From patchwork Fri Oct  7 03:09:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 1801
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp96696wrs;
        Thu, 6 Oct 2022 20:10:17 -0700 (PDT)
X-Google-Smtp-Source: 
 AMsMyM6AEP2SiSrBRIvjDX4az0HChonJYLUXbe/2/FqP21PsRR7Yf8PbAbCAG8PkyjNZsFXVxl9Q
X-Received: by 2002:a17:907:1692:b0:78c:ffac:4bf0 with SMTP id
 hc18-20020a170907169200b0078cffac4bf0mr2353079ejc.329.1665112217177;
        Thu, 06 Oct 2022 20:10:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1665112217; cv=none;
        d=google.com; s=arc-20160816;
        b=oST2j5DWdokeXgUa1249UduMw72O8fh9qJpnvWwCuDxf6ODuZMh8/3QD0HnhVxMPUL
         swJbTb8SKIFYxhivtvcqwBBydTnMu4ks8LUVeK6OWgR5uXyPz1o2oxpfe+IKVjhnuexx
         RnnBg1w43d/4vTklP9u2QC9j/ga9WapPjj0dwLSa6Gy4E4636Pzw/C0INrIpf5QHehvO
         tFJFYhya3bq/z5DF3zA7u/VOUnSphDUJtna/wYEetbuO64htuUYRMEv1q37maGrGZSBz
         DsfRQenJNEJ7RDb3L1W4a1ym3rkTw6JH4OqYC6LTPSeBHxVHwLLoR6dWJpCMNWmgxI63
         xUBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-disposition:mime-version:message-id:subject:to:date
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=WuU12lNf3wJ1y0usr4c7dD6Uu9QYvoihajaV0U4rWz4=;
        b=DXERyPyE+UvV4ANbStJ2dN8QNkaXnqUxPf8zCe5bsFOaM4fYsjS/WudDnBgC5pspg+
         40ko61q8QH7h6rOSxVDhAVRhFXUYcw7X5Qn4CUx3VBcrSHuRuW9Ur4kQ0nuhzQaIZuHU
         gy32yHLhgiw46SEHYsmUOVlg81tSnpULxK9vEzyAYEHzqWBGYQbQENxQ0fc5k6oU60rK
         4DKM4sOW5rykH1ySyFGpbMvi/TtQafLGYaKl7bAJrkZWYVnuIJ+Dm0HrJs9mzbsS5Kzw
         ZA5JFTBjLkWYzIUQqHZV44997B3gSszFjrlxO6Cmw2LQYl+lkWp1u8BB7HfA+GpiqR18
         5FVQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default header.b=kzwMXby3;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 hc40-20020a17090716a800b0077b17197047si1530383ejc.437.2022.10.06.20.10.16
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Oct 2022 20:10:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default header.b=kzwMXby3;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 00FB0383DB93
	for <ouuuleilei@gmail.com>; Fri,  7 Oct 2022 03:10:16 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 00FB0383DB93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1665112216;
	bh=WuU12lNf3wJ1y0usr4c7dD6Uu9QYvoihajaV0U4rWz4=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=kzwMXby3KXxV6kUS+Zwz7SIEgoODhBAs5c0z4SFPvhGDKJ8fqhxsPR+clS37n3aWR
	 DPD/Sh24/QSHzBbTUMxVmpFu8EyBU78Bp9V59zlBA/FGW3RnBkg3ZeTG0kEru2yGXR
	 Z1rNlYO4eER+f1LQsNzfImR0lXPJUJxDd9eeNgCA=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com
 [IPv6:2607:f8b0:4864:20::436])
 by sourceware.org (Postfix) with ESMTPS id 45FC4385829D
 for <binutils@sourceware.org>; Fri,  7 Oct 2022 03:10:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 45FC4385829D
Received: by mail-pf1-x436.google.com with SMTP id w191so3795960pfc.5
 for <binutils@sourceware.org>; Thu, 06 Oct 2022 20:10:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date;
 bh=WuU12lNf3wJ1y0usr4c7dD6Uu9QYvoihajaV0U4rWz4=;
 b=ko7Dq2W3NPbwGzEPYfdNcGuo0O9+ETcFMTGN/mlglkT7vkwXV2MheAS7LvZOqnCP8c
 Ix6ZJgxg5kQfY5Y0p+0rJzYXbkOOGaYYS1BnKA137NXVgx6x+S6fJWhUvyyXad/tHvcW
 +D7Laxus5TieGiCzMBE82RxyoPjQ7s4FCdQhlw0OJb7ulU4GKOFxAJ+0ZNsCBaFOG/9x
 MO7LchZNGXnueJfCPBmem9Ry3XtygXXT5KD1lAjJ+23wJ0EfpCrebIcYxJEuzIWh4txw
 Spsn83kmE7oxA6hAjSGvFMMdKTE5lYE6EdfSdcEGgyURvxniqSY16aSD9QPDnXwK5CVZ
 iQWw==
X-Gm-Message-State: ACrzQf1LLN/zeE+wsOYf0fPM7kT/GYR+RMbcq3Xmz0JeQPnhyypF9p8S
 2g9QsKNGnLACwnsTrtU+6lJR4Zt2etI=
X-Received: by 2002:a05:6a00:2409:b0:54e:a3ad:d32d with SMTP id
 z9-20020a056a00240900b0054ea3add32dmr3083916pfh.70.1665112203694;
 Thu, 06 Oct 2022 20:10:03 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 y16-20020a17090264d000b001786b712bf7sm346107pli.151.2022.10.06.20.10.02
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Oct 2022 20:10:02 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 038C21141D60; Fri,  7 Oct 2022 13:40:00 +1030 (ACDT)
Date: Fri, 7 Oct 2022 13:39:59 +1030
To: binutils@sourceware.org
Subject: PR29653, objcopy/strip: fuzzed small input file induces large output
 file
Message-ID: <Yz+Yhyg7UewC9/kp@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3036.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Alan Modra via Binutils <binutils@sourceware.org>
From: Alan Modra <amodra@gmail.com>
Reply-To: Alan Modra <amodra@gmail.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1745996708560228966?=
X-GMAIL-MSGID: =?utf-8?q?1745996708560228966?=

