packages/binutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!73 【Mainline】Update to 2.36.1

Browse Source 
From: @yixiangzhike
Reviewed-by: @overweight
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2021-07-07 07:59:04 +00:00 committed by Gitee
commit 1f9aef7b87
22 changed files with 16 additions and 2779 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
BFD-Exclude-sections-with-no-content-from-compress-c.patch
View File

@ -1,82 +0,0 @@
From 9f57ab49b32bc14c0ff3834876a185af0a4c6e6b Mon Sep 17 00:00:00 2001
From: Tamar Christina <tamar.christina@arm.com>
Date: Tue, 21 Apr 2020 15:16:21 +0100
Subject: [PATCH] BFD: Exclude sections with no content from compress check.
The check in bfd_get_full_section_contents is trying to check that we don't
allocate more space for a section than the size of the section is on disk.
Previously we excluded linker created sections since they didn't have a size on
disk. However we also need to exclude sections with no content as well such as
the BSS section. Space for these would not have been allocated by the assembler
and so the check would incorrectly fail.
bfd/ChangeLog:
PR binutils/24753
* compress.c (bfd_get_full_section_contents): Exclude sections with no
content.
gas/ChangeLog:
PR binutils/24753
* testsuite/gas/arm/pr24753.d: New test.
* testsuite/gas/arm/pr24753.s: New test.
(cherry picked from commit c36876fe5b5bac1c404ab2ca82bfbfb2ed9a2717)
---
bfd/compress.c | 3 +++
gas/testsuite/gas/arm/pr24753.d | 7 +++++++
gas/testsuite/gas/arm/pr24753.s | 12 ++++++++++++
3 files changed, 24 insertions(+)
create mode 100644 gas/testsuite/gas/arm/pr24753.d
create mode 100644 gas/testsuite/gas/arm/pr24753.s
diff --git a/bfd/compress.c b/bfd/compress.c
index ce6bb2b..728ba39 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -255,6 +255,9 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
/* PR 24753: Linker created sections can be larger than
the file size, eg if they are being used to hold stubs. */
&& (bfd_section_flags (sec) & SEC_LINKER_CREATED) == 0
+ /* PR 24753: Sections which have no content should also be
+ excluded as they contain no size on disk. */
+ && (bfd_section_flags (sec) & SEC_HAS_CONTENTS) != 0
/* The MMO file format supports its own special compression
technique, but it uses COMPRESS_SECTION_NONE when loading
a section's contents. */
diff --git a/gas/testsuite/gas/arm/pr24753.d b/gas/testsuite/gas/arm/pr24753.d
new file mode 100644
index 0000000..01990d1
--- /dev/null
+++ b/gas/testsuite/gas/arm/pr24753.d
@@ -0,0 +1,7 @@
+#skip: *-*-pe *-*-wince *-*-vxworks
+#objdump: -d
+#name: PR24753: Don't error on sections with no content size mismatch with file
+
+.*: +file format .*arm.*
+
+#...
diff --git a/gas/testsuite/gas/arm/pr24753.s b/gas/testsuite/gas/arm/pr24753.s
new file mode 100644
index 0000000..5ba33fd
--- /dev/null
+++ b/gas/testsuite/gas/arm/pr24753.s
@@ -0,0 +1,12 @@
+.text
+.global _start
+_start:
+ nop
+
+.section .text2, "ax", %progbits
+_func:
+ nop
+
+.bss
+.fill 0x8000
+
--
1.8.3.1

34
Import-a-fix-from-the-mainline-sources-that-prevents.patch
View File

@ -1,34 +0,0 @@
From 82f439d028c65663a0baf0a17ef5c4a2ea5c84a7 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 11 Feb 2020 15:55:25 +0000
Subject: [PATCH] Import a fix from the mainline sources that prevents a
potential illegal memory access when parsing PE binaries.
PR 25447
* coffgen.c (_bfd_coff_close_and_cleanup): Do not clear the keep
syms and keep strings flags as these may have been set in order to
prevent a bogus call to free.
---
bfd/coffgen.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 2bfcf1a..3ddd2d8 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -3175,8 +3175,10 @@ _bfd_coff_close_and_cleanup (bfd *abfd)
&& bfd_family_coff (abfd)
&& coff_data (abfd) != NULL)
{
- obj_coff_keep_syms (abfd) = FALSE;
- obj_coff_keep_strings (abfd) = FALSE;
+ /* PR 25447:
+ Do not clear the keep_syms and keep_strings flags.
+ These may have been set by pe_ILF_build_a_bfd() indicating
+ that the syms and strings pointers are not to be freed. */
if (!_bfd_coff_free_symbols (abfd))
return FALSE;
}
--
1.8.3.1

87
NDS32-disassembly-of-odd-sized-sections.patch
View File

@ -1,87 +0,0 @@
From fe90ae8a9f54e4fe8b9089fed48b0e1818414f57 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 20 Mar 2020 10:51:14 +1030
Subject: [PATCH] NDS32 disassembly of odd sized sections
* nds32-dis.c (print_insn_nds32): Remove unnecessary casts.
Initialize parts of buffer not written when handling a possible
2-byte insn at end of section. Don't attempt decoding of such
an insn by the 4-byte machinery.
---
opcodes/nds32-dis.c | 24 +++++++++++++++---------
1 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/opcodes/nds32-dis.c b/opcodes/nds32-dis.c
index c5874ff..35e4ba0 100644
--- a/opcodes/nds32-dis.c
+++ b/opcodes/nds32-dis.c
@@ -985,7 +985,7 @@ print_insn_nds32 (bfd_vma pc, disassemble_info *info)
int is_data = FALSE;
bfd_boolean found = FALSE;
struct nds32_private_data *private_data;
- unsigned int size = 16;
+ unsigned int size;
enum map_type mapping_type = MAP_CODE;
if (info->private_data == NULL)
@@ -1063,6 +1063,7 @@ print_insn_nds32 (bfd_vma pc, disassemble_info *info)
/* Fix corner case: there is no next mapping symbol,
let mapping type decides size */
+ size = 16;
if (last_symbol_index + 1 >= info->symtab_size)
{
if (mapping_type == MAP_DATA0)
@@ -1096,7 +1097,7 @@ print_insn_nds32 (bfd_vma pc, disassemble_info *info)
size = (pc & 1) ? 1 : 2;
/* Read bytes from BFD. */
- info->read_memory_func (pc, (bfd_byte *) buf_data, size, info);
+ info->read_memory_func (pc, buf_data, size, info);
given = 0;
given1 = 0;
/* Start assembling data. */
@@ -1153,16 +1154,20 @@ print_insn_nds32 (bfd_vma pc, disassemble_info *info)
return size;
}
- status = info->read_memory_func (pc, (bfd_byte *) buf, 4, info);
+ size = 4;
+ status = info->read_memory_func (pc, buf, 4, info);
if (status)
{
/* For the last 16-bit instruction. */
- status = info->read_memory_func (pc, (bfd_byte *) buf, 2, info);
+ size = 2;
+ status = info->read_memory_func (pc, buf, 2, info);
if (status)
{
- (*info->memory_error_func)(status, pc, info);
+ (*info->memory_error_func) (status, pc, info);
return -1;
}
+ buf[2] = 0;
+ buf[3] = 0;
}
insn = bfd_getb32 (buf);
@@ -1174,11 +1179,12 @@ print_insn_nds32 (bfd_vma pc, disassemble_info *info)
}
/* 32-bit instructions. */
+ if (size == 4)
+ print_insn32 (pc, info, insn, NDS32_PARSE_INSN32);
else
- {
- print_insn32 (pc, info, insn, NDS32_PARSE_INSN32);
- return 4;
- }
+ info->fprintf_func (info->stream,
+ _("insufficient data to decode instruction"));
+ return 4;
}
/* Ignore disassembling unnecessary name. */
--
1.8.3.1

43
PR25585-PHDR-segment-not-covered-by-LOAD-segment.patch
View File

@ -1,43 +0,0 @@
From acc4a8b8ac83077819948126bc7501d35eb1ea74 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sat, 22 Feb 2020 12:46:33 +1030
Subject: [PATCH] PR25585, PHDR segment not covered by LOAD segment
I closed this bug as invalid, but I think it is worth mentioning in NEWS
that older linkers didn't check PT_PHDR very well. The patch also allows
people to force an output file with --noinhibit-exec after the error.
bfd/
PR 25585
* elf.c (assign_file_positions_for_load_sections): Continue linking
on "PHDR segment not covered by LOAD segment" errors.
ld/
PR 25585
* NEWS: Mention better "PHDR segment not covered by LOAD segment"
checking.
(cherry picked from commit 7b3c27152b5695177a2cd5adc0d7b0255f99aca0)
---
bfd/elf.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/bfd/elf.c b/bfd/elf.c
index a8d98a6..f02b724 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -5934,7 +5934,11 @@ assign_file_positions_for_load_sections (bfd *abfd,
_bfd_error_handler (_("%pB: error: PHDR segment not covered"
" by LOAD segment"),
abfd);
- return FALSE;
+ if (link_info == NULL)
+ return FALSE;
+ /* Arrange for the linker to exit with an error, deleting
+ the output file unless --noinhibit-exec is given. */
+ link_info->callbacks->info ("%X");
}
/* Check that all sections are in a PT_LOAD segment.
--
1.8.3.1

104
PR25745-powerpc64-ld-overflows-string-buffer-in-stat.patch
View File

@ -1,104 +0,0 @@
From f7aec2b8e09768f284085259e08bfc1f61a0ae27 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 30 Mar 2020 09:28:02 +1030
Subject: [PATCH] PR25745, powerpc64-ld overflows string buffer in --stats mode
PR 25745
* elf64-ppc.c (ppc64_elf_build_stubs): Use asprintf to form
statistics message.
(cherry picked from commit 988b7300bc990abafd982bdcd217c58bc1e0679a)
---
bfd/elf64-ppc.c | 76 ++++++++++++++++++++++++++++++---------------------------
1 files changed, 40 insertions(+), 36 deletions(-)
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index bea722c..47ff648 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -14116,42 +14116,46 @@ ppc64_elf_build_stubs (struct bfd_link_info *info,
if (stats != NULL)
{
- size_t len;
- *stats = bfd_malloc (500);
- if (*stats == NULL)
- return FALSE;
-
- len = sprintf (*stats,
- ngettext ("linker stubs in %u group\n",
- "linker stubs in %u groups\n",
- stub_sec_count),
- stub_sec_count);
- sprintf (*stats + len, _(" branch %lu\n"
- " branch toc adj %lu\n"
- " branch notoc %lu\n"
- " branch both %lu\n"
- " long branch %lu\n"
- " long toc adj %lu\n"
- " long notoc %lu\n"
- " long both %lu\n"
- " plt call %lu\n"
- " plt call save %lu\n"
- " plt call notoc %lu\n"
- " plt call both %lu\n"
- " global entry %lu"),
- htab->stub_count[ppc_stub_long_branch - 1],
- htab->stub_count[ppc_stub_long_branch_r2off - 1],
- htab->stub_count[ppc_stub_long_branch_notoc - 1],
- htab->stub_count[ppc_stub_long_branch_both - 1],
- htab->stub_count[ppc_stub_plt_branch - 1],
- htab->stub_count[ppc_stub_plt_branch_r2off - 1],
- htab->stub_count[ppc_stub_plt_branch_notoc - 1],
- htab->stub_count[ppc_stub_plt_branch_both - 1],
- htab->stub_count[ppc_stub_plt_call - 1],
- htab->stub_count[ppc_stub_plt_call_r2save - 1],
- htab->stub_count[ppc_stub_plt_call_notoc - 1],
- htab->stub_count[ppc_stub_plt_call_both - 1],
- htab->stub_count[ppc_stub_global_entry - 1]);
+ char *groupmsg;
+ if (asprintf (&groupmsg,
+ ngettext ("linker stubs in %u group\n",
+ "linker stubs in %u groups\n",
+ stub_sec_count),
+ stub_sec_count) < 0)
+ *stats = NULL;
+ else
+ {
+ if (asprintf (stats, _("%s"
+ " branch %lu\n"
+ " branch toc adj %lu\n"
+ " branch notoc %lu\n"
+ " branch both %lu\n"
+ " long branch %lu\n"
+ " long toc adj %lu\n"
+ " long notoc %lu\n"
+ " long both %lu\n"
+ " plt call %lu\n"
+ " plt call save %lu\n"
+ " plt call notoc %lu\n"
+ " plt call both %lu\n"
+ " global entry %lu"),
+ groupmsg,
+ htab->stub_count[ppc_stub_long_branch - 1],
+ htab->stub_count[ppc_stub_long_branch_r2off - 1],
+ htab->stub_count[ppc_stub_long_branch_notoc - 1],
+ htab->stub_count[ppc_stub_long_branch_both - 1],
+ htab->stub_count[ppc_stub_plt_branch - 1],
+ htab->stub_count[ppc_stub_plt_branch_r2off - 1],
+ htab->stub_count[ppc_stub_plt_branch_notoc - 1],
+ htab->stub_count[ppc_stub_plt_branch_both - 1],
+ htab->stub_count[ppc_stub_plt_call - 1],
+ htab->stub_count[ppc_stub_plt_call_r2save - 1],
+ htab->stub_count[ppc_stub_plt_call_notoc - 1],
+ htab->stub_count[ppc_stub_plt_call_both - 1],
+ htab->stub_count[ppc_stub_global_entry - 1]) < 0)
+ *stats = NULL;
+ free (groupmsg);
+ }
}
return TRUE;
}
--
1.8.3.1

