1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2015, 2017, 2018 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 elfutils is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #ifdef HAVE_CONFIG_H
20 # include <config.h>
21 #endif
22
23 #include <argp.h>
24 #include <assert.h>
25 #include <byteswap.h>
26 #include <endian.h>
27 #include <fcntl.h>
28 #include <gelf.h>
29 #include <inttypes.h>
30 #include <libintl.h>
31 #include <locale.h>
32 #include <stdbool.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <unistd.h>
36 #include <sys/stat.h>
37
38 #include <elf-knowledge.h>
39 #include <libeu.h>
40 #include <system.h>
41 #include <printversion.h>
42 #include "../libelf/libelfP.h"
43 #include "../libelf/common.h"
44 #include "../libebl/libeblP.h"
45 #include "../libdw/libdwP.h"
46 #include "../libdwfl/libdwflP.h"
47 #include "../libdw/memory-access.h"
48
49
50 /* Name and version of program. */
51 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
52
53 /* Bug report address. */
54 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
55
56 #define ARGP_strict 300
57 #define ARGP_gnuld 301
58
59 /* Definitions of arguments for argp functions. */
60 static const struct argp_option options[] =
61 {
62 { "strict", ARGP_strict, NULL, 0,
63 N_("Be extremely strict, flag level 2 features."), 0 },
64 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
65 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
66 { "gnu-ld", ARGP_gnuld, NULL, 0,
67 N_("Binary has been created with GNU ld and is therefore known to be \
68 broken in certain ways"), 0 },
69 { NULL, 0, NULL, 0, NULL, 0 }
70 };
71
72 /* Short description of program. */
73 static const char doc[] = N_("\
74 Pedantic checking of ELF files compliance with gABI/psABI spec.");
75
76 /* Strings for arguments in help texts. */
77 static const char args_doc[] = N_("FILE...");
78
79 /* Prototype for option handler. */
80 static error_t parse_opt (int key, char *arg, struct argp_state *state);
81
82 /* Data structure to communicate with argp functions. */
83 static struct argp argp =
84 {
85 options, parse_opt, args_doc, doc, NULL, NULL, NULL
86 };
87
88
89 /* Declarations of local functions. */
90 static void process_file (int fd, Elf *elf, const char *prefix,
91 const char *suffix, const char *fname, size_t size,
92 bool only_one);
93 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
94 const char *fname, size_t size, bool only_one);
95 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
96 GElf_Shdr *shdr, int idx);
97
98
99 /* Report an error. */
100 #define ERROR(str, args...) \
101 do { \
102 printf (str, ##args); \
103 ++error_count; \
104 } while (0)
105 static unsigned int error_count;
106
107 /* True if we should perform very strict testing. */
108 static bool be_strict;
109
110 /* True if no message is to be printed if the run is successful. */
111 static bool be_quiet;
112
113 /* True if binary is from strip -f, not a normal ELF file. */
114 static bool is_debuginfo;
115
116 /* True if binary is assumed to be generated with GNU ld. */
117 static bool gnuld;
118
119 /* Index of section header string table. */
120 static uint32_t shstrndx;
121
122 /* Array to count references in section groups. */
123 static int *scnref;
124
125 /* Numbers of sections and program headers. */
126 static unsigned int shnum;
127 static unsigned int phnum;
128
129
130 int
main(int argc,char * argv[])131 main (int argc, char *argv[])
132 {
133 /* Set locale. */
134 setlocale (LC_ALL, "");
135
136 /* Initialize the message catalog. */
137 textdomain (PACKAGE_TARNAME);
138
139 /* Parse and process arguments. */
140 int remaining;
141 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
142
143 /* Before we start tell the ELF library which version we are using. */
144 elf_version (EV_CURRENT);
145
146 /* Now process all the files given at the command line. */
147 bool only_one = remaining + 1 == argc;
148 do
149 {
150 /* Open the file. */
151 int fd = open (argv[remaining], O_RDONLY);
152 if (fd == -1)
153 {
154 error (0, errno, _("cannot open input file '%s'"), argv[remaining]);
155 continue;
156 }
157
158 /* Create an `Elf' descriptor. */
159 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
160 if (elf == NULL)
161 ERROR (_("cannot generate Elf descriptor for '%s': %s\n"),
162 argv[remaining], elf_errmsg (-1));
163 else
164 {
165 unsigned int prev_error_count = error_count;
166 struct stat st;
167
168 if (fstat (fd, &st) != 0)
169 {
170 printf ("cannot stat '%s': %m\n", argv[remaining]);
171 close (fd);
172 continue;
173 }
174
175 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
176 only_one);
177
178 /* Now we can close the descriptor. */
179 if (elf_end (elf) != 0)
180 ERROR (_("error while closing Elf descriptor: %s\n"),
181 elf_errmsg (-1));
182
183 if (prev_error_count == error_count && !be_quiet)
184 puts (_("No errors"));
185 }
186
187 close (fd);
188 }
189 while (++remaining < argc);
190
191 return error_count != 0;
192 }
193
194
195 /* Handle program arguments. */
196 static error_t
parse_opt(int key,char * arg,struct argp_state * state)197 parse_opt (int key, char *arg __attribute__ ((unused)),
198 struct argp_state *state __attribute__ ((unused)))
199 {
200 switch (key)
201 {
202 case ARGP_strict:
203 be_strict = true;
204 break;
205
206 case 'q':
207 be_quiet = true;
208 break;
209
210 case 'd':
211 is_debuginfo = true;
212 break;
213
214 case ARGP_gnuld:
215 gnuld = true;
216 break;
217
218 case ARGP_KEY_NO_ARGS:
219 fputs (_("Missing file name.\n"), stderr);
220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
221 exit (EXIT_FAILURE);
222
223 default:
224 return ARGP_ERR_UNKNOWN;
225 }
226 return 0;
227 }
228
229
230 /* Process one file. */
231 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)232 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
233 const char *fname, size_t size, bool only_one)
234 {
235 /* We can handle two types of files: ELF files and archives. */
236 Elf_Kind kind = elf_kind (elf);
237
238 switch (kind)
239 {
240 case ELF_K_ELF:
241 /* Yes! It's an ELF file. */
242 process_elf_file (elf, prefix, suffix, fname, size, only_one);
243 break;
244
245 case ELF_K_AR:
246 {
247 Elf *subelf;
248 Elf_Cmd cmd = ELF_C_READ_MMAP;
249 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
250 size_t fname_len = strlen (fname) + 1;
251 char new_prefix[prefix_len + 1 + fname_len];
252 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
253 char *cp = new_prefix;
254
255 /* Create the full name of the file. */
256 if (prefix != NULL)
257 {
258 cp = mempcpy (cp, prefix, prefix_len);
259 *cp++ = '(';
260 strcpy (stpcpy (new_suffix, suffix), ")");
261 }
262 else
263 new_suffix[0] = '\0';
264 memcpy (cp, fname, fname_len);
265
266 /* It's an archive. We process each file in it. */
267 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
268 {
269 kind = elf_kind (subelf);
270
271 /* Call this function recursively. */
272 if (kind == ELF_K_ELF || kind == ELF_K_AR)
273 {
274 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
275 assert (arhdr != NULL);
276
277 process_file (fd, subelf, new_prefix, new_suffix,
278 arhdr->ar_name, arhdr->ar_size, false);
279 }
280
281 /* Get next archive element. */
282 cmd = elf_next (subelf);
283 if (elf_end (subelf) != 0)
284 ERROR (_(" error while freeing sub-ELF descriptor: %s\n"),
285 elf_errmsg (-1));
286 }
287 }
288 break;
289
290 default:
291 /* We cannot do anything. */
292 ERROR (_("\
293 Not an ELF file - it has the wrong magic bytes at the start\n"));
294 break;
295 }
296 }
297
298
299 static const char *
section_name(Ebl * ebl,int idx)300 section_name (Ebl *ebl, int idx)
301 {
302 GElf_Shdr shdr_mem;
303 GElf_Shdr *shdr;
304 const char *ret;
305
306 if ((unsigned int) idx > shnum)
307 return "<invalid>";
308
309 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
310 if (shdr == NULL)
311 return "<invalid>";
312
313 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
314 if (ret == NULL)
315 return "<invalid>";
316 return ret;
317 }
318
319
320 static const int valid_e_machine[] =
321 {
322 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
323 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
324 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
325 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
326 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
327 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
328 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
329 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
330 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
331 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
332 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA,
333 EM_TILEGX, EM_TILEPRO, EM_AARCH64, EM_BPF, EM_RISCV, EM_CSKY
334 };
335 #define nvalid_e_machine \
336 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
337
338
339 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)340 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
341 {
342 char buf[512];
343 size_t cnt;
344
345 /* Check e_ident field. */
346 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
347 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
348 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
349 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
350 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
351 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
352 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
353 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
354
355 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
356 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
357 ERROR (_("e_ident[%d] == %d is no known class\n"),
358 EI_CLASS, ehdr->e_ident[EI_CLASS]);
359
360 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
361 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
362 ERROR (_("e_ident[%d] == %d is no known data encoding\n"),
363 EI_DATA, ehdr->e_ident[EI_DATA]);
364
365 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
366 ERROR (_("unknown ELF header version number e_ident[%d] == %d\n"),
367 EI_VERSION, ehdr->e_ident[EI_VERSION]);
368
369 /* We currently don't handle any OS ABIs other than Linux and the
370 kFreeBSD variant of Debian. */
371 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
372 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX
373 && ehdr->e_ident[EI_OSABI] != ELFOSABI_FREEBSD)
374 ERROR (_("unsupported OS ABI e_ident[%d] == '%s'\n"),
375 EI_OSABI,
376 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
377
378 /* No ABI versions other than zero are supported either. */
379 if (ehdr->e_ident[EI_ABIVERSION] != 0)
380 ERROR (_("unsupported ABI version e_ident[%d] == %d\n"),
381 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
382
383 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
384 if (ehdr->e_ident[cnt] != 0)
385 ERROR (_("e_ident[%zu] is not zero\n"), cnt);
386
387 /* Check the e_type field. */
388 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
389 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
390 ERROR (_("unknown object file type %d\n"), ehdr->e_type);
391
392 /* Check the e_machine field. */
393 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
