Fix segfault when .plt section does not exist

Fix segfault when .plt section does not exist

[Palmer Dabbelt]

Is this OK for master?

[PATCH] Fix segfault when .plt section does not exist

[Palmer Dabbelt]

From: Andrew Waterman <andrew@sifive.com>

bfd/ChangeLog

2017-01-09  Andrew Waterman <andrew@sifive.com>

	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Check that
	PLT section data exists before modifying it.

Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
---
 bfd/ChangeLog     | 5 +++++
 bfd/elfnn-riscv.c | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index c26ab49..c76ac91 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2017-01-24  Andrew Waterman <andrew@sifive.com>
+
+	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Check that
+	PLT section data exists before modifying it.
+
 2017-01-24  Maciej W. Rozycki  <macro@imgtec.com>
 
 	PR ld/20828
diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
index 320d318..a82b564 100644
--- a/bfd/elfnn-riscv.c
+++ b/bfd/elfnn-riscv.c
@@ -2504,8 +2504,9 @@ riscv_elf_finish_dynamic_sections (bfd *output_bfd,
 	    bfd_put_32 (output_bfd, plt_header[i], splt->contents + 4*i);
 	}
 
-      elf_section_data (splt->output_section)->this_hdr.sh_entsize
-	= PLT_ENTRY_SIZE;
+      if (elf_section_data (splt->output_section) != NULL)
+	elf_section_data (splt->output_section)->this_hdr.sh_entsize
+	  = PLT_ENTRY_SIZE;
     }
 
   if (htab->elf.sgotplt)
-- 
2.10.2

Re: [PATCH] Fix segfault when .plt section does not exist

[Maciej W. Rozycki]

On Tue, 24 Jan 2017, Palmer Dabbelt wrote:

> diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
> index 320d318..a82b564 100644
> --- a/bfd/elfnn-riscv.c
> +++ b/bfd/elfnn-riscv.c
> @@ -2504,8 +2504,9 @@ riscv_elf_finish_dynamic_sections (bfd *output_bfd,
>  	    bfd_put_32 (output_bfd, plt_header[i], splt->contents + 4*i);
>  	}
>  
> -      elf_section_data (splt->output_section)->this_hdr.sh_entsize
> -	= PLT_ENTRY_SIZE;
> +      if (elf_section_data (splt->output_section) != NULL)
> +	elf_section_data (splt->output_section)->this_hdr.sh_entsize
> +	  = PLT_ENTRY_SIZE;

 FWIW the check for a discarded output section is usually written like:

      if (!bfd_is_abs_section (splt->output_section))

(and you might want to skip the entire PLT fill code in that case).

  Maciej

[PATCH] Fix segfault when .plt section does not exist

[Palmer Dabbelt]

From: Andrew Waterman <andrew@sifive.com>

bfd/ChangeLog

2017-01-09  Andrew Waterman <andrew@sifive.com>

	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
	entry size if PLT header is written.
---
 bfd/elfnn-riscv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
index 320d318..b8dd1f2 100644
--- a/bfd/elfnn-riscv.c
+++ b/bfd/elfnn-riscv.c
@@ -2502,10 +2502,10 @@ riscv_elf_finish_dynamic_sections (bfd *output_bfd,
 
 	  for (i = 0; i < PLT_HEADER_INSNS; i++)
 	    bfd_put_32 (output_bfd, plt_header[i], splt->contents + 4*i);
-	}
 
-      elf_section_data (splt->output_section)->this_hdr.sh_entsize
-	= PLT_ENTRY_SIZE;
+	  elf_section_data (splt->output_section)->this_hdr.sh_entsize
+	    = PLT_ENTRY_SIZE;
+	}
     }
 
   if (htab->elf.sgotplt)
-- 
2.10.2

Re: Fix segfault when .plt section does not exist

[Palmer Dabbelt]

Sorry to take a while to get back to you, how does this new version look?

[PATCH] Fix segfault when .plt section does not exist

Re: [PATCH] Fix segfault when .plt section does not exist

[Palmer Dabbelt]

On Fri, 03 Feb 2017 13:12:14 PST (-0800), Palmer Dabbelt wrote:
> From: Andrew Waterman <andrew@sifive.com>
>
> bfd/ChangeLog
>
> 2017-01-09  Andrew Waterman <andrew@sifive.com>
>
> 	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
> 	entry size if PLT header is written.
> ---
>  bfd/elfnn-riscv.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
> index 320d318..b8dd1f2 100644
> --- a/bfd/elfnn-riscv.c
> +++ b/bfd/elfnn-riscv.c
> @@ -2502,10 +2502,10 @@ riscv_elf_finish_dynamic_sections (bfd *output_bfd,
>
>  	  for (i = 0; i < PLT_HEADER_INSNS; i++)
>  	    bfd_put_32 (output_bfd, plt_header[i], splt->contents + 4*i);
> -	}
>
> -      elf_section_data (splt->output_section)->this_hdr.sh_entsize
> -	= PLT_ENTRY_SIZE;
> +	  elf_section_data (splt->output_section)->this_hdr.sh_entsize
> +	    = PLT_ENTRY_SIZE;
> +	}
>      }
>
>    if (htab->elf.sgotplt)

Committed.