_bfd_check_format functions should not print errors or warnings if
they return NULL.  A NULL return means the particular target under
test does not match, so there isn't any reason to make a complaint
about the target.  In fact there isn't a good reason to warn even if
the target matches, except via the _bfd_per_xvec_warn mechanism; Some
other target might be a better match.

This patch tidies pe_bfd_object_p with the above in mind, and
restricts the PE optional header SectionAlignment and FileAlignment
fields somewhat.  I chose to warn on nonsense values rather than
refusing to match.  Refusing to match would be OK too.

	PR 29653
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Don't emit error about
	invalid NumberOfRvaAndSizes here.  Limit loop copying data
	directory to IMAGE_NUMBEROF_DIRECTORY_ENTRIES.
	* peicode.h (pe_bfd_object_p): Don't clear and test bfd_error
	around bfd_coff_swap_aouthdr_in.  Warn on invalid SectionAlignment,
	FileAlignment and NumberOfRvaAndSizes.  Don't return NULL on
	invalid NumberOfRvaAndSizes.

diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index a7b85713023..e74ed3968a2 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -517,45 +517,26 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
   a->LoaderFlags = H_GET_32 (abfd, src->LoaderFlags);
   a->NumberOfRvaAndSizes = H_GET_32 (abfd, src->NumberOfRvaAndSizes);
 
