platform/upstream/elfutils.git
9 years agoDo not reject type units in dwarf_getsrcfiles and dwarf_getsrclines
Petr Machata [Wed, 1 Apr 2015 19:44:32 +0000 (21:44 +0200)]
Do not reject type units in dwarf_getsrcfiles and dwarf_getsrclines

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agotests: Add run-strip-test10.sh
H.J. Lu [Wed, 25 Mar 2015 16:19:08 +0000 (09:19 -0700)]
tests: Add run-strip-test10.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agotests: Add run-strip-test9.sh
H.J. Lu [Wed, 25 Mar 2015 15:16:56 +0000 (08:16 -0700)]
tests: Add run-strip-test9.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agotests: Add run-backtrace-core-x32.sh
H.J. Lu [Wed, 25 Mar 2015 14:22:43 +0000 (07:22 -0700)]
tests: Add run-backtrace-core-x32.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agotests: Add testfile-x32 to run-addrcfi.sh
H.J. Lu [Wed, 25 Mar 2015 13:44:09 +0000 (06:44 -0700)]
tests: Add testfile-x32 to run-addrcfi.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agotests: Add testfile-x32-core to run-allregs.sh
H.J. Lu [Wed, 25 Mar 2015 12:57:09 +0000 (05:57 -0700)]
tests: Add testfile-x32-core to run-allregs.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agotests: Add testfile-x32-core.bz2 to run-readelf-mixed-corenote.sh
H.J. Lu [Wed, 25 Mar 2015 12:44:57 +0000 (05:44 -0700)]
tests: Add testfile-x32-core.bz2 to run-readelf-mixed-corenote.sh

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agobackends: Add x32_corenote.c
H.J. Lu [Thu, 12 Mar 2015 21:51:42 +0000 (14:51 -0700)]
backends: Add x32_corenote.c

This patch adds x32_corenote.c to support x32 coredump.  X32 coredump is
a hybrid between ia32 coredump and x86-64 coredump.  The exact formats
are described in bfd/hosts/x86-64linux.h in GNU binutils source tree.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agoPublish known-dwarf.h
Petr Machata [Wed, 18 Mar 2015 18:42:02 +0000 (19:42 +0100)]
Publish known-dwarf.h

- Make the macro names properly scoped (DWARF_ALL_KNOWN_* and
  DWARF_ONE_KNOWN_*).

- Simplify the calling convention: don't keep track of the comment
  associated with the enumerator, always use the non-_DESC
  DWARF_ONE_KNOWN_* callback.

- Install known-dwarf.h alongside libdw.h and others.

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agolibelf: Don't extend ELF file size with SHT_NOBITS sh_offset.
Mark Wielaard [Mon, 23 Mar 2015 21:19:12 +0000 (22:19 +0100)]
libelf: Don't extend ELF file size with SHT_NOBITS sh_offset.

Don't explicitly extend the file size for SHT_NOBITS sections. Since
that could cause a size beyond any actual file content it will cause
issues when the underlying ELF file has been mmapped or will extend
the file size to increase (writing fill bytes) when not mmapped. The
sh_offset value is essentially meaningless for SHT_NOBITS. gabi says
that a NOBITS section sh_offset member locates the "conceptual
placement" in the file. But it doesn't say this cannot be beyond the
enf of the file. When ELF_F_LAYOUT is set we should trust sh_offset
as given is what is wanted for an SHT_NOBITS section without extending
the file size.

https://bugzilla.redhat.com/show_bug.cgi?id=1020842

Buggy binutils ld could generate files where SHT_NOBITS sections have
sh_offset outside the file.
https://sourceware.org/bugzilla/show_bug.cgi?id=12921

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agobackends: aarch64 can have _GLOBAL_OFFSET_TABLE_ point anywhere in .got.
Mark Wielaard [Mon, 23 Mar 2015 14:08:27 +0000 (15:08 +0100)]
backends: aarch64 can have _GLOBAL_OFFSET_TABLE_ point anywhere in .got.

When building with relro aarch64 splits .got in a writable and read-only
part. _GLOBAL_OFFSET_TABLE_ points to the first writable symbol, not the
start of .got.

https://bugzilla.redhat.com/show_bug.cgi?id=1201778

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoAdd forgotten files to EXTRA_DIST
Petr Machata [Wed, 18 Mar 2015 18:35:16 +0000 (19:35 +0100)]
Add forgotten files to EXTRA_DIST

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agoFix -Wimplicit warnings.
Mark Wielaard [Fri, 13 Mar 2015 22:51:40 +0000 (23:51 +0100)]
Fix -Wimplicit warnings.

