This modifies _bfd_elf_free_cached_info to unmap/free section
contents. To do that we need to *not* free sections where contents
are bfd_alloc'd or point to constant strings or somesuch. I've chosen
to implement this be adding another flag to struct bfd_section,
"alloced" to say the section contents can't be freed. Most of the
patch is about setting that flag in many places.
This field is always set to point to asection.symbol, and no code ever
changes it from its initial value. With one exception. elfxx-mips.c
creates two sections with separate pointers to their symbols, and uses
those as asection.symbol_ptr_ptr. Those pointers aren't modified,
so they disappear in this patch too.
The aout object_p function copies any existing tdata. Apparently this
was done for hp300, an old target that is no longer supported. See
commit ebd2413529. This isn't useful for current sources, nor is it
necessary or useful any more to preserve tdata in object_p functions
when a target doesn't match. When I was fixing this, I noticed some
object_p functions rudely didn't release memory on failures, and
others had nits in the bfd_error returns.
* aoutx.h (some_aout_object_p): Don't restore previous tdata
on failure. Don't copy any existing tdata.
* archive.c (bfd_generic_archive_p): Don't restore previous
tdata on failure.
* pdp11.c (some_aout_object_p): Likewise.
* coff-rs6000.c (_bfd_xcoff_archive_p): Allocate both artdata
and extension in one call. Don't restore previous tdata on
failure.
* coff64-rs6000.c (xcoff64_archive_p): Likewise.
* coffgen.c (coff_real_object_p): Don't restore previous
tdata on failure.
* ihex.c (ihex_object_p): Likewise. Simplify release of tdata
on scan failure.
* mach-o.c (bfd_mach_o_scan): Don't set tdata here. Do set
error on read_command failure.
(bfd_mach_o_header_p): Set tdata here, release on failure.
Tidy bfd_error return values.
(bfd_mach_o_fat_archive_p): Tidy error return values.
* mmo.c (mmo_mkobject): Do not test current tdata.
* pef.c (bfd_pef_scan_start_address): Set bfd_error on
failure.
(bfd_pef_scan): Don't set tdata here.
(bfd_pef_object_p): Set tdata here, release on failure. Tidy
bfd_error return values.
(bfd_pef_xlib_object_p): Tidy bfd_error return values.
* srec.c (srec_object_p): Don't restore previous tdata on
failure. Do release tdata on failure.
(symbolsrec_object_p): Likewise.
* tekhex.c (tekhex_object_p): Don't ignore tekhex_mkobject
failure. Release tdata on failure.
* vms-alpha.c (alpha_vms_object_p): Don't restore previous
tdata on failure. Simplify release of tdata.
* xsym.c (bfd_sym_scan): Don't set tdata here.
(bfd_sym_object_p): Set tdata here. Release on failure.
Fixes error reports about the length of EEOM records produced by gas.
PR 21618
* vms-alpha.c (evax_bfd_print_emh): Don't read subtyp if short
record. Consolidate error messages.
(evax_bfd_print_eeom): Allow length 10 record.
This patch is in response to an oss-fuzz report regarding
use-of-uninitialized-value in bfd_is_section_compressed_info from
section contents provided by alpha_vms_get_section_contents. That
hole is covered by using bfd_zalloc rather than bfd_alloc.
The rest of the patch is mostly a tidy. In a function returning
section contents, I tend to prefer a test on the section properties
over a test on file properties. That's why I've changed the file
flags test to one on section filepos and flags before calling
_bfd_generic_get_section_contents. Also, fuzzed objects can easily
have sections with file backing in relocatable objects, or sections
without file backing in images. Possible confusion is avoided by
testing each section.
Note that we are always going to run into out-of-memory with fuzzed
alpha-vms object files due to sections with contents via ETIR records.
eg. ETIR__C_STO_IMMR stores a number of bytes repeatedly, with a
32-bit repeat count. So section contents can be very large from a
relatively small file. I'm inclined to think that an out-of-memory
error is fine for such files.
* vms-alpha.c (alpha_vms_get_section_contents): Handle sections
with non-zero filepos or without SEC_HAS_CONTENTS via
_bfd_generic_get_section_contents. Zero memory allocated for
sections filled by ETIR records.
