d3 100644 --- a/bfd/elf32-m68hc12.c +++ b/bfd/elf32-m68hc12.c @@ -506,7 +506,7 @@ m68hc11_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_M68HC11_max) { - _bfd_error_handler (_("%A: invalid M68HC12 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid M68HC12 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_m68hc11_howto_table[r_type]; diff --git a/bfd/elf32-mcore.c b/bfd/elf32-mcore.c index f8c5beb..2e6a33b 100644 --- a/bfd/elf32-mcore.c +++ b/bfd/elf32-mcore.c @@ -349,7 +349,7 @@ mcore_elf_info_to_howto (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_MCORE_max) { - (*_bfd_error_handler) (_("%A: unrecognised MCore reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised MCore reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_MCORE_NONE; diff --git a/bfd/elf32-mep.c b/bfd/elf32-mep.c index d94c13c..4032d2a 100644 --- a/bfd/elf32-mep.c +++ b/bfd/elf32-mep.c @@ -402,7 +402,7 @@ mep_info_to_howto_rela r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_MEP_max) { - _bfd_error_handler (_("%A: invalid MEP reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid MEP reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & mep_elf_howto_table [r_type]; diff --git a/bfd/elf32-metag.c b/bfd/elf32-metag.c index 84c7623..7114747 100644 --- a/bfd/elf32-metag.c +++ b/bfd/elf32-metag.c @@ -898,7 +898,7 @@ metag_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_METAG_MAX) { - _bfd_error_handler (_("%A: invalid METAG reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid METAG reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & elf_metag_howto_table [r_type]; diff --git a/bfd/elf32-microblaze.c b/bfd/elf32-microblaze.c index 50dce27..e84b1b9 100644 --- a/bfd/elf32-microblaze.c +++ b/bfd/elf32-microblaze.c @@ -652,7 +652,7 @@ microblaze_elf_info_to_howto (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_MICROBLAZE_max) { - (*_bfd_error_handler) (_("%A: unrecognised MicroBlaze reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised MicroBlaze reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_MICROBLAZE_NONE; diff --git a/bfd/elf32-moxie.c b/bfd/elf32-moxie.c index 7123ac1..6b4a5ab 100644 --- a/bfd/elf32-moxie.c +++ b/bfd/elf32-moxie.c @@ -133,7 +133,7 @@ moxie_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_MOXIE_max) { - _bfd_error_handler (_("%A: invalid Moxie reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid Moxie reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & moxie_elf_howto_table [r_type]; diff --git a/bfd/elf32-msp430.c b/bfd/elf32-msp430.c index 921c5d3..c839ea0 100644 --- a/bfd/elf32-msp430.c +++ b/bfd/elf32-msp430.c @@ -619,7 +619,7 @@ msp430_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, { if (r_type >= (unsigned int) R_MSP430x_max) { - _bfd_error_handler (_("%A: invalid MSP430X reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid MSP430X reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = elf_msp430x_howto_table + r_type; @@ -628,7 +628,7 @@ msp430_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, if (r_type >= (unsigned int) R_MSP430_max) { - _bfd_error_handler (_("%A: invalid MSP430 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid MSP430 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_msp430_howto_table[r_type]; diff --git a/bfd/elf32-mt.c b/bfd/elf32-mt.c index 6a4430f..7bfa18e 100644 --- a/bfd/elf32-mt.c +++ b/bfd/elf32-mt.c @@ -238,7 +238,7 @@ mt_info_to_howto_rela r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_MT_max) { - _bfd_error_handler (_("%A: invalid MT reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid MT reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & mt_elf_howto_table [r_type]; diff --git a/bfd/elf32-nds32.c b/bfd/elf32-nds32.c index 081b997..ed4383d 100644 --- a/bfd/elf32-nds32.c +++ b/bfd/elf32-nds32.c @@ -2968,7 +2968,7 @@ nds32_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, r_type = ELF32_R_TYPE (dst->r_info); if (r_type > R_NDS32_GNU_VTENTRY) { - _bfd_error_handler (_("%A: invalid NDS32 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid NDS32 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = bfd_elf32_bfd_reloc_type_table_lookup (r_type); diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c index fa2e985..efcefea 100644 --- a/bfd/elf32-or1k.c +++ b/bfd/elf32-or1k.c @@ -740,7 +740,7 @@ or1k_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_OR1K_max) { - _bfd_error_handler (_("%A: invalid OR1K reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid OR1K reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = & or1k_elf_howto_table[r_type]; diff --git a/bfd/elf32-pj.c b/bfd/elf32-pj.c index aa09e56..5a509f1 100644 --- a/bfd/elf32-pj.c +++ b/bfd/elf32-pj.c @@ -321,7 +321,7 @@ pj_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, if (r >= R_PJ_max) { - (*_bfd_error_handler) (_("%A: unrecognised PicoJava reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised PicoJava reloc number: %d"), abfd, r); bfd_set_error (bfd_error_bad_value); r = R_PJ_NONE; diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index c467f14..640ced9 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -2028,7 +2028,7 @@ ppc_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_PPC_max) { - (*_bfd_error_handler) (_("%A: unrecognised PPC reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised PPC reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_PPC_NONE; diff --git a/bfd/elf32-rl78.c b/bfd/elf32-rl78.c index 3230c8c..1bb5edc 100644 --- a/bfd/elf32-rl78.c +++ b/bfd/elf32-rl78.c @@ -278,7 +278,7 @@ rl78_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_RL78_max) { - _bfd_error_handler (_("%A: invalid RL78 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid RL78 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = rl78_elf_howto_table + r_type; diff --git a/bfd/elf32-rx.c b/bfd/elf32-rx.c index beb4e09..5d35d2a 100644 --- a/bfd/elf32-rx.c +++ b/bfd/elf32-rx.c @@ -309,7 +309,7 @@ rx_info_to_howto_rela (bfd * abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_RX_max) { - _bfd_error_handler (_("%A: invalid RX reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid RX reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = rx_elf_howto_table + r_type; diff --git a/bfd/elf32-sh.c b/bfd/elf32-sh.c index f92cdff..567ef24 100644 --- a/bfd/elf32-sh.c +++ b/bfd/elf32-sh.c @@ -487,7 +487,7 @@ sh_elf_info_to_howto (bfd *abfd, arelent *cache_ptr, Elf_Internal_Rela *dst) || (r >= R_SH_FIRST_INVALID_RELOC_5 && r <= R_SH_LAST_INVALID_RELOC_5) || (r >= R_SH_FIRST_INVALID_RELOC_6 && r <= R_SH_LAST_INVALID_RELOC_6)) { - (*_bfd_error_handler) (_("%A: unrecognised SH reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised SH reloc number: %d"), abfd, r); bfd_set_error (bfd_error_bad_value); r = R_SH_NONE; diff --git a/bfd/elf32-spu.c b/bfd/elf32-spu.c index 8203286..4472b3a 100644 --- a/bfd/elf32-spu.c +++ b/bfd/elf32-spu.c @@ -156,7 +156,7 @@ spu_elf_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, /* PR 17512: file: 90c2a92e. */ if (r_type >= R_SPU_max) { - (*_bfd_error_handler) (_("%A: unrecognised SPU reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised SPU reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_SPU_NONE; diff --git a/bfd/elf32-v850.c b/bfd/elf32-v850.c index 2d7337a3..0155b7d 100644 --- a/bfd/elf32-v850.c +++ b/bfd/elf32-v850.c @@ -494,7 +494,7 @@ v850_elf_perform_relocation (bfd *abfd, { default: #ifdef DEBUG - fprintf (stderr, "reloc number %d not recognised\n", r_type); + fprintf (stderr, "%B: reloc number %d not recognised\n", abfd, r_type); #endif return bfd_reloc_notsupported; @@ -1898,7 +1898,7 @@ v850_elf_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_V850_max) { - _bfd_error_handler (_("%A: invalid V850 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid V850 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &v850_elf_howto_table[r_type]; @@ -1916,7 +1916,7 @@ v850_elf_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_V850_max) { - _bfd_error_handler (_("%A: invalid V850 reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid V850 reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &v850_elf_howto_table[r_type]; @@ -2147,7 +2147,7 @@ v850_elf_final_link_relocate (reloc_howto_type *howto, default: #ifdef DEBUG - fprintf (stderr, "reloc number %d not recognised\n", r_type); + fprintf (stderr, "%B: reloc number %d not recognised\n", input_bfd, r_type); #endif return bfd_reloc_notsupported; } diff --git a/bfd/elf32-vax.c b/bfd/elf32-vax.c index 8ed7215..85fe5f4 100644 --- a/bfd/elf32-vax.c +++ b/bfd/elf32-vax.c @@ -280,15 +280,14 @@ static reloc_howto_type howto_table[] = { }; static void -rtype_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, - Elf_Internal_Rela *dst) +rtype_to_howto (bfd *abfd, arelent *cache_ptr, Elf_Internal_Rela *dst) { unsigned int r_type; r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= R_VAX_max) { - (*_bfd_error_handler) (_("%A: unrecognised VAX reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised VAX reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_VAX_NONE; diff --git a/bfd/elf32-visium.c b/bfd/elf32-visium.c index 3344a42..d6256f6 100644 --- a/bfd/elf32-visium.c +++ b/bfd/elf32-visium.c @@ -503,7 +503,7 @@ visium_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, default: if (r_type >= (unsigned int) R_VISIUM_max) { - _bfd_error_handler (_("%A: invalid Visium reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid Visium reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &visium_elf_howto_table[r_type]; diff --git a/bfd/elf32-xgate.c b/bfd/elf32-xgate.c index 555e83e..4c416b3 100644 --- a/bfd/elf32-xgate.c +++ b/bfd/elf32-xgate.c @@ -424,7 +424,7 @@ xgate_info_to_howto_rel (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF32_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_XGATE_max) { - _bfd_error_handler (_("%A: invalid XGate reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid XGate reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_xgate_howto_table[r_type]; diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c index f7c07a8..0b6f584 100644 --- a/bfd/elf32-xtensa.c +++ b/bfd/elf32-xtensa.c @@ -481,7 +481,7 @@ elf_xtensa_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, if (r_type >= (unsigned int) R_XTENSA_max) { - _bfd_error_handler (_("%A: invalid XTENSA reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid XTENSA reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_howto_table[r_type]; diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c index 680c0ec..cfd328a 100644 --- a/bfd/elf64-alpha.c +++ b/bfd/elf64-alpha.c @@ -1108,7 +1108,7 @@ elf64_alpha_info_to_howto (bfd *abfd ATTRIBUTE_UNUSED, arelent *cache_ptr, if (r_type >= R_ALPHA_max) { - (*_bfd_error_handler) (_("%A: unrecognised Alpha reloc number: %d"), + (*_bfd_error_handler) (_("%B: unrecognised Alpha reloc number: %d"), abfd, r_type); bfd_set_error (bfd_error_bad_value); r_type = R_ALPHA_NONE; diff --git a/bfd/elf64-mmix.c b/bfd/elf64-mmix.c index 845acd7..38d07b3 100644 --- a/bfd/elf64-mmix.c +++ b/bfd/elf64-mmix.c @@ -1261,7 +1261,7 @@ mmix_info_to_howto_rela (bfd *abfd ATTRIBUTE_UNUSED, r_type = ELF64_R_TYPE (dst->r_info); if (r_type >= (unsigned int) R_MMIX_max) { - _bfd_error_handler (_("%A: invalid MMIX reloc number: %d"), abfd, r_type); + _bfd_error_handler (_("%B: invalid MMIX reloc number: %d"), abfd, r_type); r_type = 0; } cache_ptr->howto = &elf_mmix_howto_table[r_type]; diff --git a/bfd/mach-o.c b/bfd/mach-o.c index e136c2d..d44b94c 100644 --- a/bfd/mach-o.c +++ b/bfd/mach-o.c @@ -390,7 +390,7 @@ bfd_mach_o_convert_section_name_to_bfd (bfd *abfd, const char *segname, if (xlat) { len = strlen (xlat->bfd_name); - res = bfd_alloc (abfd, len+1); + res = bfd_alloc (abfd, len + 1); if (res == NULL) return; memcpy (res, xlat->bfd_name, len+1); @@ -1389,7 +1389,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (reloc.r_extern) { /* PR 