From patchwork Wed Feb 15 06:06:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 57373 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp23505wrn; Tue, 14 Feb 2023 22:07:12 -0800 (PST) X-Google-Smtp-Source: AK7set/QTEt8EgEDMNa0WOtKTHCyGrvCUZrKzTBeXS2qhwisYWN0pOvAxz/i8mBUcg5nZlxD0p17 X-Received: by 2002:aa7:c44e:0:b0:4ac:dac1:3f95 with SMTP id n14-20020aa7c44e000000b004acdac13f95mr850018edr.1.1676441232889; Tue, 14 Feb 2023 22:07:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676441232; cv=none; d=google.com; s=arc-20160816; b=Rsk6DzSEyEG3cbRMFo2+udhG4bEt6w3vpH2RohS8/i8CxTift7D/zqPfsF3Gn+vnzG /ABm5qkPI84glrphYTO2J7QbjKeNUCTsuaFVBBlYTTjjNERm5DERwnfJ4I0pNVnV0Meu lczBBI9MfKoWJ7D0eqwmXx51JzO5adntm5roPh2zHRVaSN3idYsJREgHDnO4LuK85Gab h2ocOeAzWCUuj3WyIOkBJPKw0NMObXNvVohMlDXc0ni0e7iyBAPUn6N0ZiyQaWmrb/fO V0jsdZi9KaUjCOfkhQTg9CtLoHlkhPELLKZUDrM3PTjj+OI2UoynZtmojN50tYbyGIQ2 N84w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=UZWbqRr7g4vtoAQjBOrLCmsOSqLIyoKS8DYCf1NtmVc=; b=jpDwuiyrmQAgUYfNt3jhQrRWj+IBHt+l716J0U3T7iSGqXV3GnYgWOMKkh7ewj78Z3 Va2Z/+Appx/QDlgH/zKSiXhd8F0GciUdSI08eNrToyQC/lSpTVroLw08JZZ+sZ8VBjYT yvGYuNEfve9CRdFraErjaE/cwkRGgEqG5V9L9u1pMGyD/L2jjKleV55AKZmgq9vE0q8h 1/kpH7K6LHH9VAc06udoW3GPjmAA6CY7QXvKJZ85OcopVTA9PAsYeTvVl49Srn1i7ZWv kbLDPhu30Ox4hu84dyXFskdZhobyij/yOOxvp2VGiWeMM7DEI9XskY1ZIY5zKQf4Kuzp Gy6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=FN+3e9QO; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ca21-20020aa7cd75000000b004ad033944a6si1105635edb.606.2023.02.14.22.07.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Feb 2023 22:07:12 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=FN+3e9QO; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 018973858C62 for ; Wed, 15 Feb 2023 06:07:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 018973858C62 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1676441231; bh=UZWbqRr7g4vtoAQjBOrLCmsOSqLIyoKS8DYCf1NtmVc=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=FN+3e9QOlDOuzcE+hvFZAhwEOh6j5D36P6CLZUY2BU9G+d7ydzBQjEF3pynABTfEG phSKmcShKdcrSWeOPdGPhbEnDqIedvgYOCgJBfMvwuJl2Ic9ia1wODvu3YChHPFM2d uW2v5P9OXRJtU4enwb1MgA8T0yvf0q408dx54dy8= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by sourceware.org (Postfix) with ESMTPS id 44D693858D1E for ; Wed, 15 Feb 2023 06:07:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 44D693858D1E Received: by mail-pj1-x102b.google.com with SMTP id fu4-20020a17090ad18400b002341fadc370so1079927pjb.1 for ; Tue, 14 Feb 2023 22:07:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UZWbqRr7g4vtoAQjBOrLCmsOSqLIyoKS8DYCf1NtmVc=; b=J+X02YWRcs1x/2ZJRs6MwnLBZVL8u0yhZNiEPHOGgIlx4hyQ7mg5cNzM8zmlZVyr+F O8BILB+LLXZCumzw4GvLV+eXRyPnxUorxNo+AeXoFweJ0mXfMkyxV5oDf9U4d/SxL9P9 UDYFexY37TfX/CSNsnrmiWeRUIRjDEzfPzqk+HNJoGNu/4wqMZHrkafNrtNEk8r4pChI 54rMwVbTMy/pzPoRipP9rvBEQAbm8tK0znJrUOqOeJo4edAajndGXVMOc+FYSf4psdmp l+lcNDYEl0RbqcfN/3cLDwUTBvckFdQO6dGJkHKfh7yuc0Fom1kz6BbjD3wErOnFXPRr d0ug== X-Gm-Message-State: AO0yUKVLhWR9hY78KusD+4WKq6+omPHY8EAFJbAjwwuyQkUoLysNmHbv poA2/vug9omjvYY0FaIn5gfWN19UcOo= X-Received: by 2002:a05:6a20:430d:b0:bf:e6c:758b with SMTP id h13-20020a056a20430d00b000bf0e6c758bmr1017271pzk.4.1676441219294; Tue, 14 Feb 2023 22:06:59 -0800 (PST) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id j14-20020aa7928e000000b0058d8db0e4adsm11137939pfa.171.2023.02.14.22.06.