diff --git a/binutils-2.23.51.0.3-corrupt-binaries.patch b/binutils-2.23.51.0.3-corrupt-binaries.patch new file mode 100644 index 0000000..41fa6f1 --- /dev/null +++ b/binutils-2.23.51.0.3-corrupt-binaries.patch @@ -0,0 +1,684 @@ +From 85f3f1b38f36bef212e12e68e1d6f0fc539a47f7 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 11 Nov 2014 14:49:34 +0100 +Subject: [PATCH] Deal with corrupt binaries + +Ported binutils-2.24-corrupt-binaries.patch as of f396ddc9f from the binutils +package, sans the PR 17512 which is not yet relevant. +--- + bfd/elf.c | 237 ++++++++++++++++++++++++++++++++++++++++----------------- + bfd/ihex.c | 2 +- + bfd/peXXigen.c | 43 +++++++++-- + bfd/srec.c | 19 ++++- + 4 files changed, 222 insertions(+), 79 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 237f7b8..5cdc0c9 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -599,9 +599,10 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) + if (shdr->contents == NULL) + { + _bfd_error_handler +- (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); ++ (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); + bfd_set_error (bfd_error_bad_value); +- return FALSE; ++ -- num_group; ++ continue; + } + + memset (shdr->contents, 0, amt); +@@ -609,8 +610,17 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) + if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 + || (bfd_bread (shdr->contents, shdr->sh_size, abfd) + != shdr->sh_size)) +- return FALSE; +- ++ { ++ _bfd_error_handler ++ (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size); ++ bfd_set_error (bfd_error_bad_value); ++ -- num_group; ++ /* PR 17510: If the group contents are even partially ++ corrupt, do not allow any of the contents to be used. */ ++ memset (shdr->contents, 0, amt); ++ continue; ++ } ++ + /* Translate raw contents, a flag word followed by an + array of elf section indices all in target byte order, + to the flag word followed by an array of elf section +@@ -642,6 +652,21 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) + } + } + } ++ ++ /* PR 17510: Corrupt binaries might contain invalid groups. */ ++ if (num_group != (unsigned) elf_tdata (abfd)->num_group) ++ { ++ elf_tdata (abfd)->num_group = num_group; ++ ++ /* If all groups are invalid then fail. */ ++ if (num_group == 0) ++ { ++ elf_tdata (abfd)->group_sect_ptr = NULL; ++ elf_tdata (abfd)->num_group = num_group = -1; ++ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd); ++ bfd_set_error (bfd_error_bad_value); ++ } ++ } + } + } + +@@ -707,6 +732,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) + { + (*_bfd_error_handler) (_("%B: no group info for section %A"), + abfd, newsect); ++ return FALSE; + } + return TRUE; + } +@@ -1567,38 +1593,74 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + Elf_Internal_Ehdr *ehdr; + const struct elf_backend_data *bed; + const char *name; ++ bfd_boolean ret = TRUE; ++ static bfd_boolean * sections_being_created = NULL; ++ static bfd * sections_being_created_abfd = NULL; ++ static unsigned int nesting = 0; + + if (shindex >= elf_numsections (abfd)) + return FALSE; + ++ if (++ nesting > 3) ++ { ++ /* PR17512: A corrupt ELF binary might contain a recursive group of ++ sections, each the string indicies pointing to the next in the ++ loop. Detect this here, by refusing to load a section that we are ++ already in the process of loading. We only trigger this test if ++ we have nested at least three sections deep as normal ELF binaries ++ can expect to recurse at least once. ++ ++ FIXME: It would be better if this array was attached to the bfd, ++ rather than being held