394 if (valid_e_machine[cnt] == ehdr->e_machine)
395 break;
396 if (cnt == nvalid_e_machine)
397 ERROR (_("unknown machine type %d\n"), ehdr->e_machine);
398
399 /* Check the e_version field. */
400 if (ehdr->e_version != EV_CURRENT)
401 ERROR (_("unknown object file version\n"));
402
403 /* Check the e_phoff and e_phnum fields. */
404 if (ehdr->e_phoff == 0)
405 {
406 if (ehdr->e_phnum != 0)
407 ERROR (_("invalid program header offset\n"));
408 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
409 ERROR (_("\
410 executables and DSOs cannot have zero program header offset\n"));
411 }
412 else if (ehdr->e_phnum == 0)
413 ERROR (_("invalid number of program header entries\n"));
414
415 /* Check the e_shoff field. */
416 shnum = ehdr->e_shnum;
417 shstrndx = ehdr->e_shstrndx;
418 if (ehdr->e_shoff == 0)
419 {
420 if (ehdr->e_shnum != 0)
421 ERROR (_("invalid section header table offset\n"));
422 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
423 && ehdr->e_type != ET_CORE)
424 ERROR (_("section header table must be present\n"));
425 }
426 else
427 {
428 if (ehdr->e_shnum == 0)
429 {
430 /* Get the header of the zeroth section. The sh_size field
431 might contain the section number. */
432 GElf_Shdr shdr_mem;
433 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
434 if (shdr != NULL)
435 {
436 /* The error will be reported later. */
437 if (shdr->sh_size == 0)
438 ERROR (_("\
439 invalid number of section header table entries\n"));
440 else
441 shnum = shdr->sh_size;
442 }
443 }
444
445 if (ehdr->e_shstrndx == SHN_XINDEX)
446 {
447 /* Get the header of the zeroth section. The sh_size field
448 might contain the section number. */
449 GElf_Shdr shdr_mem;
450 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
451 if (shdr != NULL && shdr->sh_link < shnum)
452 shstrndx = shdr->sh_link;
453 }
454 else if (shstrndx >= shnum)
455 ERROR (_("invalid section header index\n"));
456 }
457
458 /* Check the shdrs actually exist. And uncompress them before
459 further checking. Indexes between sections reference the
460 uncompressed data. */
461 unsigned int scnt;
462 Elf_Scn *scn = NULL;
463 for (scnt = 1; scnt < shnum; ++scnt)
464 {
465 scn = elf_nextscn (ebl->elf, scn);
466 if (scn == NULL)
467 break;
468 /* If the section wasn't compressed this does nothing, but
469 returns an error. We don't care. */
470 if (elf_compress (scn, 0, 0) < 0) { ; }
471 }
472 if (scnt < shnum)
473 ERROR (_("Can only check %u headers, shnum was %u\n"), scnt, shnum);
474 shnum = scnt;
475
476 phnum = ehdr->e_phnum;
477 if (ehdr->e_phnum == PN_XNUM)
478 {
479 /* Get the header of the zeroth section. The sh_info field
480 might contain the phnum count. */
481 GElf_Shdr shdr_mem;
482 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
483 if (shdr != NULL)
484 {
485 /* The error will be reported later. */
486 if (shdr->sh_info < PN_XNUM)
487 ERROR (_("\
488 invalid number of program header table entries\n"));
489 else
490 phnum = shdr->sh_info;
491 }
492 }
493
494 /* Check the phdrs actually exist. */
495 unsigned int pcnt;
496 for (pcnt = 0; pcnt < phnum; ++pcnt)
497 {
498 GElf_Phdr phdr_mem;
499 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
500 if (phdr == NULL)
501 break;
502 }
503 if (pcnt < phnum)
504 ERROR (_("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
505 phnum = pcnt;
506
507 /* Check the e_flags field. */
508 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
509 ERROR (_("invalid machine flags: %s\n"),
510 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
511
512 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
513 if (gelf_getclass (ebl->elf) == ELFCLASS32)
514 {
515 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
516 ERROR (_("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
517
518 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
519 ERROR (_("invalid program header size: %hd\n"),
520 ehdr->e_phentsize);
521 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
522 ERROR (_("invalid program header position or size\n"));
523
524 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
525 ERROR (_("invalid section header size: %hd\n"),
526 ehdr->e_shentsize);
527 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
528 ERROR (_("invalid section header position or size\n"));
529 }
530 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
531 {
532 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
533 ERROR (_("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
534
535 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
536 ERROR (_("invalid program header size: %hd\n"),
537 ehdr->e_phentsize);
538 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
539 ERROR (_("invalid program header position or size\n"));
540
541 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
542 ERROR (_("invalid section header size: %hd\n"),
543 ehdr->e_shentsize);
544 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
545 ERROR (_("invalid section header position or size\n"));
546 }
547 }
548
549
550 /* Check that there is a section group section with index < IDX which
551 contains section IDX and that there is exactly one. */
552 static void
check_scn_group(Ebl * ebl,int idx)553 check_scn_group (Ebl *ebl, int idx)
554 {
555 if (scnref[idx] == 0)
556 {
557 /* No reference so far. Search following sections, maybe the
558 order is wrong. */
559 size_t cnt;
560
561 for (cnt = idx + 1; cnt < shnum; ++cnt)
562 {
563 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
564 GElf_Shdr shdr_mem;
565 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
566 if (shdr == NULL)
567 /* We cannot get the section header so we cannot check it.
