1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2015, 2017, 2018 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 elfutils is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #ifdef HAVE_CONFIG_H
20 # include <config.h>
21 #endif
22
23 #include <argp.h>
24 #include <assert.h>
25 #include <byteswap.h>
26 #include <endian.h>
27 #include <fcntl.h>
28 #include <gelf.h>
29 #include <inttypes.h>
30 #include <libintl.h>
31 #include <locale.h>
32 #include <stdbool.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <unistd.h>
36 #include <sys/stat.h>
37
38 #include <elf-knowledge.h>
39 #include <libeu.h>
40 #include <system.h>
41 #include <printversion.h>
42 #include "../libelf/libelfP.h"
43 #include "../libelf/common.h"
44 #include "../libebl/libeblP.h"
45 #include "../libdw/libdwP.h"
46 #include "../libdwfl/libdwflP.h"
47 #include "../libdw/memory-access.h"
48
49
50 /* Name and version of program. */
51 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
52
53 /* Bug report address. */
54 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
55
56 #define ARGP_strict 300
57 #define ARGP_gnuld 301
58
59 /* Definitions of arguments for argp functions. */
60 static const struct argp_option options[] =
61 {
62 { "strict", ARGP_strict, NULL, 0,
63 N_("Be extremely strict, flag level 2 features."), 0 },
64 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
65 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
66 { "gnu-ld", ARGP_gnuld, NULL, 0,
67 N_("Binary has been created with GNU ld and is therefore known to be \
68 broken in certain ways"), 0 },
69 { NULL, 0, NULL, 0, NULL, 0 }
70 };
71
72 /* Short description of program. */
73 static const char doc[] = N_("\
74 Pedantic checking of ELF files compliance with gABI/psABI spec.");
75
76 /* Strings for arguments in help texts. */
77 static const char args_doc[] = N_("FILE...");
78
79 /* Prototype for option handler. */
80 static error_t parse_opt (int key, char *arg, struct argp_state *state);
81
82 /* Data structure to communicate with argp functions. */
83 static struct argp argp =
84 {
85 options, parse_opt, args_doc, doc, NULL, NULL, NULL
86 };
87
88
89 /* Declarations of local functions. */
90 static void process_file (int fd, Elf *elf, const char *prefix,
91 const char *suffix, const char *fname, size_t size,
92 bool only_one);
93 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
94 const char *fname, size_t size, bool only_one);
95 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
96 GElf_Shdr *shdr, int idx);
97
98
99 /* Report an error. */
100 #define ERROR(str, args...) \
101 do { \
102 printf (str, ##args); \
103 ++error_count; \
104 } while (0)
105 static unsigned int error_count;
106
107 /* True if we should perform very strict testing. */
108 static bool be_strict;
109
110 /* True if no message is to be printed if the run is succesful. */
111 static bool be_quiet;
112
113 /* True if binary is from strip -f, not a normal ELF file. */
114 static bool is_debuginfo;
115
116 /* True if binary is assumed to be generated with GNU ld. */
117 static bool gnuld;
118
119 /* Index of section header string table. */
120 static uint32_t shstrndx;
121
122 /* Array to count references in section groups. */
123 static int *scnref;
124
125 /* Numbers of sections and program headers. */
126 static unsigned int shnum;
127 static unsigned int phnum;
128
129
130 int
main(int argc,char * argv[])131 main (int argc, char *argv[])
132 {
133 /* Set locale. */
134 setlocale (LC_ALL, "");
135
136 /* Initialize the message catalog. */
137 textdomain (PACKAGE_TARNAME);
138
139 /* Parse and process arguments. */
140 int remaining;
141 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
142
143 /* Before we start tell the ELF library which version we are using. */
144 elf_version (EV_CURRENT);
145
146 /* Now process all the files given at the command line. */
147 bool only_one = remaining + 1 == argc;
148 do
149 {
150 /* Open the file. */
151 int fd = open (argv[remaining], O_RDONLY);
152 if (fd == -1)
153 {
154 error (0, errno, gettext ("cannot open input file"));
155 continue;
156 }
157
158 /* Create an `Elf' descriptor. */
159 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
160 if (elf == NULL)
161 ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
162 elf_errmsg (-1));
163 else
164 {
165 unsigned int prev_error_count = error_count;
166 struct stat st;
167
168 if (fstat (fd, &st) != 0)
169 {
170 printf ("cannot stat '%s': %m\n", argv[remaining]);
171 close (fd);
172 continue;
173 }
174
175 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
176 only_one);
177
178 /* Now we can close the descriptor. */
179 if (elf_end (elf) != 0)
180 ERROR (gettext ("error while closing Elf descriptor: %s\n"),
181 elf_errmsg (-1));
182
183 if (prev_error_count == error_count && !be_quiet)
184 puts (gettext ("No errors"));
185 }
186
187 close (fd);
188 }
189 while (++remaining < argc);
190
191 return error_count != 0;
192 }
193
194
195 /* Handle program arguments. */
196 static error_t
parse_opt(int key,char * arg,struct argp_state * state)197 parse_opt (int key, char *arg __attribute__ ((unused)),
198 struct argp_state *state __attribute__ ((unused)))
199 {
200 switch (key)
201 {
202 case ARGP_strict:
203 be_strict = true;
204 break;
205
206 case 'q':
207 be_quiet = true;
208 break;
209
210 case 'd':
211 is_debuginfo = true;
212 break;
213
214 case ARGP_gnuld:
215 gnuld = true;
216 break;
217
218 case ARGP_KEY_NO_ARGS:
219 fputs (gettext ("Missing file name.\n"), stderr);
220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
221 exit (EXIT_FAILURE);
222
223 default:
224 return ARGP_ERR_UNKNOWN;
225 }
226 return 0;
227 }
228
229
230 /* Process one file. */
231 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)232 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
233 const char *fname, size_t size, bool only_one)
234 {
235 /* We can handle two types of files: ELF files and archives. */
236 Elf_Kind kind = elf_kind (elf);
237
238 switch (kind)
239 {
240 case ELF_K_ELF:
241 /* Yes! It's an ELF file. */
242 process_elf_file (elf, prefix, suffix, fname, size, only_one);
243 break;
244
245 case ELF_K_AR:
246 {
247 Elf *subelf;
248 Elf_Cmd cmd = ELF_C_READ_MMAP;
249 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
250 size_t fname_len = strlen (fname) + 1;
251 char new_prefix[prefix_len + 1 + fname_len];
252 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
253 char *cp = new_prefix;
254
255 /* Create the full name of the file. */
256 if (prefix != NULL)
257 {
258 cp = mempcpy (cp, prefix, prefix_len);
259 *cp++ = '(';
260 strcpy (stpcpy (new_suffix, suffix), ")");
261 }
262 else
263 new_suffix[0] = '\0';
264 memcpy (cp, fname, fname_len);
265
266 /* It's an archive. We process each file in it. */
267 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
268 {
269 kind = elf_kind (subelf);
270
271 /* Call this function recursively. */
272 if (kind == ELF_K_ELF || kind == ELF_K_AR)
273 {
274 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
275 assert (arhdr != NULL);
276
277 process_file (fd, subelf, new_prefix, new_suffix,
278 arhdr->ar_name, arhdr->ar_size, false);
279 }
280
281 /* Get next archive element. */
282 cmd = elf_next (subelf);
283 if (elf_end (subelf) != 0)
284 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
285 elf_errmsg (-1));
286 }
287 }
288 break;
289
290 default:
291 /* We cannot do anything. */
292 ERROR (gettext ("\
293 Not an ELF file - it has the wrong magic bytes at the start\n"));
294 break;
295 }
296 }
297
298
299 static const char *
section_name(Ebl * ebl,int idx)300 section_name (Ebl *ebl, int idx)
301 {
302 GElf_Shdr shdr_mem;
303 GElf_Shdr *shdr;
304 const char *ret;
305
306 if ((unsigned int) idx > shnum)
307 return "<invalid>";
308
309 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
310 if (shdr == NULL)
311 return "<invalid>";
312
313 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
314 if (ret == NULL)
315 return "<invalid>";
316 return ret;
317 }
318
319
320 static const int valid_e_machine[] =
321 {
322 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
323 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
324 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
325 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
326 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
327 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
328 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
329 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
330 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
331 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
332 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA,
333 EM_TILEGX, EM_TILEPRO, EM_AARCH64, EM_BPF, EM_RISCV
334 };
335 #define nvalid_e_machine \
336 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
337
338
339 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)340 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
341 {
342 char buf[512];
343 size_t cnt;
344
345 /* Check e_ident field. */
346 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
347 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
348 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
349 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
350 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
351 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
352 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
353 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
354
355 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
356 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
357 ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
358 EI_CLASS, ehdr->e_ident[EI_CLASS]);
359
360 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
361 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
362 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
363 EI_DATA, ehdr->e_ident[EI_DATA]);
364
365 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
366 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
367 EI_VERSION, ehdr->e_ident[EI_VERSION]);
368
369 /* We currently don't handle any OS ABIs other than Linux and the
370 kFreeBSD variant of Debian. */
371 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
372 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX
373 && ehdr->e_ident[EI_OSABI] != ELFOSABI_FREEBSD)
374 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"),
375 EI_OSABI,
376 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
377
378 /* No ABI versions other than zero are supported either. */
379 if (ehdr->e_ident[EI_ABIVERSION] != 0)
380 ERROR (gettext ("unsupported ABI version e_ident[%d] == %d\n"),
381 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
382
383 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
384 if (ehdr->e_ident[cnt] != 0)
385 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
386
387 /* Check the e_type field. */
388 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
389 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
390 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
391
392 /* Check the e_machine field. */
393 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
394 if (valid_e_machine[cnt] == ehdr->e_machine)
395 break;
396 if (cnt == nvalid_e_machine)
397 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
398
399 /* Check the e_version field. */
400 if (ehdr->e_version != EV_CURRENT)
401 ERROR (gettext ("unknown object file version\n"));
402
403 /* Check the e_phoff and e_phnum fields. */
404 if (ehdr->e_phoff == 0)
405 {
406 if (ehdr->e_phnum != 0)
407 ERROR (gettext ("invalid program header offset\n"));
408 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
409 ERROR (gettext ("\
410 executables and DSOs cannot have zero program header offset\n"));
411 }
412 else if (ehdr->e_phnum == 0)
413 ERROR (gettext ("invalid number of program header entries\n"));
414
415 /* Check the e_shoff field. */
416 shnum = ehdr->e_shnum;
417 shstrndx = ehdr->e_shstrndx;
418 if (ehdr->e_shoff == 0)
419 {
420 if (ehdr->e_shnum != 0)
421 ERROR (gettext ("invalid section header table offset\n"));
422 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
423 && ehdr->e_type != ET_CORE)
424 ERROR (gettext ("section header table must be present\n"));
425 }
426 else
427 {
428 if (ehdr->e_shnum == 0)
429 {
430 /* Get the header of the zeroth section. The sh_size field
431 might contain the section number. */
432 GElf_Shdr shdr_mem;
433 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
434 if (shdr != NULL)
435 {
436 /* The error will be reported later. */
437 if (shdr->sh_size == 0)
438 ERROR (gettext ("\
439 invalid number of section header table entries\n"));
440 else
441 shnum = shdr->sh_size;
442 }
443 }
444
445 if (ehdr->e_shstrndx == SHN_XINDEX)
446 {
447 /* Get the header of the zeroth section. The sh_size field
448 might contain the section number. */
449 GElf_Shdr shdr_mem;
450 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
451 if (shdr != NULL && shdr->sh_link < shnum)
452 shstrndx = shdr->sh_link;
453 }
454 else if (shstrndx >= shnum)
455 ERROR (gettext ("invalid section header index\n"));
456 }
457
458 /* Check the shdrs actually exist. And uncompress them before
459 further checking. Indexes between sections reference the
460 uncompressed data. */
461 unsigned int scnt;
462 Elf_Scn *scn = NULL;
463 for (scnt = 1; scnt < shnum; ++scnt)
464 {
465 scn = elf_nextscn (ebl->elf, scn);
466 if (scn == NULL)
467 break;
468 /* If the section wasn't compressed this does nothing, but
469 returns an error. We don't care. */
470 elf_compress (scn, 0, 0);
471 }
472 if (scnt < shnum)
473 ERROR (gettext ("Can only check %u headers, shnum was %u\n"), scnt, shnum);
474 shnum = scnt;
475
476 phnum = ehdr->e_phnum;
477 if (ehdr->e_phnum == PN_XNUM)
478 {
479 /* Get the header of the zeroth section. The sh_info field
480 might contain the phnum count. */
481 GElf_Shdr shdr_mem;
482 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
483 if (shdr != NULL)
484 {
485 /* The error will be reported later. */
486 if (shdr->sh_info < PN_XNUM)
487 ERROR (gettext ("\
488 invalid number of program header table entries\n"));
489 else
490 phnum = shdr->sh_info;
491 }
492 }
493
494 /* Check the phdrs actually exist. */
495 unsigned int pcnt;
496 for (pcnt = 0; pcnt < phnum; ++pcnt)
497 {
498 GElf_Phdr phdr_mem;
499 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
500 if (phdr == NULL)
501 break;
502 }
503 if (pcnt < phnum)
504 ERROR (gettext ("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
505 phnum = pcnt;
506
507 /* Check the e_flags field. */
508 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
509 ERROR (gettext ("invalid machine flags: %s\n"),
510 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
511
512 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
513 if (gelf_getclass (ebl->elf) == ELFCLASS32)
514 {
515 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
516 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
517
518 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
519 ERROR (gettext ("invalid program header size: %hd\n"),
520 ehdr->e_phentsize);
521 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
522 ERROR (gettext ("invalid program header position or size\n"));
523
524 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
525 ERROR (gettext ("invalid section header size: %hd\n"),
526 ehdr->e_shentsize);
527 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
528 ERROR (gettext ("invalid section header position or size\n"));
529 }
530 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
531 {
532 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
533 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
534
535 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
536 ERROR (gettext ("invalid program header size: %hd\n"),
537 ehdr->e_phentsize);
538 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
539 ERROR (gettext ("invalid program header position or size\n"));
540
541 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
542 ERROR (gettext ("invalid section header size: %hd\n"),
543 ehdr->e_shentsize);
544 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
545 ERROR (gettext ("invalid section header position or size\n"));
546 }
547 }
548
549
550 /* Check that there is a section group section with index < IDX which
551 contains section IDX and that there is exactly one. */
552 static void
check_scn_group(Ebl * ebl,int idx)553 check_scn_group (Ebl *ebl, int idx)
554 {
555 if (scnref[idx] == 0)
556 {
557 /* No reference so far. Search following sections, maybe the
558 order is wrong. */
559 size_t cnt;
560
561 for (cnt = idx + 1; cnt < shnum; ++cnt)
562 {
563 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
564 GElf_Shdr shdr_mem;
565 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
566 if (shdr == NULL)
567 /* We cannot get the section header so we cannot check it.