in a static pointer. */ ++ ++ if (sections_being_created_abfd != abfd) ++ sections_being_created = NULL; ++ if (sections_being_created == NULL) ++ { ++ /* FIXME: It would be more efficient to attach this array to the bfd somehow. */ ++ sections_being_created = (bfd_boolean *) ++ bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean)); ++ sections_being_created_abfd = abfd; ++ } ++ if (sections_being_created [shindex]) ++ { ++ (*_bfd_error_handler) ++ (_("%B: warning: loop in section dependencies detected"), abfd); ++ return FALSE; ++ } ++ sections_being_created [shindex] = TRUE; ++ } ++ + hdr = elf_elfsections (abfd)[shindex]; + ehdr = elf_elfheader (abfd); + name = bfd_elf_string_from_elf_section (abfd, ehdr->e_shstrndx, + hdr->sh_name); + if (name == NULL) +- return FALSE; ++ goto fail; + + bed = get_elf_backend_data (abfd); + switch (hdr->sh_type) + { + case SHT_NULL: + /* Inactive section. Throw it away. */ +- return TRUE; ++ goto success; + +- case SHT_PROGBITS: /* Normal section with contents. */ +- case SHT_NOBITS: /* .bss section. */ +- case SHT_HASH: /* .hash section. */ +- case SHT_NOTE: /* .note section. */ ++ case SHT_PROGBITS: /* Normal section with contents. */ ++ case SHT_NOBITS: /* .bss section. */ ++ case SHT_HASH: /* .hash section. */ ++ case SHT_NOTE: /* .note section. */ + case SHT_INIT_ARRAY: /* .init_array section. */ + case SHT_FINI_ARRAY: /* .fini_array section. */ + case SHT_PREINIT_ARRAY: /* .preinit_array section. */ + case SHT_GNU_LIBLIST: /* .gnu.liblist section. */ + case SHT_GNU_HASH: /* .gnu.hash section. */ +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + + case SHT_DYNAMIC: /* Dynamic linking information. */ + if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex)) +- return FALSE; ++ goto fail; ++ + if (hdr->sh_link > elf_numsections (abfd)) + { + /* PR 10478: Accept Solaris binaries with a sh_link +@@ -1612,11 +1674,11 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + break; + /* Otherwise fall through. */ + default: +- return FALSE; ++ goto fail; + } + } + else if (elf_elfsections (abfd)[hdr->sh_link] == NULL) +- return FALSE; ++ goto fail; + else if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB) + { + Elf_Internal_Shdr *dynsymhdr; +@@ -1645,24 +1707,26 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + } + } + } +- break; ++ goto success; + +- case SHT_SYMTAB: /* A symbol table */ ++ case SHT_SYMTAB: /* A symbol table. */ + if (elf_onesymtab (abfd) == shindex) +- return TRUE; ++ goto success; + + if (hdr->sh_entsize != bed->s->sizeof_sym) +- return FALSE; ++ goto fail; ++ + if (hdr->sh_info * hdr->sh_entsize > hdr->sh_size) + { + if (hdr->sh_size != 0) +- return FALSE; ++ goto fail; + /* Some assemblers erroneously set sh_info to one with a + zero sh_size. ld sees this as a global symbol count + of (unsigned) -1. Fix it here. */ + hdr->sh_info = 0; +- return TRUE; ++ goto success; + } ++ + BFD_ASSERT (elf_onesymtab (abfd) == 0); + elf_onesymtab (abfd) = shindex; + elf_tdata (abfd)->symtab_hdr = *hdr; +@@ -1679,7 +1743,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + && (abfd->flags & DYNAMIC) != 0 + && ! _bfd_elf_make_section_from_shdr (abfd, hdr, name, + shindex)) +- return FALSE; ++ goto fail; + + /* Go looking for SHT_SYMTAB_SHNDX too, since if there is one we + can't read symbols without that section loaded as well. It +@@ -1705,26 +1769,29 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + break; + } + if (i != shindex) +- return bfd_section_from_shdr (abfd, i); ++ ret = bfd_section_from_shdr (abfd, i); + } +- return TRUE; ++ goto success; + +- case