-  {
-    unsigned idx;
-
-    /* PR 17512: Corrupt PE binaries can cause seg-faults.  */
-    if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
-      {
-	/* xgettext:c-format */
-	_bfd_error_handler
-	  (_("%pB: aout header specifies an invalid number of"
-	     " data-directory entries: %u"), abfd, a->NumberOfRvaAndSizes);
-	bfd_set_error (bfd_error_bad_value);
-
-	/* Paranoia: If the number is corrupt, then assume that the
-	   actual entries themselves might be corrupt as well.  */
-	a->NumberOfRvaAndSizes = 0;
-      }
-
-    for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
-      {
-	/* If data directory is empty, rva also should be 0.  */
-	int size =
-	  H_GET_32 (abfd, src->DataDirectory[idx][1]);
-
-	a->DataDirectory[idx].Size = size;
+  /* PR 17512: Don't blindly trust NumberOfRvaAndSizes.  */
+  unsigned idx;
+  for (idx = 0;
+       idx < a->NumberOfRvaAndSizes && idx < IMAGE_NUMBEROF_DIRECTORY_ENTRIES;
+       idx++)
+    {
+      /* If data directory is empty, rva also should be 0.  */
+      int size = H_GET_32 (abfd, src->DataDirectory[idx][1]);
+      int vma = size ? H_GET_32 (abfd, src->DataDirectory[idx][0]) : 0;
 
-	if (size)
-	  a->DataDirectory[idx].VirtualAddress =
-	    H_GET_32 (abfd, src->DataDirectory[idx][0]);
-	else
-	  a->DataDirectory[idx].VirtualAddress = 0;
-      }
+      a->DataDirectory[idx].Size = size;
+      a->DataDirectory[idx].VirtualAddress = vma;
+    }
 
-    while (idx < IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
-      {
-	a->DataDirectory[idx].Size = 0;
-	a->DataDirectory[idx].VirtualAddress = 0;
-	idx ++;
-      }
-  }
+  while (idx < IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
+    {
+      a->DataDirectory[idx].Size = 0;
+      a->DataDirectory[idx].VirtualAddress = 0;
+      idx++;
+    }
 
   if (aouthdr_int->entry)
     {
diff --git a/bfd/peicode.h b/bfd/peicode.h
index 54a159f0962..3888dd47cc6 100644
--- a/bfd/peicode.h
+++ b/bfd/peicode.h
@@ -1519,19 +1519,41 @@ pe_bfd_object_p (bfd * abfd)
       if (amt > opt_hdr_size)
 	memset (opthdr + opt_hdr_size, 0, amt - opt_hdr_size);
 
-      bfd_set_error (bfd_error_no_error);
-      bfd_coff_swap_aouthdr_in (abfd, opthdr, & internal_a);
-      if (bfd_get_error () != bfd_error_no_error)
-	return NULL;
-    }
+      bfd_coff_swap_aouthdr_in (abfd, opthdr, &internal_a);
+
+      struct internal_extra_pe_aouthdr *a = &internal_a.pe;
+      if ((a->SectionAlignment & -a->SectionAlignment) != a->SectionAlignment
+	  || a->SectionAlignment >= 0x80000000)
+	{
+	  const char **warn = _bfd_per_xvec_warn (abfd->xvec);
+	  *warn = _("%pB: adjusting invalid SectionAlignment");
+	  a->SectionAlignment &= -a->SectionAlignment;
+	  if (a->SectionAlignment >= 0x80000000)
+	    a->SectionAlignment = 0x40000000;
+	}
+
+      if ((a->FileAlignment & -a->FileAlignment) != a->FileAlignment
+	  || a->FileAlignment > a->SectionAlignment)
+	{
+	  const char **warn = _bfd_per_xvec_warn (abfd->xvec);
+	  *warn = _("%pB: adjusting invalid FileAlignment");
+	  a->FileAlignment &= -a->FileAlignment;
+	  if (a->FileAlignment > a->SectionAlignment)
+	    a->FileAlignment = a->SectionAlignment;
+	}
 
+      if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
+	{
+	  const char **warn = _bfd_per_xvec_warn (abfd->xvec);
+	  *warn = _("%pB: invalid NumberOfRvaAndSizes");
+	}
+    }
 
   result = coff_real_object_p (abfd, internal_f.f_nscns, &internal_f,
 			       (opt_hdr_size != 0
 				? &internal_a
 				: (struct internal_aouthdr *) NULL));
 
-
   if (result)
     {
       /* Now the whole header has been processed, see if there is a build-id */