In commit b86d3af60f and 0ab0435fe6 I fixed SIGBUS errors found by
oss-fuzz now that --with-mmap defaults to enabled. It turns out there
are further problems with the aout mmap code: aout_read_minisymbols
returns the external symbol array, which is later freed by nm.c. If
the array is mmaped you can't free it. Now this could be fixed by
making aout minisymbols an array of pointers, but I figure there's not
much point in expending effort on that. So delete the aout mmap
support along with bfdwin.c and get_section_contents_in_window.
Adds two new external authors to etc/update-copyright.py to cover
bfd/ax_tls.m4, and adds gprofng to dirs handled automatically, then
updates copyright messages as follows:
1) Update cgen/utils.scm emitted copyrights.
2) Run "etc/update-copyright.py --this-year" with an extra external
author I haven't committed, 'Kalray SA.', to cover gas testsuite
files (which should have their copyright message removed).
3) Build with --enable-maintainer-mode --enable-cgen-maint=yes.
4) Check out */po/*.pot which we don't update frequently.
These were renamed from bfd_read and bfd_write back in 2001 when they
lost an unnecessary parameter. Rename them back, and get rid of a few
casts that are only needed without prototyped functions (K&R C).
doc/bfdint.texi and comments in the aout and som code about this
function are just wrong, and its name is not very apt. Better would
be _bfd_mostly_destroy, and we certainly should not be saying anything
about the possibility of later recreating anything lost by this
function. What's more, if _bfd_free_cached_info is called when
creating an archive map to reduce memory usage by throwing away
symbols, the target _close_and_cleanup function won't have access to
tdata or section bfd_user_data to tidy memory. This means most of the
target _close_and_cleanup function won't do anything, and therefore
sometimes will result in memory leaks.
This patch fixes the documentation problems and moves most of the
target _close_and_cleanup code to target _bfd_free_cached_info.
Another notable change is that bfd_generic_bfd_free_cached_info is now
defined as _bfd_free_cached_info rather than _bfd_bool_bfd_true,
ie. the default now frees objalloc memory.
The newer update-copyright.py fixes file encoding too, removing cr/lf
on binutils/bfdtest2.c and ld/testsuite/ld-cygwin/exe-export.exp, and
embedded cr in binutils/testsuite/binutils-all/ar.exp string match.
The direct cause for the looping was failing to test for error return
from _bfd_vms_get_object_record inside a while(1) loop. Fix that.
Also record status of first alpha_vms_slurp_relocs call and return
that for all subsequent calls. (The object format has one set of
relocation records for all sections.) If the first call fails, all
others should too.
* vms-alpha.c (struct vms_private_data_struct): Make reloc_done
a tri-state int.
(alpha_vms_slurp_relocs): Set reloc_done to 1 on success, -1 on
failure. Return that status on subsequent calls. Check
_bfd_vms_get_object_record return status.
(alpha_vms_get_reloc_upper_bound): Return status from
alpha_vms_slurp_relocs.
(alpha_vms_write_exec): Exclude sections with contents NULL due
to previous errors from layout, and don't try to write them.
bfd_find_nearest_line_with_alt functions like bfd_find_nearest_line with
the addition of a parameter for specifying the filename of a supplementary
debug file such as one referenced by .gnu_debugaltlink or .debug_sup.
This patch focuses on implementing bfd_find_nearest_line_with_alt
support for ELF/DWARF2 .gnu_debugaltlink. For other targets this
function simply sets the invalid_operation bfd_error.
The "HOWTO size encoding" patch put 1 as the HOWTO size arg for
numerous howtos that are unused, describe dynamic relocs, are markers,
or otherwise are special purpose reloc howtos that don't care about
the size. The idea was to ensure no howto changed by inspecting
object files. Revert those changes, making them zero size.
* coff-alpha.c: Give special purpose reloc howtos a size of zero.
* coff-mcore.c, * elf-hppa.h, * elf-m10300.c, * elf32-arm.c,
* elf32-csky.c, * elf32-m32c.c, * elf32-m68k.c, * elf32-mep.c,
* elf32-mips.c, * elf32-ppc.c, * elf32-rx.c, * elf32-s390.c,
* elf32-spu.c, * elf32-tic6x.c, * elf32-tilepro.c, *elf32-vax.c,
* elf32-xtensa.c, * elf64-alpha.c, * elf64-mips.c,
* elf64-mmix.c, * elf64-ppc.c, * elf64-s390.c, * elfn32-mips.c,
* elfxx-loongarch.c, * elfxx-riscv.c, * elfxx-sparc.c,
* elfxx-tilegx.c, * som.c, * vms-alpha.c: Likewise.