SHT_DYNSYM: /* A dynamic symbol table */ ++ case SHT_DYNSYM: /* A dynamic symbol table. */ + if (elf_dynsymtab (abfd) == shindex) +- return TRUE; ++ goto success; + + if (hdr->sh_entsize != bed->s->sizeof_sym) +- return FALSE; ++ goto fail; ++ + if (hdr->sh_info * hdr->sh_entsize > hdr->sh_size) + { + if (hdr->sh_size != 0) +- return FALSE; ++ goto fail; ++ + /* Some linkers erroneously set sh_info to one with a + zero sh_size. ld sees this as a global symbol count + of (unsigned) -1. Fix it here. */ + hdr->sh_info = 0; +- return TRUE; ++ goto success; + } ++ + BFD_ASSERT (elf_dynsymtab (abfd) == 0); + elf_dynsymtab (abfd) = shindex; + elf_tdata (abfd)->dynsymtab_hdr = *hdr; +@@ -1733,34 +1800,38 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + + /* Besides being a symbol table, we also treat this as a regular + section, so that objcopy can handle it. */ +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + +- case SHT_SYMTAB_SHNDX: /* Symbol section indices when >64k sections */ ++ case SHT_SYMTAB_SHNDX: /* Symbol section indices when >64k sections. */ + if (elf_symtab_shndx (abfd) == shindex) +- return TRUE; ++ goto success; + + BFD_ASSERT (elf_symtab_shndx (abfd) == 0); + elf_symtab_shndx (abfd) = shindex; + elf_tdata (abfd)->symtab_shndx_hdr = *hdr; + elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->symtab_shndx_hdr; +- return TRUE; ++ goto success; + +- case SHT_STRTAB: /* A string table */ ++ case SHT_STRTAB: /* A string table. */ + if (hdr->bfd_section != NULL) +- return TRUE; ++ goto success; ++ + if (ehdr->e_shstrndx == shindex) + { + elf_tdata (abfd)->shstrtab_hdr = *hdr; + elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->shstrtab_hdr; +- return TRUE; ++ goto success; + } ++ + if (elf_elfsections (abfd)[elf_onesymtab (abfd)]->sh_link == shindex) + { + symtab_strtab: + elf_tdata (abfd)->strtab_hdr = *hdr; + elf_elfsections (abfd)[shindex] = &elf_tdata (abfd)->strtab_hdr; +- return TRUE; ++ goto success; + } ++ + if (elf_elfsections (abfd)[elf_dynsymtab (abfd)]->sh_link == shindex) + { + dynsymtab_strtab: +@@ -1769,8 +1840,9 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + elf_elfsections (abfd)[shindex] = hdr; + /* We also treat this as a regular section, so that objcopy + can handle it. */ +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, +- shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, ++ shindex); ++ goto success; + } + + /* If the string table isn't one of the above, then treat it as a +@@ -1788,9 +1860,9 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + { + /* Prevent endless recursion on broken objects. */ + if (i == shindex) +- return FALSE; ++ goto fail; + if (! bfd_section_from_shdr (abfd, i)) +- return FALSE; ++ goto fail; + if (elf_onesymtab (abfd) == i) + goto symtab_strtab; + if (elf_dynsymtab (abfd) == i) +@@ -1798,7 +1870,8 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + } + } + } +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + + case SHT_REL: + case SHT_RELA: +@@ -1813,7 +1886,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + if (hdr->sh_entsize + != (bfd_size_type) (hdr->sh_type == SHT_REL + ? bed->s->sizeof_rel : bed->s->sizeof_rela)) +- return FALSE; ++ goto fail; + + /* Check for a bogus link to avoid crashing. */ + if (hdr->sh_link >= num_sec) +@@ -1821,8 +1894,9 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + ((*_bfd_error_handler) + (_("%B: invalid link %lu for reloc section %s (index %u)"), + abfd, hdr->sh_link, name, shindex)); +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, +- shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, ++ shindex); ++ goto success; + } + + /* For some incomprehensible reason Oracle distributes +@@ -1863,7 +1937,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + if ((elf_elfsections (abfd)[hdr->sh_link]->sh_type == SHT_SYMTAB + || elf_elfsections (abfd)[hdr->sh_link]->sh_type == SHT_DYNSYM) + && ! bfd_section_from_shdr (abfd, hdr->sh_link)) +- return FALSE; ++ goto fail; + + /* If this reloc section does not use the main symbol table we + don't treat it as a reloc section. BFD can't adequately +@@ -1878,14 +1952,18 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + || hdr->sh_info >= num_sec + || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL + || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA) +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, +- shindex); ++ { ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, ++ shindex); ++ goto success; ++ } + + if (! bfd_section_from_shdr (abfd, hdr->sh_info)) +- return FALSE; ++ goto fail; ++ + target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info); + if (target_sect == NULL) +- return FALSE; ++ goto fail; + + esdt = elf_section_data (target_sect); + if (hdr->sh_type == SHT_RELA) +@@ -1897,7 +1975,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + amt = sizeof (*hdr2); + hdr2 = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (hdr2 == NULL) +- return FALSE; ++ goto fail; + *hdr2 = *hdr; + *p_hdr = hdr2; + elf_elfsections (abfd)[shindex] = hdr2; +@@ -1913,34 +1991,37 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + target_sect->use_rela_p = 1; + } + abfd->flags |= HAS_RELOC; +- return TRUE; ++ goto success; + } + + case SHT_GNU_verdef: + elf_dynverdef (abfd) = shindex; + elf_tdata (abfd)->dynverdef_hdr = *hdr; +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + + case SHT_GNU_versym: + if (hdr->sh_entsize != sizeof (Elf_External_Versym)) +- return FALSE; ++ goto fail; + elf_dynversym (abfd) = shindex; + elf_tdata (abfd)->dynversym_hdr = *hdr; +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + + case SHT_GNU_verneed: + elf_dynverref (abfd) = shindex; + elf_tdata (abfd)->dynverref_hdr = *hdr; +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; + + case SHT_SHLIB: +- return TRUE; ++ goto success; + + case SHT_GROUP: + if (! IS_VALID_GROUP_SECTION_HEADER (hdr, GRP_ENTRY_SIZE)) +- return FALSE; ++ goto fail; + if (!_bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex)) +- return FALSE; ++ goto fail; + if (hdr->contents != NULL) + { + Elf_Internal_Group *idx = (Elf_Internal_Group *) hdr->contents; +@@ -1966,7 +2047,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + } + } + } +- break; ++ goto success; + + default: + /* Possibly an attributes section. */ +@@ -1974,14 +2055,14 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + || hdr->sh_type == bed->obj_attrs_section_type) + { + if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex)) +- return FALSE; ++ goto fail; + _bfd_elf_parse_attributes (abfd, hdr); +- return TRUE; ++ goto success; + } + + /* Check for any processor-specific section types. */ + if (bed->elf_backend_section_from_shdr (abfd, hdr, name, shindex)) +- return TRUE; ++ goto success; + + if (hdr->sh_type >= SHT_LOUSER && hdr->sh_type <= SHT_HIUSER) + { +@@ -1993,9 +2074,12 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + "specific section `%s' [0x%8x]"), + abfd, name, hdr->sh_type); + else +- /* Allow sections reserved for applications. */ +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, +- shindex); ++ { ++ /* Allow sections reserved for applications. */ ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, ++ shindex); ++ goto success; ++ } + } + else if (hdr->sh_type >= SHT_LOPROC + && hdr->sh_type <= SHT_HIPROC) +@@ -2016,8 +2100,11 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + "`%s' [0x%8x]"), + abfd, name, hdr->sh_type); + else +- /* Otherwise it should be processed. */ +- return _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ { ++ /* Otherwise it should be processed. */ ++ ret = _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex); ++ goto success; ++ } + } + else + /* FIXME: We should handle this section. */ +@@ -2025,10 +2112,20 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) + (_("%B: don't know how to handle section `%s' [0x%8x]"), + abfd, name, hdr->sh_type); + +- return FALSE; ++ goto fail; + } + +- return TRUE; ++ fail: ++ ret = FALSE; ++ success: ++ if (sections_being_created && sections_being_created_abfd == abfd) ++ sections_being_created [shindex] = FALSE; ++ if (-- nesting == 0) ++ { ++ sections_being_created = NULL; ++ sections_being_created_abfd = abfd; ++ } ++ return ret; + } + + /* Return the local symbol specified by ABFD, R_SYMNDX. */ +@@ -9275,7 +9372,7 @@ elfcore_write_lwpstatus (bfd *abfd, + lwpstat.pr_lwpid = pid >> 16; + lwpstat.pr_cursig = cursig; + #if defined (HAVE_LWPSTATUS_T_PR_REG) +- memcpy (lwpstat.pr_reg, gregs, sizeof (lwpstat.pr_reg)); ++ memcpy (&lwpstat.pr_reg, gregs, sizeof (lwpstat.pr_reg)); + #elif defined (HAVE_LWPSTATUS_T_PR_CONTEXT) + #if !defined(gregs) + memcpy (lwpstat.pr_context.uc_mcontext.gregs, +diff --git a/bfd/ihex.c b/bfd/ihex.c +index 09f756a..16bb87f 100644 +--- a/bfd/ihex.c ++++ b/bfd/ihex.c +@@ -322,7 +322,7 @@ ihex_scan (bfd *abfd) + { + if (! ISHEX (buf[i])) + { +- ihex_bad_byte (abfd, lineno, hdr[i], error); ++ ihex_bad_byte (abfd, lineno, buf[i], error); + goto error_return; + } + } +diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c +index e506546..79c6a04 100644 +--- a/bfd/peXXigen.c ++++ b/bfd/peXXigen.c +@@ -1365,7 +1365,7 @@ pe_print_edata (bfd * abfd, void * vfile) + bfd_size_type datasize = 0; + bfd_size_type dataoff; + bfd_size_type i; +- bfd_signed_vma adj; ++ bfd_vma adj; + struct EDT_type + { + long export_flags; /* Reserved - should be zero. */ +@@ -1415,6 +1415,13 @@ pe_print_edata (bfd * abfd, void * vfile) + _("\nThere is an export table, but the section containing it could not be found\n")); + return TRUE; + } ++ else if (!(section->flags & SEC_HAS_CONTENTS)) ++ { ++ fprintf (file, ++ _("\nThere is an export table in %s, but that section has no contents\n"), ++ section->name); ++ return TRUE; ++ } + + dataoff = addr - section->vma; + datasize = extra->DataDirectory[PE_EXPORT_TABLE].Size; +@@ -1427,6 +1434,15 @@ pe_print_edata (bfd * abfd, void * vfile) + } + } + ++ /* PR 17512: Handle corrupt PE binaries. */ ++ if (datasize < 36) ++ { ++ fprintf (file, ++ _("\nThere is an export table in %s, but it is too small (%d)\n"), ++ section->name, (int) datasize); ++ return TRUE; ++ } ++ + fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"), + section->name, (unsigned long) addr); + +@@ -1470,8 +1486,11 @@ pe_print_edata (bfd * abfd, void * vfile) + fprintf (file, + _("Name \t\t\t\t")); + bfd_fprintf_vma (abfd, file, edt.name); +- fprintf (file, +- " %s\n", data + edt.name - adj); ++ ++ if ((edt.name >= adj) && (edt.name < adj + datasize)) ++ fprintf (file, " %s\n", data + edt.name - adj); ++ else ++ fprintf (file, "(outside .edata section)\n"); + + fprintf (file, + _("Ordinal Base \t\t\t%ld\n"), edt.base); +@@ -1517,7 +1536,12 @@ pe_print_edata (bfd * abfd, void * vfile) + _("\nExport Address