9 years agotests: Use PTRACE_GETREGS/PTRACE_SETREGS to update rip
H.J. Lu [Thu, 12 Mar 2015 19:14:43 +0000 (12:14 -0700)]
tests: Use PTRACE_GETREGS/PTRACE_SETREGS to update rip

Use PTRACE_POKEUSER to update rip is unsupported for x32.  We should use
PTRACE_GETREGS/PTRACE_SETREGS to update rip.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
9 years agobackends: COPY relocations can also happen in ET_DYN.
Mark Wielaard [Mon, 9 Mar 2015 21:43:08 +0000 (22:43 +0100)]
backends: COPY relocations can also happen in ET_DYN.

In particular COPY relocations might happen in PIE executables,
which are ET_DYN.

Found on Fedora Rawhide with run-elflint-self.sh.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoelflint: Correct gnu_symbias usage in compare_hash_gnu_hash.
Mark Wielaard [Mon, 9 Mar 2015 15:41:48 +0000 (16:41 +0100)]
elflint: Correct gnu_symbias usage in compare_hash_gnu_hash.

commit 0a545e "elflint: Add various low-level checks." introduced a bug
in the handling of the gnu_symbias. The symbol in the bucket should first
be compared to STN_UNDEF before applying the bias. And the used symbol
index should have the bias added when compared against plain hash symbol.

Found on Debian wheezy with run-elflint-self.sh.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoDrop two useless variables from known-dwarf.awk
Petr Machata [Fri, 20 Feb 2015 19:05:29 +0000 (20:05 +0100)]
Drop two useless variables from known-dwarf.awk

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agoSupport STT_ARM_TFUNC symbol type in ebl_symbol_type_name hook
Petr Machata [Tue, 24 Feb 2015 00:08:25 +0000 (01:08 +0100)]
Support STT_ARM_TFUNC symbol type in ebl_symbol_type_name hook

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agolibelf: Make __libelf_set_data_list_rdlock an internal_function.
Mark Wielaard [Wed, 18 Feb 2015 19:51:40 +0000 (20:51 +0100)]
libelf: Make __libelf_set_data_list_rdlock an internal_function.

__libelf_set_data_list_rdlock from elf_getdata.c is marked as an
internal_function in the implementation, but not in libelfP.h when it
is declared.  Add internal_function to the declaration. This broke
the i686 build.

Reported-by: Alexander Cherepanov <ch3root@openwall.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Use PRId64 for printing loff_t.
Mark Wielaard [Wed, 18 Feb 2015 23:43:59 +0000 (00:43 +0100)]
tests: Use PRId64 for printing loff_t.

loff_t is always 64bits.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Add DWARF5/GCC5 DW_LANG_Fortran03 and DW_LANG_Fortran08 support.
Mark Wielaard [Mon, 9 Feb 2015 15:47:08 +0000 (16:47 +0100)]
libdw: Add DWARF5/GCC5 DW_LANG_Fortran03 and DW_LANG_Fortran08 support.

GCC5 adds support for the new Fortran 2003 and 2008 standard DWARF5
language codes. Add them to dwarf.h and handle them in dwarf_aggregate_size.

http://dwarfstd.org/ShowIssue.php?issue=141121.1

Also documented at https://fedorahosted.org/elfutils/wiki/DwarfExtensions

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Add support for DWARF5/GCC5 DW_TAG_atomic_type.
Mark Wielaard [Mon, 9 Feb 2015 15:24:04 +0000 (16:24 +0100)]
libdw: Add support for DWARF5/GCC5 DW_TAG_atomic_type.

GCC5 adds support for the new C11 _Atomic DWARF5 DW_TAG_atomic_type
qualifier. Add it to dwarf.h and handle it in dwarf_peel_type.

http://dwarfstd.org/ShowIssue.php?issue=131112.1

Also documented at https://fedorahosted.org/elfutils/wiki/DwarfExtensions

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: ensure backtrace.c exec_dump sets jmp
Josh Stone [Wed, 11 Feb 2015 22:25:37 +0000 (14:25 -0800)]
tests: ensure backtrace.c exec_dump sets jmp

With CFLAGS='-Og -g', F21 gcc hits -Werror=maybe-uninitialized on jmp in
the call "prepare_thread (pid2, jmp)".  It's fine with -O2/-O0.

The only way this could be unset is if the loop before ran to
completion, and there's already an assert against this case.

This patch initializes jmp anyway to convince gcc it's ok.

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agolibdw: ensure read_encoded_value's value is set
Josh Stone [Wed, 11 Feb 2015 21:53:14 +0000 (13:53 -0800)]
libdw: ensure read_encoded_value's value is set

With CFLAGS='-Og -g', F21 gcc hits -Werror=maybe-uninitialized in
read_encoded_value at "*result += value".  It's fine with -O2/-O0.

In particular it seems to care about the __libdw_cfi_read_address_inc
calls.  By my inspection, the only way those don't set value are for
error cases, which will then return immediately.  This patch just sets
value = 0 to begin with, so gcc is always convinced it's fine.