568 The error to get the section header will be shown
569 somewhere else. */
570 continue;
571
572 if (shdr->sh_type != SHT_GROUP)
573 continue;
574
575 Elf_Data *data = elf_getdata (scn, NULL);
576 if (data == NULL || data->d_buf == NULL
577 || data->d_size < sizeof (Elf32_Word))
578 /* Cannot check the section. */
579 continue;
580
581 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
582 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
583 ++inner)
584 if (grpdata[inner] == (Elf32_Word) idx)
585 goto out;
586 }
587
588 out:
589 if (cnt == shnum)
590 ERROR (gettext ("\
591 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
592 idx, section_name (ebl, idx));
593 else
594 ERROR (gettext ("\
595 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
596 idx, section_name (ebl, idx),
597 cnt, section_name (ebl, cnt));
598 }
599 }
600
601
602 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)603 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
604 {
605 bool no_xndx_warned = false;
606 int no_pt_tls = 0;
607 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
608 if (data == NULL)
609 {
610 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
611 idx, section_name (ebl, idx));
612 return;
613 }
614
615 GElf_Shdr strshdr_mem;
616 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
617 &strshdr_mem);
618 if (strshdr == NULL)
619 return;
620
621 if (strshdr->sh_type != SHT_STRTAB)
622 {
623 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
624 shdr->sh_link, section_name (ebl, shdr->sh_link),
625 idx, section_name (ebl, idx));
626 strshdr = NULL;
627 }
628
629 /* Search for an extended section index table section. */
630 Elf_Data *xndxdata = NULL;
631 Elf32_Word xndxscnidx = 0;
632 bool found_xndx = false;
633 for (size_t cnt = 1; cnt < shnum; ++cnt)
634 if (cnt != (size_t) idx)
635 {
636 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
637 GElf_Shdr xndxshdr_mem;
638 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
639 if (xndxshdr == NULL)
640 continue;
641
642 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
643 && xndxshdr->sh_link == (GElf_Word) idx)
644 {
645 if (found_xndx)
646 ERROR (gettext ("\
647 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
648 idx, section_name (ebl, idx));
649
650 xndxdata = elf_getdata (xndxscn, NULL);
651 xndxscnidx = elf_ndxscn (xndxscn);
652 found_xndx = true;
653 }
654 }
655
656 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
657 if (shdr->sh_entsize != sh_entsize)
658 ERROR (gettext ("\
659 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
660 idx, section_name (ebl, idx));
661
662 /* Test the zeroth entry. */
663 GElf_Sym sym_mem;
664 Elf32_Word xndx;
665 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
666 if (sym == NULL)
667 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
668 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
669 else
670 {
671 if (sym->st_name != 0)
672 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
673 idx, section_name (ebl, idx), "st_name");
674 if (sym->st_value != 0)
675 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
676 idx, section_name (ebl, idx), "st_value");
677 if (sym->st_size != 0)
678 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
679 idx, section_name (ebl, idx), "st_size");
680 if (sym->st_info != 0)
681 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
682 idx, section_name (ebl, idx), "st_info");
683 if (sym->st_other != 0)
684 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
685 idx, section_name (ebl, idx), "st_other");
686 if (sym->st_shndx != 0)
687 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
688 idx, section_name (ebl, idx), "st_shndx");
689 if (xndxdata != NULL && xndx != 0)
690 ERROR (gettext ("\
691 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
692 xndxscnidx, section_name (ebl, xndxscnidx));
693 }
694
695 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
696 {
697 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
698 if (sym == NULL)
699 {
700 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
701 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
702 continue;
703 }
704
705 const char *name = NULL;
706 if (strshdr == NULL)
707 name = "";
708 else if (sym->st_name >= strshdr->sh_size)
709 ERROR (gettext ("\
710 section [%2d] '%s': symbol %zu: invalid name value\n"),
711 idx, section_name (ebl, idx), cnt);
712 else
713 {
714 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
715 if (name == NULL)
716 name = "";
717 }
718
719 if (sym->st_shndx == SHN_XINDEX)
720 {
721 if (xndxdata == NULL)
722 {
723 if (!no_xndx_warned)
724 ERROR (gettext ("\
725 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
726 idx, section_name (ebl, idx), cnt);
727 no_xndx_warned = true;
728 }
729 else if (xndx < SHN_LORESERVE)
730 ERROR (gettext ("\
731 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
732 xndxscnidx, section_name (ebl, xndxscnidx), cnt,
733 xndx);
734 }
735 else if ((sym->st_shndx >= SHN_LORESERVE
736 // && sym->st_shndx <= SHN_HIRESERVE always true
737 && sym->st_shndx != SHN_ABS
738 && sym->st_shndx != SHN_COMMON)
739 || (sym->st_shndx >= shnum
740 && (sym->st_shndx < SHN_LORESERVE
741 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
742 ERROR (gettext ("\
743 section [%2d] '%s': symbol %zu: invalid section index\n"),
744 idx, section_name (ebl, idx), cnt);
745 else
746 xndx = sym->st_shndx;
747
748 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
749 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
750 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
751 idx, section_name (ebl, idx), cnt);
752
753 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
754 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
755 0))
756 ERROR (gettext ("\
757 section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
758 idx, section_name (ebl, idx), cnt);
759 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
760 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
761 ERROR (gettext ("\
762 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"),
763 idx, section_name (ebl, idx), cnt);
764
765 if (xndx == SHN_COMMON)
766 {
767 /* Common symbols can only appear in relocatable files. */
768 if (ehdr->e_type != ET_REL)
769 ERROR (gettext ("\
770 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
771 idx, section_name (ebl, idx), cnt);
772 if (cnt < shdr->sh_info)
773 ERROR (gettext ("\
774 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
775 idx, section_name (ebl, idx), cnt);
776 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
777 ERROR (gettext ("\
778 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
779 idx, section_name (ebl, idx), cnt);
780 }
781 else if (xndx > 0 && xndx < shnum)
782 {
783 GElf_Shdr destshdr_mem;
784 GElf_Shdr *destshdr;
785
786 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
787 if (destshdr != NULL)
788 {
789 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
790 : destshdr->sh_addr);
791 GElf_Addr st_value;
792 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC
793 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC))
794 st_value = sym->st_value & ebl_func_addr_mask (ebl);
795 else
796 st_value = sym->st_value;
797 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
798 {
799 if (! ebl_check_special_symbol (ebl, sym, name,
800 destshdr))
801 {
802 if (st_value - sh_addr > destshdr->sh_size)
803 {
804 /* GNU ld has severe bugs. When it decides to remove
805 empty sections it leaves symbols referencing them
806 behind. These are symbols in .symtab or .dynsym
807 and for the named symbols have zero size. See
808 sourceware PR13621. */
809 if (!gnuld
810 || (strcmp (section_name (ebl, idx), ".symtab")
811 && strcmp (section_name (ebl, idx),
812 ".dynsym"))
813 || sym->st_size != 0
814 || (strcmp (name, "__preinit_array_start") != 0
815 && strcmp (name, "__preinit_array_end") != 0
816 && strcmp (name, "__init_array_start") != 0
817 && strcmp (name, "__init_array_end") != 0
818 && strcmp (name, "__fini_array_start") != 0
819 && strcmp (name, "__fini_array_end") != 0
820 && strcmp (name, "__bss_start") != 0
821 && strcmp (name, "__bss_start__") != 0
822 && strcmp (name, "__TMC_END__") != 0
823 && strcmp (name, ".TOC.") != 0
824 && strcmp (name, "_edata") != 0
825 && strcmp (name, "__edata") != 0
826 && strcmp (name, "_end") != 0
827 && strcmp (name, "__end") != 0))
828 ERROR (gettext ("\
829 section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
830 idx, section_name (ebl, idx), cnt);
831 }
832 else if ((st_value - sh_addr
833 + sym->st_size) > destshdr->sh_size)
834 ERROR (gettext ("\
835 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
836 idx, section_name (ebl, idx), cnt,
837 (int) xndx, section_name (ebl, xndx));
838 }
839 }
840 else
841 {
842 if ((destshdr->sh_flags & SHF_TLS) == 0)
843 ERROR (gettext ("\
844 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
845 idx, section_name (ebl, idx), cnt,
846 (int) xndx, section_name (ebl, xndx));
847
848 if (ehdr->e_type == ET_REL)
849 {
850 /* For object files the symbol value must fall
851 into the section. */
852 if (st_value > destshdr->sh_size)
853 ERROR (gettext ("\
854 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
855 idx, section_name (ebl, idx), cnt,
856 (int) xndx, section_name (ebl, xndx));
857 else if (st_value + sym->st_size
858 > destshdr->sh_size)
859 ERROR (gettext ("\
860 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
861 idx, section_name (ebl, idx), cnt,
862 (int) xndx, section_name (ebl, xndx));
863 }
864 else
865 {
866 GElf_Phdr phdr_mem;
867 GElf_Phdr *phdr = NULL;
868 unsigned int pcnt;
869
870 for (pcnt = 0; pcnt < phnum; ++pcnt)
871 {
872 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
873 if (phdr != NULL && phdr->p_type == PT_TLS)
874 break;
875 }
876
877 if (pcnt == phnum)
878 {
879 if (no_pt_tls++ == 0)
880 ERROR (gettext ("\
881 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
882 idx, section_name (ebl, idx), cnt);
883 }
884 else if (phdr == NULL)
885 {
886 ERROR (gettext ("\
887 section [%2d] '%s': symbol %zu: TLS symbol but couldn't get TLS program header entry\n"),
888 idx, section_name (ebl, idx), cnt);
889 }
890 else if (!is_debuginfo)
891 {
892 if (st_value
893 < destshdr->sh_offset - phdr->p_offset)
894 ERROR (gettext ("\
895 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
896 idx, section_name (ebl, idx), cnt,
897 (int) xndx, section_name (ebl, xndx));
898 else if (st_value
899 > (destshdr->sh_offset - phdr->p_offset
900 + destshdr->sh_size))
901 ERROR (gettext ("\
902 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
903 idx, section_name (ebl, idx), cnt,
904 (int) xndx, section_name (ebl, xndx));
905 else if (st_value + sym->st_size
906 > (destshdr->sh_offset - phdr->p_offset
907 + destshdr->sh_size))
908 ERROR (gettext ("\
909 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
910 idx, section_name (ebl, idx), cnt,
911 (int) xndx, section_name (ebl, xndx));
912 }
913 }
914 }
915 }
916 }
917
918 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
919 {
920 if (cnt >= shdr->sh_info)
921 ERROR (gettext ("\
922 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
923 idx, section_name (ebl, idx), cnt);
924 }
925 else
926 {
927 if (cnt < shdr->sh_info)
928 ERROR (gettext ("\
929 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
930 idx, section_name (ebl, idx), cnt);
931 }
932
933 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
934 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
935 ERROR (gettext ("\
936 section [%2d] '%s': symbol %zu: non-local section symbol\n"),
937 idx, section_name (ebl, idx), cnt);
938
939 if (name != NULL)
940 {
941 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
942 {
943 /* Check that address and size match the global offset table. */
944
945 GElf_Shdr destshdr_mem;
946 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
947 &destshdr_mem);
948
949 if (destshdr == NULL && xndx == SHN_ABS)
950 {
951 /* In a DSO, we have to find the GOT section by name. */
952 Elf_Scn *gotscn = NULL;
953 Elf_Scn *gscn = NULL;
954 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
955 {
956 destshdr = gelf_getshdr (gscn, &destshdr_mem);
957 assert (destshdr != NULL);
958 const char *sname = elf_strptr (ebl->elf,
959 shstrndx,
960 destshdr->sh_name);
961 if (sname != NULL)
962 {
963 if (strcmp (sname, ".got.plt") == 0)
964 break;
965 if (strcmp (sname, ".got") == 0)
966 /* Do not stop looking.
967 There might be a .got.plt section. */
968 gotscn = gscn;
969 }
970
971 destshdr = NULL;
972 }
973
974 if (destshdr == NULL && gotscn != NULL)
975 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
976 }
977
978 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
979 ? NULL
980 : elf_strptr (ebl->elf, shstrndx,
981 destshdr->sh_name));
982 if (sname == NULL)
983 {
984 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
985 ERROR (gettext ("\
986 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
987 bad section [%2d]\n"),
988 idx, section_name (ebl, idx), xndx);
989 }
990 else if (strcmp (sname, ".got.plt") != 0
991 && strcmp (sname, ".got") != 0)
992 ERROR (gettext ("\
993 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
994 section [%2d] '%s'\n"),
995 idx, section_name (ebl, idx), xndx, sname);
996
997 if (destshdr != NULL)
998 {
999 /* Found it. */
1000 if (!ebl_check_special_symbol (ebl, sym, name,
1001 destshdr))
1002 {
1003 if (ehdr->e_type != ET_REL
1004 && sym->st_value != destshdr->sh_addr)
1005 /* This test is more strict than the psABIs which
1006 usually allow the symbol to be in the middle of
1007 the .got section, allowing negative offsets. */
1008 ERROR (gettext ("\
1009 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
1010 idx, section_name (ebl, idx),
1011 (uint64_t) sym->st_value,
1012 sname, (uint64_t) destshdr->sh_addr);
1013
1014 if (!gnuld && sym->st_size != destshdr->sh_size)
1015 ERROR (gettext ("\
1016 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
1017 idx, section_name (ebl, idx),
1018 (uint64_t) sym->st_size,
1019 sname, (uint64_t) destshdr->sh_size);
1020 }
1021 }
1022 else
1023 ERROR (gettext ("\
1024 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
1025 idx, section_name (ebl, idx));
1026 }
1027 else if (strcmp (name, "_DYNAMIC") == 0)
1028 /* Check that address and size match the dynamic section.
1029 We locate the dynamic section via the program header
1030 entry. */
1031 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
1032 {
1033 GElf_Phdr phdr_mem;
1034 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
1035
1036 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
1037 {
1038 if (sym->st_value != phdr->p_vaddr)
1039 ERROR (gettext ("\
1040 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
1041 idx, section_name (ebl, idx),
1042 (uint64_t) sym->st_value,
1043 (uint64_t) phdr->p_vaddr);
1044
1045 if (!gnuld && sym->st_size != phdr->p_memsz)
1046 ERROR (gettext ("\
1047 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1048 idx, section_name (ebl, idx),
1049 (uint64_t) sym->st_size,
1050 (uint64_t) phdr->p_memsz);
1051
1052 break;
1053 }
1054 }
1055 }
1056
1057 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1058 && shdr->sh_type == SHT_DYNSYM)
1059 ERROR (gettext ("\
1060 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"),
1061 idx, section_name (ebl, idx), cnt);
1062 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1063 ERROR (gettext ("\
1064 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"),
1065 idx, section_name (ebl, idx), cnt);
1066
1067 }
1068 }
1069
1070
1071 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1072 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1073 bool is_rela)
1074 {
1075 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1076 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1077 return false;
1078
1079 /* Check the section name. Unfortunately necessary. */
1080 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1081 return false;
1082
1083 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1084 entry can be present as well. */
1085 Elf_Scn *scn = NULL;
1086 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1087 {
1088 GElf_Shdr rcshdr_mem;
1089 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1090
1091 if (rcshdr == NULL)
1092 break;
1093
1094 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize != 0)
1095 {
1096 /* Found the dynamic section. Look through it. */
1097 Elf_Data *d = elf_getdata (scn, NULL);
1098 size_t cnt;
1099
1100 if (d == NULL)
1101 ERROR (gettext ("\
1102 section [%2d] '%s': cannot get section data.\n"),
1103 idx, section_name (ebl, idx));
1104
1105 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1106 {
1107 GElf_Dyn dyn_mem;
1108 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1109
1110 if (dyn == NULL)
1111 break;
1112
1113 if (dyn->d_tag == DT_RELCOUNT)
1114 {
1115 /* Found it. Does the type match. */
1116 if (is_rela)
1117 ERROR (gettext ("\
1118 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1119 idx, section_name (ebl, idx));
1120 else
1121 {
1122 /* Does the number specified number of relative
1123 relocations exceed the total number of
1124 relocations? */
1125 if (shdr->sh_entsize != 0
1126 && dyn->d_un.d_val > (shdr->sh_size
1127 / shdr->sh_entsize))
1128 ERROR (gettext ("\
1129 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1130 idx, section_name (ebl, idx),
1131 (int) dyn->d_un.d_val);
1132
1133 /* Make sure the specified number of relocations are
1134 relative. */
1135 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1136 idx), NULL);
1137 if (reldata != NULL && shdr->sh_entsize != 0)
1138 for (size_t inner = 0;
1139 inner < shdr->sh_size / shdr->sh_entsize;
1140 ++inner)
1141 {
1142 GElf_Rel rel_mem;
1143 GElf_Rel *rel = gelf_getrel (reldata, inner,
1144 &rel_mem);
1145 if (rel == NULL)
1146 /* The problem will be reported elsewhere. */
1147 break;
1148
1149 if (ebl_relative_reloc_p (ebl,
1150 GELF_R_TYPE (rel->r_info)))
1151 {
1152 if (inner >= dyn->d_un.d_val)
1153 ERROR (gettext ("\
1154 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1155 idx, section_name (ebl, idx),
1156 (int) dyn->d_un.d_val);
1157 }
1158 else if (inner < dyn->d_un.d_val)
1159 ERROR (gettext ("\
1160 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1161 idx, section_name (ebl, idx),
1162 inner, (int) dyn->d_un.d_val);
1163 }
1164 }
1165 }
1166
1167 if (dyn->d_tag == DT_RELACOUNT)
1168 {
1169 /* Found it. Does the type match. */
1170 if (!is_rela)
1171 ERROR (gettext ("\
1172 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1173 idx, section_name (ebl, idx));
1174 else
1175 {
1176 /* Does the number specified number of relative
1177 relocations exceed the total number of
1178 relocations? */
1179 if (shdr->sh_entsize != 0
1180 && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1181 ERROR (gettext ("\
1182 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1183 idx, section_name (ebl, idx),
1184 (int) dyn->d_un.d_val);
1185
1186 /* Make sure the specified number of relocations are
1187 relative. */
1188 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1189 idx), NULL);
1190 if (reldata != NULL && shdr->sh_entsize != 0)
1191 for (size_t inner = 0;
1192 inner < shdr->sh_size / shdr->sh_entsize;
1193 ++inner)
1194 {
1195 GElf_Rela rela_mem;
1196 GElf_Rela *rela = gelf_getrela (reldata, inner,
1197 &rela_mem);
1198 if (rela == NULL)
1199 /* The problem will be reported elsewhere. */
1200 break;
1201
1202 if (ebl_relative_reloc_p (ebl,
1203 GELF_R_TYPE (rela->r_info)))
1204 {
1205 if (inner >= dyn->d_un.d_val)
1206 ERROR (gettext ("\
1207 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1208 idx, section_name (ebl, idx),
1209 (int) dyn->d_un.d_val);
1210 }
1211 else if (inner < dyn->d_un.d_val)
1212 ERROR (gettext ("\
1213 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1214 idx, section_name (ebl, idx),
1215 inner, (int) dyn->d_un.d_val);
1216 }
1217 }
1218 }
1219 }
1220
1221 break;
1222 }
1223 }
1224
1225 return true;
1226 }
1227
1228
1229 struct loaded_segment
1230 {
1231 GElf_Addr from;
1232 GElf_Addr to;
1233 bool read_only;
1234 struct loaded_segment *next;
1235 };
1236
1237
1238 /* Check whether binary has text relocation flag set. */