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Feb 2023 22:06:58 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 6F65A1140603; Wed, 15 Feb 2023 16:36:56 +1030 (ACDT) Date: Wed, 15 Feb 2023 16:36:56 +1030 To: binutils@sourceware.org Subject: More ecoff sanity checks Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3035.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757876041971085485?= X-GMAIL-MSGID: =?utf-8?q?1757876041971085485?= Change FIX so that unused pointers that escape the UPDATE_RAW_END sanity checks won't result in overflows. Also sanity check the local sym fdr isymBase and csym values. * ecoff.c (_bfd_ecoff_slurp_symbolic_info): Define FIX to set pointers into swapped internal data to NULL if count is zero. Sanity check local sym fdr_ptr->isymBase and fdr_ptr->csym. diff --git a/bfd/ecoff.c b/bfd/ecoff.c index 7498766dd3f..1bea7005fee 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -579,25 +579,24 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, ecoff_data (abfd)->raw_syments = raw; /* Get pointers for the numeric offsets in the HDRR structure. */ -#define FIX(off1, off2, type) \ - if (internal_symhdr->off1 == 0) \ - debug->off2 = NULL; \ - else \ - debug->off2 = (type) ((char *) raw \ - + (internal_symhdr->off1 \ - - raw_base)) - - FIX (cbLineOffset, line, unsigned char *); - FIX (cbDnOffset, external_dnr, void *); - FIX (cbPdOffset, external_pdr, void *); - FIX (cbSymOffset, external_sym, void *); - FIX (cbOptOffset, external_opt, void *); - FIX (cbAuxOffset, external_aux, union aux_ext *); - FIX (cbSsOffset, ss, char *); - FIX (cbSsExtOffset, ssext, char *); - FIX (cbFdOffset, external_fdr, void *); - FIX (cbRfdOffset, external_rfd, void *); - FIX (cbExtOffset, external_ext, void *); +#define FIX(start, count, ptr, type) \ + if (internal_symhdr->start == 0 || internal_symhdr->count == 0) \ + debug->ptr = NULL; \ + else \ + debug->ptr = (type) ((char *) raw \ + + (internal_symhdr->start - raw_base)) + + FIX (cbLineOffset, cbLine, line, unsigned char *); + FIX (cbDnOffset, idnMax, external_dnr, void *); + FIX (cbPdOffset, ipdMax, external_pdr, void *); + FIX (cbSymOffset, isymMax, external_sym, void *); + FIX (cbOptOffset, ioptMax, external_opt, void *); + FIX (cbAuxOffset, iauxMax, external_aux, union aux_ext *); + FIX (cbSsOffset, issMax, ss, char *); + FIX (cbSsExtOffset, issExtMax, ssext, char *); + FIX (cbFdOffset, ifdMax, external_fdr, void *); + FIX (cbRfdOffset, crfd, external_rfd, void *); + FIX (cbExtOffset, iextMax, external_ext, void *); #undef FIX /* I don't want to always swap all the data, because it will just @@ -932,7 +931,13 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) { char *lraw_src; char *lraw_end; + HDRR *symhdr = &ecoff_data (abfd)->debug_info.symbolic_header; + if (fdr_ptr->isymBase < 0 + || fdr_ptr->isymBase > symhdr->isymMax + || fdr_ptr->csym <= 0 + || fdr_ptr->csym > symhdr->isymMax - fdr_ptr->isymBase) + continue; lraw_src = ((char *) ecoff_data (abfd)->debug_info.external_sym + fdr_ptr->isymBase * external_sym_size); lraw_end = lraw_src + fdr_ptr->csym * external_sym_size; @@ -944,7 +949,6 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) (*swap_sym_in) (abfd, (void *) lraw_src, &internal_sym); - HDRR *symhdr = &ecoff_data (abfd)->debug_info.symbolic_header; if (internal_sym.iss >= symhdr->issMax || internal_sym.iss < 0) {