_bfd_error_handler (_("%pB symbol number %lu references"
" nonexistent SHT_SYMTAB_SHNDX section"),
ibfd, (unsigned long) symoffset);
- if (alloc_intsym != NULL)
- free (alloc_intsym);
+ free (alloc_intsym);
intsym_buf = NULL;
goto out;
}
out:
- if (alloc_ext != NULL)
- free (alloc_ext);
- if (alloc_extshndx != NULL)
- free (alloc_extshndx);
+ free (alloc_ext);
+ free (alloc_extshndx);
return intsym_buf;
}
return TRUE;
error_return:
- if (dynbuf != NULL)
- free (dynbuf);
+ free (dynbuf);
return FALSE;
}
if (sections_being_created == NULL)
{
size_t amt = elf_numsections (abfd) * sizeof (bfd_boolean);
- sections_being_created = (bfd_boolean *) bfd_zalloc (abfd, amt);
+
+ /* PR 26005: Do not use bfd_zalloc here as the memory might
+ be released before the bfd has been fully scanned. */
+ sections_being_created = (bfd_boolean *) bfd_malloc (amt);
if (sections_being_created == NULL)
return FALSE;
+ memset (sections_being_created, FALSE, amt);
sections_being_created_abfd = abfd;
}
if (sections_being_created [shindex])
sections_being_created [shindex] = FALSE;
if (-- nesting == 0)
{
+ free (sections_being_created);
sections_being_created = NULL;
- sections_being_created_abfd = abfd;
+ sections_being_created_abfd = NULL;
}
return ret;
}
newsect->alignment_power = bfd_log2 (align);
if (hdr->p_type == PT_LOAD)
{
- /* Hack for gdb. Segments that have not been modified do
- not have their contents written to a core file, on the
- assumption that a debugger can find the contents in the
- executable. We flag this case by setting the fake
- section size to zero. Note that "real" bss sections will
- always have their contents dumped to the core file. */
- if (bfd_get_format (abfd) == bfd_core)
- newsect->size = 0;
newsect->flags |= SEC_ALLOC;
if (hdr->p_flags & PF_X)
newsect->flags |= SEC_CODE;
/* Assign all ELF section numbers. The dummy first section is handled here
too. The link/info pointers for the standard section types are filled
- in here too, while we're at it. */
+ in here too, while we're at it. LINK_INFO will be 0 when arriving
+ here for objcopy, and when using the generic ELF linker. */
static bfd_boolean
assign_section_numbers (bfd *abfd, struct bfd_link_info *link_info)
s = elf_linked_to_section (sec);
if (s)
{
- /* elf_linked_to_section points to the input section. */
- if (link_info != NULL)
- {
- /* Check discarded linkonce section. */
- if (discarded_section (s))
- {
- asection *kept;
- _bfd_error_handler
- /* xgettext:c-format */
- (_("%pB: sh_link of section `%pA' points to"
- " discarded section `%pA' of `%pB'"),
- abfd, d->this_hdr.bfd_section,
- s, s->owner);
- /* Point to the kept section if it has the same
- size as the discarded one. */
- kept = _bfd_elf_check_kept_section (s, link_info);
- if (kept == NULL)
- {
- bfd_set_error (bfd_error_bad_value);
- return FALSE;
- }
- s = kept;
- }
-
- s = s->output_section;
- BFD_ASSERT (s != NULL);
- }
- else
+ /* Check discarded linkonce section. */
+ if (discarded_section (s))
{
- /* Handle objcopy. */
- if (s->output_section == NULL)
+ asection *kept;
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB: sh_link of section `%pA' points to"
+ " discarded section `%pA' of `%pB'"),
+ abfd, d->this_hdr.bfd_section, s, s->owner);
+ /* Point to the kept section if it has the same
+ size as the discarded one. */
+ kept = _bfd_elf_check_kept_section (s, link_info);
+ if (kept == NULL)
{
- _bfd_error_handler
- /* xgettext:c-format */
- (_("%pB: sh_link of section `%pA' points to"
- " removed section `%pA' of `%pB'"),
- abfd, d->this_hdr.bfd_section, s, s->owner);
bfd_set_error (bfd_error_bad_value);
return FALSE;
}
- s = s->output_section;
+ s = kept;
}
+ /* Handle objcopy. */
+ else if (s->output_section == NULL)
+ {
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB: sh_link of section `%pA' points to"
+ " removed section `%pA' of `%pB'"),
+ abfd, d->this_hdr.bfd_section, s, s->owner);
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+ s = s->output_section;
d->this_hdr.sh_link = elf_section_data (s)->this_idx;
}
else
return TRUE;
error_return:
- if (sections != NULL)
- free (sections);
+ free (sections);
return FALSE;
}
}
long
-_bfd_elf_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED,
- sec_ptr asect)
+_bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect)
{
+ if (asect->reloc_count != 0)
+ {
+ /* Sanity check reloc section size. */
+ struct bfd_elf_section_data *d = elf_section_data (asect);
+ Elf_Internal_Shdr *rel_hdr = &d->this_hdr;
+ bfd_size_type ext_rel_size = rel_hdr->sh_size;
+ ufile_ptr filesize = bfd_get_file_size (abfd);
+
+ if (filesize != 0 && ext_rel_size > filesize)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return -1;
+ }
+ }
+
#if SIZEOF_LONG == SIZEOF_INT
if (asect->reloc_count >= LONG_MAX / sizeof (arelent *))
{
long
_bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd)
{
- bfd_size_type count;
+ bfd_size_type count, ext_rel_size;
asection *s;
if (elf_dynsymtab (abfd) == 0)
}
count = 1;
+ ext_rel_size = 0;
for (s = abfd->sections; s != NULL; s = s->next)
if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd)
&& (elf_section_data (s)->this_hdr.sh_type == SHT_REL
|| elf_section_data (s)->this_hdr.sh_type == SHT_RELA))
{
+ ext_rel_size += s->size;
+ if (ext_rel_size < s->size)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return -1;
+ }
count += s->size / elf_section_data (s)->this_hdr.sh_entsize;
if (count > LONG_MAX / sizeof (arelent *))
{
return -1;
}
}
+ if (count > 1)
+ {
+ /* Sanity check reloc section sizes. */
+ ufile_ptr filesize = bfd_get_file_size (abfd);
+ if (filesize != 0 && ext_rel_size > filesize)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return -1;
+ }
+ }
return count * sizeof (arelent *);
}
return TRUE;
error_return:
- if (contents != NULL)
- free (contents);
+ free (contents);
return FALSE;
}
\f
_bfd_elf_close_and_cleanup (bfd *abfd)
{
struct elf_obj_tdata *tdata = elf_tdata (abfd);
- if (bfd_get_format (abfd) == bfd_object && tdata != NULL)
+ if (tdata != NULL
+ && (bfd_get_format (abfd) == bfd_object
+ || bfd_get_format (abfd) == bfd_core))
{
if (elf_tdata (abfd)->o != NULL && elf_shstrtab (abfd) != NULL)
_bfd_elf_strtab_free (elf_shstrtab (abfd));
out details about the corefile. */
#ifdef HAVE_SYS_PROCFS_H
-/* Needed for new procfs interface on sparc-solaris. */
-# define _STRUCTURED_PROC 1
# include <sys/procfs.h>
#endif