1239 static bool textrel;
1240
1241 /* Keep track of whether text relocation flag is needed. */
1242 static bool needed_textrel;
1243
1244
1245 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1246 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1247 int idx, int reltype, GElf_Shdr **destshdrp,
1248 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1249 {
1250 bool reldyn = false;
1251
1252 /* Check whether the link to the section we relocate is reasonable. */
1253 if (shdr->sh_info >= shnum)
1254 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1255 idx, section_name (ebl, idx));
1256 else if (shdr->sh_info != 0)
1257 {
1258 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1259 destshdr_memp);
1260 if (*destshdrp != NULL)
1261 {
1262 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type))
1263 {
1264 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1265 if (!reldyn)
1266 ERROR (gettext ("\
1267 section [%2d] '%s': invalid destination section type\n"),
1268 idx, section_name (ebl, idx));
1269 else
1270 {
1271 /* There is no standard, but we require that .rel{,a}.dyn
1272 sections have a sh_info value of zero. */
1273 if (shdr->sh_info != 0)
1274 ERROR (gettext ("\
1275 section [%2d] '%s': sh_info should be zero\n"),
1276 idx, section_name (ebl, idx));
1277 }
1278 }
1279
1280 if ((((*destshdrp)->sh_flags & SHF_MERGE) != 0)
1281 && ((*destshdrp)->sh_flags & SHF_STRINGS) != 0)
1282 ERROR (gettext ("\
1283 section [%2d] '%s': no relocations for merge-able string sections possible\n"),
1284 idx, section_name (ebl, idx));
1285 }
1286 }
1287
1288 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1289 if (shdr->sh_entsize != sh_entsize)
1290 ERROR (gettext (reltype == ELF_T_RELA ? "\
1291 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1292 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1293 idx, section_name (ebl, idx));
1294
1295 /* In preparation of checking whether relocations are text
1296 relocations or not we need to determine whether the file is
1297 flagged to have text relocation and we need to determine a) what
1298 the loaded segments are and b) which are read-only. This will
1299 also allow us to determine whether the same reloc section is
1300 modifying loaded and not loaded segments. */
1301 for (unsigned int i = 0; i < phnum; ++i)
1302 {
1303 GElf_Phdr phdr_mem;
1304 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1305 if (phdr == NULL)
1306 continue;
1307
1308 if (phdr->p_type == PT_LOAD)
1309 {
1310 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1311 newp->from = phdr->p_vaddr;
1312 newp->to = phdr->p_vaddr + phdr->p_memsz;
1313 newp->read_only = (phdr->p_flags & PF_W) == 0;
1314 newp->next = *loadedp;
1315 *loadedp = newp;
1316 }
1317 else if (phdr->p_type == PT_DYNAMIC)
1318 {
1319 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1320 GElf_Shdr dynshdr_mem;
1321 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1322 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1323 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1324 && dyndata != NULL && dynshdr->sh_entsize != 0)
1325 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1326 {
1327 GElf_Dyn dyn_mem;
1328 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1329 if (dyn != NULL
1330 && (dyn->d_tag == DT_TEXTREL
1331 || (dyn->d_tag == DT_FLAGS
1332 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1333 {
1334 textrel = true;
1335 break;
1336 }
1337 }
1338 }
1339 }
1340
1341 /* A quick test which can be easily done here (although it is a bit
1342 out of place): the text relocation flag makes only sense if there
1343 is a segment which is not writable. */
1344 if (textrel)
1345 {
1346 struct loaded_segment *seg = *loadedp;
1347 while (seg != NULL && !seg->read_only)
1348 seg = seg->next;
1349 if (seg == NULL)
1350 ERROR (gettext ("\
1351 text relocation flag set but there is no read-only segment\n"));
1352 }
1353
1354 return reldyn;
1355 }
1356
1357
1358 enum load_state
1359 {
1360 state_undecided,
1361 state_loaded,
1362 state_unloaded,
1363 state_error
1364 };
1365
1366
1367 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1368 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1369 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1370 GElf_Addr r_offset, GElf_Xword r_info,
1371 const GElf_Shdr *destshdr, bool reldyn,
1372 struct loaded_segment *loaded, enum load_state *statep)
1373 {
1374 bool known_broken = gnuld;
1375
1376 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1377 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1378 idx, section_name (ebl, idx), cnt);
1379 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1380 /* The executable/DSO can contain relocation sections with
1381 all the relocations the linker has applied. Those sections
1382 are marked non-loaded, though. */
1383 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1384 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1385 ERROR (gettext ("\
1386 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1387 idx, section_name (ebl, idx), cnt);
1388
1389 if (symshdr != NULL
1390 && ((GELF_R_SYM (r_info) + 1)
1391 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1392 > symshdr->sh_size))
1393 ERROR (gettext ("\
1394 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1395 idx, section_name (ebl, idx), cnt);
1396
1397 /* No more tests if this is a no-op relocation. */
1398 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1399 return;
1400
1401 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1402 {
1403 const char *name;
1404 char buf[64];
1405 GElf_Sym sym_mem;
1406 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1407 if (sym != NULL
1408 /* Get the name for the symbol. */
1409 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1410 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1411 ERROR (gettext ("\
1412 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1413 idx, section_name (ebl, idx), cnt,
1414 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1415 buf, sizeof (buf)));
1416 }
1417
1418 if (reldyn)
1419 {
1420 // XXX TODO Check .rel.dyn section addresses.
1421 }
1422 else if (!known_broken)
1423 {
1424 if (destshdr != NULL
1425 && GELF_R_TYPE (r_info) != 0
1426 && (r_offset - (ehdr->e_type == ET_REL ? 0
1427 : destshdr->sh_addr)) >= destshdr->sh_size)
1428 ERROR (gettext ("\
1429 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1430 idx, section_name (ebl, idx), cnt);
1431 }
1432
1433 GElf_Sym sym_mem;
1434 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1435
1436 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1437 /* Make sure the referenced symbol is an object or unspecified. */
1438 && sym != NULL
1439 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1440 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1441 {
1442 char buf[64];
1443 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1444 idx, section_name (ebl, idx), cnt,
1445 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1446 buf, sizeof (buf)));
1447 }
1448
1449 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1450 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1451 {
1452 bool in_loaded_seg = false;
1453 while (loaded != NULL)
1454 {
1455 if (r_offset < loaded->to
1456 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1457 {
1458 /* The symbol is in this segment. */
1459 if (loaded->read_only)
1460 {
1461 if (textrel)
1462 needed_textrel = true;
1463 else
1464 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1465 idx, section_name (ebl, idx), cnt);
1466 }
1467
1468 in_loaded_seg = true;
1469 }
1470
1471 loaded = loaded->next;
1472 }
1473
1474 if (*statep == state_undecided)
1475 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1476 else if ((*statep == state_unloaded && in_loaded_seg)
1477 || (*statep == state_loaded && !in_loaded_seg))
1478 {
1479 ERROR (gettext ("\
1480 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1481 idx, section_name (ebl, idx));
1482 *statep = state_error;
1483 }
1484 }
1485 }
1486
1487
1488 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1489 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1490 {
1491 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1492 if (data == NULL)
1493 {
1494 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1495 idx, section_name (ebl, idx));
1496 return;
1497 }
1498
1499 /* Check the fields of the section header. */
1500 GElf_Shdr destshdr_mem;
1501 GElf_Shdr *destshdr = NULL;
1502 struct loaded_segment *loaded = NULL;
1503 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1504 &destshdr_mem, &loaded);
1505
1506 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1507 GElf_Shdr symshdr_mem;
1508 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1509 Elf_Data *symdata = elf_getdata (symscn, NULL);
1510 enum load_state state = state_undecided;
1511
1512 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1513 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1514 {
1515 GElf_Rela rela_mem;
1516 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1517 if (rela == NULL)
1518 {
1519 ERROR (gettext ("\
1520 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1521 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1522 continue;
1523 }
1524
1525 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1526 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1527 &state);
1528 }
1529
1530 while (loaded != NULL)
1531 {
1532 struct loaded_segment *old = loaded;
1533 loaded = loaded->next;
1534 free (old);
1535 }
1536 }
1537
1538
1539 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1540 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1541 {
1542 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1543 if (data == NULL)
1544 {
1545 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1546 idx, section_name (ebl, idx));
1547 return;
1548 }
1549
1550 /* Check the fields of the section header. */
1551 GElf_Shdr destshdr_mem;
1552 GElf_Shdr *destshdr = NULL;
1553 struct loaded_segment *loaded = NULL;
1554 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1555 &destshdr_mem, &loaded);
1556
1557 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1558 GElf_Shdr symshdr_mem;
1559 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1560 Elf_Data *symdata = elf_getdata (symscn, NULL);
1561 enum load_state state = state_undecided;
1562
1563 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1564 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1565 {
1566 GElf_Rel rel_mem;
1567 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1568 if (rel == NULL)
1569 {
1570 ERROR (gettext ("\
1571 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1572 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1573 continue;
1574 }
1575
1576 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1577 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1578 &state);
1579 }
1580
1581 while (loaded != NULL)
1582 {
1583 struct loaded_segment *old = loaded;
1584 loaded = loaded->next;
1585 free (old);
1586 }
1587 }
1588
1589
1590 /* Number of dynamic sections. */
1591 static int ndynamic;
1592
1593
1594 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1595 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1596 {
1597 Elf_Data *data;
1598 GElf_Shdr strshdr_mem;
1599 GElf_Shdr *strshdr;
1600 size_t cnt;
1601 static const bool dependencies[DT_NUM][DT_NUM] =
1602 {
1603 [DT_NEEDED] = { [DT_STRTAB] = true },
1604 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1605 [DT_HASH] = { [DT_SYMTAB] = true },
1606 [DT_STRTAB] = { [DT_STRSZ] = true },
1607 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1608 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1609 [DT_RELASZ] = { [DT_RELA] = true },
1610 [DT_RELAENT] = { [DT_RELA] = true },
1611 [DT_STRSZ] = { [DT_STRTAB] = true },
1612 [DT_SYMENT] = { [DT_SYMTAB] = true },
1613 [DT_SONAME] = { [DT_STRTAB] = true },
1614 [DT_RPATH] = { [DT_STRTAB] = true },
1615 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1616 [DT_RELSZ] = { [DT_REL] = true },
1617 [DT_RELENT] = { [DT_REL] = true },
1618 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1619 [DT_RUNPATH] = { [DT_STRTAB] = true },
1620 [DT_PLTREL] = { [DT_JMPREL] = true },
1621 };
1622 bool has_dt[DT_NUM];
1623 bool has_val_dt[DT_VALNUM];
1624 bool has_addr_dt[DT_ADDRNUM];
1625 static const bool level2[DT_NUM] =
1626 {
1627 [DT_RPATH] = true,
1628 [DT_SYMBOLIC] = true,
1629 [DT_TEXTREL] = true,
1630 [DT_BIND_NOW] = true
1631 };
1632 static const bool mandatory[DT_NUM] =
1633 {
1634 [DT_NULL] = true,
1635 [DT_STRTAB] = true,
1636 [DT_SYMTAB] = true,
1637 [DT_STRSZ] = true,
1638 [DT_SYMENT] = true
1639 };
1640
1641 memset (has_dt, '\0', sizeof (has_dt));
1642 memset (has_val_dt, '\0', sizeof (has_val_dt));
1643 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1644
1645 if (++ndynamic == 2)
1646 ERROR (gettext ("more than one dynamic section present\n"));
1647
1648 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1649 if (data == NULL)
1650 {
1651 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1652 idx, section_name (ebl, idx));
1653 return;
1654 }
1655
1656 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1657 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1658 ERROR (gettext ("\
1659 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1660 shdr->sh_link, section_name (ebl, shdr->sh_link),
1661 idx, section_name (ebl, idx));
1662 else if (strshdr == NULL)
1663 {
1664 ERROR (gettext ("\
1665 section [%2d]: referenced as string table for section [%2d] '%s' but section link value is invalid\n"),
1666 shdr->sh_link, idx, section_name (ebl, idx));
1667 return;
1668 }
1669
1670 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1671 if (shdr->sh_entsize != sh_entsize)
1672 ERROR (gettext ("\
1673 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1674 idx, section_name (ebl, idx));
1675
1676 if (shdr->sh_info != 0)
1677 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1678 idx, section_name (ebl, idx));
1679
1680 bool non_null_warned = false;
1681 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1682 {
1683 GElf_Dyn dyn_mem;
1684 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1685 if (dyn == NULL)
1686 {
1687 ERROR (gettext ("\
1688 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1689 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1690 continue;
1691 }
1692
1693 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1694 {
1695 ERROR (gettext ("\
1696 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1697 idx, section_name (ebl, idx));
1698 non_null_warned = true;
1699 }
1700
1701 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1702 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
1703 idx, section_name (ebl, idx), cnt);
1704
1705 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1706 {
1707 if (has_dt[dyn->d_tag]
1708 && dyn->d_tag != DT_NEEDED
1709 && dyn->d_tag != DT_NULL
1710 && dyn->d_tag != DT_POSFLAG_1)
1711 {
1712 char buf[50];
1713 ERROR (gettext ("\
1714 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1715 idx, section_name (ebl, idx), cnt,
1716 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1717 buf, sizeof (buf)));
1718 }
1719
1720 if (be_strict && level2[dyn->d_tag])
1721 {
1722 char buf[50];
1723 ERROR (gettext ("\
1724 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1725 idx, section_name (ebl, idx), cnt,
1726 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1727 buf, sizeof (buf)));
1728 }
1729
1730 has_dt[dyn->d_tag] = true;
1731 }
1732 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_VALRNGHI
1733 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1734 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1735 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_ADDRRNGHI
1736 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1737 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1738
1739 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1740 && dyn->d_un.d_val != DT_RELA)
1741 ERROR (gettext ("\
1742 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1743 idx, section_name (ebl, idx), cnt);
1744
1745 /* Check that addresses for entries are in loaded segments. */
1746 switch (dyn->d_tag)
1747 {
1748 size_t n;
1749 case DT_STRTAB:
1750 /* We require the referenced section is the same as the one
1751 specified in sh_link. */
1752 if (strshdr->sh_addr != dyn->d_un.d_val)
1753 {
1754 ERROR (gettext ("\
1755 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1756 idx, section_name (ebl, idx), cnt,
1757 shdr->sh_link, section_name (ebl, shdr->sh_link));
1758 break;
1759 }
1760 goto check_addr;
1761
1762 default:
1763 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1764 /* Value is no pointer. */
1765 break;
1766 FALLTHROUGH;
1767
1768 case DT_AUXILIARY:
1769 case DT_FILTER:
1770 case DT_FINI:
1771 case DT_FINI_ARRAY:
1772 case DT_HASH:
1773 case DT_INIT:
1774 case DT_INIT_ARRAY:
1775 case DT_JMPREL:
1776 case DT_PLTGOT:
1777 case DT_REL:
1778 case DT_RELA:
1779 case DT_SYMBOLIC:
1780 case DT_SYMTAB:
1781 case DT_VERDEF:
1782 case DT_VERNEED:
1783 case DT_VERSYM:
1784 check_addr:
1785 for (n = 0; n < phnum; ++n)
1786 {
1787 GElf_Phdr phdr_mem;
1788 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1789 if (phdr != NULL && phdr->p_type == PT_LOAD
1790 && phdr->p_vaddr <= dyn->d_un.d_ptr
1791 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1792 break;
1793 }
1794 if (unlikely (n >= phnum))
1795 {
1796 char buf[50];
1797 ERROR (gettext ("\
1798 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1799 idx, section_name (ebl, idx), cnt,
1800 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1801 sizeof (buf)));
1802 }
1803 break;
1804
1805 case DT_NEEDED:
1806 case DT_RPATH:
1807 case DT_RUNPATH:
1808 case DT_SONAME:
1809 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1810 {
1811 char buf[50];
1812 ERROR (gettext ("\
1813 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1814 idx, section_name (ebl, idx), cnt,
1815 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1816 sizeof (buf)),
1817 shdr->sh_link, section_name (ebl, shdr->sh_link));
1818 }
1819 break;
1820 }
1821 }
1822
1823 for (cnt = 1; cnt < DT_NUM; ++cnt)
1824 if (has_dt[cnt])
1825 {
1826 for (int inner = 0; inner < DT_NUM; ++inner)
1827 if (dependencies[cnt][inner] && ! has_dt[inner])
1828 {
1829 char buf1[50];
1830 char buf2[50];
1831
1832 ERROR (gettext ("\
1833 section [%2d] '%s': contains %s entry but not %s\n"),
1834 idx, section_name (ebl, idx),
1835 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1836 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1837 }
1838 }
1839 else
1840 {
1841 if (mandatory[cnt])
1842 {
1843 char buf[50];
1844 ERROR (gettext ("\
1845 section [%2d] '%s': mandatory tag %s not present\n"),
1846 idx, section_name (ebl, idx),
1847 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1848 }
1849 }
1850
1851 /* Make sure we have an hash table. */
1852 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1853 ERROR (gettext ("\
1854 section [%2d] '%s': no hash section present\n"),
1855 idx, section_name (ebl, idx));
1856
1857 /* The GNU-style hash table also needs a symbol table. */
1858 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1859 && !has_dt[DT_SYMTAB])
1860 ERROR (gettext ("\
1861 section [%2d] '%s': contains %s entry but not %s\n"),
1862 idx, section_name (ebl, idx),
1863 "DT_GNU_HASH", "DT_SYMTAB");
1864
1865 /* Check the rel/rela tags. At least one group must be available. */
1866 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1867 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1868 ERROR (gettext ("\
1869 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1870 idx, section_name (ebl, idx),
1871 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1872
1873 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1874 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1875 ERROR (gettext ("\
1876 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1877 idx, section_name (ebl, idx),
1878 "DT_REL", "DT_RELSZ", "DT_RELENT");
1879
1880 /* Check that all prelink sections are present if any of them is. */