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agodwarf_ranges: do not request base address attributes if not necessary
Petr Machata [Wed, 11 Feb 2015 21:11:46 +0000 (22:11 +0100)]
dwarf_ranges: do not request base address attributes if not necessary

- Instead of bailing out at iteration start, we remember the
  base-address-selecting attributes were not seen, and then bail out
  later if no base address selection entry has been seen.

Signed-off-by: Petr Machata <pmachata@redhat.com>
9 years agolibelf: Consider sh_addralign 0 as 1
Jan Kratochvil [Sat, 7 Feb 2015 14:08:20 +0000 (15:08 +0100)]
libelf: Consider sh_addralign 0 as 1

Currently the Koji build for arm32 fails with:
extracting debug info from /builddir/build/BUILDROOT/etcd-2.0.0-0.3.rc1.fc22.arm/usr/bin/etcd
Failed to write file: invalid section alignment

This is because the binary etcd
http://people.redhat.com/jkratoch/etcdctl.xz
contains:
Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [11] .rel.plt          REL             00459ee0 449ee0 000088 08   A 13   0  0
                                                                               ^
which corresponds to golang's code:
go/src/cmd/ld/elf.c
case EM_X86_64:
sh = elfshname(".rela.plt");
sh->addralign = RegSize;
default:
sh = elfshname(".rel.plt");
<nothing>

ELF spec says:
Values 0 and 1 mean the section has no alignment constraints.
and libelf/elf32_updatenull.c really parses it that way at line 204
ElfW2(LIBELFBITS,Word) sh_align = shdr->sh_addralign ?: 1;
but unfortunately the later line being patched no longer does.

libelf/
2015-02-07  Jan Kratochvil  <jan.kratochvil@redhat.com>

* elf32_updatenull.c (__elfw2(LIBELFBITS,updatenull_wrlock)): Consider
sh_addralign 0 as 1.

Signed-off-by: Jan Kratochvil <jan.kratochvil@redhat.com>
9 years agolibdwfl: Clear symtab result on error before using find_dynsym fallback.
Mark Wielaard [Mon, 26 Jan 2015 15:34:57 +0000 (16:34 +0100)]
libdwfl: Clear symtab result on error before using find_dynsym fallback.

find_dynsym could succeed after find_symtab failed but had already set up
symdata, syments and first_global. find_dynsym would not set or clear
first_global since all syms in dynsym are global. Causing lots of failing
lookups when calling __libdwfl_addrsym if first_global was some huge
bogus value.

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Make sure string returned by elf_strptr is NUL terminated.
Mark Wielaard [Thu, 22 Jan 2015 11:49:29 +0000 (12:49 +0100)]
libelf: Make sure string returned by elf_strptr is NUL terminated.

The result of elf_strptr is often used directly to print or strcmp
the string. If the section data was truncated or corrupted that could
lead to invalid memory reads possibly crashing the application.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c24

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: elf_strptr should use datalist when data has been added to section.
Mark Wielaard [Wed, 21 Jan 2015 22:56:43 +0000 (23:56 +0100)]
libelf: elf_strptr should use datalist when data has been added to section.

elf_strptr always used the rawdata when available. But when data has been
added to the section it should find the correct buffer in the datalist.

Adds a large testcase that checks various ways of adding and extracting
strings from a section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Fix elf_newdata when raw ELF file/image data is available.
Mark Wielaard [Tue, 20 Jan 2015 20:55:55 +0000 (21:55 +0100)]
libelf: Fix elf_newdata when raw ELF file/image data is available.

When ELF data for a section has been read by elf_rawdata, data_read
and rawdata_base are set, but data_list_rear will not be set until the
data will be converted (by elf_getdata). elf_newdata would overwrite
the existing data in that case. Both elf_getdata and elf_update rely
on the fact that when data_list_rear is set they don't have to look
at the raw data anymore. So make sure we update the data list properly
before adding any new data and raw data is available in elf_newdata.

Add newdata test that calls elf_newdata before and after elf_rawdata
and elf_getdata and checks the new size and contents of the section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: elf_strptr should fetch the shdr for the section if not yet known.
Mark Wielaard [Tue, 20 Jan 2015 13:52:41 +0000 (14:52 +0100)]
libelf: elf_strptr should fetch the shdr for the section if not yet known.

elf_strptr might be called before the shdrs are read in. In that case it
needs to explicitly call __elf[32|64]_getshdr_rdlock to check the section
type and size. The new strptr testcase triggers this corner case and crashes
before the fix.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agos/Really, not guarantee/Really, no guarantee/g
Mark Wielaard [Tue, 27 Jan 2015 14:55:41 +0000 (15:55 +0100)]
s/Really, not guarantee/Really, no guarantee/g

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibebl.h: Add comment from README that this is completely UNSUPPORTED.
Mark Wielaard [Tue, 27 Jan 2015 12:07:17 +0000 (13:07 +0100)]
libebl.h: Add comment from README that this is completely UNSUPPORTED.