31
Re-PR24511-nm-should-not-mark-symbols-in-.init_array.patch
View File

@ -1,31 +0,0 @@
From 40bfb9762747f8336b17c70a0173d10200fa62eb Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 27 Feb 2020 17:28:47 +1030
Subject: [PATCH] Re: PR24511, nm should not mark symbols in .init_array as "t"
PR 24511
* syms.c (bfd_decode_symclass): Reverse order of coff_section_type
and decode_section_type calls.
---
bfd/syms.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/bfd/syms.c b/bfd/syms.c
index 128cf19..8a8b74f 100644
--- a/bfd/syms.c
+++ b/bfd/syms.c
@@ -705,9 +705,9 @@ bfd_decode_symclass (asymbol *symbol)
c = 'a';
else if (symbol->section)
{
- c = decode_section_type (symbol->section);
+ c = coff_section_type (symbol->section->name);
if (c == '?')
- c = coff_section_type (symbol->section->name);
+ c = decode_section_type (symbol->section);
}
else
return '?';
--
1.8.3.1

34
Re-asan-more-readelf-leaks.patch
View File

@ -1,34 +0,0 @@
From 1bd6175ae79099173c1510d209ad9978129e22c0 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sat, 14 Mar 2020 18:58:11 +1030
Subject: [PATCH] Re: asan: more readelf leaks
In git commit fd486f32d15e I put some static variables used by
get_symbol_for_build_attribute in a file scope ba_cache struct. This
was to prevent leaks in get_symbol_for_build_attribute, and to tidy up
before readelf exited. The patch wasn't quite right though. When
readelf processes more than one file it was possible to double free
arrays allocated in get_symbol_for_build_attribute.
* readelf.c (process_file): Clean ba_cache.
---
binutils/readelf.c | 2 ++
1 files changed, 2 insertions(+)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 0f8a080..49eb20f 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -20571,7 +20571,9 @@ process_file (char * file_name)
free (filedata);
free (ba_cache.strtab);
+ ba_cache.strtab = NULL;
free (ba_cache.symtab);
+ ba_cache.symtab = NULL;
ba_cache.filedata = NULL;
return ret;
--
1.8.3.1

481
asan-more-readelf-leaks.patch
View File

@ -1,481 +0,0 @@
From fd486f32d15e3299b905084a697fac6349c43f76 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 13 Mar 2020 13:21:15 +1030
Subject: [PATCH] asan: more readelf leaks
* elfcomm.c (get_archive_member_name): Always return malloc'd
string or NULL.
* elfedit.c (process_archive): Tidy memory on all return paths.
* readelf.c (process_archive): Likewise.
(process_symbol_table): Likewise.
(ba_cache): New, replacing ..
(get_symbol_for_build_attribute): ..static vars here. Free
strtab and symtab before loading new ones. Reject symtab without
valid strtab in loop, breaking out of loop on valid symtab.
(process_file): Free ba_cache symtab and strtab here, resetting
ba_cache.
---
binutils/elfcomm.c | 8 +--
binutils/elfedit.c | 9 ++++
binutils/readelf.c | 152 +++++++++++++++++++++++++++++++++--------------------
3 files changed, 107 insertions(+), 62 deletions(-)
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
index 87a544b..3060ff1 100644
--- a/binutils/elfcomm.c
+++ b/binutils/elfcomm.c
@@ -797,7 +797,7 @@ get_archive_member_name (struct archive_info *arch,
arch->longnames[j] = '\0';
if (!arch->is_thin_archive || arch->nested_member_origin == 0)
- return arch->longnames + k;
+ return xstrdup (arch->longnames + k);
/* PR 17531: file: 2896dc8b. */
if (k >= j)
@@ -813,7 +813,7 @@ get_archive_member_name (struct archive_info *arch,
if (member_file_name != NULL
&& setup_nested_archive (nested_arch, member_file_name) == 0)
{
- member_name = get_archive_member_name_at (nested_arch,
+ member_name = get_archive_member_name_at (nested_arch,
arch->nested_member_origin,
NULL);
if (member_name != NULL)
@@ -825,7 +825,7 @@ get_archive_member_name (struct archive_info *arch,
free (member_file_name);
/* Last resort: just return the name of the nested archive. */
- return arch->longnames + k;
+ return xstrdup (arch->longnames + k);
}
/* We have a normal (short) name. */
@@ -833,7 +833,7 @@ get_archive_member_name (struct archive_info *arch,
if (arch->arhdr.ar_name[j] == '/')
{
arch->arhdr.ar_name[j] = '\0';
- return arch->arhdr.ar_name;
+ return xstrdup (arch->arhdr.ar_name);
}
/* The full ar_name field is used. Don't rely on ar_date starting
diff --git a/binutils/elfedit.c b/binutils/elfedit.c
index e94b677..3a14c60 100644
--- a/binutils/elfedit.c
+++ b/binutils/elfedit.c
@@ -616,6 +616,7 @@ process_archive (const char * file_name, FILE * file,
if (qualified_name == NULL)
{
error (_("%s: bad archive file name\n"), file_name);
+ free (name);
ret = 1;
break;
}
@@ -626,8 +627,10 @@ process_archive (const char * file_name, FILE * file,
FILE *member_file;
char *member_file_name = adjust_relative_path (file_name,
name, namelen);
+ free (name);
if (member_file_name == NULL)
{
+ free (qualified_name);
ret = 1;
break;
}
@@ -638,6 +641,7 @@ process_archive (const char * file_name, FILE * file,
error (_("Input file '%s' is not readable\n"),
member_file_name);
free (member_file_name);
+ free (qualified_name);
ret = 1;
break;
}
@@ -648,9 +652,12 @@ process_archive (const char * file_name, FILE * file,
fclose (member_file);
free (member_file_name);
+ free (qualified_name);
}
else if (is_thin_archive)
{
+ free (name);
+
/* This is a proxy for a member of a nested archive. */
archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
@@ -661,6 +668,7 @@ process_archive (const char * file_name, FILE * file,
{
error (_("%s: failed to seek to archive member\n"),
nested_arch.file_name);
+ free (qualified_name);
ret = 1;
break;
}
@@ -669,6 +677,7 @@ process_archive (const char * file_name, FILE * file,
}
else
{
+ free (name);
archive_file_offset = arch.next_arhdr_offset;
arch.next_arhdr_offset += archive_file_size;
diff --git a/binutils/readelf.c b/binutils/readelf.c
index d009b91..4e21bdb 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -11766,17 +11766,17 @@ process_symbol_table (Filedata * filedata)
buckets = get_dynamic_data (filedata, nbuckets, hash_ent_size);
chains = get_dynamic_data (filedata, nchains, hash_ent_size);
- no_hash:
if (buckets == NULL || chains == NULL)
{
- if (do_using_dynamic)
- return FALSE;
+ no_hash:
free (buckets);
free (chains);
buckets = NULL;
chains = NULL;
nbuckets = 0;
nchains = 0;
+ if (do_using_dynamic)
+ goto err_out;
}
}
@@ -11833,7 +11833,7 @@ process_symbol_table (Filedata * filedata)
if (gnubuckets[i] != 0)
{
if (gnubuckets[i] < gnusymidx)
- return FALSE;
+ goto err_out;
if (maxchain == 0xffffffff || gnubuckets[i] > maxchain)
maxchain = gnubuckets[i];
@@ -11898,21 +11898,17 @@ process_symbol_table (Filedata * filedata)
}
mipsxlat = get_dynamic_data (filedata, maxchain, 4);
- }
-
- no_gnu_hash:
- if (dynamic_info_DT_MIPS_XHASH && mipsxlat == NULL)
- {
- free (gnuchains);
- gnuchains = NULL;
- }
- if (gnuchains == NULL)
- {
- free (gnubuckets);
- gnubuckets = NULL;
- ngnubuckets = 0;
- if (do_using_dynamic)
- return FALSE;
+ if (mipsxlat == NULL)
+ {
+ no_gnu_hash:
+ free (gnuchains);
+ gnuchains = NULL;
+ free (gnubuckets);
+ gnubuckets = NULL;
+ ngnubuckets = 0;
+ if (do_using_dynamic)
+ goto err_out;
+ }
}
}
@@ -12129,7 +12125,7 @@ process_symbol_table (Filedata * filedata)
if (lengths == NULL)
{
error (_("Out of memory allocating space for histogram buckets\n"));
- return FALSE;
+ goto err_out;
}
visited = xcmalloc (nchains, 1);
memset (visited, 0, nchains);
@@ -12157,7 +12153,7 @@ process_symbol_table (Filedata * filedata)
{
free (lengths);
error (_("Out of memory allocating space for histogram counts\n"));
- return FALSE;
+ goto err_out;
}
for (hn = 0; hn < nbuckets; ++hn)
@@ -12181,11 +12177,10 @@ process_symbol_table (Filedata * filedata)
free (lengths);
}
- if (buckets != NULL)
- {
- free (buckets);
- free (chains);
- }
+ free (buckets);
+ buckets = NULL;
+ free (chains);
+ chains = NULL;
if (do_histogram && gnubuckets != NULL)
{
@@ -12208,7 +12203,7 @@ process_symbol_table (Filedata * filedata)
if (lengths == NULL)
{
error (_("Out of memory allocating space for gnu histogram buckets\n"));
- return FALSE;
+ goto err_out;
}
printf (_(" Length Number %% of total Coverage\n"));
@@ -12234,7 +12229,7 @@ process_symbol_table (Filedata * filedata)
{
free (lengths);
error (_("Out of memory allocating space for gnu histogram counts\n"));
- return FALSE;
+ goto err_out;
}
for (hn = 0; hn < ngnubuckets; ++hn)
@@ -12256,12 +12251,19 @@ process_symbol_table (Filedata * filedata)
free (counts);
free (lengths);
- free (gnubuckets);
- free (gnuchains);
- free (mipsxlat);
}
-
+ free (gnubuckets);
+ free (gnuchains);
+ free (mipsxlat);
return TRUE;
+
+ err_out:
+ free (gnubuckets);
+ free (gnuchains);
+ free (mipsxlat);
+ free (buckets);
+ free (chains);
+ return FALSE;
}
static bfd_boolean
@@ -18773,6 +18775,14 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
return FALSE;
}
+struct build_attr_cache {
+ Filedata *filedata;
+ char *strtab;
+ unsigned long strtablen;
+ Elf_Internal_Sym *symtab;
+ unsigned long nsyms;
+} ba_cache;
+
/* Find the symbol associated with a build attribute that is attached
to address OFFSET. If PNAME is non-NULL then store the name of
the symbol (if found) in the provided pointer, Returns NULL if a
@@ -18784,19 +18794,19 @@ get_symbol_for_build_attribute (Filedata * filedata,
bfd_boolean is_open_attr,
const char ** pname)
{
- static Filedata * saved_filedata = NULL;
- static char * strtab;
- static unsigned long strtablen;
- static Elf_Internal_Sym * symtab;
- static unsigned long nsyms;
- Elf_Internal_Sym * saved_sym = NULL;
- Elf_Internal_Sym * sym;
+ Elf_Internal_Sym *saved_sym = NULL;
+ Elf_Internal_Sym *sym;
if (filedata->section_headers != NULL
- && (saved_filedata == NULL || filedata != saved_filedata))
+ && (ba_cache.filedata == NULL || filedata != ba_cache.filedata))
{
Elf_Internal_Shdr * symsec;
+ free (ba_cache.strtab);
+ ba_cache.strtab = NULL;
+ free (ba_cache.symtab);
+ ba_cache.symtab = NULL;
+
/* Load the symbol and string sections. */
for (symsec = filedata->section_headers;
symsec < filedata->section_headers + filedata->file_header.e_shnum;
@@ -18804,41 +18814,52 @@ get_symbol_for_build_attribute (Filedata * filedata,
{
if (symsec->sh_type == SHT_SYMTAB)
{
- symtab = GET_ELF_SYMBOLS (filedata, symsec, & nsyms);
+ ba_cache.symtab = GET_ELF_SYMBOLS (filedata, symsec,
+ &ba_cache.nsyms);
- if (symsec->sh_link < filedata->file_header.e_shnum)
+ if (ba_cache.symtab != NULL
+ && symsec->sh_link < filedata->file_header.e_shnum)
{
- Elf_Internal_Shdr * strtab_sec = filedata->section_headers + symsec->sh_link;
-
- strtab = (char *) get_data (NULL, filedata, strtab_sec->sh_offset,
- 1, strtab_sec->sh_size,
- _("string table"));
- strtablen = strtab != NULL ? strtab_sec->sh_size : 0;
+ Elf_Internal_Shdr *strtab_sec
+ = filedata->section_headers + symsec->sh_link;
+
+ ba_cache.strtab
+ = (char *) get_data (NULL, filedata, strtab_sec->sh_offset,
+ 1, strtab_sec->sh_size,
+ _("string table"));
+ ba_cache.strtablen = strtab_sec->sh_size;
}
+ if (ba_cache.strtab == NULL)
+ {
+ free (ba_cache.symtab);
+ ba_cache.symtab = NULL;
+ }
+ if (ba_cache.symtab != NULL)
+ break;
}
}
- saved_filedata = filedata;
+ ba_cache.filedata = filedata;
}
- if (symtab == NULL || strtab == NULL)
+ if (ba_cache.symtab == NULL)
return NULL;
/* Find a symbol whose value matches offset. */
- for (sym = symtab; sym < symtab + nsyms; sym ++)
+ for (sym = ba_cache.symtab; sym < ba_cache.symtab + ba_cache.nsyms; sym ++)
if (sym->st_value == offset)
{
- if (sym->st_name >= strtablen)
+ if (sym->st_name >= ba_cache.strtablen)
/* Huh ? This should not happen. */
continue;
- if (strtab[sym->st_name] == 0)
+ if (ba_cache.strtab[sym->st_name] == 0)
continue;
/* The AArch64 and ARM architectures define mapping symbols
(eg $d, $x, $t) which we want to ignore. */
- if (strtab[sym->st_name] == '$'
- && strtab[sym->st_name + 1] != 0
- && strtab[sym->st_name + 2] == 0)
+ if (ba_cache.strtab[sym->st_name] == '$'
+ && ba_cache.strtab[sym->st_name + 1] != 0
+ && ba_cache.strtab[sym->st_name + 2] == 0)
continue;
if (is_open_attr)
@@ -18855,7 +18876,7 @@ get_symbol_for_build_attribute (Filedata * filedata,
{
/* If the symbol has a size associated
with it then we can stop searching. */
- sym = symtab + nsyms;
+ sym = ba_cache.symtab + ba_cache.nsyms;
}
continue;
@@ -18895,7 +18916,7 @@ get_symbol_for_build_attribute (Filedata * filedata,
}
if (saved_sym && pname)
- * pname = strtab + saved_sym->st_name;
+ * pname = ba_cache.strtab + saved_sym->st_name;
return saved_sym;
}
@@ -20238,6 +20259,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
putchar ('\n');
free (qualified_name);
}
+ free (member_name);
}
}
@@ -20340,6 +20362,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (qualified_name == NULL)
{
error (_("%s: bad archive file name\n"), arch.file_name);
+ free (name);
ret = FALSE;
break;
}
@@ -20351,8 +20374,10 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
char * member_file_name = adjust_relative_path
(filedata->file_name, name, namelen);
+ free (name);
if (member_file_name == NULL)
{
+ free (qualified_name);
ret = FALSE;
break;
}
@@ -20362,6 +20387,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
error (_("Input file '%s' is not readable.\n"), member_file_name);
free (member_file_name);
+ free (qualified_name);
ret = FALSE;
break;
}
@@ -20374,6 +20400,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
close_file (member_filedata);
free (member_file_name);
+ free (qualified_name);
}
else if (is_thin_archive)
{
@@ -20386,9 +20413,12 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
{
error (_("%s: contains corrupt thin archive: %s\n"),
qualified_name, name);
+ free (qualified_name);
+ free (name);
ret = FALSE;
break;
}
+ free (name);
/* This is a proxy for a member of a nested archive. */
archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
@@ -20398,6 +20428,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (fseek (nested_arch.file, archive_file_offset, SEEK_SET) != 0)
{
error (_("%s: failed to seek to archive member.\n"), nested_arch.file_name);
+ free (qualified_name);
ret = FALSE;
break;
}
@@ -20410,6 +20441,7 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
}
else
{
+ free (name);
archive_file_offset = arch.next_arhdr_offset;
arch.next_arhdr_offset += archive_file_size;
@@ -20510,6 +20542,10 @@ process_file (char * file_name)
free (filedata->dump_sects);
free (filedata);
+ free (ba_cache.strtab);
+ free (ba_cache.symtab);
+ ba_cache.filedata = NULL;
+
return ret;
}
--
1.8.3.1