568 The error to get the section header will be shown
569 somewhere else. */
570 continue;
571
572 if (shdr->sh_type != SHT_GROUP)
573 continue;
574
575 Elf_Data *data = elf_getdata (scn, NULL);
576 if (data == NULL || data->d_buf == NULL
577 || data->d_size < sizeof (Elf32_Word))
578 /* Cannot check the section. */
579 continue;
580
581 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
582 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
583 ++inner)
584 if (grpdata[inner] == (Elf32_Word) idx)
585 goto out;
586 }
587
588 out:
589 if (cnt == shnum)
590 ERROR (_("\
591 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
592 idx, section_name (ebl, idx));
593 else
594 ERROR (_("\
595 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
596 idx, section_name (ebl, idx),
597 cnt, section_name (ebl, cnt));
598 }
599 }
600
601
602 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)603 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
604 {
605 bool no_xndx_warned = false;
606 int no_pt_tls = 0;
607 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
608 if (data == NULL)
609 {
610 ERROR (_("section [%2d] '%s': cannot get section data\n"),
611 idx, section_name (ebl, idx));
612 return;
613 }
614
615 GElf_Shdr strshdr_mem;
616 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
617 &strshdr_mem);
618 if (strshdr == NULL)
619 return;
620
621 if (strshdr->sh_type != SHT_STRTAB)
622 {
623 ERROR (_("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
624 shdr->sh_link, section_name (ebl, shdr->sh_link),
625 idx, section_name (ebl, idx));
626 strshdr = NULL;
627 }
628
629 /* Search for an extended section index table section. */
630 Elf_Data *xndxdata = NULL;
631 Elf32_Word xndxscnidx = 0;
632 bool found_xndx = false;
633 for (size_t cnt = 1; cnt < shnum; ++cnt)
634 if (cnt != (size_t) idx)
635 {
636 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
637 GElf_Shdr xndxshdr_mem;
638 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
639 if (xndxshdr == NULL)
640 continue;
641
642 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
643 && xndxshdr->sh_link == (GElf_Word) idx)
644 {
645 if (found_xndx)
646 ERROR (_("\
647 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
648 idx, section_name (ebl, idx));
649
650 xndxdata = elf_getdata (xndxscn, NULL);
651 xndxscnidx = elf_ndxscn (xndxscn);
652 found_xndx = true;
653 }
654 }
655
656 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
657 if (shdr->sh_entsize != sh_entsize)
658 ERROR (_("\
659 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
660 idx, section_name (ebl, idx));
661 else if (shdr->sh_info > shdr->sh_size / sh_entsize)
662 ERROR (_("\
663 section [%2u] '%s': number of local entries in 'st_info' larger than table size\n"),
664 idx, section_name (ebl, idx));
665
666 /* Test the zeroth entry. */
667 GElf_Sym sym_mem;
668 Elf32_Word xndx;
669 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
670 if (sym == NULL)
671 ERROR (_("section [%2d] '%s': cannot get symbol %d: %s\n"),
672 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
673 else
674 {
675 if (sym->st_name != 0)
676 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
677 idx, section_name (ebl, idx), "st_name");
678 if (sym->st_value != 0)
679 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
680 idx, section_name (ebl, idx), "st_value");
681 if (sym->st_size != 0)
682 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
683 idx, section_name (ebl, idx), "st_size");
684 if (sym->st_info != 0)
685 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
686 idx, section_name (ebl, idx), "st_info");
687 if (sym->st_other != 0)
688 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
689 idx, section_name (ebl, idx), "st_other");
690 if (sym->st_shndx != 0)
691 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
692 idx, section_name (ebl, idx), "st_shndx");
693 if (xndxdata != NULL && xndx != 0)
694 ERROR (_("\
695 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
696 xndxscnidx, section_name (ebl, xndxscnidx));
697 }
698
699 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
700 {
701 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
702 if (sym == NULL)
703 {
704 ERROR (_("section [%2d] '%s': cannot get symbol %zu: %s\n"),
705 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
706 continue;
707 }
708
709 const char *name = "<invalid>";
710 if (strshdr == NULL)
711 name = "";
712 else if (sym->st_name >= strshdr->sh_size)
713 ERROR (_("\
714 section [%2d] '%s': symbol %zu: invalid name value\n"),
715 idx, section_name (ebl, idx), cnt);
716 else
717 {
718 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
719 if (name == NULL)
720 name = "";
721 }
722
723 if (sym->st_shndx == SHN_XINDEX)
724 {
725 if (xndxdata == NULL)
726 {
727 if (!no_xndx_warned)
728 ERROR (_("\
729 section [%2d] '%s': symbol %zu (%s): too large section index but no extended section index section\n"),
730 idx, section_name (ebl, idx), cnt, name);
731 no_xndx_warned = true;
732 }
733 else if (xndx < SHN_LORESERVE)
734 ERROR (_("\
735 section [%2d] '%s': symbol %zu (%s): XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
736 xndxscnidx, section_name (ebl, xndxscnidx), cnt, name,
737 xndx);
738 }
739 else if ((sym->st_shndx >= SHN_LORESERVE
740 // && sym->st_shndx <= SHN_HIRESERVE always true
741 && sym->st_shndx != SHN_ABS
742 && sym->st_shndx != SHN_COMMON)
743 || (sym->st_shndx >= shnum
744 && (sym->st_shndx < SHN_LORESERVE
745 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
746 ERROR (_("\
747 section [%2d] '%s': symbol %zu (%s): invalid section index\n"),
748 idx, section_name (ebl, idx), cnt, name);
749 else
750 xndx = sym->st_shndx;
751
752 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
753 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
754 ERROR (_("section [%2d] '%s': symbol %zu (%s): unknown type\n"),
755 idx, section_name (ebl, idx), cnt, name);
756
757 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
758 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
759 0))
760 ERROR (_("\
761 section [%2d] '%s': symbol %zu (%s): unknown symbol binding\n"),
762 idx, section_name (ebl, idx), cnt, name);
763 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
764 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
765 ERROR (_("\
766 section [%2d] '%s': symbol %zu (%s): unique symbol not of object type\n"),
767 idx, section_name (ebl, idx), cnt, name);
768
769 if (xndx == SHN_COMMON)
770 {
771 /* Common symbols can only appear in relocatable files. */
772 if (ehdr->e_type != ET_REL)