Make it really, really clear that the libebl interface is NOT source and
NOT abi compatible and we will break any users.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Make deleted and vdsosyms testcases work with "restricted ptrace".
Mark Wielaard [Thu, 15 Jan 2015 12:39:06 +0000 (13:39 +0100)]
tests: Make deleted and vdsosyms testcases work with "restricted ptrace".

Some systems might have "restricted ptrace" that doesn't allow process
inspection of arbitrary processes. Change the deleted testcase to
explicitly allow any other process to inspect it using the PR_SET_PTRACER
prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect
the process itself which should always be allowed.

Reported-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Search for the last matching address with dwarf_getsrc_die.
Mark Wielaard [Wed, 24 Dec 2014 12:17:23 +0000 (13:17 +0100)]
libdw: Search for the last matching address with dwarf_getsrc_die.

In commit 7d9b5a dwfl_module_getsrc was changed so that it returns the last
line record <= addr, rather than returning immediately on a match. This
changes dwarf_getsrc_die to do the same. And it adds a new test that checks
this by comparing against the same results from eu-addr2line (which uses
dwfl_module_getsrc) using dwarf_addrdie and dwarf_getsrc_die instead.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: dwfl_module_getsrc should never match end_sequence line.
Mark Wielaard [Sat, 27 Dec 2014 15:16:29 +0000 (16:16 +0100)]
libdwfl: dwfl_module_getsrc should never match end_sequence line.

The line with end_sequence set has an address outside the current line
sequence. An end_sequence line has no other useful information except
marking the address as out of range.

Two tests, addrscopes and funcscopes, depended on matching the end_sequence
line. But that was because they included the high_pc address in the scope.
However the high_pc attributes has as address the first location past the
range associated with a given DIE. Adjust the tests to use high_pc - 1 as
end of the scope.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Robustify eh_frame_hdr and encoded-values reading.
Mark Wielaard [Wed, 7 Jan 2015 22:39:28 +0000 (23:39 +0100)]
libdw: Robustify eh_frame_hdr and encoded-values reading.

Sanity check and keep track of binary_search_table data buffer length.
Add bounds check to encoded value reading. Also fix a bug when reading
the eh_frame header data from an other endian ELF image. Add a testcase
that would fail the new sanity checks because of the endian bug.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: Handle seeing CU EOF marker without any other (real) CU.
Mark Wielaard [Sun, 4 Jan 2015 23:12:53 +0000 (00:12 +0100)]
libdwfl: Handle seeing CU EOF marker without any other (real) CU.

intern_cu (and __libdwfl_nextcu) didn't correctly handle immediately seeing
the CU EOF marker. In that case the *nextp pointer (first_cu) returned by
intern_cu is -1. And less_layzy will immediately destroy the found CU node.
So don't use the *found result after calling less_lazy.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Check DW_AT_sibling attribute offset is after current DIE.
Mark Wielaard [Sun, 4 Jan 2015 23:03:03 +0000 (00:03 +0100)]
libdw: Check DW_AT_sibling attribute offset is after current DIE.

The sibling attribute should point after this DIE in the CU.
Otherwise various algorithms might loop or go into infinite recursion
walking the DIE tree.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Check register number in CFI isn't insanely large.
Mark Wielaard [Sun, 4 Jan 2015 15:08:22 +0000 (16:08 +0100)]
libdw: Check register number in CFI isn't insanely large.

Some cfi.c array size allocation calculations might overflow when trying
to accommodate insanely large number of registers. Don't allow register
numbers larger than INT32_MAX / sizeof (dwarf_frame_register).

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoelfcmp: Add some NULL and zero checks.
Mark Wielaard [Sat, 3 Jan 2015 23:35:25 +0000 (00:35 +0100)]
elfcmp: Add some NULL and zero checks.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c17

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Add missing size check to parse_eh_frame_hdr.
Mark Wielaard [Fri, 2 Jan 2015 23:27:58 +0000 (00:27 +0100)]
libdw: Add missing size check to parse_eh_frame_hdr.

afl-fuzz showed that when parse_eh_frame_hdr was called from
getcfi_scn_eh_frame invalid data could be read because of a missing size
check. That check was there when parse_eh_frame_hdr was called from
getcfi_gnu_eh_frame. Move the size check into parse_eh_frame. And add
an extra check to make sure d_buf is not NULL.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Handle NULL dbg for call_ref, GNU_implicit_pointer and addr DW_OPs.
Mark Wielaard [Fri, 2 Jan 2015 23:09:45 +0000 (00:09 +0100)]
libdw: Handle NULL dbg for call_ref, GNU_implicit_pointer and addr DW_OPs.