77
asan-readelf-leaks.patch
View File

@ -1,77 +0,0 @@
From 8fb879cd16a3e3d1fe93e333c4c720fd33bcc416 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 12 Mar 2020 16:48:07 +1030
Subject: [PATCH] asan: readelf leaks
* readelf.c (process_section_headers): Don't just set
filedata->section_headers NULL, free it first. Similarly for
dynamic_symbols, dynamic_strings, dynamic_syminfo and
symtab_shndx_list. Zero associated counts too.
(process_object): Free symtab_shndx_list.
(process_file): Free various allocated filedata tables.
---
binutils/readelf.c | 24 +++++++++++++++++++++++-
1 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 260ea33..d009b91 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -6117,6 +6117,7 @@ process_section_headers (Filedata * filedata)
Elf_Internal_Shdr * section;
unsigned int i;
+ free (filedata->section_headers);
filedata->section_headers = NULL;
if (filedata->file_header.e_shnum == 0)
@@ -6172,10 +6173,20 @@ process_section_headers (Filedata * filedata)
/* Scan the sections for the dynamic symbol table
and dynamic string table and debug sections. */
+ free (dynamic_symbols);
dynamic_symbols = NULL;
+ num_dynamic_syms = 0;
+ free (dynamic_strings);
dynamic_strings = NULL;
+ dynamic_strings_length = 0;
+ free (dynamic_syminfo);
dynamic_syminfo = NULL;
- symtab_shndx_list = NULL;
+ while (symtab_shndx_list != NULL)
+ {
+ elf_section_list *next = symtab_shndx_list->next;
+ free (symtab_shndx_list);
+ symtab_shndx_list = next;
+ }
eh_addr_size = is_32bit_elf ? 4 : 8;
switch (filedata->file_header.e_machine)
@@ -20121,6 +20132,13 @@ process_object (Filedata * filedata)
dynamic_section = NULL;
}
+ while (symtab_shndx_list != NULL)
+ {
+ elf_section_list *next = symtab_shndx_list->next;
+ free (symtab_shndx_list);
+ symtab_shndx_list = next;
+ }
+
if (section_headers_groups)
{
free (section_headers_groups);
@@ -20486,6 +20504,10 @@ process_file (char * file_name)
}
fclose (filedata->handle);
+ free (filedata->section_headers);
+ free (filedata->program_headers);
+ free (filedata->string_table);
+ free (filedata->dump_sects);
free (filedata);
return ret;
--
1.8.3.1

287
backport-0001-CVE-2021-20197.patch
View File

@ -1,287 +0,0 @@
From 365f5fb6d0f0da83817431a275e99e6f6babbe04 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
Date: Mon, 7 Dec 2020 20:48:23 +0530
Subject: [PATCH] binutils: Use file descriptors from make_tempname
The purpose of creating a temporary file securely using mkstemp is
defeated if it is closed in make_tempname and reopened later for use;
it is as good as using mktemp. Get the file descriptor instead and
then use it to create the BFD object.
bfd/
* opncls.c (bfd_fdopenw): New function.
* bfd-in2.h: Regenerate.
binutils/
* bucomm.c (make_tempname): Add argument to return file
descriptor.
* bucomm.h (make_tempname): Likewise.
* ar.c: Include libbfd.h.
(write_archive): Adjust for change in make_tempname. Call
bfd_fdopenw instead of bfd_openw.
* objcopy.c: Include libbfd.h.
(copy_file): New argument OFD. Use bfd_fdopenw instead of
bfd_openw.
(strip_main): Adjust for change in make_tempname and
copy_file.
(copy_main): Likewise.
---
bfd/ChangeLog | 6 ++++++
bfd/bfd-in2.h | 2 ++
bfd/opncls.c | 33 +++++++++++++++++++++++++++++++++
binutils/ChangeLog | 17 +++++++++++++++++
binutils/ar.c | 11 ++++++++---
binutils/bucomm.c | 4 ++--
binutils/bucomm.h | 2 +-
binutils/objcopy.c | 30 ++++++++++++++++++++++--------
8 files changed, 91 insertions(+), 14 deletions(-)
diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
index 935ba53..48e3d9b 100644
--- a/bfd/bfd-in2.h
+++ b/bfd/bfd-in2.h
@@ -588,6 +588,8 @@ bfd *bfd_openr (const char *filename, const char *target);
bfd *bfd_fdopenr (const char *filename, const char *target, int fd);
+bfd *bfd_fdopenw (const char *filename, const char *target, int fd);
+
bfd *bfd_openstreamr (const char * filename, const char * target,
void * stream);
diff --git a/bfd/opncls.c b/bfd/opncls.c
index c2a1d2f..f7696b6 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -395,6 +395,39 @@ bfd_fdopenr (const char *filename, const char *target, int fd)
/*
FUNCTION
+ bfd_fdopenw
+
+SYNOPSIS
+ bfd *bfd_fdopenw (const char *filename, const char *target, int fd);
+
+DESCRIPTION
+ <<bfd_fdopenw>> is exactly like <<bfd_fdopenr>> with the exception that
+ the resulting BFD is suitable for output.
+*/
+
+bfd *
+bfd_fdopenw (const char *filename, const char *target, int fd)
+{
+ bfd *out = bfd_fdopenr (filename, target, fd);
+
+ if (out != NULL)
+ {
+ if (!bfd_write_p (out))
+ {
+ close (fd);
+ _bfd_delete_bfd (out);
+ out = NULL;
+ bfd_set_error (bfd_error_invalid_operation);
+ }
+ else
+ out->direction = write_direction;
+ }
+
+ return out;
+}
+
+/*
+FUNCTION
bfd_openstreamr
SYNOPSIS
diff --git a/binutils/ar.c b/binutils/ar.c
index 7d279d6..2253242 100644
--- a/binutils/ar.c
+++ b/binutils/ar.c
@@ -25,6 +25,7 @@
#include "sysdep.h"
#include "bfd.h"
+#include "libbfd.h"
#include "libiberty.h"
#include "progress.h"
#include "getopt.h"
@@ -1252,20 +1253,24 @@ write_archive (bfd *iarch)
bfd *obfd;
char *old_name, *new_name;
bfd *contents_head = iarch->archive_next;
+ int ofd = -1;
old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
strcpy (old_name, bfd_get_filename (iarch));
- new_name = make_tempname (old_name);
+ new_name = make_tempname (old_name, &ofd);
if (new_name == NULL)
bfd_fatal (_("could not create temporary file whilst writing archive"));
output_filename = new_name;
- obfd = bfd_openw (new_name, bfd_get_target (iarch));
+ obfd = bfd_fdopenw (new_name, bfd_get_target (iarch), ofd);
if (obfd == NULL)
- bfd_fatal (old_name);
+ {
+ close (ofd);
+ bfd_fatal (old_name);
+ }
output_bfd = obfd;
diff --git a/binutils/bucomm.c b/binutils/bucomm.c
index 9e6a028..5324420 100644
--- a/binutils/bucomm.c
+++ b/binutils/bucomm.c
@@ -532,7 +532,7 @@ template_in_dir (const char *path)
as FILENAME. */
char *
-make_tempname (const char *filename)
+make_tempname (const char *filename, int *ofd)
{
char *tmpname = template_in_dir (filename);
int fd;
@@ -550,7 +550,7 @@ make_tempname (const char *filename)
free (tmpname);
return NULL;
}
- close (fd);
+ *ofd = fd;
return tmpname;
}
diff --git a/binutils/bucomm.h b/binutils/bucomm.h
index d831834..afb8e09 100644
--- a/binutils/bucomm.h
+++ b/binutils/bucomm.h
@@ -51,7 +51,7 @@ int display_info (void);
void print_arelt_descr (FILE *, bfd *, bfd_boolean, bfd_boolean);
-char *make_tempname (const char *);
+char *make_tempname (const char *, int *);
char *make_tempdir (const char *);
bfd_vma parse_vma (const char *, const char *);
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index ca35df0..2eb083c 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -20,6 +20,7 @@
#include "sysdep.h"
#include "bfd.h"
+#include "libbfd.h"
#include "progress.h"
#include "getopt.h"
#include "libiberty.h"
@@ -3727,7 +3728,7 @@ set_long_section_mode (bfd *output_bfd, bfd *input_bfd, enum long_section_name_h
/* The top-level control. */
static void
-copy_file (const char *input_filename, const char *output_filename,
+copy_file (const char *input_filename, const char *output_filename, int ofd,
const char *input_target, const char *output_target,
const bfd_arch_info_type *input_arch)
{
@@ -3802,9 +3803,14 @@ copy_file (const char *input_filename, const char *output_filename,
else
force_output_target = TRUE;
- obfd = bfd_openw (output_filename, output_target);
+ if (ofd >= 0)
+ obfd = bfd_fdopenw (output_filename, output_target, ofd);
+ else
+ obfd = bfd_openw (output_filename, output_target);
+
if (obfd == NULL)
{
+ close (ofd);
bfd_nonfatal_message (output_filename, NULL, NULL, NULL);
status = 1;
return;
@@ -3832,13 +3838,19 @@ copy_file (const char *input_filename, const char *output_filename,
if (output_target == NULL)
output_target = bfd_get_target (ibfd);
- obfd = bfd_openw (output_filename, output_target);
+ if (ofd >= 0)
+ obfd = bfd_fdopenw (output_filename, output_target, ofd);
+ else
+ obfd = bfd_openw (output_filename, output_target);
+
if (obfd == NULL)
{
+ close (ofd);
bfd_nonfatal_message (output_filename, NULL, NULL, NULL);
status = 1;
return;
}
+
/* This is a no-op on non-Coff targets. */
set_long_section_mode (obfd, ibfd, long_section_names);
@@ -4802,6 +4814,7 @@ strip_main (int argc, char *argv[])
int hold_status = status;
struct stat statbuf;
char *tmpname;
+ int tmpfd = -1;
if (get_file_size (argv[i]) < 1)
{
@@ -4816,7 +4829,7 @@ strip_main (int argc, char *argv[])
if (output_file == NULL
|| filename_cmp (argv[i], output_file) == 0)
- tmpname = make_tempname (argv[i]);
+ tmpname = make_tempname (argv[i], &tmpfd);
else
tmpname = output_file;
@@ -4829,7 +4842,7 @@ strip_main (int argc, char *argv[])
}
status = 0;
- copy_file (argv[i], tmpname, input_target, output_target, NULL);
+ copy_file (argv[i], tmpname, tmpfd, input_target, output_target, NULL);
if (status == 0)
{
if (preserve_dates)
@@ -5049,7 +5062,7 @@ copy_main (int argc, char *argv[])
bfd_boolean formats_info = FALSE;
bfd_boolean use_globalize = FALSE;
bfd_boolean use_keep_global = FALSE;
- int c;
+ int c, tmpfd = -1;
struct stat statbuf;
const bfd_arch_info_type *input_arch = NULL;
@@ -5895,7 +5908,7 @@ copy_main (int argc, char *argv[])
are the same, then create a temp and rename the result into the input. */
if (output_filename == NULL
|| filename_cmp (input_filename, output_filename) == 0)
- tmpname = make_tempname (input_filename);
+ tmpname = make_tempname (input_filename, &tmpfd);
else
tmpname = output_filename;
@@ -5903,7 +5916,8 @@ copy_main (int argc, char *argv[])
fatal (_("warning: could not create temporary file whilst copying '%s', (error: %s)"),
input_filename, strerror (errno));
- copy_file (input_filename, tmpname, input_target, output_target, input_arch);
+ copy_file (input_filename, tmpname, tmpfd, input_target, output_target,
+ input_arch);
if (status == 0)
{
if (preserve_dates)
--
1.8.3.1