1881 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1882 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1883 {
1884 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1885 ERROR (gettext ("\
1886 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1887 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1888 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1889 ERROR (gettext ("\
1890 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1891 idx, section_name (ebl, idx), "DT_CHECKSUM");
1892
1893 /* Only DSOs can be marked like this. */
1894 if (ehdr->e_type != ET_DYN)
1895 ERROR (gettext ("\
1896 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1897 idx, section_name (ebl, idx));
1898 }
1899
1900 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1901 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1902 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1903 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1904 {
1905 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1906 ERROR (gettext ("\
1907 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1908 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1909 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1910 ERROR (gettext ("\
1911 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1912 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1913 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1914 ERROR (gettext ("\
1915 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1916 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1917 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1918 ERROR (gettext ("\
1919 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1920 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1921 }
1922 }
1923
1924
1925 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1926 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1927 {
1928 if (ehdr->e_type != ET_REL)
1929 {
1930 ERROR (gettext ("\
1931 section [%2d] '%s': only relocatable files can have extended section index\n"),
1932 idx, section_name (ebl, idx));
1933 return;
1934 }
1935
1936 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1937 GElf_Shdr symshdr_mem;
1938 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1939 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1940 ERROR (gettext ("\
1941 section [%2d] '%s': extended section index section not for symbol table\n"),
1942 idx, section_name (ebl, idx));
1943 else if (symshdr == NULL)
1944 ERROR (gettext ("\
1945 section [%2d] '%s': sh_link extended section index [%2d] is invalid\n"),
1946 idx, section_name (ebl, idx), shdr->sh_link);
1947 Elf_Data *symdata = elf_getdata (symscn, NULL);
1948 if (symdata == NULL)
1949 ERROR (gettext ("cannot get data for symbol section\n"));
1950
1951 if (shdr->sh_entsize != sizeof (Elf32_Word))
1952 ERROR (gettext ("\
1953 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1954 idx, section_name (ebl, idx));
1955
1956 if (symshdr != NULL
1957 && shdr->sh_entsize != 0
1958 && symshdr->sh_entsize != 0
1959 && (shdr->sh_size / shdr->sh_entsize
1960 < symshdr->sh_size / symshdr->sh_entsize))
1961 ERROR (gettext ("\
1962 section [%2d] '%s': extended index table too small for symbol table\n"),
1963 idx, section_name (ebl, idx));
1964
1965 if (shdr->sh_info != 0)
1966 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1967 idx, section_name (ebl, idx));
1968
1969 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
1970 {
1971 GElf_Shdr rshdr_mem;
1972 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1973 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1974 && rshdr->sh_link == shdr->sh_link)
1975 {
1976 ERROR (gettext ("\
1977 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1978 idx, section_name (ebl, idx),
1979 cnt, section_name (ebl, cnt));
1980 break;
1981 }
1982 }
1983
1984 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1985 if (data == NULL || data->d_buf == NULL)
1986 {
1987 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1988 idx, section_name (ebl, idx));
1989 return;
1990 }
1991
1992 if (data->d_size < sizeof (Elf32_Word)
1993 || *((Elf32_Word *) data->d_buf) != 0)
1994 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1995
1996 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
1997 {
1998 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
1999
2000 if (xndx != 0)
2001 {
2002 GElf_Sym sym_data;
2003 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
2004 if (sym == NULL)
2005 {
2006 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
2007 continue;
2008 }
2009
2010 if (sym->st_shndx != SHN_XINDEX)
2011 ERROR (gettext ("\
2012 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
2013 (uint32_t) xndx);
2014 }
2015 }
2016 }
2017
2018
2019 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2020 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2021 GElf_Shdr *symshdr)
2022 {
2023 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
2024 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
2025
2026 if (shdr->sh_size < (2ULL + nbucket + nchain) * sizeof (Elf32_Word))
2027 {
2028 ERROR (gettext ("\
2029 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2030 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2031 (long int) ((2 + nbucket + nchain) * sizeof (Elf32_Word)));
2032 return;
2033 }
2034
2035 size_t maxidx = nchain;
2036
2037 if (symshdr != NULL && symshdr->sh_entsize != 0)
2038 {
2039 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2040
2041 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2042 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
2043 idx, section_name (ebl, idx));
2044
2045 maxidx = symsize;
2046 }
2047
2048 Elf32_Word *buf = (Elf32_Word *) data->d_buf;
2049 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
2050 size_t cnt;
2051 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2052 {
2053 if (buf + cnt >= end)
2054 break;
2055 else if (buf[cnt] >= maxidx)
2056 ERROR (gettext ("\
2057 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2058 idx, section_name (ebl, idx), cnt - 2);
2059 }
2060
2061 for (; cnt < 2 + nbucket + nchain; ++cnt)
2062 {
2063 if (buf + cnt >= end)
2064 break;
2065 else if (buf[cnt] >= maxidx)
2066 ERROR (gettext ("\
2067 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
2068 idx, section_name (ebl, idx), cnt - 2 - nbucket);
2069 }
2070 }
2071
2072
2073 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2074 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2075 GElf_Shdr *symshdr)
2076 {
2077 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
2078 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
2079
2080 uint64_t maxwords = shdr->sh_size / sizeof (Elf64_Xword);
2081 if (maxwords < 2
2082 || maxwords - 2 < nbucket
2083 || maxwords - 2 - nbucket < nchain)
2084 {
2085 ERROR (gettext ("\
2086 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2087 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2088 (long int) ((2 + nbucket + nchain) * sizeof (Elf64_Xword)));
2089 return;
2090 }
2091
2092 size_t maxidx = nchain;
2093
2094 if (symshdr != NULL && symshdr->sh_entsize != 0)
2095 {
2096 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2097
2098 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2099 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
2100 idx, section_name (ebl, idx));
2101
2102 maxidx = symsize;
2103 }
2104
2105 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
2106 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
2107 size_t cnt;
2108 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2109 {
2110 if (buf + cnt >= end)
2111 break;
2112 else if (buf[cnt] >= maxidx)
2113 ERROR (gettext ("\
2114 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2115 idx, section_name (ebl, idx), cnt - 2);
2116 }
2117
2118 for (; cnt < 2 + nbucket + nchain; ++cnt)
2119 {
2120 if (buf + cnt >= end)
2121 break;
2122 else if (buf[cnt] >= maxidx)
2123 ERROR (gettext ("\
2124 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2125 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
2126 }
2127 }
2128
2129
2130 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2131 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2132 GElf_Shdr *symshdr)
2133 {
2134 if (data->d_size < 4 * sizeof (Elf32_Word))
2135 {
2136 ERROR (gettext ("\
2137 section [%2d] '%s': not enough data\n"),
2138 idx, section_name (ebl, idx));
2139 return;
2140 }
2141
2142 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2143 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2144 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2145
2146 if (bitmask_words == 0 || !powerof2 (bitmask_words))
2147 {
2148 ERROR (gettext ("\
2149 section [%2d] '%s': bitmask size zero or not power of 2: %u\n"),
2150 idx, section_name (ebl, idx), bitmask_words);
2151 return;
2152 }
2153
2154 size_t bitmask_idxmask = bitmask_words - 1;
2155 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2156 bitmask_words *= 2;
2157 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2158
2159 /* Is there still room for the sym chain?
2160 Use uint64_t calculation to prevent 32bit overlow. */
2161 uint64_t used_buf = (4ULL + bitmask_words + nbuckets) * sizeof (Elf32_Word);
2162 if (used_buf > data->d_size)
2163 {
2164 ERROR (gettext ("\
2165 section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
2166 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2167 (long int) used_buf);
2168 return;
2169 }
2170
2171 if (shift > 31)
2172 {
2173 ERROR (gettext ("\
2174 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2175 idx, section_name (ebl, idx), shift);
2176 return;
2177 }
2178
2179 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2180 + nbuckets);
2181
2182 if (symshdr != NULL && symshdr->sh_entsize != 0)
2183 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2184
2185 /* We need the symbol section data. */
2186 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2187
2188 union
2189 {
2190 Elf32_Word *p32;
2191 Elf64_Xword *p64;
2192 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2193 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2194
2195 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2196
2197 size_t cnt;
2198 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2199 {
2200 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2201
2202 if (symidx == 0)
2203 continue;
2204
2205 if (symidx < symbias)
2206 {
2207 ERROR (gettext ("\
2208 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2209 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2210 continue;
2211 }
2212
2213 while (symidx - symbias < maxidx)
2214 {
2215 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2216 + bitmask_words
2217 + nbuckets
2218 + symidx
2219 - symbias];
2220
2221 if (symdata != NULL)
2222 {
2223 /* Check that the referenced symbol is not undefined. */
2224 GElf_Sym sym_mem;
2225 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2226 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2227 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2228 ERROR (gettext ("\
2229 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2230 idx, section_name (ebl, idx), symidx,
2231 cnt - (4 + bitmask_words));
2232
2233 const char *symname = (sym != NULL
2234 ? elf_strptr (ebl->elf, symshdr->sh_link,
2235 sym->st_name)
2236 : NULL);
2237 if (symname != NULL)
2238 {
2239 Elf32_Word hval = elf_gnu_hash (symname);
2240 if ((hval & ~1u) != (chainhash & ~1u))
2241 ERROR (gettext ("\
2242 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2243 idx, section_name (ebl, idx), symidx,
2244 cnt - (4 + bitmask_words));
2245
2246 /* Set the bits in the bitmask. */
2247 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2248 if (maskidx >= bitmask_words)
2249 {
2250 ERROR (gettext ("\
2251 section [%2d] '%s': mask index for symbol %u in chain for bucket %zu wrong\n"),
2252 idx, section_name (ebl, idx), symidx,
2253 cnt - (4 + bitmask_words));
2254 return;
2255 }
2256 if (classbits == 32)
2257 {
2258 collected.p32[maskidx]
2259 |= UINT32_C (1) << (hval & (classbits - 1));
2260 collected.p32[maskidx]
2261 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2262 }
2263 else
2264 {
2265 collected.p64[maskidx]
2266 |= UINT64_C (1) << (hval & (classbits - 1));
2267 collected.p64[maskidx]
2268 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2269 }
2270 }
2271 }
2272
2273 if ((chainhash & 1) != 0)
2274 break;
2275
2276 ++symidx;
2277 }
2278
2279 if (symidx - symbias >= maxidx)
2280 ERROR (gettext ("\
2281 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2282 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2283 else if (symshdr != NULL && symshdr->sh_entsize != 0
2284 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2285 ERROR (gettext ("\
2286 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2287 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2288 }
2289
2290 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2291 ERROR (gettext ("\
2292 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2293 idx, section_name (ebl, idx));
2294
2295 free (collected.p32);
2296 }
2297
2298
2299 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2300 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2301 {
2302 if (ehdr->e_type == ET_REL)
2303 {
2304 ERROR (gettext ("\
2305 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2306 idx, section_name (ebl, idx));
2307 return;
2308 }
2309
2310 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2311 if (data == NULL || data->d_buf == NULL)
2312 {
2313 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2314 idx, section_name (ebl, idx));
2315 return;
2316 }
2317
2318 GElf_Shdr symshdr_mem;
2319 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2320 &symshdr_mem);
2321 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2322 ERROR (gettext ("\
2323 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2324 idx, section_name (ebl, idx));
2325 else if (symshdr == NULL)
2326 ERROR (gettext ("\
2327 section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"),
2328 idx, section_name (ebl, idx), shdr->sh_link);
2329
2330 size_t expect_entsize = (tag == SHT_GNU_HASH
2331 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2332 ? sizeof (Elf32_Word) : 0)
2333 : (size_t) ebl_sysvhash_entrysize (ebl));
2334
2335 if (shdr->sh_entsize != expect_entsize)
2336 ERROR (gettext ("\
2337 section [%2d] '%s': hash table entry size incorrect\n"),
2338 idx, section_name (ebl, idx));
2339
2340 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2341 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
2342 idx, section_name (ebl, idx));
2343
2344 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (expect_entsize ?: 4))
2345 {
2346 ERROR (gettext ("\
2347 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2348 idx, section_name (ebl, idx));
2349 return;
2350 }
2351
2352 switch (tag)
2353 {
2354 case SHT_HASH:
2355 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2356 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2357 else
2358 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2359 break;
2360
2361 case SHT_GNU_HASH:
2362 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2363 break;
2364
2365 default:
2366 assert (! "should not happen");
2367 }
2368 }
2369
2370
2371 /* Compare content of both hash tables, it must be identical. */
2372 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2373 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2374 size_t gnu_hash_idx)
2375 {
2376 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2377 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2378 GElf_Shdr hash_shdr_mem;
2379 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2380 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2381 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2382 GElf_Shdr gnu_hash_shdr_mem;
2383 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2384
2385 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2386 || hash_data == NULL || hash_data->d_buf == NULL
2387 || gnu_hash_data == NULL || gnu_hash_data->d_buf == NULL)
2388 /* None of these pointers should be NULL since we used the
2389 sections already. We are careful nonetheless. */
2390 return;
2391
2392 /* The link must point to the same symbol table. */
2393 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2394 {
2395 ERROR (gettext ("\
2396 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2397 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2398 gnu_hash_idx,
2399 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2400 return;
2401 }
2402
2403 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2404 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2405 GElf_Shdr sym_shdr_mem;
2406 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2407
2408 if (sym_data == NULL || sym_data->d_buf == NULL
2409 || sym_shdr == NULL || sym_shdr->sh_entsize == 0)
2410 return;
2411
2412 const char *hash_name;
2413 const char *gnu_hash_name;
2414 hash_name = elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name);
2415 gnu_hash_name = elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name);
2416
2417 if (gnu_hash_data->d_size < 4 * sizeof (Elf32_Word))
2418 {
2419 ERROR (gettext ("\
2420 hash section [%2zu] '%s' does not contain enough data\n"),
2421 gnu_hash_idx, gnu_hash_name);
2422 return;
2423 }
2424
2425 uint32_t nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2426 char *used = alloca (nentries);
2427 memset (used, '\0', nentries);
2428
2429 /* First go over the GNU_HASH table and mark the entries as used. */
2430 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2431 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2432 Elf32_Word gnu_symbias = gnu_hasharr[1];
2433 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2434 const Elf32_Word *gnu_bucket = (gnu_hasharr
2435 + (4 + gnu_hasharr[2] * bitmap_factor));
2436 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0];
2437
2438 if (gnu_hasharr[2] == 0)
2439 {
2440 ERROR (gettext ("\
2441 hash section [%2zu] '%s' has zero bit mask words\n"),
2442 gnu_hash_idx, gnu_hash_name);
2443 return;
2444 }
2445
2446 uint64_t used_buf = ((4ULL + gnu_hasharr[2] * bitmap_factor + gnu_nbucket)
2447 * sizeof (Elf32_Word));
2448 uint32_t max_nsyms = (gnu_hash_data->d_size - used_buf) / sizeof (Elf32_Word);
2449 if (used_buf > gnu_hash_data->d_size)
2450 {
2451 ERROR (gettext ("\
2452 hash section [%2zu] '%s' uses too much data\n"),
2453 gnu_hash_idx, gnu_hash_name);
2454 return;
2455 }
2456
2457 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2458 {
2459 if (gnu_bucket[cnt] != STN_UNDEF)
2460 {
2461 Elf32_Word symidx = gnu_bucket[cnt] - gnu_symbias;
2462 do
2463 {
2464 if (symidx >= max_nsyms || symidx + gnu_symbias >= nentries)
2465 {
2466 ERROR (gettext ("\
2467 hash section [%2zu] '%s' invalid symbol index %" PRIu32 " (max_nsyms: %" PRIu32 ", nentries: %" PRIu32 "\n"),
2468 gnu_hash_idx, gnu_hash_name, symidx, max_nsyms, nentries);
2469 return;
2470 }
2471 used[symidx + gnu_symbias] |= 1;
2472 }
2473 while ((gnu_chain[symidx++] & 1u) == 0);
2474 }
2475 }
2476
2477 /* Now go over the old hash table and check that we cover the same
2478 entries. */
2479 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2480 {
2481 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2482 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2483 {
2484 ERROR (gettext ("\
2485 hash section [%2zu] '%s' does not contain enough data\n"),
2486 hash_idx, hash_name);
2487 return;
2488 }
2489
2490 Elf32_Word nbucket = hasharr[0];
2491 Elf32_Word nchain = hasharr[1];
2492 uint64_t hash_used = (2ULL + nchain + nbucket) * sizeof (Elf32_Word);
2493 if (hash_used > hash_data->d_size)
2494 {
2495 ERROR (gettext ("\
2496 hash section [%2zu] '%s' uses too much data\n"),
2497 hash_idx, hash_name);
2498 return;
2499 }
2500
2501 const Elf32_Word *bucket = &hasharr[2];
2502 const Elf32_Word *chain = &hasharr[2 + nbucket];
2503
2504 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2505 {
2506 Elf32_Word symidx = bucket[cnt];
2507 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2508 {
2509 used[symidx] |= 2;
2510 symidx = chain[symidx];
2511 }
2512 }
2513 }
2514 else if (hash_shdr->sh_entsize == sizeof (Elf64_Xword))
2515 {
