From patchwork Wed Apr 12 05:11:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 82246 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp74537vqo; Tue, 11 Apr 2023 22:12:02 -0700 (PDT) X-Google-Smtp-Source: AKy350bi8PKukEWhPFqzp+35Y/ALzZz7Sak4euJX6cYiA6cpDgP0SoctUI07NSH/H5Rsegk2Jttg X-Received: by 2002:a05:6402:514d:b0:502:7d3f:25e9 with SMTP id n13-20020a056402514d00b005027d3f25e9mr11725493edd.1.1681276321932; Tue, 11 Apr 2023 22:12:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681276321; cv=none; d=google.com; s=arc-20160816; b=aFHf87LB+UWIS1r69F5Mkwh/CrtkKXYAqlp0KncYif9aQ4zzNbJYGVV21Xc8AUeNZi Cm9MaZeEKalO1f8L8Krinw8s/iTDuqNJDiFMaI/CXofGC+KUD+kYPbFEx3xdUO8aXsHo ihOkQo/BR/1HTdpemQYrteh4zO66o01/fPigQcMiwrStnXsLkFo80WSJE/wXshuNfarB kbgRZnUR0q59wWuvLura1a9AlnjdHoogwWjrb/szVGNAwpZ91ZWevbpKdu3pvCkkpR9a cn0C2a51l8oJome4W9T/mXmLdOq87vYOJ7iIt2dZtELT38DtH5tPAi4WhPJJ9qRbsqea 5xjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=FniDH0XEz8EYkVKGz8TD35tDRCsw4VVLA07h/7yJISI=; b=fnCM+/b3Ol2UjBfml7toYM7xmaNw2G5pG8t7XBCAWDsjQ+uFgGfMsVVhStKeX2Hg8Q uydjwhIuavCyTY86w2+sYHYkLJyLITW+MObJTLu5T5UB8hLhBDJwPwfxKWpOkDg7+xgE ezKjyuVcSgSGFF1d931/kwpkRMXMYnqdWl1FpOrOxbeYwdcRRzaaDPTEOvKE5wvsRhdU oXYe9NnAIuog9rRhr0+FuUEvMklzbGUnzmERJeC17tugtJluPVk6uoUsc7ecVUei0Rub uHeP9uUi5lfzLg9kh2OGHa3rHjcgjaS5DwOvO0TY4vCuVQZ/nk9XkgCkj5/7n4D9wzcI 8B2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b="VN1/E7d7"; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id i5-20020aa7c705000000b004fc05bace62si1370765edq.396.2023.04.11.22.12.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Apr 2023 22:12:01 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b="VN1/E7d7"; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 367D03858434 for ; Wed, 12 Apr 2023 05:11:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 367D03858434 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1681276316; bh=FniDH0XEz8EYkVKGz8TD35tDRCsw4VVLA07h/7yJISI=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=VN1/E7d7/adSjrXxjPbyi8IR5+wYVWd+olc+1dfG/iEZTpY3Kg5vSCb6GgqmvfknU rCbNfL6CfLr5AGqO9qJXcrpTKPSBhEOkRLCvk6/MMd0NXAkkV2Hyq9n+8sYZxc9vHm AyUnGwKgnREdDmkHOHb7hg7EZqk+x/DottX9a59A= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by sourceware.org (Postfix) with ESMTPS id C6D593858D32 for ; Wed, 12 Apr 2023 05:11:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C6D593858D32 Received: by mail-pj1-x1036.google.com with SMTP id jx2-20020a17090b46c200b002469a9ff94aso8582981pjb.3 for ; Tue, 11 Apr 2023 22:11:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1681276306; x=1683868306; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FniDH0XEz8EYkVKGz8TD35tDRCsw4VVLA07h/7yJISI=; b=RpxEpy7T/4DPIpAubo/Q7kQn3UxYa58YKfsaA1nxm07amoOPRvvykqw13Ef5Tv7MeD FbtEkZ7iCYc93MQQOqGnrQCShMKKe/LDaqjnz/K3zZ0rf+fuan7BTAM5vPyL2NGyAPec AOXsubWG2oCpcw9ECpaVPW2LPB5ylGHhL6ygwOJoep8DJ+HxTTuMF0D+xz1+LH3ryVMB kMon7XhMTZ9LbkN8Uitp9TiVHjB2EQSiSV4meM+Ctijyt8QzzDB48sl7RVyyGQvqjIqz bzqsF4LO7HG1a19pNJIvw7b8pcg8jCHQE1a4Kqm7bTdNsQR/dQnwBiNzliLjy4qVcX1V jmaQ== X-Gm-Message-State: AAQBX9cSfceuz8r7vhoxZA6fjH8m5qGGpzWzOOKgZN2t3arHwVB7f6K6 YIgMVtZ/V/hd7KYgjEzouDH45qoC3eI= X-Received: by 2002:a05:6a20:7b08:b0:da:eb84:fcff with SMTP id s8-20020a056a207b0800b000daeb84fcffmr12536151pzh.29.1681276306086; Tue, 11 Apr 2023 22:11:46 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:4d08:cebd:d73f:b794]) by smtp.gmail.com with ESMTPSA id l19-20020a62be13000000b006249928aba2sm10705436pff.59.2023.04.11.22.11.