96
backport-0002-CVE-2021-20197.patch
View File

@ -1,96 +0,0 @@
From 1a1c3b4cc17687091cff5a368bd6f13742bcfdf8 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
Date: Mon, 7 Dec 2020 20:48:28 +0530
Subject: [PATCH] objcopy: Get input file stat after BFD open
Get file state from the descriptor opened by copy_file for the input
BFD. This ensures continuity in the view of the input file through
the descriptor. At the moment it is only to preserve timestamps
recorded at the point that we opened the file for input but in the
next patch this state will also be used to preserve ownership and
permissions wherever applicable.
binutils/
* objcopy.c (copy_file): New argument IN_STAT. Return stat of
ibfd through it.
(strip_main): Remove redundant stat calls. adjust copy_file
calls.
(copy_main): Likewise.
---
binutils/ChangeLog | 9 +++++++++
binutils/objcopy.c | 23 +++++++----------------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 2eb083c..b6cf6ea 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -3729,8 +3729,8 @@ set_long_section_mode (bfd *output_bfd, bfd *input_bfd, enum long_section_name_h
static void
copy_file (const char *input_filename, const char *output_filename, int ofd,
- const char *input_target, const char *output_target,
- const bfd_arch_info_type *input_arch)
+ struct stat *in_stat, const char *input_target,
+ const char *output_target, const bfd_arch_info_type *input_arch)
{
bfd *ibfd;
char **obj_matching;
@@ -3749,7 +3749,7 @@ copy_file (const char *input_filename, const char *output_filename, int ofd,
/* To allow us to do "strip *" without dying on the first
non-object file, failures are nonfatal. */
ibfd = bfd_openr (input_filename, input_target);
- if (ibfd == NULL)
+ if (ibfd == NULL || fstat (fileno (ibfd->iostream), in_stat) != 0)
{
bfd_nonfatal_message (input_filename, NULL, NULL, NULL);
status = 1;
@@ -4822,11 +4822,6 @@ strip_main (int argc, char *argv[])
continue;
}
- if (preserve_dates)
- /* No need to check the return value of stat().
- It has already been checked in get_file_size(). */
- stat (argv[i], &statbuf);
-
if (output_file == NULL
|| filename_cmp (argv[i], output_file) == 0)
tmpname = make_tempname (argv[i], &tmpfd);
@@ -4842,7 +4837,8 @@ strip_main (int argc, char *argv[])
}
status = 0;
- copy_file (argv[i], tmpname, tmpfd, input_target, output_target, NULL);
+ copy_file (argv[i], tmpname, tmpfd, &statbuf, input_target,
+ output_target, NULL);
if (status == 0)
{
if (preserve_dates)
@@ -5899,11 +5895,6 @@ copy_main (int argc, char *argv[])
convert_efi_target (efi);
}
- if (preserve_dates)
- if (stat (input_filename, & statbuf) < 0)
- fatal (_("warning: could not locate '%s'. System error message: %s"),
- input_filename, strerror (errno));
-
/* If there is no destination file, or the source and destination files
are the same, then create a temp and rename the result into the input. */
if (output_filename == NULL
@@ -5916,8 +5907,8 @@ copy_main (int argc, char *argv[])
fatal (_("warning: could not create temporary file whilst copying '%s', (error: %s)"),
input_filename, strerror (errno));
- copy_file (input_filename, tmpname, tmpfd, input_target, output_target,
- input_arch);
+ copy_file (input_filename, tmpname, tmpfd, &statbuf, input_target,
+ output_target, input_arch);
if (status == 0)
{
if (preserve_dates)
--
1.8.3.1