2516 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2517 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2518 {
2519 ERROR (gettext ("\
2520 hash section [%2zu] '%s' does not contain enough data\n"),
2521 hash_idx, hash_name);
2522 return;
2523 }
2524
2525 Elf64_Xword nbucket = hasharr[0];
2526 Elf64_Xword nchain = hasharr[1];
2527 uint64_t maxwords = hash_data->d_size / sizeof (Elf64_Xword);
2528 if (maxwords < 2
2529 || maxwords - 2 < nbucket
2530 || maxwords - 2 - nbucket < nchain)
2531 {
2532 ERROR (gettext ("\
2533 hash section [%2zu] '%s' uses too much data\n"),
2534 hash_idx, hash_name);
2535 return;
2536 }
2537
2538 const Elf64_Xword *bucket = &hasharr[2];
2539 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2540
2541 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2542 {
2543 Elf64_Xword symidx = bucket[cnt];
2544 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2545 {
2546 used[symidx] |= 2;
2547 symidx = chain[symidx];
2548 }
2549 }
2550 }
2551 else
2552 {
2553 ERROR (gettext ("\
2554 hash section [%2zu] '%s' invalid sh_entsize\n"),
2555 hash_idx, hash_name);
2556 return;
2557 }
2558
2559 /* Now see which entries are not set in one or both hash tables
2560 (unless the symbol is undefined in which case it can be omitted
2561 in the new table format). */
2562 if ((used[0] & 1) != 0)
2563 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2564 gnu_hash_idx,
2565 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2566 if ((used[0] & 2) != 0)
2567 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2568 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2569
2570 for (uint32_t cnt = 1; cnt < nentries; ++cnt)
2571 if (used[cnt] != 0 && used[cnt] != 3)
2572 {
2573 if (used[cnt] == 1)
2574 ERROR (gettext ("\
2575 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2576 cnt, gnu_hash_idx,
2577 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2578 hash_idx,
2579 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2580 else
2581 {
2582 GElf_Sym sym_mem;
2583 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2584
2585 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2586 ERROR (gettext ("\
2587 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2588 cnt, hash_idx,
2589 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2590 gnu_hash_idx,
2591 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2592 }
2593 }
2594 }
2595
2596
2597 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2598 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2599 {
2600 #define TEST(name, extra) \
2601 if (extra && shdr->sh_##name != 0) \
2602 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2603 idx, section_name (ebl, idx), #name)
2604
2605 TEST (name, 1);
2606 TEST (flags, 1);
2607 TEST (addr, 1);
2608 TEST (offset, 1);
2609 TEST (size, idx != 0);
2610 TEST (link, idx != 0);
2611 TEST (info, 1);
2612 TEST (addralign, 1);
2613 TEST (entsize, 1);
2614 }
2615
2616
2617 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2618 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2619 {
2620 if (ehdr->e_type != ET_REL)
2621 {
2622 ERROR (gettext ("\
2623 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2624 idx, section_name (ebl, idx));
2625 return;
2626 }
2627
2628 /* Check that sh_link is an index of a symbol table. */
2629 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2630 GElf_Shdr symshdr_mem;
2631 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2632 if (symshdr == NULL)
2633 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
2634 idx, section_name (ebl, idx), elf_errmsg (-1));
2635 else
2636 {
2637 if (symshdr->sh_type != SHT_SYMTAB)
2638 ERROR (gettext ("\
2639 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2640 idx, section_name (ebl, idx));
2641
2642 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2643 1, EV_CURRENT))
2644 ERROR (gettext ("\
2645 section [%2d] '%s': invalid symbol index in sh_info\n"),
2646 idx, section_name (ebl, idx));
2647
2648 if (shdr->sh_flags != 0)
2649 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
2650 idx, section_name (ebl, idx));
2651
2652 GElf_Sym sym_data;
2653 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2654 &sym_data);
2655 if (sym == NULL)
2656 ERROR (gettext ("\
2657 section [%2d] '%s': cannot get symbol for signature\n"),
2658 idx, section_name (ebl, idx));
2659 else if (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name) == NULL)
2660 ERROR (gettext ("\
2661 section [%2d] '%s': cannot get symbol name for signature\n"),
2662 idx, section_name (ebl, idx));
2663 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2664 "") == 0)
2665 ERROR (gettext ("\
2666 section [%2d] '%s': signature symbol cannot be empty string\n"),
2667 idx, section_name (ebl, idx));
2668
2669 if (be_strict
2670 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2671 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
2672 idx, section_name (ebl, idx));
2673 }
2674
2675 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2676 if (data == NULL || data->d_buf == NULL)
2677 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
2678 idx, section_name (ebl, idx), elf_errmsg (-1));
2679 else
2680 {
2681 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2682 size_t cnt;
2683 Elf32_Word val;
2684
2685 if (data->d_size % elsize != 0)
2686 ERROR (gettext ("\
2687 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2688 idx, section_name (ebl, idx));
2689
2690 if (data->d_size < elsize)
2691 {
2692 ERROR (gettext ("\
2693 section [%2d] '%s': section group without flags word\n"),
2694 idx, section_name (ebl, idx));
2695 return;
2696 }
2697 else if (be_strict)
2698 {
2699 if (data->d_size < 2 * elsize)
2700 ERROR (gettext ("\
2701 section [%2d] '%s': section group without member\n"),
2702 idx, section_name (ebl, idx));
2703 else if (data->d_size < 3 * elsize)
2704 ERROR (gettext ("\
2705 section [%2d] '%s': section group with only one member\n"),
2706 idx, section_name (ebl, idx));
2707 }
2708
2709 #if ALLOW_UNALIGNED
2710 val = *((Elf32_Word *) data->d_buf);
2711 #else
2712 memcpy (&val, data->d_buf, elsize);
2713 #endif
2714 if ((val & ~GRP_COMDAT) != 0)
2715 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
2716 idx, section_name (ebl, idx));
2717
2718 for (cnt = elsize; cnt + elsize <= data->d_size; cnt += elsize)
2719 {
2720 #if ALLOW_UNALIGNED
2721 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2722 #else
2723 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2724 #endif
2725
2726 if (val > shnum)
2727 ERROR (gettext ("\
2728 section [%2d] '%s': section index %zu out of range\n"),
2729 idx, section_name (ebl, idx), cnt / elsize);
2730 else
2731 {
2732 GElf_Shdr refshdr_mem;
2733 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2734 &refshdr_mem);
2735 if (refshdr == NULL)
2736 ERROR (gettext ("\
2737 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2738 idx, section_name (ebl, idx), cnt / elsize,
2739 elf_errmsg (-1));
2740 else
2741 {
2742 if (refshdr->sh_type == SHT_GROUP)
2743 ERROR (gettext ("\
2744 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2745 idx, section_name (ebl, idx),
2746 val, section_name (ebl, val));
2747
2748 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2749 ERROR (gettext ("\
2750 section [%2d] '%s': element %zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2751 idx, section_name (ebl, idx), cnt / elsize,
2752 val, section_name (ebl, val));
2753 }
2754
2755 if (val < shnum && ++scnref[val] == 2)
2756 ERROR (gettext ("\
2757 section [%2d] '%s' is contained in more than one section group\n"),
2758 val, section_name (ebl, val));
2759 }
2760 }
2761 }
2762 }
2763
2764
2765 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2766 section_flags_string (GElf_Word flags, char *buf, size_t len)
2767 {
2768 if (flags == 0)
2769 return "none";
2770
2771 static const struct
2772 {
2773 GElf_Word flag;
2774 const char *name;
2775 } known_flags[] =
2776 {
2777 #define NEWFLAG(name) { SHF_##name, #name }
2778 NEWFLAG (WRITE),
2779 NEWFLAG (ALLOC),
2780 NEWFLAG (EXECINSTR),
2781 NEWFLAG (MERGE),
2782 NEWFLAG (STRINGS),
2783 NEWFLAG (INFO_LINK),
2784 NEWFLAG (LINK_ORDER),
2785 NEWFLAG (OS_NONCONFORMING),
2786 NEWFLAG (GROUP),
2787 NEWFLAG (TLS),
2788 NEWFLAG (COMPRESSED)
2789 };
2790 #undef NEWFLAG
2791 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2792
2793 char *cp = buf;
2794
2795 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2796 if (flags & known_flags[cnt].flag)
2797 {
2798 if (cp != buf && len > 1)
2799 {
2800 *cp++ = '|';
2801 --len;
2802 }
2803
2804 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2805 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2806 len -= ncopy;
2807
2808 flags ^= known_flags[cnt].flag;
2809 }
2810
2811 if (flags != 0 || cp == buf)
2812 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
2813
2814 *cp = '\0';
2815
2816 return buf;
2817 }
2818
2819
2820 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2821 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2822 {
2823 /* First find the relocation section for the symbol table. */
2824 Elf_Scn *scn = NULL;
2825 GElf_Shdr shdr_mem;
2826 GElf_Shdr *shdr = NULL;
2827 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2828 {
2829 shdr = gelf_getshdr (scn, &shdr_mem);
2830 if (shdr != NULL
2831 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2832 && shdr->sh_link == symscnndx)
2833 /* Found the section. */
2834 break;
2835 }
2836
2837 if (scn == NULL)
2838 return 0;
2839
2840 Elf_Data *data = elf_getdata (scn, NULL);
2841 if (data == NULL || shdr->sh_entsize == 0)
2842 return 0;
2843
2844 if (shdr->sh_type == SHT_REL)
2845 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2846 {
2847 GElf_Rel rel_mem;
2848 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2849 if (rel == NULL)
2850 continue;
2851
2852 if (GELF_R_SYM (rel->r_info) == symndx
2853 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2854 return 1;
2855 }
2856 else
2857 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2858 {
2859 GElf_Rela rela_mem;
2860 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2861 if (rela == NULL)
2862 continue;
2863
2864 if (GELF_R_SYM (rela->r_info) == symndx
2865 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2866 return 1;
2867 }
2868
2869 return 0;
2870 }
2871
2872
2873 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2874 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2875 {
2876 GElf_Shdr shdr_mem;
2877 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2878 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2879 }
2880
2881
2882 static struct version_namelist
2883 {
2884 const char *objname;
2885 const char *name;
2886 GElf_Versym ndx;
2887 enum { ver_def, ver_need } type;
2888 struct version_namelist *next;
2889 } *version_namelist;
2890
2891
2892 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2893 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2894 {
2895 /* Check that there are no duplications. */
2896 struct version_namelist *nlp = version_namelist;
2897 while (nlp != NULL)
2898 {
2899 if (((nlp->objname == NULL && objname == NULL)
2900 || (nlp->objname != NULL && objname != NULL
2901 && strcmp (nlp->objname, objname) == 0))
2902 && strcmp (nlp->name, name) == 0)
2903 return nlp->type == ver_def ? 1 : -1;
2904 nlp = nlp->next;
2905 }
2906
2907 nlp = xmalloc (sizeof (*nlp));
2908 nlp->objname = objname;
2909 nlp->name = name;
2910 nlp->ndx = ndx;
2911 nlp->type = type;
2912 nlp->next = version_namelist;
2913 version_namelist = nlp;
2914
2915 return 0;
2916 }
2917
2918
2919 static void
check_versym(Ebl * ebl,int idx)2920 check_versym (Ebl *ebl, int idx)
2921 {
2922 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2923 GElf_Shdr shdr_mem;
2924 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2925 if (shdr == NULL)
2926 /* The error has already been reported. */
2927 return;
2928
2929 Elf_Data *data = elf_getdata (scn, NULL);
2930 if (data == NULL)
2931 {
2932 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2933 idx, section_name (ebl, idx));
2934 return;
2935 }
2936
2937 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2938 GElf_Shdr symshdr_mem;
2939 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2940 if (symshdr == NULL)
2941 /* The error has already been reported. */
2942 return;
2943
2944 if (symshdr->sh_type != SHT_DYNSYM)
2945 {
2946 ERROR (gettext ("\
2947 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2948 idx, section_name (ebl, idx),
2949 shdr->sh_link, section_name (ebl, shdr->sh_link));
2950 return;
2951 }
2952
2953 /* The number of elements in the version symbol table must be the
2954 same as the number of symbols. */
2955 if (shdr->sh_entsize != 0 && symshdr->sh_entsize != 0
2956 && (shdr->sh_size / shdr->sh_entsize
2957 != symshdr->sh_size / symshdr->sh_entsize))
2958 ERROR (gettext ("\
2959 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
2960 idx, section_name (ebl, idx),
2961 shdr->sh_link, section_name (ebl, shdr->sh_link));
2962
2963 Elf_Data *symdata = elf_getdata (symscn, NULL);
2964 if (symdata == NULL || shdr->sh_entsize == 0)
2965 /* The error has already been reported. */
2966 return;
2967
2968 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
2969 {
2970 GElf_Versym versym_mem;
2971 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
2972 if (versym == NULL)
2973 {
2974 ERROR (gettext ("\
2975 section [%2d] '%s': symbol %d: cannot read version data\n"),
2976 idx, section_name (ebl, idx), cnt);
2977 break;
2978 }
2979
2980 GElf_Sym sym_mem;
2981 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
2982 if (sym == NULL)
2983 /* Already reported elsewhere. */
2984 continue;
2985
2986 if (*versym == VER_NDX_GLOBAL)
2987 {
2988 /* Global symbol. Make sure it is not defined as local. */
2989 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2990 ERROR (gettext ("\
2991 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
2992 idx, section_name (ebl, idx), cnt);
2993 }
2994 else if (*versym != VER_NDX_LOCAL)
2995 {
2996 /* Versioned symbol. Make sure it is not defined as local. */
2997 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2998 ERROR (gettext ("\
2999 section [%2d] '%s': symbol %d: local symbol with version\n"),
3000 idx, section_name (ebl, idx), cnt);
3001
3002 /* Look through the list of defined versions and locate the
3003 index we need for this symbol. */
3004 struct version_namelist *runp = version_namelist;
3005 while (runp != NULL)
3006 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
3007 break;
3008 else
3009 runp = runp->next;
3010
3011 if (runp == NULL)
3012 ERROR (gettext ("\
3013 section [%2d] '%s': symbol %d: invalid version index %d\n"),
3014 idx, section_name (ebl, idx), cnt, (int) *versym);
3015 else if (sym->st_shndx == SHN_UNDEF
3016 && runp->type == ver_def)
3017 ERROR (gettext ("\
3018 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
3019 idx, section_name (ebl, idx), cnt, (int) *versym);
3020 else if (sym->st_shndx != SHN_UNDEF
3021 && runp->type == ver_need)
3022 {
3023 /* Unless this symbol has a copy relocation associated
3024 this must not happen. */
3025 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
3026 && !in_nobits_scn (ebl, sym->st_shndx))
3027 ERROR (gettext ("\
3028 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
3029 idx, section_name (ebl, idx), cnt, (int) *versym);
3030 }
3031 }
3032 }
3033 }
3034
3035
3036 static int
unknown_dependency_p(Elf * elf,const char * fname)3037 unknown_dependency_p (Elf *elf, const char *fname)
3038 {
3039 GElf_Phdr phdr_mem;
3040 GElf_Phdr *phdr = NULL;
3041
3042 unsigned int i;
3043 for (i = 0; i < phnum; ++i)
3044 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
3045 && phdr->p_type == PT_DYNAMIC)
3046 break;
3047
3048 if (i == phnum)
3049 return 1;
3050 assert (phdr != NULL);
3051 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
3052 GElf_Shdr shdr_mem;
3053 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
3054 Elf_Data *data = elf_getdata (scn, NULL);
3055 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC
3056 && data != NULL && shdr->sh_entsize != 0)
3057 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
3058 {
3059 GElf_Dyn dyn_mem;
3060 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
3061 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
3062 {
3063 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
3064 if (str != NULL && strcmp (str, fname) == 0)
3065 /* Found it. */
3066 return 0;
3067 }
3068 }
3069
3070 return 1;
3071 }
3072
3073
3074 static unsigned int nverneed;
3075
3076 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)3077 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
3078 {
3079 if (++nverneed == 2)
3080 ERROR (gettext ("more than one version reference section present\n"));
3081
3082 GElf_Shdr strshdr_mem;
3083 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3084 &strshdr_mem);
3085 if (strshdr == NULL)
3086 return;
3087 if (strshdr->sh_type != SHT_STRTAB)
3088 ERROR (gettext ("\
3089 section [%2d] '%s': sh_link does not link to string table\n"),
3090 idx, section_name (ebl, idx));
3091
3092 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3093 if (data == NULL)
3094 {
3095 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3096 idx, section_name (ebl, idx));
3097 return;
3098 }
3099 unsigned int offset = 0;
3100 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3101 {
3102 cnt--;
3103
3104 /* Get the data at the next offset. */
3105 GElf_Verneed needmem;
3106 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
3107 if (need == NULL)
3108 break;
3109
3110 unsigned int auxoffset = offset + need->vn_aux;
3111
3112 if (need->vn_version != EV_CURRENT)
3113 ERROR (gettext ("\
3114 section [%2d] '%s': entry %d has wrong version %d\n"),
3115 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
3116
3117 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
3118 1, EV_CURRENT))
3119 {
3120 ERROR (gettext ("\
3121 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3122 idx, section_name (ebl, idx), cnt);
3123 break;
3124 }
3125
3126 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
3127 need->vn_file);
3128 if (libname == NULL)
3129 {
3130 ERROR (gettext ("\
3131 section [%2d] '%s': entry %d has invalid file reference\n"),
3132 idx, section_name (ebl, idx), cnt);
3133 goto next_need;
3134 }
3135
3136 /* Check that there is a DT_NEEDED entry for the referenced library. */
3137 if (unknown_dependency_p (ebl->elf, libname))
3138 ERROR (gettext ("\
3139 section [%2d] '%s': entry %d references unknown dependency\n"),
3140 idx, section_name (ebl, idx), cnt);
3141
3142 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
3143 {
3144 GElf_Vernaux auxmem;
3145 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
3146 if (aux == NULL)
3147 break;
3148
3149 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
3150 ERROR (gettext ("\
3151 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
3152 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3153
3154 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
3155 aux->vna_name);
3156 if (verstr == NULL)
3157 {
3158 ERROR (gettext ("\
3159 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
3160 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3161 break;
3162 }
3163 else
3164 {
3165 GElf_Word hashval = elf_hash (verstr);
3166 if (hashval != aux->vna_hash)
3167 ERROR (gettext ("\
3168 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
3169 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3170 cnt, (int) hashval, (int) aux->vna_hash);
3171
3172 int res = add_version (libname, verstr, aux->vna_other,
3173 ver_need);
3174 if (unlikely (res !=0))
3175 {
3176 ERROR (gettext ("\
3177 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
3178 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3179 cnt, verstr);
3180 }
3181 }
3182
3183 if ((aux->vna_next != 0 || cnt2 > 0)
3184 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
3185 EV_CURRENT))
3186 {
3187 ERROR (gettext ("\
3188 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
3189 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3190 break;
3191 }
3192
3193 auxoffset += MAX (aux->vna_next,
3194 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