17512: file: 8396-1185-0.004. */ - if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd)) + if (num >= bfd_mach_o_count_symbols (abfd)) sym = bfd_und_section_ptr->symbol_ptr_ptr; else if (syms == NULL) sym = bfd_und_section_ptr->symbol_ptr_ptr; @@ -1457,6 +1457,10 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos, /* Allocate and read relocs. */ native_size = count * BFD_MACH_O_RELENT_SIZE; + /* PR 17512: file: 09477b57. */ + if (native_size < count) + return -1; + native_relocs = (struct mach_o_reloc_info_external *) bfd_malloc (native_size); if (native_relocs == NULL) @@ -1496,6 +1500,8 @@ bfd_mach_o_canonicalize_reloc (bfd *abfd, asection *asect, if (asect->relocation == NULL) { + if (asect->reloc_count * sizeof (arelent) < asect->reloc_count) + return -1; res = bfd_malloc (asect->reloc_count * sizeof (arelent)); if (res == NULL) return -1; @@ -1549,6 +1555,10 @@ bfd_mach_o_canonicalize_dynamic_reloc (bfd *abfd, arelent **rels, if (mdata->dyn_reloc_cache == NULL) { + if ((dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent) + < (dysymtab->nextrel + dysymtab->nlocrel)) + return -1; + res = bfd_malloc ((dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent)); if (res == NULL) @@ -1863,11 +1873,10 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym) mdata->filelen += sym->strsize; if (bfd_seek (abfd, sym->stroff, SEEK_SET) != 0) - return FALSE; + goto err; if (_bfd_stringtab_emit (abfd, strtab) != TRUE) goto err; - _bfd_stringtab_free (strtab); /* Pad string table. */ padlen = bfd_mach_o_pad4 (abfd, sym->strsize); @@ -1880,6 +1889,7 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym) err: _bfd_stringtab_free (strtab); + sym->strsize = 0; return FALSE; } @@ -1997,6 +2007,8 @@ bfd_mach_o_build_dysymtab (bfd *abfd, bfd_mach_o_dysymtab_command *cmd) cmd->indirectsymoff = mdata->filelen; mdata->filelen += cmd->nindirectsyms * 4; + if (cmd->nindirectsyms * 4 < cmd->nindirectsyms) + return FALSE; cmd->indirect_syms = bfd_zalloc (abfd, cmd->nindirectsyms * 4); if (cmd->indirect_syms == NULL) return FALSE; @@ -2392,8 +2404,8 @@ bfd_mach_o_mangle_sections (bfd *abfd, bfd_mach_o_data_struct *mdata) } mdata->nsects = nsect; - mdata->sections = bfd_alloc (abfd, - mdata->nsects * sizeof (bfd_mach_o_section *)); + mdata->sections = bfd_alloc2 (abfd, + mdata->nsects, sizeof (bfd_mach_o_section *)); if (mdata->sections == NULL) return FALSE; @@ -3731,32 +3743,28 @@ bfd_mach_o_read_symtab_symbols (bfd *abfd) /* Return now if there are no symbols or if already loaded. */ return TRUE; - sym->symbols = bfd_alloc (abfd, sym->nsyms * sizeof (bfd_mach_o_asymbol)); - + sym->symbols = bfd_alloc2 (abfd, sym->nsyms, sizeof (bfd_mach_o_asymbol)); if (sym->symbols == NULL) { (*_bfd_error_handler) (_("bfd_mach_o_read_symtab_symbols: unable to allocate memory for symbols")); + sym->nsyms = 0; return FALSE; } if (!bfd_mach_o_read_symtab_strtab (abfd)) - { - bfd_release (abfd, sym->symbols); - sym->symbols = NULL; - return FALSE; - } + goto fail; for (i = 0; i < sym->nsyms; i++) - { - if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i)) - { - bfd_release (abfd, sym->symbols); - sym->symbols = NULL; - return FALSE; - } - } + if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i)) + goto fail; return TRUE; + + fail: + bfd_release (abfd, sym->symbols); + sym->symbols = NULL; + sym->nsyms = 0; + return FALSE; } static const char * @@ -3989,8 +3997,8 @@ bfd_mach_o_read_thread (bfd *abfd, bfd_mach_o_load_command *command) } /* Allocate threads. */ - cmd->flavours = bfd_alloc - (abfd, nflavours * sizeof (bfd_mach_o_thread_flavour)); + cmd->flavours = bfd_alloc2 + (abfd, nflavours, sizeof (bfd_mach_o_thread_flavour)); if (cmd->flavours == NULL) return FALSE; cmd->nflavours = nflavours; @@ -4113,7 +4121,7 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) unsigned int module_len = wide ? 