547
backport-CVE-2020-0551-i386-Generate-lfence.patch
View File

@ -1,547 +0,0 @@
From ae531041c7c5956672342f89c486a011c84f027f Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 11 Mar 2020 09:46:19 -0700
Subject: [PATCH] i386: Generate lfence with load/indirect branch/ret
[CVE-2020-0551]
Add 3 command-line options to generate lfence for load, indirect near
branch and ret to help mitigate:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0551
1. -mlfence-after-load=[no|yes]:
-mlfence-after-load=yes generates lfence after load instructions.
2. -mlfence-before-indirect-branch=[none|all|memory|register]:
a. -mlfence-before-indirect-branch=all generates lfence before indirect
near branches via register and a warning before indirect near branches
via memory.
b. -mlfence-before-indirect-branch=memory issue a warning before
indirect near branches via memory.
c. -mlfence-before-indirect-branch=register generates lfence before
indirect near branches via register.
Note that lfence won't be generated before indirect near branches via
register with -mlfence-after-load=yes since lfence will be generated
after loading branch target register.
3. -mlfence-before-ret=[none|or|not]
a. -mlfence-before-ret=or generates or with lfence before ret.
b. -mlfence-before-ret=not generates not with lfence before ret.
A warning will be issued and lfence won't be generated before indirect
near branch and ret if the previous item is a prefix or a constant
directive, which may be used to hardcode an instruction, since there
is no clear instruction boundary.
* config/tc-i386.c (lfence_after_load): New.
(lfence_before_indirect_branch_kind): New.
(lfence_before_indirect_branch): New.
(lfence_before_ret_kind): New.
(lfence_before_ret): New.
(last_insn): New.
(load_insn_p): New.
(insert_lfence_after): New.
(insert_lfence_before): New.
(md_assemble): Call insert_lfence_before and insert_lfence_after.
Set last_insn.
(OPTION_MLFENCE_AFTER_LOAD): New.
(OPTION_MLFENCE_BEFORE_INDIRECT_BRANCH): New.
(OPTION_MLFENCE_BEFORE_RET): New.
(md_longopts): Add -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(md_parse_option): Handle -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(md_show_usage): Display -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(i386_cons_align): New.
* config/tc-i386.h (i386_cons_align): New.
(md_cons_align): New.
* doc/c-i386.texi: Document -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
---
gas/config/tc-i386.c | 366 ++++++++++++++++++++++++++++++++++++++++++-
gas/doc/c-i386.texi | 43 +++++
2 files changed, 408 insertions(+), 1 deletion(-)
diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c
index b020f39c863..09063f784b7 100644
--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@@ -629,7 +629,29 @@ static int omit_lock_prefix = 0;
"lock addl $0, (%{re}sp)". */
static int avoid_fence = 0;
-/* Type of the previous instruction. */
+/* 1 if lfence should be inserted after every load. */
+static int lfence_after_load = 0;
+
+/* Non-zero if lfence should be inserted before indirect branch. */
+static enum lfence_before_indirect_branch_kind
+ {
+ lfence_branch_none = 0,
+ lfence_branch_register,
+ lfence_branch_memory,
+ lfence_branch_all
+ }
+lfence_before_indirect_branch;
+
+/* Non-zero if lfence should be inserted before ret. */
+static enum lfence_before_ret_kind
+ {
+ lfence_before_ret_none = 0,
+ lfence_before_ret_not,
+ lfence_before_ret_or
+ }
+lfence_before_ret;
+
+/* Types of previous instruction is .byte or prefix. */
static struct
{
segT seg;
@@ -4311,6 +4333,283 @@ optimize_encoding (void)
}
}
+/* Return non-zero for load instruction. */
+
+static int
+load_insn_p (void)
+{
+ unsigned int dest;
+ int any_vex_p = is_any_vex_encoding (&i.tm);
+ unsigned int base_opcode = i.tm.base_opcode | 1;
+
+ if (!any_vex_p)
+ {
+ /* lea */
+ if (i.tm.base_opcode == 0x8d)
+ return 0;
+
+ /* pop */
+ if ((i.tm.base_opcode & ~7) == 0x58
+ || (i.tm.base_opcode == 0x8f && i.tm.extension_opcode == 0))
+ return 1;
+
+ /* movs, cmps, lods, scas. */
+ if ((i.tm.base_opcode | 0xb) == 0xaf)
+ return 1;
+
+ /* outs */
+ if (base_opcode == 0x6f)
+ return 1;
+ }
+
+ /* No memory operand. */
+ if (!i.mem_operands)
+ return 0;
+
+ if (any_vex_p)
+ {
+ /* vldmxcsr. */
+ if (i.tm.base_opcode == 0xae
+ && i.tm.opcode_modifier.vex
+ && i.tm.opcode_modifier.vexopcode == VEX0F
+ && i.tm.extension_opcode == 2)
+ return 1;
+ }
+ else
+ {
+ /* test, not, neg, mul, imul, div, idiv. */
+ if ((i.tm.base_opcode == 0xf6 || i.tm.base_opcode == 0xf7)
+ && i.tm.extension_opcode != 1)
+ return 1;
+
+ /* inc, dec. */
+ if (base_opcode == 0xff && i.tm.extension_opcode <= 1)
+ return 1;
+
+ /* add, or, adc, sbb, and, sub, xor, cmp. */
+ if (i.tm.base_opcode >= 0x80 && i.tm.base_opcode <= 0x83)
+ return 1;
+
+ /* bt, bts, btr, btc. */
+ if (i.tm.base_opcode == 0xfba
+ && (i.tm.extension_opcode >= 4 && i.tm.extension_opcode <= 7))
+ return 1;
+
+ /* rol, ror, rcl, rcr, shl/sal, shr, sar. */
+ if ((base_opcode == 0xc1
+ || (i.tm.base_opcode >= 0xd0 && i.tm.base_opcode <= 0xd3))
+ && i.tm.extension_opcode != 6)
+ return 1;
+
+ /* cmpxchg8b, cmpxchg16b, xrstors. */
+ if (i.tm.base_opcode == 0xfc7
+ && (i.tm.extension_opcode == 1 || i.tm.extension_opcode == 3))
+ return 1;
+
+ /* fxrstor, ldmxcsr, xrstor. */
+ if (i.tm.base_opcode == 0xfae
+ && (i.tm.extension_opcode == 1
+ || i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 5))
+ return 1;
+
+ /* lgdt, lidt, lmsw. */
+ if (i.tm.base_opcode == 0xf01
+ && (i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 3
+ || i.tm.extension_opcode == 6))
+ return 1;
+
+ /* vmptrld */
+ if (i.tm.base_opcode == 0xfc7
+ && i.tm.extension_opcode == 6)
+ return 1;
+
+ /* Check for x87 instructions. */
+ if (i.tm.base_opcode >= 0xd8 && i.tm.base_opcode <= 0xdf)
+ {
+ /* Skip fst, fstp, fstenv, fstcw. */
+ if (i.tm.base_opcode == 0xd9
+ && (i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 3
+ || i.tm.extension_opcode == 6
+ || i.tm.extension_opcode == 7))
+ return 0;
+
+ /* Skip fisttp, fist, fistp, fstp. */
+ if (i.tm.base_opcode == 0xdb
+ && (i.tm.extension_opcode == 1
+ || i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 3
+ || i.tm.extension_opcode == 7))
+ return 0;
+
+ /* Skip fisttp, fst, fstp, fsave, fstsw. */
+ if (i.tm.base_opcode == 0xdd
+ && (i.tm.extension_opcode == 1
+ || i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 3
+ || i.tm.extension_opcode == 6
+ || i.tm.extension_opcode == 7))
+ return 0;
+
+ /* Skip fisttp, fist, fistp, fbstp, fistp. */
+ if (i.tm.base_opcode == 0xdf
+ && (i.tm.extension_opcode == 1
+ || i.tm.extension_opcode == 2
+ || i.tm.extension_opcode == 3
+ || i.tm.extension_opcode == 6
+ || i.tm.extension_opcode == 7))
+ return 0;
+
+ return 1;
+ }
+ }
+
+ dest = i.operands - 1;
+
+ /* Check fake imm8 operand and 3 source operands. */
+ if ((i.tm.opcode_modifier.immext
+ || i.tm.opcode_modifier.vexsources == VEX3SOURCES)
+ && i.types[dest].bitfield.imm8)
+ dest--;
+
+ /* add, or, adc, sbb, and, sub, xor, cmp, test, xchg, xadd */
+ if (!any_vex_p
+ && (base_opcode == 0x1
+ || base_opcode == 0x9
+ || base_opcode == 0x11
+ || base_opcode == 0x19
+ || base_opcode == 0x21
+ || base_opcode == 0x29
+ || base_opcode == 0x31
+ || base_opcode == 0x39
+ || (i.tm.base_opcode >= 0x84 && i.tm.base_opcode <= 0x87)
+ || base_opcode == 0xfc1))
+ return 1;
+
+ /* Check for load instruction. */
+ return (i.types[dest].bitfield.class != ClassNone
+ || i.types[dest].bitfield.instance == Accum);
+}
+
+/* Output lfence, 0xfaee8, after instruction. */
+
+static void
+insert_lfence_after (void)
+{
+ if (lfence_after_load && load_insn_p ())
+ {
+ char *p = frag_more (3);
+ *p++ = 0xf;
+ *p++ = 0xae;
+ *p = 0xe8;
+ }
+}
+
+/* Output lfence, 0xfaee8, before instruction. */
+
+static void
+insert_lfence_before (void)
+{
+ char *p;
+
+ if (is_any_vex_encoding (&i.tm))
+ return;
+
+ if (i.tm.base_opcode == 0xff
+ && (i.tm.extension_opcode == 2 || i.tm.extension_opcode == 4))
+ {
+ /* Insert lfence before indirect branch if needed. */
+
+ if (lfence_before_indirect_branch == lfence_branch_none)
+ return;
+
+ if (i.operands != 1)
+ abort ();
+
+ if (i.reg_operands == 1)
+ {
+ /* Indirect branch via register. Don't insert lfence with
+ -mlfence-after-load=yes. */
+ if (lfence_after_load
+ || lfence_before_indirect_branch == lfence_branch_memory)
+ return;
+ }
+ else if (i.mem_operands == 1
+ && lfence_before_indirect_branch != lfence_branch_register)
+ {
+ as_warn (_("indirect `%s` with memory operand should be avoided"),
+ i.tm.name);
+ return;
+ }
+ else
+ return;
+
+ if (last_insn.kind != last_insn_other
+ && last_insn.seg == now_seg)
+ {
+ as_warn_where (last_insn.file, last_insn.line,
+ _("`%s` skips -mlfence-before-indirect-branch on `%s`"),
+ last_insn.name, i.tm.name);
+ return;
+ }
+
+ p = frag_more (3);
+ *p++ = 0xf;
+ *p++ = 0xae;
+ *p = 0xe8;
+ return;
+ }
+
+ /* Output or/not and lfence before ret. */
+ if (lfence_before_ret != lfence_before_ret_none
+ && (i.tm.base_opcode == 0xc2
+ || i.tm.base_opcode == 0xc3
+ || i.tm.base_opcode == 0xca
+ || i.tm.base_opcode == 0xcb))
+ {
+ if (last_insn.kind != last_insn_other
+ && last_insn.seg == now_seg)
+ {
+ as_warn_where (last_insn.file, last_insn.line,
+ _("`%s` skips -mlfence-before-ret on `%s`"),
+ last_insn.name, i.tm.name);
+ return;
+ }
+ if (lfence_before_ret == lfence_before_ret_or)
+ {
+ /* orl: 0x830c2400. */
+ p = frag_more ((flag_code == CODE_64BIT ? 1 : 0) + 4 + 3);
+ if (flag_code == CODE_64BIT)
+ *p++ = 0x48;
+ *p++ = 0x83;
+ *p++ = 0xc;
+ *p++ = 0x24;
+ *p++ = 0x0;
+ }
+ else
+ {
+ p = frag_more ((flag_code == CODE_64BIT ? 2 : 0) + 6 + 3);
+ /* notl: 0xf71424. */
+ if (flag_code == CODE_64BIT)
+ *p++ = 0x48;
+ *p++ = 0xf7;
+ *p++ = 0x14;
+ *p++ = 0x24;
+ /* notl: 0xf71424. */
+ if (flag_code == CODE_64BIT)
+ *p++ = 0x48;
+ *p++ = 0xf7;
+ *p++ = 0x14;
+ *p++ = 0x24;
+ }
+ *p++ = 0xf;
+ *p++ = 0xae;
+ *p = 0xe8;
+ }
+}
+
/* This is the guts of the machine-dependent assembler. LINE points to a
machine dependent instruction. This function is supposed to emit
the frags/bytes it assembles to. */
@@ -4628,9 +4927,13 @@ md_assemble (char *line)
if (i.rex != 0)
add_prefix (REX_OPCODE | i.rex);
+ insert_lfence_before ();
+
/* We are ready to output the insn. */
output_insn ();
+ insert_lfence_after ();
+
last_insn.seg = now_seg;
if (i.tm.opcode_modifier.isprefix)
@@ -12250,6 +12553,9 @@ const char *md_shortopts = "qnO::";
#define OPTION_MALIGN_BRANCH_PREFIX_SIZE (OPTION_MD_BASE + 28)
#define OPTION_MALIGN_BRANCH (OPTION_MD_BASE + 29)
#define OPTION_MBRANCHES_WITH_32B_BOUNDARIES (OPTION_MD_BASE + 30)
+#define OPTION_MLFENCE_AFTER_LOAD (OPTION_MD_BASE + 31)
+#define OPTION_MLFENCE_BEFORE_INDIRECT_BRANCH (OPTION_MD_BASE + 32)
+#define OPTION_MLFENCE_BEFORE_RET (OPTION_MD_BASE + 33)
struct option md_longopts[] =
{
@@ -12289,6 +12595,10 @@ struct option md_longopts[] =
{"malign-branch-prefix-size", required_argument, NULL, OPTION_MALIGN_BRANCH_PREFIX_SIZE},
{"malign-branch", required_argument, NULL, OPTION_MALIGN_BRANCH},
{"mbranches-within-32B-boundaries", no_argument, NULL, OPTION_MBRANCHES_WITH_32B_BOUNDARIES},
+ {"mlfence-after-load", required_argument, NULL, OPTION_MLFENCE_AFTER_LOAD},
+ {"mlfence-before-indirect-branch", required_argument, NULL,
+ OPTION_MLFENCE_BEFORE_INDIRECT_BRANCH},
+ {"mlfence-before-ret", required_argument, NULL, OPTION_MLFENCE_BEFORE_RET},
{"mamd64", no_argument, NULL, OPTION_MAMD64},
{"mintel64", no_argument, NULL, OPTION_MINTEL64},
{NULL, no_argument, NULL, 0}
@@ -12668,6 +12978,41 @@ md_parse_option (int c, const char *arg)
as_fatal (_("invalid -mfence-as-lock-add= option: `%s'"), arg);
break;
+ case OPTION_MLFENCE_AFTER_LOAD:
+ if (strcasecmp (arg, "yes") == 0)
+ lfence_after_load = 1;
+ else if (strcasecmp (arg, "no") == 0)
+ lfence_after_load = 0;
+ else
+ as_fatal (_("invalid -mlfence-after-load= option: `%s'"), arg);
+ break;
+
+ case OPTION_MLFENCE_BEFORE_INDIRECT_BRANCH:
+ if (strcasecmp (arg, "all") == 0)
+ lfence_before_indirect_branch = lfence_branch_all;
+ else if (strcasecmp (arg, "memory") == 0)
+ lfence_before_indirect_branch = lfence_branch_memory;
+ else if (strcasecmp (arg, "register") == 0)
+ lfence_before_indirect_branch = lfence_branch_register;
+ else if (strcasecmp (arg, "none") == 0)
+ lfence_before_indirect_branch = lfence_branch_none;
+ else
+ as_fatal (_("invalid -mlfence-before-indirect-branch= option: `%s'"),
+ arg);
+ break;
+
+ case OPTION_MLFENCE_BEFORE_RET:
+ if (strcasecmp (arg, "or") == 0)
+ lfence_before_ret = lfence_before_ret_or;
+ else if (strcasecmp (arg, "not") == 0)
+ lfence_before_ret = lfence_before_ret_not;
+ else if (strcasecmp (arg, "none") == 0)
+ lfence_before_ret = lfence_before_ret_none;
+ else
+ as_fatal (_("invalid -mlfence-before-ret= option: `%s'"),
+ arg);
+ break;
+
case OPTION_MRELAX_RELOCATIONS:
if (strcasecmp (arg, "yes") == 0)
generate_relax_relocations = 1;
@@ -13025,6 +13370,15 @@ md_show_usage (FILE *stream)
-mbranches-within-32B-boundaries\n\
align branches within 32 byte boundary\n"));
fprintf (stream, _("\
+ -mlfence-after-load=[no|yes] (default: no)\n\
+ generate lfence after load\n"));
+ fprintf (stream, _("\
+ -mlfence-before-indirect-branch=[none|all|register|memory] (default: none)\n\
+ generate lfence before indirect near branch\n"));
+ fprintf (stream, _("\
+ -mlfence-before-ret=[none|or|not] (default: none)\n\
+ generate lfence before ret\n"));
+ fprintf (stream, _("\
-mamd64 accept only AMD64 ISA [default]\n"));
fprintf (stream, _("\
-mintel64 accept only Intel64 ISA\n"));
@@ -13254,6 +13608,16 @@ i386_cons_align (int ignore ATTRIBUTE_UNUSED)
last_insn.kind = last_insn_directive;
last_insn.name = "constant directive";
last_insn.file = as_where (&last_insn.line);
+ if (lfence_before_ret != lfence_before_ret_none)
+ {
+ if (lfence_before_indirect_branch != lfence_branch_none)
+ as_warn (_("constant directive skips -mlfence-before-ret "
+ "and -mlfence-before-indirect-branch"));
+ else
+ as_warn (_("constant directive skips -mlfence-before-ret"));
+ }
+ else if (lfence_before_indirect_branch != lfence_branch_none)
+ as_warn (_("constant directive skips -mlfence-before-indirect-branch"));
}
}
diff --git a/gas/doc/c-i386.texi b/gas/doc/c-i386.texi
index c536759cb38..1dd99f91bb0 100644
--- a/gas/doc/c-i386.texi
+++ b/gas/doc/c-i386.texi
@@ -464,6 +464,49 @@ on an instruction. It is equivalent to
@option{-malign-branch-prefix-size=5}.
The default doesn't align branches.
+@cindex @samp{-mlfence-after-load=} option, i386
+@cindex @samp{-mlfence-after-load=} option, x86-64
+@item -mlfence-after-load=@var{no}
+@itemx -mlfence-after-load=@var{yes}
+These options control whether the assembler should generate lfence
+after load instructions. @option{-mlfence-after-load=@var{yes}} will
+generate lfence. @option{-mlfence-after-load=@var{no}} will not generate
+lfence, which is the default.
+
+@cindex @samp{-mlfence-before-indirect-branch=} option, i386
+@cindex @samp{-mlfence-before-indirect-branch=} option, x86-64
+@item -mlfence-before-indirect-branch=@var{none}
+@item -mlfence-before-indirect-branch=@var{all}
+@item -mlfence-before-indirect-branch=@var{register}
+@itemx -mlfence-before-indirect-branch=@var{memory}
+These options control whether the assembler should generate lfence
+after indirect near branch instructions.
+@option{-mlfence-before-indirect-branch=@var{all}} will generate lfence
+after indirect near branch via register and issue a warning before
+indirect near branch via memory.
+@option{-mlfence-before-indirect-branch=@var{register}} will generate
+lfence after indirect near branch via register.
+@option{-mlfence-before-indirect-branch=@var{memory}} will issue a
+warning before indirect near branch via memory.
+@option{-mlfence-before-indirect-branch=@var{none}} will not generate
+lfence nor issue warning, which is the default. Note that lfence won't
+be generated before indirect near branch via register with
+@option{-mlfence-after-load=@var{yes}} since lfence will be generated
+after loading branch target register.
+
+@cindex @samp{-mlfence-before-ret=} option, i386
+@cindex @samp{-mlfence-before-ret=} option, x86-64
+@item -mlfence-before-ret=@var{none}
+@item -mlfence-before-ret=@var{or}
+@itemx -mlfence-before-ret=@var{not}
+These options control whether the assembler should generate lfence
+before ret. @option{-mlfence-before-ret=@var{or}} will generate
+generate or instruction with lfence.
+@option{-mlfence-before-ret=@var{not}} will generate not instruction
+with lfence.
+@option{-mlfence-before-ret=@var{none}} will not generate lfence,
+which is the default.
+
@cindex @samp{-mx86-used-note=} option, i386
@cindex @samp{-mx86-used-note=} option, x86-64
@item -mx86-used-note=@var{no}