3195 }
3196
3197 /* Find the next offset. */
3198 next_need:
3199 offset += need->vn_next;
3200
3201 if ((need->vn_next != 0 || cnt > 0)
3202 && offset < auxoffset)
3203 {
3204 ERROR (gettext ("\
3205 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3206 idx, section_name (ebl, idx), cnt);
3207 break;
3208 }
3209
3210 if (need->vn_next == 0 && cnt > 0)
3211 {
3212 ERROR (gettext ("\
3213 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3214 idx, section_name (ebl, idx), cnt);
3215 break;
3216 }
3217 }
3218 }
3219
3220
3221 static unsigned int nverdef;
3222
3223 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)3224 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
3225 {
3226 if (++nverdef == 2)
3227 ERROR (gettext ("more than one version definition section present\n"));
3228
3229 GElf_Shdr strshdr_mem;
3230 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3231 &strshdr_mem);
3232 if (strshdr == NULL)
3233 return;
3234 if (strshdr->sh_type != SHT_STRTAB)
3235 ERROR (gettext ("\
3236 section [%2d] '%s': sh_link does not link to string table\n"),
3237 idx, section_name (ebl, idx));
3238
3239 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3240 if (data == NULL)
3241 {
3242 no_data:
3243 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3244 idx, section_name (ebl, idx));
3245 return;
3246 }
3247
3248 /* Iterate over all version definition entries. We check that there
3249 is a BASE entry and that each index is unique. To do the later
3250 we collection the information in a list which is later
3251 examined. */
3252 struct namelist
3253 {
3254 const char *name;
3255 struct namelist *next;
3256 } *namelist = NULL;
3257 struct namelist *refnamelist = NULL;
3258
3259 bool has_base = false;
3260 unsigned int offset = 0;
3261 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3262 {
3263 cnt--;
3264
3265 /* Get the data at the next offset. */
3266 GElf_Verdef defmem;
3267 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3268 if (def == NULL)
3269 goto no_data;
3270
3271 if ((def->vd_flags & VER_FLG_BASE) != 0)
3272 {
3273 if (has_base)
3274 ERROR (gettext ("\
3275 section [%2d] '%s': more than one BASE definition\n"),
3276 idx, section_name (ebl, idx));
3277 if (def->vd_ndx != VER_NDX_GLOBAL)
3278 ERROR (gettext ("\
3279 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3280 idx, section_name (ebl, idx));
3281 has_base = true;
3282 }
3283 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3284 ERROR (gettext ("\
3285 section [%2d] '%s': entry %d has unknown flag\n"),
3286 idx, section_name (ebl, idx), cnt);
3287
3288 if (def->vd_version != EV_CURRENT)
3289 ERROR (gettext ("\
3290 section [%2d] '%s': entry %d has wrong version %d\n"),
3291 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3292
3293 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3294 1, EV_CURRENT))
3295 {
3296 ERROR (gettext ("\
3297 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3298 idx, section_name (ebl, idx), cnt);
3299 break;
3300 }
3301
3302 unsigned int auxoffset = offset + def->vd_aux;
3303 GElf_Verdaux auxmem;
3304 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3305 if (aux == NULL)
3306 goto no_data;
3307
3308 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3309 if (name == NULL)
3310 {
3311 ERROR (gettext ("\
3312 section [%2d] '%s': entry %d has invalid name reference\n"),
3313 idx, section_name (ebl, idx), cnt);
3314 goto next_def;
3315 }
3316 GElf_Word hashval = elf_hash (name);
3317 if (def->vd_hash != hashval)
3318 ERROR (gettext ("\
3319 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3320 idx, section_name (ebl, idx), cnt, (int) hashval,
3321 (int) def->vd_hash);
3322
3323 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3324 if (unlikely (res !=0))
3325 {
3326 ERROR (gettext ("\
3327 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3328 idx, section_name (ebl, idx), cnt, name);
3329 }
3330
3331 struct namelist *newname = alloca (sizeof (*newname));
3332 newname->name = name;
3333 newname->next = namelist;
3334 namelist = newname;
3335
3336 auxoffset += aux->vda_next;
3337 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3338 {
3339 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3340 if (aux == NULL)
3341 goto no_data;
3342
3343 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3344 if (name == NULL)
3345 {
3346 ERROR (gettext ("\
3347 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3348 idx, section_name (ebl, idx), cnt);
3349 break;
3350 }
3351 else
3352 {
3353 newname = alloca (sizeof (*newname));
3354 newname->name = name;
3355 newname->next = refnamelist;
3356 refnamelist = newname;
3357 }
3358
3359 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3360 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3361 EV_CURRENT))
3362 {
3363 ERROR (gettext ("\
3364 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3365 idx, section_name (ebl, idx), cnt);
3366 break;
3367 }
3368
3369 auxoffset += MAX (aux->vda_next,
3370 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3371 }
3372
3373 /* Find the next offset. */
3374 next_def:
3375 offset += def->vd_next;
3376
3377 if ((def->vd_next != 0 || cnt > 0)
3378 && offset < auxoffset)
3379 {
3380 ERROR (gettext ("\
3381 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3382 idx, section_name (ebl, idx), cnt);
3383 break;
3384 }
3385
3386 if (def->vd_next == 0 && cnt > 0)
3387 {
3388 ERROR (gettext ("\
3389 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3390 idx, section_name (ebl, idx), cnt);
3391 break;
3392 }
3393 }
3394
3395 if (!has_base)
3396 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"),
3397 idx, section_name (ebl, idx));
3398
3399 /* Check whether the referenced names are available. */
3400 while (namelist != NULL)
3401 {
3402 struct version_namelist *runp = version_namelist;
3403 while (runp != NULL)
3404 {
3405 if (runp->type == ver_def
3406 && strcmp (runp->name, namelist->name) == 0)
3407 break;
3408 runp = runp->next;
3409 }
3410
3411 if (runp == NULL)
3412 ERROR (gettext ("\
3413 section [%2d] '%s': unknown parent version '%s'\n"),
3414 idx, section_name (ebl, idx), namelist->name);
3415
3416 namelist = namelist->next;
3417 }
3418 }
3419
3420 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3421 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3422 {
3423 if (shdr->sh_size == 0)
3424 {
3425 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"),
3426 idx, section_name (ebl, idx));
3427 return;
3428 }
3429
3430 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3431 if (data == NULL || data->d_size == 0 || data->d_buf == NULL)
3432 {
3433 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3434 idx, section_name (ebl, idx));
3435 return;
3436 }
3437
3438 inline size_t pos (const unsigned char *p)
3439 {
3440 return p - (const unsigned char *) data->d_buf;
3441 }
3442
3443 const unsigned char *p = data->d_buf;
3444 if (*p++ != 'A')
3445 {
3446 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"),
3447 idx, section_name (ebl, idx));
3448 return;
3449 }
3450
3451 inline size_t left (void)
3452 {
3453 return (const unsigned char *) data->d_buf + data->d_size - p;
3454 }
3455
3456 while (left () >= 4)
3457 {
3458 uint32_t len;
3459 memcpy (&len, p, sizeof len);
3460
3461 if (len == 0)
3462 ERROR (gettext ("\
3463 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3464 idx, section_name (ebl, idx), pos (p));
3465
3466 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3467 CONVERT (len);
3468
3469 if (len > left ())
3470 {
3471 ERROR (gettext ("\
3472 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3473 idx, section_name (ebl, idx), pos (p));
3474 break;
3475 }
3476
3477 const unsigned char *name = p + sizeof len;
3478 p += len;
3479
3480 unsigned const char *q = memchr (name, '\0', len);
3481 if (q == NULL)
3482 {
3483 ERROR (gettext ("\
3484 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3485 idx, section_name (ebl, idx), pos (p));
3486 break;
3487 }
3488 ++q;
3489
3490 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3491 while (q < p)
3492 {
3493 unsigned const char *chunk = q;
3494
3495 unsigned int subsection_tag;
3496 get_uleb128 (subsection_tag, q, p);
3497
3498 if (q >= p)
3499 {
3500 ERROR (gettext ("\
3501 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3502 idx, section_name (ebl, idx), pos (chunk));
3503 break;
3504 }
3505
3506 uint32_t subsection_len;
3507 if (p - q < (ptrdiff_t) sizeof subsection_len)
3508 {
3509 ERROR (gettext ("\
3510 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3511 idx, section_name (ebl, idx), pos (q));
3512 break;
3513 }
3514
3515 memcpy (&subsection_len, q, sizeof subsection_len);
3516 if (subsection_len == 0)
3517 {
3518 ERROR (gettext ("\
3519 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3520 idx, section_name (ebl, idx), pos (q));
3521
3522 q += sizeof subsection_len;
3523 continue;
3524 }
3525
3526 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3527 CONVERT (subsection_len);
3528
3529 /* Don't overflow, ptrdiff_t might be 32bits, but signed. */
3530 if (p - chunk < (ptrdiff_t) subsection_len
3531 || subsection_len >= (uint32_t) PTRDIFF_MAX)
3532 {
3533 ERROR (gettext ("\
3534 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3535 idx, section_name (ebl, idx), pos (q));
3536 break;
3537 }
3538
3539 const unsigned char *subsection_end = chunk + subsection_len;
3540 chunk = q;
3541 q = subsection_end;
3542
3543 if (subsection_tag != 1) /* Tag_File */
3544 ERROR (gettext ("\
3545 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3546 idx, section_name (ebl, idx), pos (chunk), subsection_tag);
3547 else
3548 {
3549 chunk += sizeof subsection_len;
3550 while (chunk < q)
3551 {
3552 unsigned int tag;
3553 get_uleb128 (tag, chunk, q);
3554
3555 uint64_t value = 0;
3556 const unsigned char *r = chunk;
3557 if (tag == 32 || (tag & 1) == 0)
3558 {
3559 get_uleb128 (value, r, q);
3560 if (r > q)
3561 {
3562 ERROR (gettext ("\
3563 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3564 idx, section_name (ebl, idx), pos (chunk));
3565 break;
3566 }
3567 }
3568 if (tag == 32 || (tag & 1) != 0)
3569 {
3570 r = memchr (r, '\0', q - r);
3571 if (r == NULL)
3572 {
3573 ERROR (gettext ("\
3574 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3575 idx, section_name (ebl, idx), pos (chunk));
3576 break;
3577 }
3578 ++r;
3579 }
3580
3581 const char *tag_name = NULL;
3582 const char *value_name = NULL;
3583 if (!ebl_check_object_attribute (ebl, (const char *) name,
3584 tag, value,
3585 &tag_name, &value_name))
3586 ERROR (gettext ("\
3587 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3588 idx, section_name (ebl, idx), pos (chunk), tag);
3589 else if ((tag & 1) == 0 && value_name == NULL)
3590 ERROR (gettext ("\
3591 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3592 idx, section_name (ebl, idx), pos (chunk),
3593 tag_name, value);
3594
3595 chunk = r;
3596 }
3597 }
3598 }
3599 else
3600 ERROR (gettext ("\
3601 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3602 idx, section_name (ebl, idx), pos (p), name);
3603 }
3604
3605 if (left () != 0)
3606 ERROR (gettext ("\
3607 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3608 idx, section_name (ebl, idx), pos (p));
3609 }
3610
3611 static bool has_loadable_segment;
3612 static bool has_interp_segment;
3613
3614 static const struct
3615 {
3616 const char *name;
3617 size_t namelen;
3618 GElf_Word type;
3619 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3620 GElf_Word attr;
3621 GElf_Word attr2;
3622 } special_sections[] =
3623 {
3624 /* See figure 4-14 in the gABI. */
3625 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3626 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3627 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3628 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3629 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3630 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3631 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3632 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3633 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3634 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3635 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3636 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3637 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3638 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3639 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3640 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3641 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3642 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3643 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3644 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3645 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3646 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3647 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3648 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3649 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3650 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3651 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3652 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3653 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3654 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3655 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3656 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3657
3658 /* The following are GNU extensions. */
3659 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3660 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3661 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3662 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3663 };
3664 #define nspecial_sections \
3665 (sizeof (special_sections) / sizeof (special_sections[0]))
3666
3667 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3668 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3669 && !memcmp (special_sections[idx].name, string, \
3670 sizeof string - (prefix ? 1 : 0)))
3671
3672
3673 /* Indeces of some sections we need later. */
3674 static size_t eh_frame_hdr_scnndx;
3675 static size_t eh_frame_scnndx;
3676 static size_t gcc_except_table_scnndx;
3677
3678
3679 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3680 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3681 {
3682 if (ehdr->e_shoff == 0)
3683 /* No section header. */
3684 return;
3685
3686 /* Allocate array to count references in section groups. */
3687 scnref = (int *) xcalloc (shnum, sizeof (int));
3688
3689 /* Check the zeroth section first. It must not have any contents
3690 and the section header must contain nonzero value at most in the
3691 sh_size and sh_link fields. */
3692 GElf_Shdr shdr_mem;
3693 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3694 if (shdr == NULL)
3695 ERROR (gettext ("cannot get section header of zeroth section\n"));
3696 else
3697 {
3698 if (shdr->sh_name != 0)
3699 ERROR (gettext ("zeroth section has nonzero name\n"));
3700 if (shdr->sh_type != 0)
3701 ERROR (gettext ("zeroth section has nonzero type\n"));
3702 if (shdr->sh_flags != 0)
3703 ERROR (gettext ("zeroth section has nonzero flags\n"));
3704 if (shdr->sh_addr != 0)
3705 ERROR (gettext ("zeroth section has nonzero address\n"));
3706 if (shdr->sh_offset != 0)
3707 ERROR (gettext ("zeroth section has nonzero offset\n"));
3708 if (shdr->sh_addralign != 0)
3709 ERROR (gettext ("zeroth section has nonzero align value\n"));
3710 if (shdr->sh_entsize != 0)
3711 ERROR (gettext ("zeroth section has nonzero entry size value\n"));
3712
3713 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3714 ERROR (gettext ("\
3715 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3716
3717 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3718 ERROR (gettext ("\
3719 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3720
3721 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3722 ERROR (gettext ("\
3723 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3724 }
3725
3726 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3727
3728 bool dot_interp_section = false;
3729
3730 size_t hash_idx = 0;
3731 size_t gnu_hash_idx = 0;
3732
3733 size_t versym_scnndx = 0;
3734 for (size_t cnt = 1; cnt < shnum; ++cnt)
3735 {
3736 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
3737 shdr = gelf_getshdr (scn, &shdr_mem);
3738 if (shdr == NULL)
3739 {
3740 ERROR (gettext ("\
3741 cannot get section header for section [%2zu] '%s': %s\n"),
3742 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3743 continue;
3744 }
3745
3746 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3747
3748 if (scnname == NULL)
3749 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
3750 else
3751 {
3752 /* Check whether it is one of the special sections defined in
3753 the gABI. */
3754 size_t s;
3755 for (s = 0; s < nspecial_sections; ++s)
3756 if (strncmp (scnname, special_sections[s].name,
3757 special_sections[s].namelen) == 0)
3758 {
3759 char stbuf1[100];
3760 char stbuf2[100];
3761 char stbuf3[100];
3762
3763 GElf_Word good_type = special_sections[s].type;
3764 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3765 && ebl_bss_plt_p (ebl))
3766 good_type = SHT_NOBITS;
3767
3768 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3769 This is only invalid for DWARF sections and .shstrtab. */
3770 if (shdr->sh_type != good_type
3771 && (shdr->sh_type != SHT_NOBITS
3772 || !is_debuginfo
3773 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3774 || IS_KNOWN_SPECIAL (s, ".debug", true)
3775 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3776 ERROR (gettext ("\
3777 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3778 (int) cnt, scnname,
3779 ebl_section_type_name (ebl, special_sections[s].type,
3780 stbuf1, sizeof (stbuf1)),
3781 ebl_section_type_name (ebl, shdr->sh_type,
3782 stbuf2, sizeof (stbuf2)));
3783
3784 if (special_sections[s].attrflag == exact
3785 || special_sections[s].attrflag == exact_or_gnuld)
3786 {
3787 /* Except for the link order, group bit and
3788 compression flag all the other bits should
3789 match exactly. */
3790 if ((shdr->sh_flags
3791 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED))
3792 != special_sections[s].attr
3793 && (special_sections[s].attrflag == exact || !gnuld))
3794 ERROR (gettext ("\
3795 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3796 cnt, scnname,
3797 section_flags_string (special_sections[s].attr,
3798 stbuf1, sizeof (stbuf1)),
3799 section_flags_string (shdr->sh_flags
3800 & ~SHF_LINK_ORDER,
3801 stbuf2, sizeof (stbuf2)));
3802 }
3803 else if (special_sections[s].attrflag == atleast)
3804 {
3805 if ((shdr->sh_flags & special_sections[s].attr)
3806 != special_sections[s].attr
3807 || ((shdr->sh_flags
3808 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED
3809 | special_sections[s].attr
3810 | special_sections[s].attr2))
3811 != 0))
3812 ERROR (gettext ("\
3813 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3814 cnt, scnname,
3815 section_flags_string (special_sections[s].attr,
3816 stbuf1, sizeof (stbuf1)),
3817 section_flags_string (special_sections[s].attr2,
3818 stbuf2, sizeof (stbuf2)),
3819 section_flags_string (shdr->sh_flags
3820 & ~(SHF_LINK_ORDER
3821 | SHF_GROUP),
3822 stbuf3, sizeof (stbuf3)));
3823 }
3824
3825 if (strcmp (scnname, ".interp") == 0)
3826 {
3827 dot_interp_section = true;
3828
3829 if (ehdr->e_type == ET_REL)
3830 ERROR (gettext ("\
3831 section [%2zu] '%s' present in object file\n"),
3832 cnt, scnname);
3833
3834 if ((shdr->sh_flags & SHF_ALLOC) != 0
3835 && !has_loadable_segment)
3836 ERROR (gettext ("\
3837 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3838 cnt, scnname);
3839 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3840 && has_loadable_segment)
3841 ERROR (gettext ("\
3842 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3843 cnt, scnname);
3844 }
3845 else
3846 {
3847 if (strcmp (scnname, ".symtab_shndx") == 0
3848 && ehdr->e_type != ET_REL)
3849 ERROR (gettext ("\
3850 section [%2zu] '%s' is extension section index table in non-object file\n"),
3851 cnt, scnname);
3852
3853 /* These sections must have the SHF_ALLOC flag set iff
3854 a loadable segment is available.