773 ERROR (_("\
774 section [%2d] '%s': symbol %zu (%s): COMMON only allowed in relocatable files\n"),
775 idx, section_name (ebl, idx), cnt, name);
776 if (cnt < shdr->sh_info)
777 ERROR (_("\
778 section [%2d] '%s': symbol %zu (%s): local COMMON symbols are nonsense\n"),
779 idx, section_name (ebl, idx), cnt, name);
780 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
781 ERROR (_("\
782 section [%2d] '%s': symbol %zu (%s): function in COMMON section is nonsense\n"),
783 idx, section_name (ebl, idx), cnt, name);
784 }
785 else if (xndx > 0 && xndx < shnum)
786 {
787 GElf_Shdr destshdr_mem;
788 GElf_Shdr *destshdr;
789
790 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
791 if (destshdr != NULL)
792 {
793 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
794 : destshdr->sh_addr);
795 GElf_Addr st_value;
796 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC
797 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC))
798 st_value = sym->st_value & ebl_func_addr_mask (ebl);
799 else
800 st_value = sym->st_value;
801 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
802 {
803 if (! ebl_check_special_symbol (ebl, sym, name,
804 destshdr))
805 {
806 if (st_value - sh_addr > destshdr->sh_size)
807 {
808 /* GNU ld has severe bugs. When it decides to remove
809 empty sections it leaves symbols referencing them
810 behind. These are symbols in .symtab or .dynsym
811 and for the named symbols have zero size. See
812 sourceware PR13621. */
813 if (!gnuld
814 || (strcmp (section_name (ebl, idx), ".symtab")
815 && strcmp (section_name (ebl, idx),
816 ".dynsym"))
817 || sym->st_size != 0
818 || (strcmp (name, "__preinit_array_start") != 0
819 && strcmp (name, "__preinit_array_end") != 0
820 && strcmp (name, "__init_array_start") != 0
821 && strcmp (name, "__init_array_end") != 0
822 && strcmp (name, "__fini_array_start") != 0
823 && strcmp (name, "__fini_array_end") != 0
824 && strcmp (name, "__bss_start") != 0
825 && strcmp (name, "__bss_start__") != 0
826 && strcmp (name, "__TMC_END__") != 0
827 && strcmp (name, ".TOC.") != 0
828 && strcmp (name, "_edata") != 0
829 && strcmp (name, "__edata") != 0
830 && strcmp (name, "_end") != 0
831 && strcmp (name, "__end") != 0))
832 ERROR (_("\
833 section [%2d] '%s': symbol %zu (%s): st_value out of bounds\n"),
834 idx, section_name (ebl, idx), cnt, name);
835 }
836 else if ((st_value - sh_addr
837 + sym->st_size) > destshdr->sh_size)
838 ERROR (_("\
839 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
840 idx, section_name (ebl, idx), cnt, name,
841 (int) xndx, section_name (ebl, xndx));
842 }
843 }
844 else
845 {
846 if ((destshdr->sh_flags & SHF_TLS) == 0)
847 ERROR (_("\
848 section [%2d] '%s': symbol %zu (%s): referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
849 idx, section_name (ebl, idx), cnt, name,
850 (int) xndx, section_name (ebl, xndx));
851
852 if (ehdr->e_type == ET_REL)
853 {
854 /* For object files the symbol value must fall
855 into the section. */
856 if (st_value > destshdr->sh_size)
857 ERROR (_("\
858 section [%2d] '%s': symbol %zu (%s): st_value out of bounds of referenced section [%2d] '%s'\n"),
859 idx, section_name (ebl, idx), cnt, name,
860 (int) xndx, section_name (ebl, xndx));
861 else if (st_value + sym->st_size
862 > destshdr->sh_size)
863 ERROR (_("\
864 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
865 idx, section_name (ebl, idx), cnt, name,
866 (int) xndx, section_name (ebl, xndx));
867 }
868 else
869 {
870 GElf_Phdr phdr_mem;
871 GElf_Phdr *phdr = NULL;
872 unsigned int pcnt;
873
874 for (pcnt = 0; pcnt < phnum; ++pcnt)
875 {
876 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
877 if (phdr != NULL && phdr->p_type == PT_TLS)
878 break;
879 }
880
881 if (pcnt == phnum)
882 {
883 if (no_pt_tls++ == 0)
884 ERROR (_("\
885 section [%2d] '%s': symbol %zu (%s): TLS symbol but no TLS program header entry\n"),
886 idx, section_name (ebl, idx), cnt, name);
887 }
888 else if (phdr == NULL)
889 {
890 ERROR (_("\
891 section [%2d] '%s': symbol %zu (%s): TLS symbol but couldn't get TLS program header entry\n"),
892 idx, section_name (ebl, idx), cnt, name);
893 }
894 else if (!is_debuginfo)
895 {
896 if (st_value
897 < destshdr->sh_offset - phdr->p_offset)
898 ERROR (_("\
899 section [%2d] '%s': symbol %zu (%s): st_value short of referenced section [%2d] '%s'\n"),
900 idx, section_name (ebl, idx), cnt, name,
901 (int) xndx, section_name (ebl, xndx));
902 else if (st_value
903 > (destshdr->sh_offset - phdr->p_offset
904 + destshdr->sh_size))
905 ERROR (_("\
906 section [%2d] '%s': symbol %zu (%s): st_value out of bounds of referenced section [%2d] '%s'\n"),
907 idx, section_name (ebl, idx), cnt, name,
908 (int) xndx, section_name (ebl, xndx));
909 else if (st_value + sym->st_size
910 > (destshdr->sh_offset - phdr->p_offset
911 + destshdr->sh_size))
912 ERROR (_("\
913 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
914 idx, section_name (ebl, idx), cnt, name,
915 (int) xndx, section_name (ebl, xndx));
916 }
917 }
918 }
919 }
920 }
921
922 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
923 {
924 if (cnt >= shdr->sh_info)
925 ERROR (_("\
926 section [%2d] '%s': symbol %zu (%s): local symbol outside range described in sh_info\n"),
927 idx, section_name (ebl, idx), cnt, name);
928 }
929 else
930 {
931 if (cnt < shdr->sh_info)
932 ERROR (_("\
933 section [%2d] '%s': symbol %zu (%s): non-local symbol outside range described in sh_info\n"),
934 idx, section_name (ebl, idx), cnt, name);
935 }
936
937 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
938 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
939 ERROR (_("\
940 section [%2d] '%s': symbol %zu (%s): non-local section symbol\n"),
941 idx, section_name (ebl, idx), cnt, name);
942
943 if (name != NULL)
944 {
945 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
946 {
947 /* Check that address and size match the global offset table. */
948
949 GElf_Shdr destshdr_mem;
950 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
951 &destshdr_mem);
952
953 if (destshdr == NULL && xndx == SHN_ABS)
954 {
955 /* In a DSO, we have to find the GOT section by name. */
956 Elf_Scn *gotscn = NULL;
957 Elf_Scn *gscn = NULL;
958 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
959 {
960 destshdr = gelf_getshdr (gscn, &destshdr_mem);
961 assert (destshdr != NULL);
962 const char *sname = elf_strptr (ebl->elf,
963 shstrndx,
964 destshdr->sh_name);
965 if (sname != NULL)
966 {
967 if (strcmp (sname, ".got.plt") == 0)
968 break;
969 if (strcmp (sname, ".got") == 0)
970 /* Do not stop looking.