56
backport-CVE-2020-16592-PR25823-Use-after-free-in-bfd_hash_lookup.patch
View File

@ -1,56 +0,0 @@
From 7ecb51549ab1ec22aba5aaf34b70323cf0b8509a Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 15 Apr 2020 18:58:11 +0930
Subject: [PATCH] PR25823, Use after free in bfd_hash_lookup
PR 25823
* peXXigen.c (_bfd_XXi_swap_sym_in <C_SECTION>): Don't use a
pointer into strings that may be freed for section name, always
allocate a new string.
---
bfd/peXXigen.c | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index b9eeb77..8aa5914 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -177,25 +177,25 @@ _bfd_XXi_swap_sym_in (bfd * abfd, void * ext1, void * in1)
int unused_section_number = 0;
asection *sec;
flagword flags;
+ size_t name_len;
+ char *sec_name;
for (sec = abfd->sections; sec; sec = sec->next)
if (unused_section_number <= sec->target_index)
unused_section_number = sec->target_index + 1;
- if (name == namebuf)
+ name_len = strlen (name) + 1;
+ sec_name = bfd_alloc (abfd, name_len);
+ if (sec_name == NULL)
{
- name = (const char *) bfd_alloc (abfd, strlen (namebuf) + 1);
- if (name == NULL)
- {
- _bfd_error_handler (_("%pB: out of memory creating name for empty section"),
- abfd);
- return;
- }
- strcpy ((char *) name, namebuf);
+ _bfd_error_handler (_("%pB: out of memory creating name "
+ "for empty section"), abfd);
+ return;
}
+ memcpy (sec_name, name, name_len);
flags = SEC_HAS_CONTENTS | SEC_ALLOC | SEC_DATA | SEC_LOAD;
- sec = bfd_make_section_anyway_with_flags (abfd, name, flags);
+ sec = bfd_make_section_anyway_with_flags (abfd, sec_name, flags);
if (sec == NULL)
{
_bfd_error_handler (_("%pB: unable to create fake empty section"),
--
1.8.3.1

76
backport-CVE-2021-3487.patch
View File

@ -1,76 +0,0 @@
From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 26 Nov 2020 17:08:33 +0000
Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt
DWARF debug sections.
PR 26946
* dwarf2.c (read_section): Check for debug sections with excessive
sizes.
---
bfd/ChangeLog | 6 ++++++
bfd/dwarf2.c | 25 +++++++++++++++++++------
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index 977bf43..8bbfc81 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -531,22 +531,24 @@ read_section (bfd * abfd,
bfd_byte ** section_buffer,
bfd_size_type * section_size)
{
- asection *msec;
const char *section_name = sec->uncompressed_name;
bfd_byte *contents = *section_buffer;
- bfd_size_type amt;
/* The section may have already been read. */
if (contents == NULL)
{
+ bfd_size_type amt;
+ asection *msec;
+ ufile_ptr filesize;
+
msec = bfd_get_section_by_name (abfd, section_name);
- if (! msec)
+ if (msec == NULL)
{
section_name = sec->compressed_name;
if (section_name != NULL)
msec = bfd_get_section_by_name (abfd, section_name);
}
- if (! msec)
+ if (msec == NULL)
{
_bfd_error_handler (_("DWARF error: can't find %s section."),
sec->uncompressed_name);
@@ -554,12 +556,23 @@ read_section (bfd * abfd,
return FALSE;
}
- *section_size = msec->rawsize ? msec->rawsize : msec->size;
+ amt = bfd_get_section_limit_octets (abfd, msec);
+ filesize = bfd_get_file_size (abfd);
+ if (amt >= filesize)
+ {
+ /* PR 26946 */
+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
+ section_name, (long) amt, (long) filesize);
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+ *section_size = amt;
/* Paranoia - alloc one extra so that we can make sure a string
section is NUL terminated. */
- amt = *section_size + 1;
+ amt += 1;
if (amt == 0)
{
+ /* Paranoia - this should never happen. */
bfd_set_error (bfd_error_no_memory);
return FALSE;
}
--
1.8.3.1