3855
3856 .relxxx
3857 .strtab
3858 .symtab
3859 .symtab_shndx
3860
3861 Check that if there is a reference from the
3862 loaded section these sections also have the
3863 ALLOC flag set. */
3864 #if 0
3865 // XXX TODO
3866 if ((shdr->sh_flags & SHF_ALLOC) != 0
3867 && !has_loadable_segment)
3868 ERROR (gettext ("\
3869 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3870 cnt, scnname);
3871 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3872 && has_loadable_segment)
3873 ERROR (gettext ("\
3874 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3875 cnt, scnname);
3876 #endif
3877 }
3878
3879 break;
3880 }
3881
3882 /* Remember a few special sections for later. */
3883 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3884 eh_frame_hdr_scnndx = cnt;
3885 else if (strcmp (scnname, ".eh_frame") == 0)
3886 eh_frame_scnndx = cnt;
3887 else if (strcmp (scnname, ".gcc_except_table") == 0)
3888 gcc_except_table_scnndx = cnt;
3889 }
3890
3891 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3892 ERROR (gettext ("\
3893 section [%2zu] '%s': size not multiple of entry size\n"),
3894 cnt, section_name (ebl, cnt));
3895
3896 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3897 ERROR (gettext ("cannot get section header\n"));
3898
3899 if (shdr->sh_type >= SHT_NUM
3900 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3901 && shdr->sh_type != SHT_GNU_LIBLIST
3902 && shdr->sh_type != SHT_CHECKSUM
3903 && shdr->sh_type != SHT_GNU_verdef
3904 && shdr->sh_type != SHT_GNU_verneed
3905 && shdr->sh_type != SHT_GNU_versym
3906 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3907 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"),
3908 cnt, section_name (ebl, cnt),
3909 (int) shdr->sh_type);
3910
3911 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3912 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3913 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS \
3914 | SHF_COMPRESSED)
3915 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3916 {
3917 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3918 if (sh_flags & SHF_MASKPROC)
3919 {
3920 if (!ebl_machine_section_flag_check (ebl,
3921 sh_flags & SHF_MASKPROC))
3922 ERROR (gettext ("section [%2zu] '%s'"
3923 " contains invalid processor-specific flag(s)"
3924 " %#" PRIx64 "\n"),
3925 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3926 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3927 }
3928 if (sh_flags != 0)
3929 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)"
3930 " %#" PRIx64 "\n"),
3931 cnt, section_name (ebl, cnt), sh_flags);
3932 }
3933 if (shdr->sh_flags & SHF_TLS)
3934 {
3935 // XXX Correct?
3936 if (shdr->sh_addr != 0 && !gnuld)
3937 ERROR (gettext ("\
3938 section [%2zu] '%s': thread-local data sections address not zero\n"),
3939 cnt, section_name (ebl, cnt));
3940
3941 // XXX TODO more tests!?
3942 }
3943
3944 if (shdr->sh_flags & SHF_COMPRESSED)
3945 {
3946 if (shdr->sh_flags & SHF_ALLOC)
3947 ERROR (gettext ("\
3948 section [%2zu] '%s': allocated section cannot be compressed\n"),
3949 cnt, section_name (ebl, cnt));
3950
3951 if (shdr->sh_type == SHT_NOBITS)
3952 ERROR (gettext ("\
3953 section [%2zu] '%s': nobits section cannot be compressed\n"),
3954 cnt, section_name (ebl, cnt));
3955
3956 GElf_Chdr chdr;
3957 if (gelf_getchdr (scn, &chdr) == NULL)
3958 ERROR (gettext ("\
3959 section [%2zu] '%s': compressed section with no compression header: %s\n"),
3960 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3961 }
3962
3963 if (shdr->sh_link >= shnum)
3964 ERROR (gettext ("\
3965 section [%2zu] '%s': invalid section reference in link value\n"),
3966 cnt, section_name (ebl, cnt));
3967
3968 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
3969 ERROR (gettext ("\
3970 section [%2zu] '%s': invalid section reference in info value\n"),
3971 cnt, section_name (ebl, cnt));
3972
3973 if ((shdr->sh_flags & SHF_MERGE) == 0
3974 && (shdr->sh_flags & SHF_STRINGS) != 0
3975 && be_strict)
3976 ERROR (gettext ("\
3977 section [%2zu] '%s': strings flag set without merge flag\n"),
3978 cnt, section_name (ebl, cnt));
3979
3980 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
3981 ERROR (gettext ("\
3982 section [%2zu] '%s': merge flag set but entry size is zero\n"),
3983 cnt, section_name (ebl, cnt));
3984
3985 if (shdr->sh_flags & SHF_GROUP)
3986 check_scn_group (ebl, cnt);
3987
3988 if (shdr->sh_flags & SHF_EXECINSTR)
3989 {
3990 switch (shdr->sh_type)
3991 {
3992 case SHT_PROGBITS:
3993 break;
3994
3995 case SHT_NOBITS:
3996 if (is_debuginfo)
3997 break;
3998 FALLTHROUGH;
3999 default:
4000 ERROR (gettext ("\
4001 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
4002 cnt, section_name (ebl, cnt), shdr->sh_type);
4003 break;
4004 }
4005
4006 if (shdr->sh_flags & SHF_WRITE)
4007 {
4008 if (is_debuginfo && shdr->sh_type != SHT_NOBITS)
4009 ERROR (gettext ("\
4010 section [%2zu] '%s' must be of type NOBITS in debuginfo files\n"),
4011 cnt, section_name (ebl, cnt));
4012
4013 if (!is_debuginfo
4014 && !ebl_check_special_section (ebl, cnt, shdr,
4015 section_name (ebl, cnt)))
4016 ERROR (gettext ("\
4017 section [%2zu] '%s' is both executable and writable\n"),
4018 cnt, section_name (ebl, cnt));
4019 }
4020 }
4021
4022 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0
4023 && !is_debuginfo)
4024 {
4025 /* Make sure the section is contained in a loaded segment
4026 and that the initialization part matches NOBITS sections. */
4027 unsigned int pcnt;
4028 GElf_Phdr phdr_mem;
4029 GElf_Phdr *phdr;
4030
4031 for (pcnt = 0; pcnt < phnum; ++pcnt)
4032 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
4033 && ((phdr->p_type == PT_LOAD
4034 && (shdr->sh_flags & SHF_TLS) == 0)
4035 || (phdr->p_type == PT_TLS
4036 && (shdr->sh_flags & SHF_TLS) != 0))
4037 && phdr->p_offset <= shdr->sh_offset
4038 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
4039 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
4040 || shdr->sh_size == 0))
4041 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
4042 && shdr->sh_type == SHT_NOBITS)))
4043 {
4044 /* Found the segment. */
4045 if (phdr->p_offset + phdr->p_memsz
4046 < shdr->sh_offset + shdr->sh_size)
4047 ERROR (gettext ("\
4048 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
4049 cnt, section_name (ebl, cnt), pcnt);
4050
4051 if (shdr->sh_type == SHT_NOBITS)
4052 {
4053 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
4054 && !is_debuginfo)
4055 {
4056 if (!gnuld)
4057 ERROR (gettext ("\
4058 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
4059 cnt, section_name (ebl, cnt), pcnt);
4060 else
4061 {
4062 /* This is truly horrible. GNU ld might put a
4063 NOBITS section in the middle of a PT_LOAD
4064 segment, assuming the next gap in the file
4065 actually consists of zero bits...
4066 So it really is like a PROGBITS section
4067 where the data is all zeros. Check those
4068 zero bytes are really there. */
4069 bool bad;
4070 Elf_Data *databits;
4071 databits = elf_getdata_rawchunk (ebl->elf,
4072 shdr->sh_offset,
4073 shdr->sh_size,
4074 ELF_T_BYTE);
4075 bad = (databits == NULL
4076 || databits->d_size != shdr->sh_size);
4077 for (size_t idx = 0;
4078 idx < databits->d_size && ! bad;
4079 idx++)
4080 bad = ((char *) databits->d_buf)[idx] != 0;
4081
4082 if (bad)
4083 ERROR (gettext ("\
4084 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d and file contents is non-zero\n"),
4085 cnt, section_name (ebl, cnt), pcnt);
4086 }
4087 }
4088 }
4089 else
4090 {
4091 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
4092 if (shdr->sh_offset > end ||
4093 (shdr->sh_offset == end && shdr->sh_size != 0))
4094 ERROR (gettext ("\
4095 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
4096 cnt, section_name (ebl, cnt), pcnt);
4097 }
4098
4099 if (shdr->sh_type != SHT_NOBITS)
4100 {
4101 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
4102 {
4103 segment_flags[pcnt] |= PF_X;
4104 if ((phdr->p_flags & PF_X) == 0)
4105 ERROR (gettext ("\
4106 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
4107 cnt, section_name (ebl, cnt), pcnt);
4108 }
4109
4110 if ((shdr->sh_flags & SHF_WRITE) != 0)
4111 {
4112 segment_flags[pcnt] |= PF_W;
4113 if (0 /* XXX vdso images have this */
4114 && (phdr->p_flags & PF_W) == 0)
4115 ERROR (gettext ("\
4116 section [%2zu] '%s' is writable in unwritable segment %d\n"),
4117 cnt, section_name (ebl, cnt), pcnt);
4118 }
4119 }
4120
4121 break;
4122 }
4123
4124 if (pcnt == phnum)
4125 ERROR (gettext ("\
4126 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
4127 cnt, section_name (ebl, cnt));
4128 }
4129
4130 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
4131 ERROR (gettext ("\
4132 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
4133 cnt, section_name (ebl, cnt));
4134
4135 switch (shdr->sh_type)
4136 {
4137 case SHT_DYNSYM:
4138 if (ehdr->e_type == ET_REL)
4139 ERROR (gettext ("\
4140 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
4141 cnt, section_name (ebl, cnt));
4142 FALLTHROUGH;
4143 case SHT_SYMTAB:
4144 check_symtab (ebl, ehdr, shdr, cnt);
4145 break;
4146
4147 case SHT_RELA:
4148 check_rela (ebl, ehdr, shdr, cnt);
4149 break;
4150
4151 case SHT_REL:
4152 check_rel (ebl, ehdr, shdr, cnt);
4153 break;
4154
4155 case SHT_DYNAMIC:
4156 check_dynamic (ebl, ehdr, shdr, cnt);
4157 break;
4158
4159 case SHT_SYMTAB_SHNDX:
4160 check_symtab_shndx (ebl, ehdr, shdr, cnt);
4161 break;
4162
4163 case SHT_HASH:
4164 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4165 hash_idx = cnt;
4166 break;
4167
4168 case SHT_GNU_HASH:
4169 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4170 gnu_hash_idx = cnt;
4171 break;
4172
4173 case SHT_NULL:
4174 check_null (ebl, shdr, cnt);
4175 break;
4176
4177 case SHT_GROUP:
4178 check_group (ebl, ehdr, shdr, cnt);
4179 break;
4180
4181 case SHT_NOTE:
4182 check_note_section (ebl, ehdr, shdr, cnt);
4183 break;
4184
4185 case SHT_GNU_versym:
4186 /* We cannot process this section now since we have no guarantee
4187 that the verneed and verdef sections have already been read.