afl-fuzz pointed out that __libdw_intern_expression didn't handle CFI
containing DW_OP_call_ref, DW_OP_implicit_pointer or DW_OP_addr. Because
in that case the Dwarf dbg is NULL. Both DW_OP_call_ref and
DW_OP_implicit_pointer cannot be used in CFI. That is just an error.
But DW_OP_addr can be. Without a Dwarf dbg we'll need to read the address
argument directly. Don't use __libdw_read_address_inc which might do a
relocation of the value read. But in practice the relocation hook isn't
implemented anyway.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: gelf_getphdr should check phdr index is valid.
Mark Wielaard [Tue, 30 Dec 2014 23:51:45 +0000 (00:51 +0100)]
libelf: gelf_getphdr should check phdr index is valid.

elf_getphdrnum does checks the phdrnum makes sense. But gelf_getphdr
checked the given index against the "raw" e_phnum or internal
__elf_getphdrnum_rdlock result without checking. Extract the checking
code into a new internal  __elf_getphdrnum_chk_rdlock function and
use that.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agobackends: Check sh_entsize is not zero in ppc_symbol.c (find_dyn_got).
Mark Wielaard [Tue, 30 Dec 2014 23:40:02 +0000 (00:40 +0100)]
backends: Check sh_entsize is not zero in ppc_symbol.c (find_dyn_got).

Found with afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoelflint: Add various low-level checks.
Mark Wielaard [Sun, 28 Dec 2014 23:53:27 +0000 (00:53 +0100)]
elflint: Add various low-level checks.

elflint could crash or hang because it didn't check some low level issues.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Add testfile-debug-types test case.
Mark Wielaard [Wed, 14 Jan 2015 20:38:16 +0000 (21:38 +0100)]
tests: Add testfile-debug-types test case.

Test for regression fixed in commit 7c713822:
"libdw: fix offset for sig8 lookup in dwarf_formref_die"

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: fix offset for sig8 lookup in dwarf_formref_die
Jason P. Leasure [Wed, 14 Jan 2015 14:26:55 +0000 (09:26 -0500)]
libdw: fix offset for sig8 lookup in dwarf_formref_die

The type_offset of a type unit header is relative to the beginning
of the type unit header.

Signed-off-by: Jason P. Leasure <jpleasu@super.org>
9 years agolibdw: Check sibling attribute offset still falls inside CU data.
Mark Wielaard [Sat, 27 Dec 2014 11:13:50 +0000 (12:13 +0100)]
libdw: Check sibling attribute offset still falls inside CU data.

Found with afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agostrings: Produce error when section data falls outside file.
Mark Wielaard [Fri, 26 Dec 2014 21:57:00 +0000 (22:57 +0100)]
strings: Produce error when section data falls outside file.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agonm: Guard against divide by zero in error check.
Mark Wielaard [Fri, 26 Dec 2014 18:36:31 +0000 (19:36 +0100)]
nm: Guard against divide by zero in error check.

Also add section index number in error message.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agonm: Handle/Skip /SYM64/ index entries.
Mark Wielaard [Fri, 26 Dec 2014 15:20:39 +0000 (16:20 +0100)]
nm: Handle/Skip /SYM64/ index entries.

Add a testcase to show eu-nm now handles archives with 64-bit symbol table.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agonm: Stop processing ar members on first invalid offset.
Mark Wielaard [Fri, 26 Dec 2014 15:12:52 +0000 (16:12 +0100)]
nm: Stop processing ar members on first invalid offset.

Otherwise we will keep looping on that same invalid entry.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: ar_size cannot be negative. Fix max ar size.
Mark Wielaard [Thu, 25 Dec 2014 21:50:21 +0000 (22:50 +0100)]
libelf: ar_size cannot be negative. Fix max ar size.

Elf_Arhdr ar_size is loff_t, which is signed. Make sure it isn't negative.
When the parent start_offset is non-zero maxsize should include it to
compensate for ar offset.

Found with afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Don't try to read macinfo cus sentinel or beyond.
Mark Wielaard [Sun, 21 Dec 2014 22:02:12 +0000 (23:02 +0100)]
readelf: Don't try to read macinfo cus sentinel or beyond.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Add more sanity checks to print_debug_exception_table.
Mark Wielaard [Sun, 21 Dec 2014 21:55:54 +0000 (22:55 +0100)]
readelf: Add more sanity checks to print_debug_exception_table.

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Prevent infinite recursion when processing DW_TAG_imported_unit.
Mark Wielaard [Sun, 11 Jan 2015 14:00:52 +0000 (15:00 +0100)]
libdw: Prevent infinite recursion when processing DW_TAG_imported_unit.

