From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <binutils-return-109057-listarch-binutils=sources.redhat.com@sourceware.org>
Received: (qmail 86587 invoked by alias); 19 Feb 2020 03:22:53 -0000
Mailing-List: contact binutils-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <binutils.sourceware.org>
List-Subscribe: <mailto:binutils-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: binutils-owner@sourceware.org
Received: (qmail 86573 invoked by uid 89); 19 Feb 2020 03:22:53 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=17512, xgettext
X-HELO: mail-pg1-f177.google.com
Received: from mail-pg1-f177.google.com (HELO mail-pg1-f177.google.com) (209.85.215.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 19 Feb 2020 03:22:52 +0000
Received: by mail-pg1-f177.google.com with SMTP id v23so8592651pgk.2        for <binutils@sourceware.org>; Tue, 18 Feb 2020 19:22:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=date:from:to:subject:message-id:mime-version:content-disposition         :user-agent;        bh=IZVNSgzGXJivCj/zOFXv6Zzg2YwvPn2+PKqiCggvLC8=;        b=BeC1tvGcL99I3otinfucUcbBX7WGvJnDmZTF3BcRzXTttpfE+6v8LTgi/6wrgINbX+         inPBbfuuTMBNwUsxvyIdbJHqlgQWxeaLIEkxxz2iUYWCSXU0O9+Ii8AzY4iUQUwc1u45         nucBfqfxsIxpH3cL1paevzetmw7sqEBesL9XjRGPfN9rqIyFeZfYCV5cQ/Cz9FGHEe9P         6ejlK+qY6yGzD61ag5CjyCzk6iIJ2zpM5nNHxu8pWGScavtfRFgHbmTM+cdFabieGTQH         R8dV55BEyHvqXqaKPbMpKfQFwPKisHRpfkYm2hIPWw+RFAPYqZH8pjKZeZ0MSmS0/1kj         iRxg==
Return-Path: <amodra@gmail.com>
Received: from bubble.grove.modra.org ([2406:3400:51d:8cc0:70ef:550d:1ef3:328a])        by smtp.gmail.com with ESMTPSA id k9sm354538pjo.19.2020.02.18.19.22.48        for <binutils@sourceware.org>        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);        Tue, 18 Feb 2020 19:22:49 -0800 (PST)
Received: by bubble.grove.modra.org (Postfix, from userid 1000)	id BC3288ADF5; Wed, 19 Feb 2020 13:52:45 +1030 (ACDT)
Date: Wed, 19 Feb 2020 03:22:00 -0000
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: bfd_get_file_size calls
Message-ID: <20200219032245.GH5570@bubble.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-IsSubscribed: yes
X-SW-Source: 2020-02/txt/msg00436.txt.bz2

bfd_get_file_size can return 0, meaning the file size is unknown.

	* coffgen.c (_bfd_coff_get_external_symbols): Don't call
	bfd_get_file_size twice.
	(_bfd_coff_read_string_table): Allow for bfd_get_file_size
	zero, ie. unknown, return.
	* elf-attrs.c (_bfd_elf_parse_attributes): Likewise.
	* elfcode.h (elf_swap_shdr_in): Likewise.
	(elf_object_p): Don't call bfd_get_file_size twice and correct
	file size check.

diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index cf115d48c8..5287130490 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1642,19 +1642,20 @@ _bfd_coff_get_external_symbols (bfd *abfd)
   bfd_size_type symesz;
   bfd_size_type size;
   void * syms;
+  ufile_ptr filesize;
 
   if (obj_coff_external_syms (abfd) != NULL)
     return TRUE;
 
   symesz = bfd_coff_symesz (abfd);
-
   size = obj_raw_syment_count (abfd) * symesz;
   if (size == 0)
     return TRUE;
+
   /* Check for integer overflow and for unreasonable symbol counts.  */
+  filesize = bfd_get_file_size (abfd);
   if (size < obj_raw_syment_count (abfd)
-      || (bfd_get_file_size (abfd) > 0
-	  && size > bfd_get_file_size (abfd)))
+      || (filesize != 0 && size > filesize))
 
     {
       _bfd_error_handler (_("%pB: corrupt symbol count: %#" PRIx64 ""),
@@ -1698,6 +1699,7 @@ _bfd_coff_read_string_table (bfd *abfd)
   bfd_size_type strsize;
   char *strings;
   file_ptr pos;
+  ufile_ptr filesize;
 
   if (obj_coff_strings (abfd) != NULL)
     return obj_coff_strings (abfd);
@@ -1731,7 +1733,9 @@ _bfd_coff_read_string_table (bfd *abfd)
 #endif
     }
 
-  if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
+  filesize = bfd_get_file_size (abfd);
+  if (strsize < STRING_SIZE_SIZE
+      || (filesize != 0 && strsize > filesize))
     {
       _bfd_error_handler
 	/* xgettext: c-format */
diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index 169b697381..070104c273 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -436,11 +436,14 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
   bfd_byte *p_end;
   bfd_vma len;
   const char *std_sec;
+  ufile_ptr filesize;
 
   /* PR 17512: file: 2844a11d.  */
   if (hdr->sh_size == 0)
     return;
-  if (hdr->sh_size > bfd_get_file_size (abfd))
+
+  filesize = bfd_get_file_size (abfd);
+  if (filesize != 0 && hdr->sh_size > filesize)
     {
       /* xgettext:c-format */
       _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index e1e89cf78f..a6b0c613ba 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -317,11 +317,16 @@ elf_swap_shdr_in (bfd *abfd,
   /* PR 23657.  Check for invalid section size, in sections with contents.
      Note - we do not set an error value here because the contents
      of this particular section might not be needed by the consumer.  */
-  if (dst->sh_type != SHT_NOBITS
-      && dst->sh_size > bfd_get_file_size (abfd))
-    _bfd_error_handler
-      (_("warning: %pB has a corrupt section with a size (%" BFD_VMA_FMT "x) larger than the file size"),
-       abfd, dst->sh_size);
+  if (dst->sh_type != SHT_NOBITS)
+    {
+      ufile_ptr filesize = bfd_get_file_size (abfd);
+
+      if (filesize != 0 && dst->sh_size > filesize)
+	_bfd_error_handler
+	  (_("warning: %pB has a corrupt section with a size (%"
+	     BFD_VMA_FMT "x) larger than the file size"),
+	   abfd, dst->sh_size);
+    }
   dst->sh_link = H_GET_32 (abfd, src->sh_link);
   dst->sh_info = H_GET_32 (abfd, src->sh_info);
   dst->sh_addralign = H_GET_WORD (abfd, src->sh_addralign);
@@ -775,6 +780,7 @@ elf_object_p (bfd *abfd)
     {
       Elf_Internal_Phdr *i_phdr;
       unsigned int i;
+      ufile_ptr filesize;
 
 #ifndef BFD64
       if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
@@ -782,9 +788,10 @@ elf_object_p (bfd *abfd)
 #endif
       /* Check for a corrupt input file with an impossibly large number
 	 of program headers.  */
-      if (bfd_get_file_size (abfd) > 0
-	  && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
-	goto got_no_match;
+      filesize = bfd_get_file_size (abfd);
+      if (filesize != 0
+	  && i_ehdrp->e_phnum > filesize / sizeof (Elf_External_Phdr))
+	goto got_wrong_format_error;
       elf_tdata (abfd)->phdr
 	= (Elf_Internal_Phdr *) bfd_alloc2 (abfd, i_ehdrp->e_phnum,
 					    sizeof (*i_phdr));

-- 
Alan Modra
Australia Development Lab, IBM