Table -- Ordinal Base %ld\n"), + edt.base); + +- for (i = 0; i < edt.num_functions; ++i) ++ /* PR 17512: Handle corrupt PE binaries. */ ++ if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize) ++ fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"), ++ (long) edt.eat_addr, ++ (long) edt.num_functions); ++ else for (i = 0; i < edt.num_functions; ++i) + { + bfd_vma eat_member = bfd_get_32 (abfd, + data + edt.eat_addr + (i * 4) - adj); +@@ -1553,7 +1577,16 @@ pe_print_edata (bfd * abfd, void * vfile) + fprintf (file, + _("\n[Ordinal/Name Pointer] Table\n")); + +- for (i = 0; i < edt.num_names; ++i) ++ /* PR 17512: Handle corrupt PE binaries. */ ++ if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize) ++ fprintf (file, _("\tInvalid Name Pointer Table rva (0x%lx) or entry count (0x%lx)\n"), ++ (long) edt.npt_addr, ++ (long) edt.num_names); ++ else if (edt.ot_addr + (edt.num_names * 2) - adj >= datasize) ++ fprintf (file, _("\tInvalid Ordinal Table rva (0x%lx) or entry count (0x%lx)\n"), ++ (long) edt.ot_addr, ++ (long) edt.num_names); ++ else for (i = 0; i < edt.num_names; ++i) + { + bfd_vma name_ptr = bfd_get_32 (abfd, + data + +diff --git a/bfd/srec.c b/bfd/srec.c +index 6226773..9fcadb1 100644 +--- a/bfd/srec.c ++++ b/bfd/srec.c +@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd, + } + else + { +- char buf[10]; ++ char buf[40]; + + if (! ISPRINT (c)) + sprintf (buf, "\\%03o", (unsigned int) c); +@@ -454,8 +454,8 @@ srec_scan (bfd *abfd) + case 'S': + { + file_ptr pos; +- char hdr[3]; +- unsigned int bytes; ++ unsigned char hdr[3]; ++ unsigned int bytes, min_bytes; + bfd_vma address; + bfd_byte *data; + unsigned char check_sum; +@@ -478,6 +478,19 @@ srec_scan (bfd *abfd) + } + + check_sum = bytes = HEX (hdr + 1); ++ min_bytes = 3; ++ if (hdr[0] == '2' || hdr[0] == '8') ++ min_bytes = 4; ++ else if (hdr[0] == '3' || hdr[0] == '7') ++ min_bytes = 5; ++ if (bytes < min_bytes) ++ { ++ (*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"), ++ abfd, lineno, bytes); ++ bfd_set_error (bfd_error_bad_value); ++ goto error_return; ++ } ++ + if (bytes * 2 > bufsize) + { + if (buf != NULL) +-- +2.1.0 + diff --git a/cross-binutils.spec b/cross-binutils.spec index bc65fbb..29ff9aa 100644 --- a/cross-binutils.spec +++ b/cross-binutils.spec @@ -43,7 +43,7 @@ Summary: A GNU collection of cross-compilation binary utilities Name: cross-binutils Version: 2.23.51.0.3 -Release: 1%{?dist} +Release: 1%{?dist}.1 License: GPLv3+ Group: Development/Tools URL: http://sources.redhat.com/binutils @@ -68,6 +68,11 @@ Patch09: binutils-2.22.52.0.1-export-demangle.h.patch Patch10: binutils-2.22.52.0.4-no-config-h-check.patch # Renames ARM LDRALT insn to LDALT. BZ# 869025 Patch11: binutils-2.23.51.0.3-arm-ldralt.patch +# Deal with corrupted binaries (rh #1162676) +Patch21: binutils-2.23.51.0.3-corrupt-binaries.patch + +# Fix for xtensa memset length +Patch100: cross-binutils-2.23.2-xtensa-memset.patch Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: texinfo >= 4.0, gettext, flex, bison, zlib-devel @@ -176,6 +181,7 @@ cd %{srcdir} %patch09 -p0 -b .export-demangle-h~ %patch10 -p0 -b .no-config-h-check~ %patch11 -p0 -b .arm-ldralt~ +%patch21 -p1 -b .currupted-binaries~ # We cannot run autotools as there is an exact requirement of autoconf-2.59. @@ -583,6 +589,9 @@ rm -rf %{buildroot} %do_files xtensa-linux-gnu %{build_xtensa} %changelog +* Tue Nov 11 2014 Lubomir Rintel - 2.23.51.0.3-1.1 +- Deal with corrupted object files (rh #1162676) + * Fri Nov 2 2012 David Howells - 2.23.51.0.3-1 - Update to binutils-2.23.51.0.3. - Added support for aarch64.