Invalid DWARF could create cycles with DW_TAG_imported_unit, which would
lead to infinite recursion and stack overflow in libdw_visit_scopes.
Keep track of imported units and error out when a cycle is detected.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Fix dir traversal vuln in ar extraction.
Alexander Cherepanov [Sun, 28 Dec 2014 16:57:19 +0000 (19:57 +0300)]
libelf: Fix dir traversal vuln in ar extraction.

read_long_names terminates names at the first '/' found but then skips
one character without checking (it's supposed to be '\n'). Hence the
next name could start with any character including '/'. This leads to
a directory traversal vulnerability at the time the contents of the
archive is extracted.

The danger is mitigated by the fact that only one '/' is possible in a
resulting filename and only in the leading position. Hence only files
in the root directory can be written via this vuln and only when ar is
executed as root.

The fix for the vuln is to not skip any characters while looking
for '/'.

Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
9 years agotests: Don't match libfunc symbol on ppc64 in run-deleted.sh testcase. elfutils-0.161
Mark Wielaard [Fri, 19 Dec 2014 19:53:22 +0000 (20:53 +0100)]
tests: Don't match libfunc symbol on ppc64 in run-deleted.sh testcase.

For PPC64 we need access to the OPD table which we get through the shdrs
but for the deleted-lib we only have phdrs.  So we don't have the name of
the function. But since we should find the EH_FRAME through phdrs just
fine, we can unwind into main. Skip the libfunc name check for now till
we find a nice way to enable the lookup without opd:
https://bugzilla.redhat.com/show_bug.cgi?id=1176238

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: vdsosyms should not fail for architectures that don't have a vdso.
Mark Wielaard [Fri, 19 Dec 2014 17:54:04 +0000 (18:54 +0100)]
tests: vdsosyms should not fail for architectures that don't have a vdso.

Not finding a vdso is not fatal. But there should be no errors trying.
And if the vdso is found, then getting the symbol table shouldn't fail.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: run-deleted.sh should SKIP if arch doesn't support unwinding.
Mark Wielaard [Fri, 19 Dec 2014 17:33:52 +0000 (18:33 +0100)]
tests: run-deleted.sh should SKIP if arch doesn't support unwinding.

Also relax the special ARM needs DWARF check a little to account for eu-stack
error output.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: Always try find_dynsym last, also on find_symtab ELF errors.
Mark Wielaard [Fri, 19 Dec 2014 17:19:29 +0000 (18:19 +0100)]
libdwfl: Always try find_dynsym last, also on find_symtab ELF errors.

An ELF error during find_symtab might be incomplete shdrs or string table
from ELF images read through elf_from_memory. The phdrs and dynsym should
always be complete.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: Remove p_align sanity check from elf_from_memory.
Mark Wielaard [Fri, 19 Dec 2014 14:40:16 +0000 (15:40 +0100)]
libdwfl: Remove p_align sanity check from elf_from_memory.

In commit f15bcd "elf_from_remote_memory should use pagesize, not p_align"
we already relaxed the p_align sanity check to allow alignment of the
segment against the pagesize since that is what the glibc dynamic linker
actually does. But on some architectures the kernel inserts a vdso with
a completely bogus p_align for some PT_LOAD segments. So just drop the
whole sanity check and allow anything since we won't use p_align, but
always already use pagesize anyway.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoavoid scary command output
Ulrich Drepper [Thu, 18 Dec 2014 17:32:39 +0000 (12:32 -0500)]
avoid scary command output

The commands to check for invalid text relocations in the generated DSOs
shouldn't be displayed.  They contain an echo which prints the text.
This patch suppresses the commands from being printed.

9 years agoPrepare 0.161 release.
Mark Wielaard [Thu, 18 Dec 2014 22:41:41 +0000 (23:41 +0100)]
Prepare 0.161 release.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Add testfile-macros-0xff.bz2 to EXTRA_DIST.
Mark Wielaard [Thu, 18 Dec 2014 22:07:12 +0000 (23:07 +0100)]
tests: Add testfile-macros-0xff.bz2 to EXTRA_DIST.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: Make sure symstrdata->d_buf != NULL in relocate resolve_symbol.
Mark Wielaard [Thu, 18 Dec 2014 08:28:50 +0000 (09:28 +0100)]
libdwfl: Make sure symstrdata->d_buf != NULL in relocate resolve_symbol.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Add bounds check before each CFA op that takes an argument.
Mark Wielaard [Wed, 17 Dec 2014 14:07:49 +0000 (15:07 +0100)]
readelf: Add bounds check before each CFA op that takes an argument.