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Apr 2023 22:11:45 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id DB1491142C38; Wed, 12 Apr 2023 14:41:42 +0930 (ACST) Date: Wed, 12 Apr 2023 14:41:42 +0930 To: binutils@sourceware.org Subject: PR30326, uninitialised value in objdump compare_relocs Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3034.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1762946000567117163?= X-GMAIL-MSGID: =?utf-8?q?1762946000567117163?= This is a fuzzing PR, with a testcase involving a SHF_ALLOC and SHF_COMPRESSED SHT_RELA section, ie. a compressed dynamic reloc section. BFD doesn't handle compressed relocation sections, with most of the code reading relocs using sh_size (often no bfd section is created) but in the case of SHF_ALLOC dynamic relocs we had some code using the bfd section size. This led to a mismatch, sh_size is compressed, size is uncompressed, and from that some uninitialised memory. Consistently using sh_size is enough to fix this PR, but I've also added tests to exclude SHF_COMPRESSED reloc sections from consideration. PR 30326 * elf.c (bfd_section_from_shdr): Exclude reloc sections with SHF_COMPRESSED flag from normal reloc processing. (_bfd_elf_get_dynamic_reloc_upper_bound): Similarly exclude SHF_COMPRESSED sections from consideration. Use sh_size when sizing to match slurp_relocs. (_bfd_elf_canonicalize_dynamic_reloc): Likewise. (_bfd_elf_get_synthetic_symtab): Use NUM_SHDR_ENTRIES to size plt relocs. * elf32-arm.c (elf32_arm_get_synthetic_symtab): Likewise. * elf32-ppc.c (ppc_elf_get_synthetic_symtab): Likewise. * elf64-ppc.c (ppc64_elf_get_synthetic_symtab): Likewise. * elfxx-mips.c (_bfd_mips_elf_get_synthetic_symtab): Likewise. diff --git a/bfd/elf.c b/bfd/elf.c index 0e2ae6dae1c..fa7c25ad9dc 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -2381,6 +2381,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) its sh_link points to the null section. */ if (((abfd->flags & (DYNAMIC | EXEC_P)) != 0 && (hdr->sh_flags & SHF_ALLOC) != 0) + || (hdr->sh_flags & SHF_COMPRESSED) != 0 || hdr->sh_type == SHT_RELR || hdr->sh_link == SHN_UNDEF || hdr->sh_link != elf_onesymtab (abfd) @@ -8728,15 +8729,16 @@ _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd) for (s = abfd->sections; s != NULL; s = s->next) if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd) && (elf_section_data (s)->this_hdr.sh_type == SHT_REL - || elf_section_data (s)->this_hdr.sh_type == SHT_RELA)) + || elf_section_data (s)->this_hdr.sh_type == SHT_RELA) + && (elf_section_data (s)->this_hdr.sh_flags & SHF_COMPRESSED) == 0) { - ext_rel_size += s->size; - if (ext_rel_size < s->size) + ext_rel_size += elf_section_data (s)->this_hdr.sh_size; + if (ext_rel_size < elf_section_data (s)->this_hdr.sh_size) { bfd_set_error (bfd_error_file_truncated); return -1; } - count += s->size / elf_section_data (s)->this_hdr.sh_entsize; + count += NUM_SHDR_ENTRIES (&elf_section_data (s)->this_hdr); if (count > LONG_MAX / sizeof (arelent *)) { bfd_set_error (bfd_error_file_too_big); @@ -8785,14 +8787,15 @@ _bfd_elf_canonicalize_dynamic_reloc (bfd *abfd, { if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd) && (elf_section_data (s)->this_hdr.sh_type == SHT_REL - || elf_section_data (s)->this_hdr.sh_type == SHT_RELA)) + || elf_section_data (s)->this_hdr.sh_type == SHT_RELA) + && (elf_section_data (s)->this_hdr.sh_flags & SHF_COMPRESSED) == 0) { arelent *p; long count, i; if (! (*slurp_relocs) (abfd, s, syms, true)) return -1; - count = s->size / elf_section_data (s)->this_hdr.sh_entsize; + count = NUM_SHDR_ENTRIES (&elf_section_data (s)->this_hdr); p = s->relocation; for (i = 0; i < count; i++) *storage++ = p++; @@ -12936,7 +12939,7 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd, if (! (*slurp_relocs) (abfd, relplt, dynsyms, true)) return -1; - count = relplt->size / hdr->sh_entsize; + count = NUM_SHDR_ENTRIES (hdr); size = count * sizeof (asymbol); p = relplt->relocation; for (i = 0; i < count; i++, p += bed->s->int_rels_per_ext_rel) diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c index e07e12226a5..70413668e5a 100644 --- a/bfd/elf32-arm.c +++ b/bfd/elf32-arm.c @@ -20067,7 +20067,7 @@ elf32_arm_get_synthetic_symtab (bfd *abfd, plt->flags |= SEC_IN_MEMORY; } - count = relplt->size / hdr->sh_entsize; + count = NUM_SHDR_ENTRIES (hdr); size = count * sizeof (asymbol); p = relplt->relocation; for (i = 0; i < count; i++, p += elf32_arm_size_info.int_rels_per_ext_rel) diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index bb77ba2d5c7..2cff158a5f5 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -1920,7 +1920,7 @@ ppc_elf_get_synthetic_symtab (bfd *abfd, long symcount, asymbol **syms, } } - count = relplt->size / sizeof (Elf32_External_Rela); + count = NUM_SHDR_ENTRIES (&elf_section_data (relplt)->this_hdr); /* If the stubs are those for -shared/-pie then we might have multiple stubs for each plt entry. If that is the case then there is no way to associate stubs with their plt entries short diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c index 069bd758aec..daa6deef728 100644 --- a/bfd/elf64-ppc.c +++ b/bfd/elf64-ppc.c @@ -2576,7 +2576,7 @@ ppc64_elf_get_synthetic_symtab (bfd *abfd, if (!(*slurp_relocs) (abfd, relplt, dyn_syms, true)) goto free_contents_and_exit_err; - plt_count = relplt->size / sizeof (Elf64_External_Rela); + plt_count = NUM_SHDR_ENTRIES (&elf_section_data (relplt)->this_hdr); size += plt_count * sizeof (asymbol); p = relplt->relocation; diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c index d34a755807b..751deede887 100644 --- a/bfd/elfxx-mips.c +++ b/bfd/elfxx-mips.c @@ -16595,7 +16595,7 @@ _bfd_mips_elf_get_synthetic_symtab (bfd *abfd, /* Calculating the exact amount of space required for symbols would require two passes over the PLT, so just pessimise assuming two PLT slots per relocation. */ - count = relplt->size / hdr->sh_entsize; + count = NUM_SHDR_ENTRIES (hdr); counti = count * bed->s->int_rels_per_ext_rel; size = 2 * count * sizeof (asymbol); size += count * (sizeof (mipssuffix) +