From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: alpha-vms: sanity checks for image_write
Date: Tue, 31 Mar 2020 16:56:55 +1030 [thread overview]
Message-ID: <20200331062655.GZ4583@bubble.grove.modra.org> (raw)
* vms-alpha.c (image_write): Check bounds for sections without
contents too. Error on non-zero write to section without
contents.
(_bfd_vms_slurp_etir): Check return of image_write* functions.
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 594363b32a..713697ae46 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1611,26 +1611,35 @@ dst_retrieve_location (bfd *abfd, bfd_vma *loc)
static bfd_boolean
image_write (bfd *abfd, unsigned char *ptr, unsigned int size)
{
+ asection *sec = PRIV (image_section);
+ size_t off = PRIV (image_offset);
+
+ /* Check bounds. */
+ if (off > sec->size
+ || size > sec->size - off)
+ {
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+
#if VMS_DEBUG
_bfd_vms_debug (8, "image_write from (%p, %d) to (%ld)\n", ptr, size,
- (long)PRIV (image_offset));
+ (long) off));
#endif
if (PRIV (image_section)->contents != NULL)
+ memcpy (sec->contents + off, ptr, size);
+ else
{
- asection *sec = PRIV (image_section);
- size_t off = PRIV (image_offset);
-
- /* Check bounds. */
- if (off > sec->size
- || size > sec->size - off)
- {
- bfd_set_error (bfd_error_bad_value);
- return FALSE;
- }
-
- memcpy (sec->contents + off, ptr, size);
+ unsigned int i;
+ for (i = 0; i < size; i++)
+ if (ptr[i] != 0)
+ {
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
}
+
#if VMS_DEBUG
_bfd_hexdump (9, ptr, size, 0);
#endif
@@ -1998,7 +2007,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
return FALSE;
if (rel1 != RELC_NONE)
goto bad_context;
- image_write_b (abfd, (unsigned int) op1 & 0xff);
+ if (!image_write_b (abfd, (unsigned int) op1 & 0xff))
+ return FALSE;
break;
/* Store word: pop stack, write word
@@ -2008,7 +2018,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
return FALSE;
if (rel1 != RELC_NONE)
goto bad_context;
- image_write_w (abfd, (unsigned int) op1 & 0xffff);
+ if (!image_write_w (abfd, (unsigned int) op1 & 0xffff))
+ return FALSE;
break;
/* Store longword: pop stack, write longword
@@ -2034,7 +2045,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
if (!alpha_vms_add_lw_reloc (info))
return FALSE;
}
- image_write_l (abfd, op1);
+ if (!image_write_l (abfd, op1))
+ return FALSE;
break;
/* Store quadword: pop stack, write quadword
@@ -2056,7 +2068,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
if (!alpha_vms_add_qw_reloc (info))
return FALSE;
}
- image_write_q (abfd, op1);
+ if (!image_write_q (abfd, op1))
+ return FALSE;
break;
/* Store immediate repeated: pop stack for repeat count
@@ -2074,7 +2087,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
if (rel1 != RELC_NONE)
goto bad_context;
while (op1-- > 0)
- image_write (abfd, ptr + 4, size);
+ if (!image_write (abfd, ptr + 4, size))
+ return FALSE;
}
break;
@@ -2099,7 +2113,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
return FALSE;
}
}
- image_write_q (abfd, op1);
+ if (!image_write_q (abfd, op1))
+ return FALSE;
break;
/* Store code address: write address of entry point
@@ -2131,7 +2146,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
abort ();
}
}
- image_write_q (abfd, op1);
+ if (!image_write_q (abfd, op1))
+ return FALSE;
break;
/* Store offset to psect: pop stack, add low 32 bits to base of psect
@@ -2145,7 +2161,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
op1 = alpha_vms_fix_sec_rel (abfd, info, rel1, op1);
rel1 = RELC_REL;
- image_write_q (abfd, op1);
+ if (!image_write_q (abfd, op1))
+ return FALSE;
break;
/* Store immediate
@@ -2158,7 +2175,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
if (ptr + 4 > maxptr)
goto corrupt_etir;
size = bfd_getl32 (ptr);
- image_write (abfd, ptr + 4, size);
+ if (!image_write (abfd, ptr + 4, size))
+ return FALSE;
}
break;
@@ -2173,7 +2191,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
#if 0
abort ();
#endif
- image_write_l (abfd, op1);
+ if (!image_write_l (abfd, op1))
+ return FALSE;
break;
case ETIR__C_STO_RB:
@@ -2246,8 +2265,9 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
op1 = 0;
op2 = 0;
}
- image_write_q (abfd, op1);
- image_write_q (abfd, op2);
+ if (!image_write_q (abfd, op1)
+ || !image_write_q (abfd, op2))
+ return FALSE;
break;
/* 205 Store-conditional NOP at address of global
--
Alan Modra
Australia Development Lab, IBM
reply other threads:[~2020-03-31 6:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200331062655.GZ4583@bubble.grove.modra.org \
--to=amodra@gmail.com \
--cc=binutils@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).