Re: Fix segfault when .plt section does not exist

[Maciej W. Rozycki]

On Fri, 3 Feb 2017, Palmer Dabbelt wrote:

> Sorry to take a while to get back to you, how does this new version look?

 I see you've committed the change already -- however I'd like to point 
out that I am fairly sure (although not absolutely certain offhand) that 
`splt->size' can actually be non-zero for a discarded `.plt' section, as 
normal processing is done internally as if the section was to be included 
in output, except that ->output_section points to the absolute section.  
You'd have to create a small test case to verify that (mine for PR 
ld/20828 isn't enough as it doesn't actually create a PLT), which could 
then serve as a part of the test suite too.

 NB, although we do handle such a situation in many places across BFD, I 
have identified a couple where we don't, one in the MIPS backend and 
another in generic ELF linker code.  I have made patches to adjust those 
places and intend to publish them sometime, however I'm yet thinking what 
to do about some dynamic entries like DT_PLTGOT which are set incorrectly 
when the corresponding section has been removed from output.

  Maciej

Re: Fix segfault when .plt section does not exist

[Andrew Waterman]

If that is indeed the case, this appears to be handled incorrectly in
several implementations of elf_backend_finish_dynamic_sections -- the
first three I looked at, tilegx, alpha, and ppc64, also seem to rely
only splt->size and do not check if the output section is the absolute
section.  (Actually, tilegx looks like it should segfault on
ld/20828).

We'll construct a test case and look into this more shortly.

On Wed, Feb 8, 2017 at 1:29 AM, Maciej W. Rozycki <macro@imgtec.com> wrote:
> On Fri, 3 Feb 2017, Palmer Dabbelt wrote:
>
>> Sorry to take a while to get back to you, how does this new version look?
>
>  I see you've committed the change already -- however I'd like to point
> out that I am fairly sure (although not absolutely certain offhand) that
> `splt->size' can actually be non-zero for a discarded `.plt' section, as
> normal processing is done internally as if the section was to be included
> in output, except that ->output_section points to the absolute section.
> You'd have to create a small test case to verify that (mine for PR
> ld/20828 isn't enough as it doesn't actually create a PLT), which could
> then serve as a part of the test suite too.
>
>  NB, although we do handle such a situation in many places across BFD, I
> have identified a couple where we don't, one in the MIPS backend and
> another in generic ELF linker code.  I have made patches to adjust those
> places and intend to publish them sometime, however I'm yet thinking what
> to do about some dynamic entries like DT_PLTGOT which are set incorrectly
> when the corresponding section has been removed from output.
>
>   Maciej

[PATCH] Fix segfault when .plt section does not exist

[Palmer Dabbelt]

From: Andrew Waterman <andrew@sifive.com>

bfd/ChangeLog

2017-02-07  Andrew Waterman  <andrew@sifive.com>

	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
	entry size if PLT header is written.
---
 bfd/ChangeLog     | 5 +++++
 bfd/elfnn-riscv.c | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 244d190..6c21e77 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2017-02-07  Andrew Waterman  <andrew@sifive.com>
+
+	* elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
+	entry size if PLT header is written.
+
 2017-02-03  Alan Modra  <amodra@gmail.com>
 
 	* elf32-hppa.c (ensure_undef_weak_dynamic): New function.
diff --git a/bfd/elfnn-riscv.c b/bfd/elfnn-riscv.c
index f414429..210007d 100644
--- a/bfd/elfnn-riscv.c
+++ b/bfd/elfnn-riscv.c
@@ -2502,10 +2502,10 @@ riscv_elf_finish_dynamic_sections (bfd *output_bfd,
 
 	  for (i = 0; i < PLT_HEADER_INSNS; i++)
 	    bfd_put_32 (output_bfd, plt_header[i], splt->contents + 4*i);
-	}
 
-      elf_section_data (splt->output_section)->this_hdr.sh_entsize
-	= PLT_ENTRY_SIZE;
+	  elf_section_data (splt->output_section)->this_hdr.sh_entsize
+	    = PLT_ENTRY_SIZE;
+	}
     }
 
   if (htab->elf.sgotplt)
-- 
2.10.2