Some CFA ops don't take any arguments, for those it is valid to be at the
end of the data block.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Check diridx is valid under DW_LNE_define_file in dwarf_getsrclines.
Mark Wielaard [Tue, 16 Dec 2014 21:47:39 +0000 (22:47 +0100)]
libdw: Check diridx is valid under DW_LNE_define_file in dwarf_getsrclines.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Print dwarf_errmsg if dwarf_onesrcline or dwarf_linesrc fails.
Mark Wielaard [Tue, 16 Dec 2014 21:19:08 +0000 (22:19 +0100)]
readelf: Print dwarf_errmsg if dwarf_onesrcline or dwarf_linesrc fails.

Don't just crash using the NULL result in print_decoded_line_section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Make sure ar archive long_names len fits in mapped ELF file.
Mark Wielaard [Tue, 16 Dec 2014 19:05:58 +0000 (20:05 +0100)]
libelf: Make sure ar archive long_names len fits in mapped ELF file.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Check index_size doesn't overflow in elf_getarsym.
Mark Wielaard [Tue, 16 Dec 2014 18:43:21 +0000 (19:43 +0100)]
libelf: Check index_size doesn't overflow in elf_getarsym.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Make sure there is enough space to read offset in dwarf_getpubnames.
Mark Wielaard [Tue, 16 Dec 2014 15:41:19 +0000 (16:41 +0100)]
libdw: Make sure there is enough space to read offset in dwarf_getpubnames.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Correct overflow check for length in print_debug_aranges_section.
Mark Wielaard [Tue, 16 Dec 2014 15:30:59 +0000 (16:30 +0100)]
readelf: Correct overflow check for length in print_debug_aranges_section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf,libdw: Correct .debug_line overflow check for unit_length.
Mark Wielaard [Tue, 16 Dec 2014 15:10:28 +0000 (16:10 +0100)]
readelf,libdw: Correct .debug_line overflow check for unit_length.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Warn, don't assert, if loclist or rangelist offset is too big.
Mark Wielaard [Mon, 15 Dec 2014 18:43:02 +0000 (19:43 +0100)]
readelf: Warn, don't assert, if loclist or rangelist offset is too big.

We use a couple of bits to keep track of the addr size, dwarf size and
warning given for a loclist or rangelist offset. Normally offset won't
be that big and will fit in 61-bits easily. But if not, don't assert,
but just warn we don't handle such large offsets.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Don't assert when addr_size or ref_size is not 4 or 8 in print_ops.
Mark Wielaard [Mon, 15 Dec 2014 18:05:43 +0000 (19:05 +0100)]
readelf: Don't assert when addr_size or ref_size is not 4 or 8 in print_ops.

Just report invalid data and continue.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: dwarf_getpubnames set error to DWARF_E_NO_ENTRY for zero entries.
Mark Wielaard [Mon, 15 Dec 2014 15:56:49 +0000 (16:56 +0100)]
libdw: dwarf_getpubnames set error to DWARF_E_NO_ENTRY for zero entries.

realloc in get_offsets will return NULL otherwise and dwarf_getpubnames
might think there was no issue and try to use that NULL pointer.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Add more bounds checks to print_gdb_index_section.
Mark Wielaard [Mon, 15 Dec 2014 14:34:59 +0000 (15:34 +0100)]
readelf: Add more bounds checks to print_gdb_index_section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Add bounds checking to dwarf_getpubnames.
Mark Wielaard [Mon, 15 Dec 2014 13:56:07 +0000 (14:56 +0100)]
libdw: Add bounds checking to dwarf_getpubnames.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Make sure there is enough room for reading .debug_line unit_length.
Mark Wielaard [Mon, 15 Dec 2014 12:40:18 +0000 (13:40 +0100)]
readelf: Make sure there is enough room for reading .debug_line unit_length.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Check there is enough room for the DW_LNE_set_address argument
Mark Wielaard [Mon, 15 Dec 2014 10:35:46 +0000 (11:35 +0100)]
readelf: Check there is enough room for the DW_LNE_set_address argument

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Clear any garbage left in the ar name table.
Mark Wielaard [Mon, 15 Dec 2014 10:17:33 +0000 (11:17 +0100)]
libelf: Clear any garbage left in the ar name table.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Unroll the first get_sleb128 step to help the compiler optimize.
Mark Wielaard [Tue, 16 Dec 2014 09:53:22 +0000 (10:53 +0100)]
libdw: Unroll the first get_sleb128 step to help the compiler optimize.

The common case is a single-byte. So no extra (max len) calculation is
necessary then.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: pre-compute leb128 loop limits
Josh Stone [Mon, 15 Dec 2014 20:18:25 +0000 (12:18 -0800)]
libdw: pre-compute leb128 loop limits

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agolibdw: Add get_uleb128 and get_sleb128 bounds checking.
Mark Wielaard [Sun, 14 Dec 2014 20:48:23 +0000 (21:48 +0100)]
libdw: Add get_uleb128 and get_sleb128 bounds checking.

Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.