971 There might be a .got.plt section. */
972 gotscn = gscn;
973 }
974
975 destshdr = NULL;
976 }
977
978 if (destshdr == NULL && gotscn != NULL)
979 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
980 }
981
982 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
983 ? NULL
984 : elf_strptr (ebl->elf, shstrndx,
985 destshdr->sh_name));
986 if (sname == NULL)
987 {
988 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
989 ERROR (_("\
990 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
991 bad section [%2d]\n"),
992 idx, section_name (ebl, idx), xndx);
993 }
994 else if (strcmp (sname, ".got.plt") != 0
995 && strcmp (sname, ".got") != 0)
996 ERROR (_("\
997 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
998 section [%2d] '%s'\n"),
999 idx, section_name (ebl, idx), xndx, sname);
1000
1001 if (destshdr != NULL)
1002 {
1003 /* Found it. */
1004 if (!ebl_check_special_symbol (ebl, sym, name,
1005 destshdr))
1006 {
1007 if (ehdr->e_type != ET_REL
1008 && sym->st_value != destshdr->sh_addr)
1009 /* This test is more strict than the psABIs which
1010 usually allow the symbol to be in the middle of
1011 the .got section, allowing negative offsets. */
1012 ERROR (_("\
1013 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
1014 idx, section_name (ebl, idx),
1015 (uint64_t) sym->st_value,
1016 sname, (uint64_t) destshdr->sh_addr);
1017
1018 if (!gnuld && sym->st_size != destshdr->sh_size)
1019 ERROR (_("\
1020 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
1021 idx, section_name (ebl, idx),
1022 (uint64_t) sym->st_size,
1023 sname, (uint64_t) destshdr->sh_size);
1024 }
1025 }
1026 else
1027 ERROR (_("\
1028 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
1029 idx, section_name (ebl, idx));
1030 }
1031 else if (strcmp (name, "_DYNAMIC") == 0)
1032 /* Check that address and size match the dynamic section.
1033 We locate the dynamic section via the program header
1034 entry. */
1035 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
1036 {
1037 GElf_Phdr phdr_mem;
1038 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
1039
1040 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
1041 {
1042 if (sym->st_value != phdr->p_vaddr)
1043 ERROR (_("\
1044 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
1045 idx, section_name (ebl, idx),
1046 (uint64_t) sym->st_value,
1047 (uint64_t) phdr->p_vaddr);
1048
1049 if (!gnuld && sym->st_size != phdr->p_memsz)
1050 ERROR (_("\
1051 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1052 idx, section_name (ebl, idx),
1053 (uint64_t) sym->st_size,
1054 (uint64_t) phdr->p_memsz);
1055
1056 break;
1057 }
1058 }
1059 }
1060
1061 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1062 && shdr->sh_type == SHT_DYNSYM)
1063 ERROR (_("\
1064 section [%2d] '%s': symbol %zu (%s): symbol in dynamic symbol table with non-default visibility\n"),
1065 idx, section_name (ebl, idx), cnt, name);
1066 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1067 ERROR (_("\
1068 section [%2d] '%s': symbol %zu (%s): unknown bit set in st_other\n"),
1069 idx, section_name (ebl, idx), cnt, name);
1070
1071 }
1072 }
1073
1074
1075 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1076 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1077 bool is_rela)
1078 {
1079 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1080 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1081 return false;
1082
1083 /* Check the section name. Unfortunately necessary. */
1084 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1085 return false;
1086
1087 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1088 entry can be present as well. */
1089 Elf_Scn *scn = NULL;
1090 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1091 {
1092 GElf_Shdr rcshdr_mem;
1093 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1094
1095 if (rcshdr == NULL)
1096 break;
1097
1098 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize != 0)
1099 {
1100 /* Found the dynamic section. Look through it. */
1101 Elf_Data *d = elf_getdata (scn, NULL);
1102 size_t cnt;
1103
1104 if (d == NULL)
1105 ERROR (_("\
1106 section [%2d] '%s': cannot get section data.\n"),
1107 idx, section_name (ebl, idx));
1108
1109 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1110 {
1111 GElf_Dyn dyn_mem;
1112 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1113
1114 if (dyn == NULL)
1115 break;
1116
1117 if (dyn->d_tag == DT_RELCOUNT)
1118 {
1119 /* Found it. Does the type match. */
1120 if (is_rela)
1121 ERROR (_("\
1122 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1123 idx, section_name (ebl, idx));
1124 else
1125 {
1126 /* Does the number specified number of relative
1127 relocations exceed the total number of
1128 relocations? */
1129 if (shdr->sh_entsize != 0
1130 && dyn->d_un.d_val > (shdr->sh_size
1131 / shdr->sh_entsize))
1132 ERROR (_("\
1133 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1134 idx, section_name (ebl, idx),
1135 (int) dyn->d_un.d_val);
1136
1137 /* Make sure the specified number of relocations are
1138 relative. */
1139 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1140 idx), NULL);
1141 if (reldata != NULL && shdr->sh_entsize != 0)
1142 for (size_t inner = 0;
1143 inner < shdr->sh_size / shdr->sh_entsize;
1144 ++inner)
1145 {
1146 GElf_Rel rel_mem;
1147 GElf_Rel *rel = gelf_getrel (reldata, inner,
1148 &rel_mem);
1149 if (rel == NULL)
1150 /* The problem will be reported elsewhere. */
1151 break;
1152
1153 if (ebl_relative_reloc_p (ebl,
1154 GELF_R_TYPE (rel->r_info)))