266
binutils-2.29-revert-PLT-elision.patch
View File

@ -1,266 +0,0 @@
diff -rup binutils.orig/ld/testsuite/ld-i386/pltgot-1.d binutils-2.29.1/ld/testsuite/ld-i386/pltgot-1.d
--- binutils.orig/ld/testsuite/ld-i386/pltgot-1.d 2017-11-15 13:32:39.335065263 +0000
+++ binutils-2.29.1/ld/testsuite/ld-i386/pltgot-1.d 2017-11-15 15:03:55.649727195 +0000
@@ -2,6 +2,7 @@
#readelf: -S --wide
#as: --32
+#pass
#...
+\[ *[0-9]+\] \.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+10 +.*
#...
diff -rup binutils.orig/ld/testsuite/ld-i386/pltgot-2.d binutils-2.29.1/ld/testsuite/ld-i386/pltgot-2.d
--- binutils.orig/ld/testsuite/ld-i386/pltgot-2.d 2017-11-15 13:32:39.329065335 +0000
+++ binutils-2.29.1/ld/testsuite/ld-i386/pltgot-2.d 2017-11-15 15:04:20.803430034 +0000
@@ -3,7 +3,6 @@
#readelf: -d --wide
#as: --32
-#failif
#...
+0x[0-9a-f]+ +\(PLTREL.*
#...
diff -rup binutils.orig/ld/testsuite/ld-i386/pr19636-2d.d binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2d.d
--- binutils.orig/ld/testsuite/ld-i386/pr19636-2d.d 2017-11-15 13:32:39.336065251 +0000
+++ binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2d.d 2017-11-15 15:03:00.413379749 +0000
@@ -9,7 +9,7 @@ Relocation section '\.rel\.dyn' at offse
[0-9a-f]+ +[0-9a-f]+ +R_386_32 +0+ +func
[0-9a-f]+ +[0-9a-f]+ +R_386_PC32 +0+ +func
[0-9a-f]+ +[0-9a-f]+ +R_386_GLOB_DAT +0+ +func
-
+#...
Symbol table '\.dynsym' contains [0-9]+ entries:
+Num: +Value +Size Type +Bind +Vis +Ndx Name
#...
diff -rup binutils.orig/ld/testsuite/ld-i386/pr19636-2e.d binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2e.d
--- binutils.orig/ld/testsuite/ld-i386/pr19636-2e.d 2017-11-15 13:32:39.330065323 +0000
+++ binutils-2.29.1/ld/testsuite/ld-i386/pr19636-2e.d 2017-11-15 15:03:28.928042882 +0000
@@ -9,7 +9,7 @@ Relocation section '\.rel\.dyn' at offse
[0-9a-f]+ +[0-9a-f]+ +R_386_32 +0+ +func
[0-9a-f]+ +[0-9a-f]+ +R_386_PC32 +0+ +func
[0-9a-f]+ +[0-9a-f]+ +R_386_GLOB_DAT +0+ +func
-
+#...
Symbol table '\.dynsym' contains [0-9]+ entries:
+Num: +Value +Size Type +Bind +Vis +Ndx Name
#...
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pltgot-1.d binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-1.d
--- binutils.orig/ld/testsuite/ld-x86-64/pltgot-1.d 2017-11-15 13:32:39.415064300 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-1.d 2017-11-15 15:08:39.333375801 +0000
@@ -2,8 +2,4 @@
#readelf: -S --wide
#as: --64
-#...
- +\[ *[0-9]+\] \.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+10 +.*
-#...
- +\[ *[0-9]+\] \.got\.plt +PROGBITS +[0-9a-f]+ +[0-9a-f]+ +0+18 +.*
#pass
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pltgot-2.d binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-2.d
--- binutils.orig/ld/testsuite/ld-x86-64/pltgot-2.d 2017-11-15 13:32:39.404064432 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pltgot-2.d 2017-11-15 15:08:59.031143095 +0000
@@ -3,7 +3,6 @@
#readelf: -d --wide
#as: --64
-#failif
#...
+0x[0-9a-f]+ +\(PLTREL.*
#...
diff -rup binutils.orig/ld/testsuite/ld-x86-64/plt-main-bnd.dd binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main-bnd.dd
--- binutils.orig/ld/testsuite/ld-x86-64/plt-main-bnd.dd 2017-11-15 13:32:39.405064420 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main-bnd.dd 2017-11-15 15:06:53.694623801 +0000
@@ -1,7 +1,4 @@
-#...
-Disassembly of section .plt.got:
-[a-f0-9]+ <[a-z_]+@plt>:
-[ ]*[a-f0-9]+: f2 ff 25 .. .. 20 00 bnd jmpq \*0x20....\(%rip\) # ...... <.*>
+#...
[ ]*[a-f0-9]+: 90 nop
#pass
diff -rup binutils.orig/ld/testsuite/ld-x86-64/plt-main-ibt.dd binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main-ibt.dd
--- binutils.orig/ld/testsuite/ld-x86-64/plt-main-ibt.dd 2017-11-15 13:32:39.412064336 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main-ibt.dd 2017-11-15 15:06:35.148842897 +0000
@@ -1,7 +1,3 @@
#...
-Disassembly of section .plt.got:
-
-[a-f0-9]+ <[_a-z]+@plt>:
[ ]*[a-f0-9]+: f3 0f 1e fa endbr64
-[ ]*[a-f0-9]+: f2 ff 25 .. .. 20 00 bnd jmpq \*0x20....\(%rip\) # ...... <[_a-z]+>
#pass
diff -rup binutils.orig/ld/testsuite/ld-x86-64/plt-main.rd binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main.rd
--- binutils.orig/ld/testsuite/ld-x86-64/plt-main.rd 2017-11-15 13:32:39.407064397 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/plt-main.rd 2017-11-15 15:06:17.244054423 +0000
@@ -1,4 +1,3 @@
-#failif
#...
[0-9a-f ]+R_X86_64_JUMP_SLOT +0+ +bar \+ 0
#...
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830a.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr20830a.d 2017-11-15 13:32:39.412064336 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a.d 2017-11-15 15:15:09.918750288 +0000
@@ -20,6 +20,7 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
+#pass
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830a-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a-now.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr20830a-now.d 2017-11-15 13:32:39.413064324 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830a-now.d 2017-11-15 15:16:08.227055104 +0000
@@ -20,6 +20,7 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
+#pass
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830b.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr20830b.d 2017-11-15 13:32:39.413064324 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b.d 2017-11-15 15:16:20.115913358 +0000
@@ -20,7 +20,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000010 0000001c FDE cie=00000000 pc=0000000000000138..0000000000000144
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr20830b-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b-now.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr20830b-now.d 2017-11-15 13:32:39.411064348 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr20830b-now.d 2017-11-15 15:16:29.012807282 +0000
@@ -20,7 +20,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000010 0000001c FDE cie=00000000 pc=0000000000000138..0000000000000144
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038a.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038a.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038a.d 2017-11-15 13:32:39.408064384 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038a.d 2017-11-15 15:19:48.097433680 +0000
@@ -19,7 +19,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038a-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038a-now.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038a-now.d 2017-11-15 13:32:39.401064469 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038a-now.d 2017-11-15 15:10:56.077760324 +0000
@@ -20,7 +20,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001c8..00000000000001d4
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038b.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038b.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038b.d 2017-11-15 13:32:39.405064420 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038b.d 2017-11-15 15:10:42.828916844 +0000
@@ -19,6 +19,7 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
+#pass
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001d8..00000000000001dd
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038b-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038b-now.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038b-now.d 2017-11-15 13:32:39.416064288 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038b-now.d 2017-11-15 15:11:11.550577531 +0000
@@ -20,7 +20,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000014 0000001c FDE cie=00000000 pc=00000000000001d8..00000000000001dd
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038c.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038c.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038c.d 2017-11-15 13:32:39.411064348 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038c.d 2017-11-15 15:09:52.664509478 +0000
@@ -19,7 +19,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000014 0000001c FDE cie=00000000 pc=0000000000000220..0000000000000231
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr21038c-now.d binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038c-now.d
--- binutils.orig/ld/testsuite/ld-x86-64/pr21038c-now.d 2017-11-15 13:32:39.413064324 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/pr21038c-now.d 2017-11-15 15:11:22.975442559 +0000
@@ -20,7 +20,8 @@ Contents of the .eh_frame section:
DW_CFA_offset: r16 \(rip\) at cfa-8
DW_CFA_nop
DW_CFA_nop
-
+#pass
+
0+18 0000000000000014 0000001c FDE cie=00000000 pc=0000000000000220..0000000000000231
DW_CFA_nop
DW_CFA_nop
diff -rup binutils.orig/ld/testsuite/ld-x86-64/tlspic2.rd binutils-2.29.1/ld/testsuite/ld-x86-64/tlspic2.rd
--- binutils.orig/ld/testsuite/ld-x86-64/tlspic2.rd 2017-11-15 13:32:39.417064276 +0000
+++ binutils-2.29.1/ld/testsuite/ld-x86-64/tlspic2.rd 2017-11-15 15:05:02.950932110 +0000
@@ -14,6 +14,7 @@ Section Headers:
+\[[ 0-9]+\] .dynsym +.*
+\[[ 0-9]+\] .dynstr +.*
+\[[ 0-9]+\] .rela.dyn +.*
+#pass
+\[[ 0-9]+\] .plt +.*
+\[[ 0-9]+\] .plt.got +.*
+\[[ 0-9]+\] .text +PROGBITS +0+1000 0+1000 0+31a 00 +AX +0 +0 4096
--- binutils.orig/bfd/elfxx-x86.c 2018-01-22 15:59:25.875788033 +0000
+++ binutils-2.30.0/bfd/elfxx-x86.c 2018-01-22 16:00:20.789146597 +0000
@@ -107,7 +107,7 @@ elf_x86_allocate_dynrelocs (struct elf_l
plt_entry_size = htab->plt.plt_entry_size;
resolved_to_zero = UNDEFINED_WEAK_RESOLVED_TO_ZERO (info, eh);
-
+#if 0
/* We can't use the GOT PLT if pointer equality is needed since
finish_dynamic_symbol won't clear symbol value and the dynamic
linker won't update the GOT slot. We will get into an infinite
@@ -125,7 +125,7 @@ elf_x86_allocate_dynrelocs (struct elf_l
/* Use the GOT PLT. */
eh->plt_got.refcount = 1;
}
-
+#endif
/* Since STT_GNU_IFUNC symbol must go through PLT, we handle it
here if it is defined and referenced in a non-shared object. */
if (h->type == STT_GNU_IFUNC
--- binutils.orig/ld/testsuite/ld-i386/pr20830.d 2018-07-09 09:49:51.277239857 +0100
+++ binutils-2.30.90/ld/testsuite/ld-i386/pr20830.d 2018-07-09 10:32:41.113356733 +0100
@@ -19,7 +19,7 @@ Contents of the .eh_frame section:
DW_CFA_offset: r8 \(eip\) at cfa-4
DW_CFA_nop
DW_CFA_nop
-
+#pass
0+18 00000010 0000001c FDE cie=00000000 pc=00000128..00000133
DW_CFA_nop
DW_CFA_nop

BIN
binutils-2.34.tar.xz → binutils-2.36.1.tar.xz
View File

Binary file not shown.

10
binutils-gold-ignore-discarded-note-relocs.patch
View File

@ -1,10 +0,0 @@
--- binutils.orig/gold/target-reloc.h 2018-07-12 11:37:24.894494658 +0100
+++ binutils-2.30.90/gold/target-reloc.h 2018-07-12 15:38:50.049083904 +0100
@@ -136,6 +136,7 @@ class Default_comdat_behavior
if (Layout::is_debug_info_section(name))
return CB_PRETEND;
if (strcmp(name, ".eh_frame") == 0
+ || strncmp(name, ".gnu.build.attributes", 21) == 0 // FIXME: We should really be checking the section type for ST_NOTE...
|| strcmp(name, ".gcc_except_table") == 0)
return CB_IGNORE;
return CB_ERROR;

47
binutils.spec
View File

@ -1,7 +1,7 @@
Summary: Binary utilities
Name: binutils
Version: 2.34
Release: 13
Version: 2.36.1
Release: 1
License: GPLv3+
URL: https://sourceware.org/binutils
@ -19,38 +19,16 @@ Patch1: export-demangle.h-in-devel-package.patch
#BUZ:845084
Patch2: binutils-2.22.52.0.4-no-config-h-check.patch
#BUG:1452111
Patch3: binutils-2.29-revert-PLT-elision.patch
Patch4: binutils-2.27-aarch64-ifunc.patch
#Stop gold from complaining about relocs
Patch5: binutils-gold-ignore-discarded-note-relocs.patch
Patch3: binutils-2.27-aarch64-ifunc.patch
#PATCH-CVE-UPSTREAM
Patch6: CVE-2019-1010204.patch
Patch7: Import-a-fix-from-the-mainline-sources-that-prevents.patch
Patch8: PR25585-PHDR-segment-not-covered-by-LOAD-segment.patch
Patch9: Re-PR24511-nm-should-not-mark-symbols-in-.init_array.patch
Patch10: powerpc64-ld-infinite-loop.patch
Patch11: PR25745-powerpc64-ld-overflows-string-buffer-in-stat.patch
Patch12: BFD-Exclude-sections-with-no-content-from-compress-c.patch
Patch13: gas-PR-25863-Fix-scalar-vmul-inside-it-block-when-as.patch
Patch14: NDS32-disassembly-of-odd-sized-sections.patch
Patch4: CVE-2019-1010204.patch
Patch15: asan-readelf-leaks.patch
Patch16: asan-more-readelf-leaks.patch
Patch17: Re-asan-more-readelf-leaks.patch
Patch18: readelf-leak-in-process_archive.patch
Patch19: metag-uninitialized-memory-read.patch
Patch20: Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
Patch21: backport-CVE-2020-16592-PR25823-Use-after-free-in-bfd_hash_lookup.patch
Patch22: backport-CVE-2020-0551-i386-Generate-lfence.patch
Patch23: backport-0001-CVE-2021-20197.patch
Patch24: backport-0002-CVE-2021-20197.patch
Patch25: backport-0003-CVE-2021-20197.patch
Patch26: backport-Fix-a-build-problem-when-using-FreeBSD-12.patch
Patch27: backport-0004-CVE-2021-20197.patch
Patch28: backport-CVE-2021-3487.patch
Patch29: backport-CVE-2021-3549.patch
Patch5: Fix-a-potential-use-of-an-uninitialised-value-in-the.patch
Patch6: backport-0003-CVE-2021-20197.patch
Patch7: backport-Fix-a-build-problem-when-using-FreeBSD-12.patch
Patch8: backport-0004-CVE-2021-20197.patch
Patch9: backport-CVE-2021-3549.patch
Provides: bundled(libiberty)
@ -341,6 +319,7 @@ fi
%ghost %{_bindir}/ld
%{_libdir}/lib*.so
%{_libdir}/libctf*
%{_libdir}/bfd-plugins/libdep.so
%exclude %{_libdir}/libctf.a
%exclude %{_libdir}/libctf-nobfd.a
%exclude %{_libdir}/libbfd.so
@ -363,6 +342,12 @@ fi
%{_infodir}/bfd*info*
%changelog
* Mon Jul 5 2021 yixiangzhike <zhangxingliang3@huawei.com> - 2.36.1-1
- Type:NA
- ID:NA
- SUG:NA
- DESC: update to 2.36.1
* Sat Jun 19 2021 wangchen <wangchen137@huawei.com> - 2.34-13
- Type:CVE
- ID:NA

85
gas-PR-25863-Fix-scalar-vmul-inside-it-block-when-as.patch
View File

@ -1,85 +0,0 @@
From a72427b1ae01304da0b5170e1e53f68c6d46c1de Mon Sep 17 00:00:00 2001
From: Andre Simoes Dias Vieira <andre.simoesdiasvieira@arm.com>
Date: Mon, 4 May 2020 13:05:42 +0100
Subject: [PATCH] gas: PR 25863: Fix scalar vmul inside it block when
assembling for MVE
This fixes PR 25863 by fixing the condition in the parsing of vmul in
do_mve_vmull. It also simplifies the code in there fixing latent issues that
would lead to NEON code being accepted when it shouldn't.
2020-05-07 Andre Vieira <andre.simoesdiasvieira@arm.com>
Backport from mainline.
2020-05-04 Andre Vieira <andre.simoesdiasvieira@arm.com>
PR gas/25863
* config/tc-arm.c (do_mve_vmull): Fix scalar and NEON parsing of vmul.
* testsuite/gas/arm/mve-scalar-vmult-it.d: New test.
* testsuite/gas/arm/mve-scalar-vmult-it.s: New test.
---
gas/config/tc-arm.c | 12 +++---------
gas/testsuite/gas/arm/mve-scalar-vmul-it.d | 11 +++++++++++
gas/testsuite/gas/arm/mve-scalar-vmul-it.s | 5 +++++
3 files changed, 19 insertions(+), 9 deletions(-)
create mode 100644 gas/testsuite/gas/arm/mve-scalar-vmul-it.d
create mode 100644 gas/testsuite/gas/arm/mve-scalar-vmul-it.s
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index 8ad2d6d..7550f90 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -18221,19 +18221,13 @@ do_mve_vmull (void)
enum neon_shape rs = neon_select_shape (NS_HHH, NS_FFF, NS_DDD, NS_DDS,
NS_QQS, NS_QQQ, NS_QQR, NS_NULL);
- if (!ARM_CPU_HAS_FEATURE (cpu_variant, mve_ext)
- && inst.cond == COND_ALWAYS
+ if (inst.cond == COND_ALWAYS
&& ((unsigned)inst.instruction) == M_MNEM_vmullt)
{
+
if (rs == NS_QQQ)
{
-
- struct neon_type_el et = neon_check_type (3, rs, N_EQK , N_EQK,
- N_SUF_32 | N_F64 | N_P8
- | N_P16 | N_I_MVE | N_KEY);
- if (((et.type == NT_poly) && et.size == 8
- && ARM_CPU_IS_ANY (cpu_variant))
- || (et.type == NT_integer) || (et.type == NT_float))
+ if (!ARM_CPU_HAS_FEATURE (cpu_variant, mve_ext))
goto neon_vmul;
}
else
diff --git a/gas/testsuite/gas/arm/mve-scalar-vmul-it.d b/gas/testsuite/gas/arm/mve-scalar-vmul-it.d
new file mode 100644
index 0000000..f4564a5
--- /dev/null
+++ b/gas/testsuite/gas/arm/mve-scalar-vmul-it.d
@@ -0,0 +1,11 @@
+# name: Armv8.1-M Mainline scalar vmul instructions in it blocks (with MVE)
+# as: -march=armv8.1-m.main+mve.fp+fp.dp
+# objdump: -dr --prefix-addresses --show-raw-insn -marmv8.1-m.main
+
+.*: +file format .*arm.*
+
+Disassembly of section .text:
+[^>]*> bfbc itt lt
+[^>]*> ee20 0a81 vmullt.f32 s0, s1, s2
+[^>]*> ee21 0b02 vmullt.f64 d0, d1, d2
+#...
diff --git a/gas/testsuite/gas/arm/mve-scalar-vmul-it.s b/gas/testsuite/gas/arm/mve-scalar-vmul-it.s
new file mode 100644
index 0000000..e6c24ac
--- /dev/null
+++ b/gas/testsuite/gas/arm/mve-scalar-vmul-it.s
@@ -0,0 +1,5 @@
+.syntax unified
+.text
+itt lt
+vmullt.f32 s0, s1, s2
+vmullt.f64 d0, d1, d2
--
1.8.3.1