There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Make sure all attributes come with a (fake) CU for bound checks.
Mark Wielaard [Fri, 12 Dec 2014 15:43:04 +0000 (16:43 +0100)]
libdw: Make sure all attributes come with a (fake) CU for bound checks.

All attributes now have a reference to a (fake) CU that has startp and
endp set to the data section where the form data comes from. Use that
for bounds checking in __libdw_form_val_len and dwarf_formblock to make
sure data read doesn't overflow any data section. Remove libdwP.h cu_data
and use cu startp and endp directly where appropriate.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoelfcmp: Make sure Elf32_Word difference doesn't wrap around in int compare.
Mark Wielaard [Tue, 16 Dec 2014 10:04:55 +0000 (11:04 +0100)]
elfcmp: Make sure Elf32_Word difference doesn't wrap around in int compare.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdwfl: Make sure elf_getdata_rawchunk size_t doesn't overflow find_dynsym.
Mark Wielaard [Sat, 13 Dec 2014 21:23:45 +0000 (22:23 +0100)]
libdwfl: Make sure elf_getdata_rawchunk size_t doesn't overflow find_dynsym.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibdw: Make sure end of next cu doesn't overflow section data size.
Mark Wielaard [Thu, 11 Dec 2014 23:22:31 +0000 (00:22 +0100)]
libdw: Make sure end of next cu doesn't overflow section data size.

An invalid or trucated debug info/type section could cause the cu endp
to point beyond the end of section data.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoGuard against 64bit unsigned wrap around in (int) compare functions.
Mark Wielaard [Sat, 13 Dec 2014 23:09:29 +0000 (00:09 +0100)]
Guard against 64bit unsigned wrap around in (int) compare functions.

Dwarf_Adrr and Dwarf_Off are 64-bit unsigned, and comparison functions
used in qsort or tfind return int, it is possible for the difference to
be so large that it wraps around. Make sure to just return -1, 0 or 1
in compare_aranges and compare_cukey.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoAdd config/compile as installed by automake 1.14
Josh Stone [Mon, 15 Dec 2014 19:05:11 +0000 (11:05 -0800)]
Add config/compile as installed by automake 1.14

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agoreadelf: Check TType base offset and Action table are sane in exception table.
Mark Wielaard [Thu, 11 Dec 2014 17:26:09 +0000 (18:26 +0100)]
readelf: Check TType base offset and Action table are sane in exception table.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agoreadelf: Don't print more augmentation characters than there are.
Mark Wielaard [Thu, 11 Dec 2014 16:21:22 +0000 (17:21 +0100)]
readelf: Don't print more augmentation characters than there are.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Correct ELF64 section offset check in file_read_elf.
Mark Wielaard [Thu, 11 Dec 2014 15:33:30 +0000 (16:33 +0100)]
libelf: Correct ELF64 section offset check in file_read_elf.

The ELF64 case didn't check for overflow and accidentially used the 32bit
Shdr size.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agolibelf: Add some ar header sanity checking.
Mark Wielaard [Thu, 11 Dec 2014 15:28:57 +0000 (16:28 +0100)]
libelf: Add some ar header sanity checking.

Don't allow entries or size to overflow the parent file size.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Add an explicit -fasynchronous-unwind-tables for deleted-lib.so.
Mark Wielaard [Fri, 12 Dec 2014 20:51:27 +0000 (21:51 +0100)]
tests: Add an explicit -fasynchronous-unwind-tables for deleted-lib.so.

Some systems don't add a PT_GNU_EH_FRAME segment by default, but the
deleted test depends on it so that it can get at the .eh_frame_hdr table
through the phdrs from the remote memory ELF image. Request one explicitly
with -fasynchronous-unwind-tables.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
9 years agotests: Test addr2line -i with lexical blocks present
Josh Stone [Fri, 12 Dec 2014 01:19:23 +0000 (17:19 -0800)]
tests: Test addr2line -i with lexical blocks present

This test is for the fix in commit aecdf2670c02, but it was hampered by
unlucky sorting of line records.  With the new stable sort, the test now
gets the desired line numbers.

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agolibdwfl: Search for the last matching address in lines
Josh Stone [Fri, 12 Dec 2014 00:23:46 +0000 (16:23 -0800)]
libdwfl: Search for the last matching address in lines

Now that libdw's srclines use a stable sort, we can reliably choose the
*last* matching line record for a given address, which should be the
innermost where inlines are concerned.

Signed-off-by: Josh Stone <jistone@redhat.com>
9 years agolibdw: Make srclines use a stable sort
Josh Stone [Fri, 12 Dec 2014 00:22:48 +0000 (16:22 -0800)]
libdw: Make srclines use a stable sort

This adds a sequence number to the linked-list entries, so the original
order can break ties in sorting, making this a stable sort.

Signed-off-by: Josh Stone <jistone@redhat.com>