56 : 52; cmd->dylib_module = - bfd_alloc (abfd, cmd->nmodtab * sizeof (bfd_mach_o_dylib_module)); + bfd_alloc2 (abfd, cmd->nmodtab, sizeof (bfd_mach_o_dylib_module)); if (cmd->dylib_module == NULL) return FALSE; @@ -4159,10 +4167,10 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) if (cmd->ntoc != 0) { - unsigned int i; + unsigned long i; - cmd->dylib_toc = bfd_alloc - (abfd, cmd->ntoc * sizeof (bfd_mach_o_dylib_table_of_content)); + cmd->dylib_toc = bfd_alloc2 + (abfd, cmd->ntoc, sizeof (bfd_mach_o_dylib_table_of_content)); if (cmd->dylib_toc == NULL) return FALSE; @@ -4186,8 +4194,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) { unsigned int i; - cmd->indirect_syms = bfd_alloc - (abfd, cmd->nindirectsyms * sizeof (unsigned int)); + cmd->indirect_syms = bfd_alloc2 + (abfd, cmd->nindirectsyms, sizeof (unsigned int)); if (cmd->indirect_syms == NULL) return FALSE; @@ -4211,8 +4219,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command) unsigned long v; unsigned int i; - cmd->ext_refs = bfd_alloc - (abfd, cmd->nextrefsyms * sizeof (bfd_mach_o_dylib_reference)); + cmd->ext_refs = bfd_alloc2 + (abfd, cmd->nextrefsyms, sizeof (bfd_mach_o_dylib_reference)); if (cmd->ext_refs == NULL) return FALSE; @@ -4743,8 +4751,8 @@ bfd_mach_o_flatten_sections (bfd *abfd) } /* Allocate sections array. */ - mdata->sections = bfd_alloc (abfd, - mdata->nsects * sizeof (bfd_mach_o_section *)); + mdata->sections = bfd_alloc2 (abfd, + mdata->nsects, sizeof (bfd_mach_o_section *)); /* Fill the array. */ csect = 0; @@ -4916,7 +4924,8 @@ bfd_mach_o_scan (bfd *abfd, mdata->first_command = NULL; mdata->last_command = NULL; - cmd = bfd_alloc (abfd, header->ncmds * sizeof (bfd_mach_o_load_command)); + + cmd = bfd_alloc2 (abfd, header->ncmds, sizeof (bfd_mach_o_load_command)); if (cmd == NULL) return FALSE; @@ -5152,7 +5161,7 @@ bfd_mach_o_archive_p (bfd *abfd) goto error; adata->archentries = - bfd_alloc (abfd, adata->nfat_arch * sizeof (mach_o_fat_archentry)); + bfd_alloc2 (abfd, adata->nfat_arch, sizeof (mach_o_fat_archentry)); if (adata->archentries == NULL) goto error; @@ -5169,6 +5178,7 @@ bfd_mach_o_archive_p (bfd *abfd) } abfd->tdata.mach_o_fat_data = adata; + return abfd->xvec; error: diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 122ddf1..45f1937 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -1757,6 +1757,8 @@ pe_print_edata (bfd * abfd, void * vfile) /* PR 17512: Handle corrupt PE binaries. */ if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize + /* PR 17512: file: 092b1829 */ + || (edt.num_functions * 4) < edt.num_functions /* PR 17512 file: 140-165018-0.004. */ || data + edt.eat_addr - adj < data) fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"), @@ -1801,6 +1803,8 @@ pe_print_edata (bfd * abfd, void * vfile) /* PR 17512: Handle corrupt PE binaries. */ if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize + /* PR 17512: file: bb68816e. */ + || edt.num_names * 4 < edt.num_names || (data + edt.npt_addr - adj) < data) fprintf (file, _("\tInvalid Name Pointer Table rva (0x%lx) or entry count (0x%lx)\n"), (long) edt.npt_addr, diff --git a/bfd/tekhex.c b/bfd/tekhex.c index 63d7d8d..ccc68f9 100644 --- a/bfd/tekhex.c +++ b/bfd/tekhex.c @@ -397,7 +397,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) return FALSE; } alt_section = NULL; - while (*src) + while (src < src_end && *src) { switch (*src) { diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 37754e7..4a6de8d 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,8 @@ +2015-02-03 Nick Clifton + + PR binutils/17512 + * objdump.c (display_any_bfd): Fail if archives nest too deeply. + 2015-01-28 James Bowman * readelf.c: Add FT32 support. diff --git a/binutils/objdump.c b/binutils/objdump.c index 54fc235..98e4d86 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -3413,7 +3413,7 @@ display_any_bfd (bfd *file, int level) { /* Prevent corrupted files from spinning us into an infinite loop. 100 is an arbitrary heuristic. */ - non_fatal (_("Archive nesting is too deep")); + fatal (_("Archive nesting is too deep")); return; } else