1155 {
1156 if (inner >= dyn->d_un.d_val)
1157 ERROR (_("\
1158 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1159 idx, section_name (ebl, idx),
1160 (int) dyn->d_un.d_val);
1161 }
1162 else if (inner < dyn->d_un.d_val)
1163 ERROR (_("\
1164 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1165 idx, section_name (ebl, idx),
1166 inner, (int) dyn->d_un.d_val);
1167 }
1168 }
1169 }
1170
1171 if (dyn->d_tag == DT_RELACOUNT)
1172 {
1173 /* Found it. Does the type match. */
1174 if (!is_rela)
1175 ERROR (_("\
1176 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1177 idx, section_name (ebl, idx));
1178 else
1179 {
1180 /* Does the number specified number of relative
1181 relocations exceed the total number of
1182 relocations? */
1183 if (shdr->sh_entsize != 0
1184 && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1185 ERROR (_("\
1186 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1187 idx, section_name (ebl, idx),
1188 (int) dyn->d_un.d_val);
1189
1190 /* Make sure the specified number of relocations are
1191 relative. */
1192 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1193 idx), NULL);
1194 if (reldata != NULL && shdr->sh_entsize != 0)
1195 for (size_t inner = 0;
1196 inner < shdr->sh_size / shdr->sh_entsize;
1197 ++inner)
1198 {
1199 GElf_Rela rela_mem;
1200 GElf_Rela *rela = gelf_getrela (reldata, inner,
1201 &rela_mem);
1202 if (rela == NULL)
1203 /* The problem will be reported elsewhere. */
1204 break;
1205
1206 if (ebl_relative_reloc_p (ebl,
1207 GELF_R_TYPE (rela->r_info)))
1208 {
1209 if (inner >= dyn->d_un.d_val)
1210 ERROR (_("\
1211 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1212 idx, section_name (ebl, idx),
1213 (int) dyn->d_un.d_val);
1214 }
1215 else if (inner < dyn->d_un.d_val)
1216 ERROR (_("\
1217 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1218 idx, section_name (ebl, idx),
1219 inner, (int) dyn->d_un.d_val);
1220 }
1221 }
1222 }
1223 }
1224
1225 break;
1226 }
1227 }
1228
1229 return true;
1230 }
1231
1232
1233 struct loaded_segment
1234 {
1235 GElf_Addr from;
1236 GElf_Addr to;
1237 bool read_only;
1238 struct loaded_segment *next;
1239 };
1240
1241
1242 /* Check whether binary has text relocation flag set. */
1243 static bool textrel;
1244
1245 /* Keep track of whether text relocation flag is needed. */
1246 static bool needed_textrel;
1247
1248
1249 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1250 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1251 int idx, int reltype, GElf_Shdr **destshdrp,
1252 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1253 {
1254 bool reldyn = false;
1255
1256 /* Check whether the link to the section we relocate is reasonable. */
1257 if (shdr->sh_info >= shnum)
1258 ERROR (_("section [%2d] '%s': invalid destination section index\n"),
1259 idx, section_name (ebl, idx));
1260 else if (shdr->sh_info != 0)
1261 {
1262 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1263 destshdr_memp);
1264 if (*destshdrp != NULL)
1265 {
1266 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type))
1267 {
1268 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1269 if (!reldyn)
1270 ERROR (_("\
1271 section [%2d] '%s': invalid destination section type\n"),
1272 idx, section_name (ebl, idx));
1273 else
1274 {
1275 /* There is no standard, but we require that .rel{,a}.dyn
1276 sections have a sh_info value of zero. */
1277 if (shdr->sh_info != 0)
1278 ERROR (_("\
1279 section [%2d] '%s': sh_info should be zero\n"),
1280 idx, section_name (ebl, idx));
1281 }
1282 }
1283
1284 if ((((*destshdrp)->sh_flags & SHF_MERGE) != 0)
1285 && ((*destshdrp)->sh_flags & SHF_STRINGS) != 0)
1286 ERROR (_("\
1287 section [%2d] '%s': no relocations for merge-able string sections possible\n"),
1288 idx, section_name (ebl, idx));
1289 }
1290 }
1291
1292 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1293 if (shdr->sh_entsize != sh_entsize)
1294 ERROR (_(reltype == ELF_T_RELA ? "\
1295 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1296 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1297 idx, section_name (ebl, idx));
1298
1299 /* In preparation of checking whether relocations are text
1300 relocations or not we need to determine whether the file is
1301 flagged to have text relocation and we need to determine a) what
1302 the loaded segments are and b) which are read-only. This will
1303 also allow us to determine whether the same reloc section is
1304 modifying loaded and not loaded segments. */
1305 for (unsigned int i = 0; i < phnum; ++i)
1306 {
1307 GElf_Phdr phdr_mem;
1308 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1309 if (phdr == NULL)
1310 continue;
1311
1312 if (phdr->p_type == PT_LOAD)
1313 {
1314 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1315 newp->from = phdr->p_vaddr;
1316 newp->to = phdr->p_vaddr + phdr->p_memsz;
1317 newp->read_only = (phdr->p_flags & PF_W) == 0;
1318 newp->next = *loadedp;
1319 *loadedp = newp;
1320 }
1321 else if (phdr->p_type == PT_DYNAMIC)
1322 {
1323 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1324 GElf_Shdr dynshdr_mem;
1325 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1326 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1327 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1328 && dyndata != NULL && dynshdr->sh_entsize != 0)
1329 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1330 {
1331 GElf_Dyn dyn_mem;
1332 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1333 if (dyn != NULL
1334 && (dyn->d_tag == DT_TEXTREL
1335 || (dyn->d_tag == DT_FLAGS
