print_attributes wasn't robust against empty or broken attribute sections.
It also only handled GNU attributes. But the arm backend contains some
none-GNU attributes. The difference is in how to handle the tag arguments.
Adds a new test run-readelf-A.sh for both gnu (ppc32) and non-gnu (arm)
attributes.
Signed-off-by: Mark Wielaard <m...@redhat.com>
---
src/ChangeLog | 7 +++++
src/readelf.c | 44 +++++++++++++++++++++++-----
tests/ChangeLog | 7 +++++
tests/Makefile.am | 5 ++--
tests/run-readelf-A.sh | 65 +++++++++++++++++++++++++++++++++++++++++
tests/testfileppc32attrs.o.bz2 | Bin 0 -> 228 bytes
6 files changed, 118 insertions(+), 10 deletions(-)
create mode 100755 tests/run-readelf-A.sh
create mode 100644 tests/testfileppc32attrs.o.bz2
diff --git a/src/ChangeLog b/src/ChangeLog
index bab948a..2947f39 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,10 @@
+2014-11-21 Mark Wielaard <m...@redhat.com>
+
+ * readelf.c (print_attributes): Guard against empty section.
+ Document attribute format. Break when vendor name isn't terminated.
+ Add overflow check for subsection_len. Handle both gnu and non-gnu
+ attribute tags.
+
2014-11-18 Mark Wielaard <m...@redhat.com>
* readelf.c (print_cfa_program): Fix sanity check of DW_FORM_block
diff --git a/src/readelf.c b/src/readelf.c
index 08de798..65bf61d 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3314,11 +3314,12 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
shdr->sh_size, shdr->sh_offset);
Elf_Data *data = elf_rawdata (scn, NULL);
- if (data == NULL)
+ if (data == NULL || data->d_size == 0)
return;
const unsigned char *p = data->d_buf;
+ /* There is only one 'version', A. */
if (unlikely (*p++ != 'A'))
return;
@@ -3329,8 +3330,10 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
return (const unsigned char *) data->d_buf + data->d_size - p;
}
+ /* Loop over the sections. */
while (left () >= 4)
{
+ /* Section length. */
uint32_t len;
memcpy (&len, p, sizeof len);
@@ -3340,19 +3343,23 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
if (unlikely (len > left ()))
break;
+ /* Section vendor name. */
const unsigned char *name = p + sizeof len;
p += len;
unsigned const char *q = memchr (name, '\0', len);
if (unlikely (q == NULL))
- continue;
+ break;
++q;
printf (gettext (" %-13s %4" PRIu32 "\n"), name, len);
+ bool gnu_vendor = (q - name == sizeof "gnu"
+ && !memcmp (name, "gnu", sizeof "gnu"));
+
+ /* Loop over subsections. */
if (shdr->sh_type != SHT_GNU_ATTRIBUTES
- || (q - name == sizeof "gnu"
- && !memcmp (name, "gnu", sizeof "gnu")))
+ || gnu_vendor)
while (q < p)
{
const unsigned char *const sub = q;
@@ -3371,7 +3378,10 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
CONVERT (subsection_len);
- if (unlikely (p - sub < (ptrdiff_t) subsection_len))
+ /* Don't overflow, ptrdiff_t might be 32bits, but signed. */
+ if (unlikely (subsection_len == 0
+ || subsection_len >= (uint32_t) PTRDIFF_MAX
+ || p - sub < (ptrdiff_t) subsection_len))
break;
const unsigned char *r = q + sizeof subsection_len;
@@ -3380,6 +3390,7 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
switch (subsection_tag)
{
default:
+ /* Unknown subsection, print and skip. */
printf (gettext (" %-4u %12" PRIu32 "\n"),
subsection_tag, subsection_len);
break;
@@ -3395,16 +3406,30 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
if (unlikely (r >= q))
break;
+ /* GNU style tags have either a uleb128 value,
+ when lowest bit is not set, or a string
+ when the lowest bit is set.
+ "compatibility" (32) is special. It has
+ both a string and a uleb128 value. For
+ non-gnu we assume 6 till 31 only take ints.
+ XXX see arm backend, do we need a separate
+ hook? */
uint64_t value = 0;
const char *string = NULL;
- if (tag == 32 || (tag & 1) == 0)
+ if (tag == 32 || (tag & 1) == 0
+ || (! gnu_vendor && (tag > 5 && tag < 32)))
{
get_uleb128 (value, r);
if (r > q)
break;
}
- if (tag == 32 || (tag & 1) != 0)
+ if (tag == 32
+ || ((tag & 1) != 0
+ && (gnu_vendor
+ || (! gnu_vendor && tag > 32)))
+ || (! gnu_vendor && tag > 3 && tag < 6))
{
+ string = (const char *) r;
r = memchr (r, '\0', q - r);
if (r == NULL)
break;
@@ -3431,7 +3456,10 @@ print_attributes (Ebl *ebl, const GElf_Ehdr *ehdr)
}
else
{
- assert (tag != 32);
+ /* For "gnu" vendor 32 "compatibility" has
+ already been handled above. */
+ assert (tag != 32
+ || strcmp ((const char *) name, "gnu"));
if (string == NULL)
printf (gettext (" %u: %" PRId64 "\n"),
tag, value);
diff --git a/tests/ChangeLog b/tests/ChangeLog
index 798bb7a..909a61e 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,10 @@
+2014-11-21 Mark Wielaard <m...@redhat.com>
+
+ * run-readelf-A.sh: New test.