Requiring C99 means that uses of bfd_uint64_t can be replaced with
uint64_t, and similarly for bfd_int64_t, BFD_HOST_U_64_BIT, and
BFD_HOST_64_BIT. This patch does that, removes #ifdef BFD_HOST_*
and tidies a few places that print 64-bit values.
With "name" a char*, the length at name[0] might be negative, escaping
buffer limit checks.
* vms-alpha.c (evax_bfd_print_dst): Make name an unsigned char*.
(evax_bfd_print_emh): Likewise.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
Yet more anti-fuzzer sanity checking
* vms-alpha.c (evax_bfd_print_egsd): Sanity check record and
name lengths before access.
(evax_bfd_print_etir_stc_ir, evax_bfd_print_etir): Likewise.
Section reloc_count is an unsigned int. Adding one for a NULL
terminator to an array of arelent pointers can wrap the count to
zero. Avoid that by doing the addition as longs.
* coffgen.c (coff_get_reloc_upper_bound): Don't overflow unsigned
int expression.
* elf.c (_bfd_elf_get_reloc_upper_bound): Likewise.
* elf64-sparc.c (elf64_sparc_get_reloc_upper_bound): Likewise.
* mach-o.c (bfd_mach_o_get_reloc_upper_bound): Likewise.
* vms-alpha.c (alpha_vms_get_reloc_upper_bound): Likewise.
Fixes possible overflow of a static buffer for powerpc with translated
messages, and on v850 when symbol names are large.
* archive.c (_bfd_ar_spacepad, _bfd_ar_sizepad): Use auto buf.
* coff-mcore.c (coff_mcore_relocate_section): Likewise.
* elf32-ppc.c (ppc_elf_unhandled_reloc): Use asprintf in place
of fixed size and possibly too small buf for translated message.
* elf64-ppc.c (ppc64_elf_unhandled_reloc): Likewise.
* elf32-v850.c (v850_elf_check_relocs): Likewise.
* ecoff.c (ecoff_type_to_string): Pass in return string buff rather
than using static buffer2. Delete dead code. Remove unnecessary
parentheses.
(_bfd_ecoff_print_symbol): Pass auto buff to ecoff_type_to_string.
* elf32-rx.c (describe_flags): Pass in return string buf rather
than using static buf.
(rx_elf_merge_private_bfd_data): Pass buf to describe_flags.
(rx_elf_print_private_bfd_data): Likewise.
* mach-o.c (cpusubtype): Pass in return string buffer rather than
using static buffer.
(bfd_mach_o_bfd_print_private_bfd_data): Pass buff to cpusubtype.
* opncls.c (separate_debug_file_exists): Make buffer an auto var.
(bfd_fill_in_gnu_debuglink_section): Likewise.
* peXXigen.c (rsrc_resource_name): Pass in return string buffer
rather than using static buffer.
(rsrc_sort_entries): Pass buff to rsrc_resource_name.
* vms-alpha.c (_bfd_vms_write_emh): Pass tbuf to get_vms_time_string.
* vms-misc.c (get_vms_time_string): Pass in return string tbuf
rather than using static tbuf.
* vms.h (get_vms_time_string): Update prototype.
C_OPR_ASH is supposed to be an arithmetic shift. By the look of it,
this operator implemented logical shifts since the original binutils
support was added. This patch corrects that and avoids some nonsense
ubsan complaints. I chose to implement infinite precision shifts
rather than masking shift counts to the word size as the spec I had is
silent on what is supposed to happen with overlarge shift counts.
* vms-alpha.c (_bfd_vms_slurp_etir <ETIR__C_OPR_ASH>): Implement
shifts without undefined behaviour.
Better validity checks, and remove a fuzzer vulnerability of sorts that
targeted the store-immediate-repeat command with a zero length but
very large repeat counts to chew cpu.
* vms-alpha.c (_bfd_vms_slurp_etir): Check bound for the current
command against cmd_length, not the end of record. For
ETIR__C_STO_IMMR check size against cmd_length, mask repeat count
to 32-bits and break out on zero size. Add ETIR__C_STC_LP_PSB
cmd_length test.