36
metag-uninitialized-memory-read.patch
View File

@ -1,36 +0,0 @@
From 340f3ac8082771ecc473ab938fc3d7cbf607ddaa Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 20 Mar 2020 10:55:58 +1030
Subject: [PATCH] metag uninitialized memory read
* metag-dis.c (print_insn_metag): Don't ignore status from
read_memory_func.
---
opcodes/metag-dis.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/opcodes/metag-dis.c b/opcodes/metag-dis.c
index f01dcba..b1cf633 100644
--- a/opcodes/metag-dis.c
+++ b/opcodes/metag-dis.c
@@ -3364,9 +3364,15 @@ print_insn_metag (bfd_vma pc, disassemble_info *outf)
bfd_byte buf[4];
unsigned int insn_word;
size_t i;
- outf->bytes_per_chunk = 4;
+ int status;
- (*outf->read_memory_func) (pc & ~0x03, buf, 4, outf);
+ outf->bytes_per_chunk = 4;
+ status = (*outf->read_memory_func) (pc & ~0x03, buf, 4, outf);
+ if (status)
+ {
+ (*outf->memory_error_func) (status, pc, outf);
+ return -1;
+ }
insn_word = bfd_getl32 (buf);
for (i = 0; i < sizeof(metag_optab)/sizeof(metag_optab[0]); i++)
--
1.8.3.1

33
powerpc64-ld-infinite-loop.patch
View File

@ -1,33 +0,0 @@
From de9c1b7cfe6e57ea8b677dc2de06e83de50f47c2 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 11 Mar 2020 14:43:16 +1030
Subject: [PATCH] powerpc64-ld infinite loop
If this code dealing with possible conversion of inline plt sequences
is ever executed, ld will hang. A binary with such sequences and of
code size larger than approximately 90% the reach of an unconditional
branch is the trigger. Oops.
* elf64-ppc.c (ppc64_elf_inline_plt): Do increment rel in for loop.
(cherry picked from commit 435edf0bf231240ccecb474b74ebb49dc8db2633)
---
bfd/elf64-ppc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 73ea286..bea722c 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -7507,7 +7507,7 @@ ppc64_elf_inline_plt (struct bfd_link_info *info)
return FALSE;
relend = relstart + sec->reloc_count;
- for (rel = relstart; rel < relend; )
+ for (rel = relstart; rel < relend; rel++)
{
enum elf_ppc64_reloc_type r_type;
unsigned long r_symndx;
--
1.8.3.1

283
readelf-leak-in-process_archive.patch
View File

@ -1,283 +0,0 @@
From 1cb7d8b1afc7c71cfacfe017e0692c9064bf9818 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 19 Mar 2020 10:10:32 +1030
Subject: [PATCH] readelf leak in process_archive
* readelf.c (process_archive): Always return via path freeing
memory. Formatting.
---
binutils/readelf.c | 166 +++++++++++++++++++++++++++++------------------------
1 files changed, 90 insertions(+), 76 deletions(-)
diff --git a/binutils/readelf.c b/binutils/readelf.c
index c8ca66e..f76b9f6 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -20256,49 +20256,58 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (do_archive_index)
{
if (arch.sym_table == NULL)
- error (_("%s: unable to dump the index as none was found\n"), filedata->file_name);
+ error (_("%s: unable to dump the index as none was found\n"),
+ filedata->file_name);
else
{
unsigned long i, l;
unsigned long current_pos;
- printf (_("Index of archive %s: (%lu entries, 0x%lx bytes in the symbol table)\n"),
- filedata->file_name, (unsigned long) arch.index_num, arch.sym_size);
+ printf (_("Index of archive %s: (%lu entries, 0x%lx bytes "
+ "in the symbol table)\n"),
+ filedata->file_name, (unsigned long) arch.index_num,
+ arch.sym_size);
current_pos = ftell (filedata->handle);
for (i = l = 0; i < arch.index_num; i++)
{
- if ((i == 0) || ((i > 0) && (arch.index_array[i] != arch.index_array[i - 1])))
- {
- char * member_name;
-
- member_name = get_archive_member_name_at (&arch, arch.index_array[i], &nested_arch);
+ if (i == 0
+ || (i > 0 && arch.index_array[i] != arch.index_array[i - 1]))
+ {
+ char * member_name
+ = get_archive_member_name_at (&arch, arch.index_array[i],
+ &nested_arch);
- if (member_name != NULL)
- {
- char * qualified_name = make_qualified_name (&arch, &nested_arch, member_name);
+ if (member_name != NULL)
+ {
+ char * qualified_name
+ = make_qualified_name (&arch, &nested_arch,
+ member_name);
- if (qualified_name != NULL)
- {
- printf (_("Contents of binary %s at offset "), qualified_name);
+ if (qualified_name != NULL)
+ {
+ printf (_("Contents of binary %s at offset "),
+ qualified_name);
(void) print_vma (arch.index_array[i], PREFIX_HEX);
putchar ('\n');
- free (qualified_name);
- }
+ free (qualified_name);
+ }
free (member_name);
}
}
if (l >= arch.sym_size)
{
- error (_("%s: end of the symbol table reached before the end of the index\n"),
+ error (_("%s: end of the symbol table reached "
+ "before the end of the index\n"),
filedata->file_name);
ret = FALSE;
break;
}
/* PR 17531: file: 0b6630b2. */
- printf ("\t%.*s\n", (int) (arch.sym_size - l), arch.sym_table + l);
+ printf ("\t%.*s\n",
+ (int) (arch.sym_size - l), arch.sym_table + l);
l += strnlen (arch.sym_table + l, arch.sym_size - l) + 1;
}
@@ -20322,7 +20331,8 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
if (fseek (filedata->handle, current_pos, SEEK_SET) != 0)
{
- error (_("%s: failed to seek back to start of object files in the archive\n"),
+ error (_("%s: failed to seek back to start of object files "
+ "in the archive\n"),
filedata->file_name);
ret = FALSE;
goto out;
@@ -20347,34 +20357,37 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
/* Read the next archive header. */
if (fseek (filedata->handle, arch.next_arhdr_offset, SEEK_SET) != 0)
- {
- error (_("%s: failed to seek to next archive header\n"), arch.file_name);
- return FALSE;
- }
+ {
+ error (_("%s: failed to seek to next archive header\n"),
+ arch.file_name);
+ ret = FALSE;
+ break;
+ }
got = fread (&arch.arhdr, 1, sizeof arch.arhdr, filedata->handle);
if (got != sizeof arch.arhdr)
- {
- if (got == 0)
+ {
+ if (got == 0)
break;
/* PR 24049 - we cannot use filedata->file_name as this will
have already been freed. */
error (_("%s: failed to read archive header\n"), arch.file_name);
- ret = FALSE;
- break;
- }
+ ret = FALSE;
+ break;
+ }
if (memcmp (arch.arhdr.ar_fmag, ARFMAG, 2) != 0)
- {
- error (_("%s: did not find a valid archive header\n"), arch.file_name);
- ret = FALSE;
- break;
- }
+ {
+ error (_("%s: did not find a valid archive header\n"),
+ arch.file_name);
+ ret = FALSE;
+ break;
+ }
arch.next_arhdr_offset += sizeof arch.arhdr;
archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10);
if (archive_file_size & 01)
- ++archive_file_size;
+ ++archive_file_size;
name = get_archive_member_name (&arch, &nested_arch);
if (name == NULL)
@@ -20395,45 +20408,45 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
}
if (is_thin_archive && arch.nested_member_origin == 0)
- {
- /* This is a proxy for an external member of a thin archive. */
- Filedata * member_filedata;
- char * member_file_name = adjust_relative_path
+ {
+ /* This is a proxy for an external member of a thin archive. */
+ Filedata * member_filedata;
+ char * member_file_name = adjust_relative_path
(filedata->file_name, name, namelen);
free (name);
- if (member_file_name == NULL)
- {
+ if (member_file_name == NULL)
+ {
free (qualified_name);
- ret = FALSE;
- break;
- }
+ ret = FALSE;
+ break;
+ }
- member_filedata = open_file (member_file_name);
- if (member_filedata == NULL)
- {
- error (_("Input file '%s' is not readable.\n"), member_file_name);
- free (member_file_name);
+ member_filedata = open_file (member_file_name);
+ if (member_filedata == NULL)
+ {
+ error (_("Input file '%s' is not readable.\n"), member_file_name);
+ free (member_file_name);
free (qualified_name);
- ret = FALSE;
- break;
- }
+ ret = FALSE;
+ break;
+ }
- archive_file_offset = arch.nested_member_origin;
+ archive_file_offset = arch.nested_member_origin;
member_filedata->file_name = qualified_name;
- if (! process_object (member_filedata))
+ if (! process_object (member_filedata))
ret = FALSE;
- close_file (member_filedata);
- free (member_file_name);
+ close_file (member_filedata);
+ free (member_file_name);
free (qualified_name);
- }
+ }
else if (is_thin_archive)
- {
- Filedata thin_filedata;
+ {
+ Filedata thin_filedata;
- memset (&thin_filedata, 0, sizeof (thin_filedata));
+ memset (&thin_filedata, 0, sizeof (thin_filedata));
/* PR 15140: Allow for corrupt thin archives. */
if (nested_arch.file == NULL)
@@ -20447,35 +20460,36 @@ process_archive (Filedata * filedata, bfd_boolean is_thin_archive)
}
free (name);
- /* This is a proxy for a member of a nested archive. */
- archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
+ /* This is a proxy for a member of a nested archive. */
+ archive_file_offset = arch.nested_member_origin + sizeof arch.arhdr;
- /* The nested archive file will have been opened and setup by
- get_archive_member_name. */
- if (fseek (nested_arch.file, archive_file_offset, SEEK_SET) != 0)
- {
- error (_("%s: failed to seek to archive member.\n"), nested_arch.file_name);
+ /* The nested archive file will have been opened and setup by
+ get_archive_member_name. */
+ if (fseek (nested_arch.file, archive_file_offset, SEEK_SET) != 0)
+ {
+ error (_("%s: failed to seek to archive member.\n"),
+ nested_arch.file_name);
free (qualified_name);
- ret = FALSE;
- break;
- }
+ ret = FALSE;
+ break;
+ }
thin_filedata.handle = nested_arch.file;
thin_filedata.file_name = qualified_name;
- if (! process_object (& thin_filedata))
+ if (! process_object (& thin_filedata))
ret = FALSE;
- }
+ }
else
- {
+ {
free (name);
- archive_file_offset = arch.next_arhdr_offset;
- arch.next_arhdr_offset += archive_file_size;
+ archive_file_offset = arch.next_arhdr_offset;
+ arch.next_arhdr_offset += archive_file_size;
filedata->file_name = qualified_name;
- if (! process_object (filedata))
+ if (! process_object (filedata))
ret = FALSE;
- }
+ }
free (qualified_name);
}
--
1.8.3.1