+ * testfileppc32attrs.o.bz2: New test file.
+ * Makefile.am (TESTS): Add run-readelf-A.sh.
+ (EXTRA_DIST): Add run-readelf-A.sh and testfileppc32attrs.o.bz2.
+
2014-11-10 Mark Wielaard <m...@redhat.com>
* vdsosyms.c: New test.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index dcaf4f6..5b38113 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -110,7 +110,7 @@ TESTS = run-arextract.sh run-arsymtest.sh newfile
test-nlist \
run-backtrace-core-aarch64.sh \
run-backtrace-demangle.sh run-stack-d-test.sh run-stack-i-test.sh \
run-readelf-dwz-multi.sh run-allfcts-multi.sh run-deleted.sh \
- run-linkmap-cut.sh run-aggregate-size.sh vdsosyms
+ run-linkmap-cut.sh run-aggregate-size.sh vdsosyms run-readelf-A.sh
if !BIARCH
export ELFUTILS_DISABLE_BIARCH = 1
@@ -276,7 +276,8 @@ EXTRA_DIST = run-arextract.sh run-arsymtest.sh \
run-deleted.sh run-linkmap-cut.sh linkmap-cut-lib.so.bz2 \
linkmap-cut.bz2 linkmap-cut.core.bz2 \
run-aggregate-size.sh testfile-sizes1.o.bz2 testfile-sizes2.o.bz2 \
- testfile-sizes3.o.bz2
+ testfile-sizes3.o.bz2 \
+ run-readelf-A.sh testfileppc32attrs.o.bz2
if USE_VALGRIND
valgrind_cmd='valgrind -q --error-exitcode=1 --run-libc-freeres=no'
diff --git a/tests/run-readelf-A.sh b/tests/run-readelf-A.sh
new file mode 100755
index 0000000..6ca9be8
--- /dev/null
+++ b/tests/run-readelf-A.sh
@@ -0,0 +1,65 @@
+#! /bin/sh
+# Copyright (C) 2014 Red Hat, Inc.
+# This file is part of elfutils.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# elfutils is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. $srcdir/test-subr.sh
+
+# See run-addrcfi.sh for testfilearm.
+
+# = testfileppc32attrs.s =
+# .gnu_attribute 8,1
+# .gnu_attribute 12,1
+#
+# gcc -m32 -c testfileppc32attrs.s
+
+testfiles testfilearm testfileppc32attrs.o
+
+testrun_compare ${abs_top_builddir}/src/readelf -A testfilearm <<\EOF
+
+Object attributes section [27] '.ARM.attributes' of 53 bytes at offset 0x718:
+ Owner Size
+ aeabi 52
+ File: 42
+ CPU_name: 7-A
+ CPU_arch: v7
+ CPU_arch_profile: Application
+ ARM_ISA_use: Yes
+ THUMB_ISA_use: Thumb-2
+ VFP_arch: VFPv3-D16
+ ABI_PCS_wchar_t: 4
+ ABI_FP_rounding: Needed
+ ABI_FP_denormal: Needed
+ ABI_FP_exceptions: Needed
+ ABI_FP_number_model: IEEE 754
+ ABI_align8_needed: Yes
+ ABI_align8_preserved: Yes, except leaf SP
+ ABI_enum_size: int
+ ABI_HardFP_use: SP and DP
+ ABI_VFP_args: VFP registers
+ CPU_unaligned_access: v6
+EOF
+
+testrun_compare ${abs_top_builddir}/src/readelf -A testfileppc32attrs.o <<\EOF
+
+Object attributes section [ 4] '.gnu.attributes' of 18 bytes at offset 0x34:
+ Owner Size
+ gnu 17
+ File: 9
+ GNU_Power_ABI_Vector: Generic
+ GNU_Power_ABI_Struct_Return: r3/r4
+EOF
+
+exit 0
diff --git a/tests/testfileppc32attrs.o.bz2 b/tests/testfileppc32attrs.o.bz2
new file mode 100644
index
0000000000000000000000000000000000000000..c8d80a997abfed579a041fb9c1d366e33897116f
GIT binary patch
literal 228
zcmV<A02}{8T4*^jL0KkKS*Ydo9RL8T|HS|7bPOQX1Oy`lKma!5o?wIk1ONg6umHAT
z(^Eu8q#6wxXwYaf85(*)s1sAv7-R{i0GI(80!1c}0iXtkng9bp^Yr8jNHR_7XypbC
z8ALv?2;yus7RZnQW9d07C?thh;{}$9q$&FY6GLFy2G9je5i<otNVLusX5>ocFJU$*
z;-tF;MK~|Si!H(k+Z6-~b^*r`4>c7HV>K}mRWdCQTI+PcS!C#KEgcy}@VHwVT@-we
e!wj-sXLIq0zX!<OGj70P{9VZu;X*>Am(X;z%vNIn
literal 0
HcmV?d00001
--
1.8.3.1