4188 Just remember the section index. */
4189 if (versym_scnndx != 0)
4190 ERROR (gettext ("more than one version symbol table present\n"));
4191 versym_scnndx = cnt;
4192 break;
4193
4194 case SHT_GNU_verneed:
4195 check_verneed (ebl, shdr, cnt);
4196 break;
4197
4198 case SHT_GNU_verdef:
4199 check_verdef (ebl, shdr, cnt);
4200 break;
4201
4202 case SHT_GNU_ATTRIBUTES:
4203 check_attributes (ebl, ehdr, shdr, cnt);
4204 break;
4205
4206 default:
4207 /* Nothing. */
4208 break;
4209 }
4210 }
4211
4212 if (has_interp_segment && !dot_interp_section)
4213 ERROR (gettext ("INTERP program header entry but no .interp section\n"));
4214
4215 if (!is_debuginfo)
4216 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
4217 {
4218 GElf_Phdr phdr_mem;
4219 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
4220 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
4221 {
4222 if ((phdr->p_flags & PF_X) != 0
4223 && (segment_flags[pcnt] & PF_X) == 0)
4224 ERROR (gettext ("\
4225 loadable segment [%u] is executable but contains no executable sections\n"),
4226 pcnt);
4227
4228 if ((phdr->p_flags & PF_W) != 0
4229 && (segment_flags[pcnt] & PF_W) == 0)
4230 ERROR (gettext ("\
4231 loadable segment [%u] is writable but contains no writable sections\n"),
4232 pcnt);
4233 }
4234 }
4235
4236 free (segment_flags);
4237
4238 if (version_namelist != NULL)
4239 {
4240 if (versym_scnndx == 0)
4241 ERROR (gettext ("\
4242 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
4243 else
4244 check_versym (ebl, versym_scnndx);
4245
4246 /* Check for duplicate index numbers. */
4247 do
4248 {
4249 struct version_namelist *runp = version_namelist->next;
4250 while (runp != NULL)
4251 {
4252 if (version_namelist->ndx == runp->ndx)
4253 {
4254 ERROR (gettext ("duplicate version index %d\n"),
4255 (int) version_namelist->ndx);
4256 break;
4257 }
4258 runp = runp->next;
4259 }
4260
4261 struct version_namelist *old = version_namelist;
4262 version_namelist = version_namelist->next;
4263 free (old);
4264 }
4265 while (version_namelist != NULL);
4266 }
4267 else if (versym_scnndx != 0)
4268 ERROR (gettext ("\
4269 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
4270
4271 if (hash_idx != 0 && gnu_hash_idx != 0)
4272 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
4273
4274 free (scnref);
4275 }
4276
4277
4278 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)4279 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
4280 Elf_Data *data, int shndx, int phndx, GElf_Off start)
4281 {
4282 size_t offset = 0;
4283 size_t last_offset = 0;
4284 GElf_Nhdr nhdr;
4285 size_t name_offset;
4286 size_t desc_offset;
4287 while (offset < data->d_size
4288 && (offset = gelf_getnote (data, offset,
4289 &nhdr, &name_offset, &desc_offset)) > 0)
4290 {
4291 last_offset = offset;
4292
4293 /* Make sure it is one of the note types we know about. */
4294 if (ehdr->e_type == ET_CORE)
4295 switch (nhdr.n_type)
4296 {
4297 case NT_PRSTATUS:
4298 case NT_FPREGSET:
4299 case NT_PRPSINFO:
4300 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
4301 case NT_PLATFORM:
4302 case NT_AUXV:
4303 case NT_GWINDOWS:
4304 case NT_ASRS:
4305 case NT_PSTATUS:
4306 case NT_PSINFO:
4307 case NT_PRCRED:
4308 case NT_UTSNAME:
4309 case NT_LWPSTATUS:
4310 case NT_LWPSINFO:
4311 case NT_PRFPXREG:
4312 /* Known type. */
4313 break;
4314
4315 default:
4316 if (shndx == 0)
4317 ERROR (gettext ("\
4318 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
4319 phndx, (uint32_t) nhdr.n_type, start + offset);
4320 else
4321 ERROR (gettext ("\
4322 section [%2d] '%s': unknown core file note type %" PRIu32
4323 " at offset %zu\n"),
4324 shndx, section_name (ebl, shndx),
4325 (uint32_t) nhdr.n_type, offset);
4326 }
4327 else
4328 switch (nhdr.n_type)
4329 {
4330 case NT_GNU_ABI_TAG:
4331 case NT_GNU_HWCAP:
4332 case NT_GNU_BUILD_ID:
4333 case NT_GNU_GOLD_VERSION:
4334 case NT_GNU_PROPERTY_TYPE_0:
4335 if (nhdr.n_namesz == sizeof ELF_NOTE_GNU
4336 && strcmp (data->d_buf + name_offset, ELF_NOTE_GNU) == 0)
4337 break;
4338 else
4339 {
4340 /* NT_VERSION is 1, same as NT_GNU_ABI_TAG. It has no
4341 descriptor and (ab)uses the name as version string. */
4342 if (nhdr.n_descsz == 0 && nhdr.n_type == NT_VERSION)
4343 break;
4344 }
4345 goto unknown_note;
4346
4347 case NT_GNU_BUILD_ATTRIBUTE_OPEN:
4348 case NT_GNU_BUILD_ATTRIBUTE_FUNC:
4349 /* GNU Build Attributes store most data in the owner
4350 name, which must start with the
4351 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX "GA". */
4352 if (nhdr.n_namesz >= sizeof ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX
4353 && strncmp (data->d_buf + name_offset,
4354 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX,
4355 strlen (ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX)) == 0)
4356 break;
4357 else
4358 goto unknown_note;
4359
4360 case 0:
4361 /* Linux vDSOs use a type 0 note for the kernel version word. */
4362 if (nhdr.n_namesz == sizeof "Linux"
4363 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
4364 break;
4365 FALLTHROUGH;
4366 default:
4367 {
4368 unknown_note:
4369 if (shndx == 0)
4370 ERROR (gettext ("\
4371 phdr[%d]: unknown object file note type %" PRIu32 " with owner name '%s' at offset %zu\n"),
4372 phndx, (uint32_t) nhdr.n_type,
4373 (char *) data->d_buf + name_offset, offset);
4374 else
4375 ERROR (gettext ("\
4376 section [%2d] '%s': unknown object file note type %" PRIu32
4377 " with owner name '%s' at offset %zu\n"),
4378 shndx, section_name (ebl, shndx),
4379 (uint32_t) nhdr.n_type,
4380 (char *) data->d_buf + name_offset, offset);
4381 }
4382 }
4383 }
4384
4385 return last_offset;
4386 }
4387
4388
4389 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4390 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4391 {
4392 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4393 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4394 ERROR (gettext ("\
4395 phdr[%d]: no note entries defined for the type of file\n"),
4396 cnt);
4397
4398 if (is_debuginfo)
4399 /* The p_offset values in a separate debug file are bogus. */
4400 return;
4401
4402 if (phdr->p_filesz == 0)
4403 return;
4404
4405 GElf_Off notes_size = 0;
4406 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4407 phdr->p_offset, phdr->p_filesz,
4408 (phdr->p_align == 8
4409 ? ELF_T_NHDR8 : ELF_T_NHDR));
4410 if (data != NULL && data->d_buf != NULL)
4411 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4412
4413 if (notes_size == 0)
4414 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"),
4415 cnt, elf_errmsg (-1));
4416 else if (notes_size != phdr->p_filesz)
4417 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4418 cnt, phdr->p_filesz - notes_size);
4419 }
4420
4421
4422 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4423 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4424 {
4425 if (shdr->sh_size == 0)
4426 return;
4427
4428 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4429 if (data == NULL || data->d_buf == NULL)
4430 {
4431 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
4432 idx, section_name (ebl, idx));
4433 return;
4434 }
4435
4436 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4437 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4438 ERROR (gettext ("\
4439 section [%2d] '%s': no note entries defined for the type of file\n"),
4440 idx, section_name (ebl, idx));
4441
4442 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4443
4444 if (notes_size == 0)
4445 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"),
4446 idx, section_name (ebl, idx));
4447 else if (notes_size != shdr->sh_size)
4448 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64
4449 " bytes after last note\n"),
4450 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4451 }
4452
4453
4454 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4455 static int pt_gnu_eh_frame_pndx;
4456
4457
4458 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4459 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4460 {
4461 if (ehdr->e_phoff == 0)
4462 return;
4463
4464 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4465 && ehdr->e_type != ET_CORE)
4466 ERROR (gettext ("\
4467 only executables, shared objects, and core files can have program headers\n"));
4468
4469 int num_pt_interp = 0;
4470 int num_pt_tls = 0;
4471 int num_pt_relro = 0;
4472
4473 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4474 {
4475 GElf_Phdr phdr_mem;
4476 GElf_Phdr *phdr;
4477
4478 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4479 if (phdr == NULL)
4480 {
4481 ERROR (gettext ("cannot get program header entry %d: %s\n"),
4482 cnt, elf_errmsg (-1));
4483 continue;
4484 }
4485
4486 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4487 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4488 /* Check for a known machine-specific type. */
4489 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4490 ERROR (gettext ("\
4491 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4492 cnt, (uint64_t) phdr->p_type);
4493
4494 if (phdr->p_type == PT_LOAD)
4495 has_loadable_segment = true;
4496 else if (phdr->p_type == PT_INTERP)
4497 {
4498 if (++num_pt_interp != 1)
4499 {
4500 if (num_pt_interp == 2)
4501 ERROR (gettext ("\
4502 more than one INTERP entry in program header\n"));
4503 }
4504 has_interp_segment = true;
4505 }
4506 else if (phdr->p_type == PT_TLS)
4507 {
4508 if (++num_pt_tls == 2)
4509 ERROR (gettext ("more than one TLS entry in program header\n"));
4510 }
4511 else if (phdr->p_type == PT_NOTE)
4512 check_note (ebl, ehdr, phdr, cnt);
4513 else if (phdr->p_type == PT_DYNAMIC)
4514 {
4515 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4516 ERROR (gettext ("\
4517 static executable cannot have dynamic sections\n"));
4518 else
4519 {
4520 /* Check that the .dynamic section, if it exists, has
4521 the same address. */
4522 Elf_Scn *scn = NULL;
4523 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4524 {
4525 GElf_Shdr shdr_mem;
4526 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4527 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4528 {
4529 if (phdr->p_offset != shdr->sh_offset)
4530 ERROR (gettext ("\
4531 dynamic section reference in program header has wrong offset\n"));
4532 if (phdr->p_memsz != shdr->sh_size)
4533 ERROR (gettext ("\
4534 dynamic section size mismatch in program and section header\n"));
4535 break;
4536 }
4537 }
4538 }
4539 }
4540 else if (phdr->p_type == PT_GNU_RELRO)
4541 {
4542 if (++num_pt_relro == 2)
4543 ERROR (gettext ("\
4544 more than one GNU_RELRO entry in program header\n"));
4545 else
4546 {
4547 /* Check that the region is in a writable segment. */
4548 unsigned int inner;
4549 for (inner = 0; inner < phnum; ++inner)
4550 {
4551 GElf_Phdr phdr2_mem;
4552 GElf_Phdr *phdr2;
4553
4554 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4555 if (phdr2 == NULL)
4556 continue;
4557
4558 if (phdr2->p_type == PT_LOAD
4559 && phdr->p_vaddr >= phdr2->p_vaddr
4560 && (phdr->p_vaddr + phdr->p_memsz
4561 <= phdr2->p_vaddr + phdr2->p_memsz))
4562 {
4563 if ((phdr2->p_flags & PF_W) == 0)
4564 ERROR (gettext ("\
4565 loadable segment GNU_RELRO applies to is not writable\n"));
4566 /* Unless fully covered, relro flags could be a
4567 subset of the phdrs2 flags. For example the load
4568 segment could also have PF_X set. */
4569 if (phdr->p_vaddr == phdr2->p_vaddr
4570 && (phdr->p_vaddr + phdr->p_memsz
4571 == phdr2->p_vaddr + phdr2->p_memsz))
4572 {
4573 if ((phdr2->p_flags & ~PF_W)
4574 != (phdr->p_flags & ~PF_W))
4575 ERROR (gettext ("\
4576 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4577 cnt, inner);
4578 }
4579 else
4580 {
4581 if ((phdr->p_flags & ~phdr2->p_flags) != 0)
4582 ERROR (gettext ("\
4583 GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"),
4584 inner, cnt);
4585 }
4586 break;
4587 }
4588 }
4589
4590 if (inner >= phnum)
4591 ERROR (gettext ("\
4592 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4593 }
4594 }
4595 else if (phdr->p_type == PT_PHDR)
4596 {
4597 /* Check that the region is in a writable segment. */
4598 unsigned int inner;
4599 for (inner = 0; inner < phnum; ++inner)
4600 {
4601 GElf_Phdr phdr2_mem;
4602 GElf_Phdr *phdr2;
4603
4604 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4605 if (phdr2 != NULL
4606 && phdr2->p_type == PT_LOAD
4607 && phdr->p_vaddr >= phdr2->p_vaddr
4608 && (phdr->p_vaddr + phdr->p_memsz
4609 <= phdr2->p_vaddr + phdr2->p_memsz))
4610 break;
4611 }
4612
4613 if (inner >= phnum)
4614 ERROR (gettext ("\
4615 %s segment not contained in a loaded segment\n"), "PHDR");
4616
4617 /* Check that offset in segment corresponds to offset in ELF
4618 header. */
4619 if (phdr->p_offset != ehdr->e_phoff)
4620 ERROR (gettext ("\
4621 program header offset in ELF header and PHDR entry do not match"));
4622 }
4623 else if (phdr->p_type == PT_GNU_EH_FRAME)
4624 {
4625 /* If there is an .eh_frame_hdr section it must be
4626 referenced by this program header entry. */
4627 Elf_Scn *scn = NULL;
4628 GElf_Shdr shdr_mem;
4629 GElf_Shdr *shdr = NULL;
4630 bool any = false;
4631 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4632 {
4633 any = true;
4634 shdr = gelf_getshdr (scn, &shdr_mem);
4635 if (shdr != NULL
4636 && ((is_debuginfo && shdr->sh_type == SHT_NOBITS)
4637 || (! is_debuginfo
4638 && (shdr->sh_type == SHT_PROGBITS
4639 || shdr->sh_type == SHT_X86_64_UNWIND)))
4640 && elf_strptr (ebl->elf, shstrndx, shdr->sh_name) != NULL
4641 && ! strcmp (".eh_frame_hdr",
4642 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4643 {
4644 if (! is_debuginfo)
4645 {
4646 if (phdr->p_offset != shdr->sh_offset)
4647 ERROR (gettext ("\
4648 call frame search table reference in program header has wrong offset\n"));
4649 if (phdr->p_memsz != shdr->sh_size)
4650 ERROR (gettext ("\
4651 call frame search table size mismatch in program and section header\n"));
4652 }
4653 break;
4654 }
4655 }
4656
4657 if (scn == NULL)
4658 {
4659 /* If there is no section header table we don't
4660 complain. But if there is one there should be an
4661 entry for .eh_frame_hdr. */
4662 if (any)
4663 ERROR (gettext ("\
4664 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4665 }
4666 else
4667 {
4668 /* The section must be allocated and not be writable and
4669 executable. */
4670 if ((phdr->p_flags & PF_R) == 0)
4671 ERROR (gettext ("\
4672 call frame search table must be allocated\n"));
4673 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4674 ERROR (gettext ("\
4675 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4676
4677 if ((phdr->p_flags & PF_W) != 0)
4678 ERROR (gettext ("\
4679 call frame search table must not be writable\n"));
4680 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4681 ERROR (gettext ("\
4682 section [%2zu] '%s' must not be writable\n"),
4683 elf_ndxscn (scn), ".eh_frame_hdr");
4684
4685 if ((phdr->p_flags & PF_X) != 0)
4686 ERROR (gettext ("\
4687 call frame search table must not be executable\n"));
4688 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4689 ERROR (gettext ("\
4690 section [%2zu] '%s' must not be executable\n"),
4691 elf_ndxscn (scn), ".eh_frame_hdr");
4692 }
4693
4694 /* Remember which entry this is. */
4695 pt_gnu_eh_frame_pndx = cnt;
4696 }
4697
4698 if (phdr->p_filesz > phdr->p_memsz
4699 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
4700 ERROR (gettext ("\
4701 program header entry %d: file size greater than memory size\n"),
4702 cnt);
4703
4704 if (phdr->p_align > 1)
4705 {
4706 if (!powerof2 (phdr->p_align))
4707 ERROR (gettext ("\
4708 program header entry %d: alignment not a power of 2\n"), cnt);
4709 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4710 ERROR (gettext ("\
4711 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4712 }
4713 }
4714 }
4715
4716
4717 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4718 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4719 GElf_Ehdr *ehdr __attribute__ ((unused)))
4720 {
4721 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4722 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4723 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have "
4724 "a PT_GNU_EH_FRAME program header entry"));
4725 }
4726
4727
4728 /* Process one file. */
4729 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4730 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4731 const char *fname, size_t size, bool only_one)
4732 {
4733 /* Reset variables. */
4734 ndynamic = 0;
4735 nverneed = 0;
4736 nverdef = 0;
4737 textrel = false;
4738 needed_textrel = false;
4739 has_loadable_segment = false;
4740 has_interp_segment = false;
4741
4742 GElf_Ehdr ehdr_mem;
4743 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4744 Ebl *ebl;
4745
4746 /* Print the file name. */
4747 if (!only_one)
4748 {
4749 if (prefix != NULL)
4750 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4751 else
4752 printf ("\n%s:\n", fname);
4753 }
4754
4755 if (ehdr == NULL)
4756 {
4757 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
4758 return;
4759 }
4760
4761 ebl = ebl_openbackend (elf);
4762 /* If there is no appropriate backend library we cannot test
4763 architecture and OS specific features. Any encountered extension
4764 is an error. */
4765
4766 /* Go straight by the gABI, check all the parts in turn. */
4767 check_elf_header (ebl, ehdr, size);
4768
4769 /* Check the program header. */
4770 check_program_header (ebl, ehdr);
4771
4772 /* Next the section headers. It is OK if there are no section
4773 headers at all. */
4774 check_sections (ebl, ehdr);
4775
4776 /* Check the exception handling data, if it exists. */
4777 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4778 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4779 check_exception_data (ebl, ehdr);
4780
4781 /* Report if no relocation section needed the text relocation flag. */
4782 if (textrel && !needed_textrel)
4783 ERROR (gettext ("text relocation flag set but not needed\n"));
4784
4785 /* Free the resources. */
4786 ebl_closebackend (ebl);
4787 }
4788
4789
4790 #include "debugpred.h"
4791