Compressed debug sections can have uncompressed sizes that exceed the
original file size, so we can't use bfd_get_file_size. objdump also
used bfd_get_file_size to limit reloc section size, but I believe the
underlying bug causing the PR22508 out of bounds buffer access was
that we had an integer overflow when calculating the reloc buffer
size. I've fixed that instead in most of the backends, som and
vms-alpha being the exceptions. SOM and vmd-alpha have rather more
serious bugs in their slurp_relocs routines that would need fixing
first if we want to fuss about making them safe against fuzzed object
files.
The patch also fixes a number of other potential overflows by using
the bfd_alloc2/malloc2/zalloc2 memory allocation functions.
bfd/
* coffcode.h (buy_and_read): Delete unnecessary forward decl. Add
nmemb parameter. Use bfd_alloc2.
(coff_slurp_line_table): Use bfd_alloc2. Update buy_and_read calls.
Delete assertion.
(coff_slurp_symbol_table): Use bfd_alloc2 and bfd_zalloc2.
(coff_slurp_reloc_table): Use bfd_alloc2. Update buy_and_read calls.
* coffgen.c (coff_get_reloc_upper_bound): Ensure size calculation
doesn't overflow.
* elf.c (bfd_section_from_shdr): Use bfd_zalloc2. Style fix.
(assign_section_numbers): Style fix.
(swap_out_syms): Use bfd_malloc2.
(_bfd_elf_get_reloc_upper_bound): Ensure size calculation doesn't
overflow.
(_bfd_elf_make_empty_symbol): Style fix.
(elfobj_grok_stapsdt_note_1): Formatting.
* elfcode.h (elf_object_p): Use bfd_alloc2.
(elf_write_relocs, elf_write_shdrs_and_ehdr): Likewise.
(elf_slurp_symbol_table): Use bfd_zalloc2.
(elf_slurp_reloc_table): Use bfd_alloc2.
(_bfd_elf_bfd_from_remote_memory): Use bfd_malloc2.
* elf64-sparc (elf64_sparc_get_reloc_upper_bound): Ensure
size calculation doesn't overflow.
(elf64_sparc_get_dynamic_reloc_upper_bound): Likewise.
* mach-o.c (bfd_mach_o_get_reloc_upper_bound): Likewise.
* pdp11.c (get_reloc_upper_bound): Copy aoutx.h version.
binutils/
* objdump.c (load_specific_debug_section): Don't compare section
size against file size.
(dump_relocs_in_section): Don't compare reloc size against file size.
Print "failed to read relocs" on bfd_get_reloc_upper_bound error.
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
BFD is an object file library. It permits applications to use the
same routines to process object files regardless of their format.
BFD is used by the GNU debugger, assembler, linker, and the binary
utilities.
The documentation on using BFD is scanty and may be occasionally
incorrect. Pointers to documentation problems, or an entirely
rewritten manual, would be appreciated.
There is some BFD internals documentation in doc/bfdint.texi which may
help programmers who want to modify BFD.
BFD is normally built as part of another package. See the build
instructions for that package, probably in a README file in the
appropriate directory.
BFD supports the following configure options:
--target=TARGET
The default target for which to build the library. TARGET is
a configuration target triplet, such as sparc-sun-solaris.
--enable-targets=TARGET,TARGET,TARGET...
Additional targets the library should support. To include
support for all known targets, use --enable-targets=all.
--enable-64-bit-bfd
Include support for 64 bit targets. This is automatically
turned on if you explicitly request a 64 bit target, but not
for --enable-targets=all. This requires a compiler with a 64
bit integer type, such as gcc.
--enable-shared
Build BFD as a shared library.
--with-mmap
Use mmap when accessing files. This is faster on some hosts,
but slower on others. It may not work on all hosts.
Report bugs with BFD to bug-binutils@gnu.org.
Patches are encouraged. When sending patches, always send the output
of diff -u or diff -c from the original file to the new file. Do not
send default diff output. Do not make the diff from the new file to
the original file. Remember that any patch must not break other
systems. Remember that BFD must support cross compilation from any
host to any target, so patches which use ``#ifdef HOST'' are not
acceptable. Please also read the ``Reporting Bugs'' section of the
gcc manual.
Bug reports without patches will be remembered, but they may never get
fixed until somebody volunteers to fix them.
Copyright (C) 2012-2019 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
7a6e0d89bb