1336 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1337 {
1338 textrel = true;
1339 break;
1340 }
1341 }
1342 }
1343 }
1344
1345 /* A quick test which can be easily done here (although it is a bit
1346 out of place): the text relocation flag makes only sense if there
1347 is a segment which is not writable. */
1348 if (textrel)
1349 {
1350 struct loaded_segment *seg = *loadedp;
1351 while (seg != NULL && !seg->read_only)
1352 seg = seg->next;
1353 if (seg == NULL)
1354 ERROR (_("\
1355 text relocation flag set but there is no read-only segment\n"));
1356 }
1357
1358 return reldyn;
1359 }
1360
1361
1362 enum load_state
1363 {
1364 state_undecided,
1365 state_loaded,
1366 state_unloaded,
1367 state_error
1368 };
1369
1370
1371 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1372 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1373 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1374 GElf_Addr r_offset, GElf_Xword r_info,
1375 const GElf_Shdr *destshdr, bool reldyn,
1376 struct loaded_segment *loaded, enum load_state *statep)
1377 {
1378 bool known_broken = gnuld;
1379
1380 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1381 ERROR (_("section [%2d] '%s': relocation %zu: invalid type\n"),
1382 idx, section_name (ebl, idx), cnt);
1383 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1384 /* The executable/DSO can contain relocation sections with
1385 all the relocations the linker has applied. Those sections
1386 are marked non-loaded, though. */
1387 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1388 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1389 ERROR (_("\
1390 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1391 idx, section_name (ebl, idx), cnt);
1392
1393 if (symshdr != NULL
1394 && ((GELF_R_SYM (r_info) + 1)
1395 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1396 > symshdr->sh_size))
1397 ERROR (_("\
1398 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1399 idx, section_name (ebl, idx), cnt);
1400
1401 /* No more tests if this is a no-op relocation. */
1402 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1403 return;
1404
1405 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1406 {
1407 const char *name;
1408 char buf[64];
1409 GElf_Sym sym_mem;
1410 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1411 if (sym != NULL
1412 /* Get the name for the symbol. */
1413 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1414 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1415 ERROR (_("\
1416 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1417 idx, section_name (ebl, idx), cnt,
1418 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1419 buf, sizeof (buf)));
1420 }
1421
1422 if (reldyn)
1423 {
1424 // XXX TODO Check .rel.dyn section addresses.
1425 }
1426 else if (!known_broken)
1427 {
1428 if (destshdr != NULL
1429 && GELF_R_TYPE (r_info) != 0
1430 && (r_offset - (ehdr->e_type == ET_REL ? 0
1431 : destshdr->sh_addr)) >= destshdr->sh_size)
1432 ERROR (_("\
1433 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1434 idx, section_name (ebl, idx), cnt);
1435 }
1436
1437 GElf_Sym sym_mem;
1438 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1439
1440 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1441 /* Make sure the referenced symbol is an object or unspecified. */
1442 && sym != NULL
1443 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1444 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1445 {
1446 char buf[64];
1447 ERROR (_("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1448 idx, section_name (ebl, idx), cnt,
1449 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1450 buf, sizeof (buf)));
1451 }
1452
1453 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1454 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1455 {
1456 bool in_loaded_seg = false;
1457 while (loaded != NULL)
1458 {
1459 if (r_offset < loaded->to
1460 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1461 {
1462 /* The symbol is in this segment. */
1463 if (loaded->read_only)
1464 {
1465 if (textrel)
1466 needed_textrel = true;
1467 else
1468 ERROR (_("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1469 idx, section_name (ebl, idx), cnt);
1470 }
1471
1472 in_loaded_seg = true;
1473 }
1474
1475 loaded = loaded->next;
1476 }
1477
1478 if (*statep == state_undecided)
1479 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1480 else if ((*statep == state_unloaded && in_loaded_seg)
1481 || (*statep == state_loaded && !in_loaded_seg))
1482 {
1483 ERROR (_("\
1484 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1485 idx, section_name (ebl, idx));
1486 *statep = state_error;
1487 }
1488 }
1489 }
1490
1491
1492 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1493 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1494 {
1495 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1496 if (data == NULL)
1497 {
1498 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1499 idx, section_name (ebl, idx));
1500 return;
1501 }
1502
1503 /* Check the fields of the section header. */
1504 GElf_Shdr destshdr_mem;
1505 GElf_Shdr *destshdr = NULL;
1506 struct loaded_segment *loaded = NULL;
1507 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1508 &destshdr_mem, &loaded);
1509
1510 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1511 GElf_Shdr symshdr_mem;
1512 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1513 Elf_Data *symdata = elf_getdata (symscn, NULL);
1514 enum load_state state = state_undecided;
1515
1516 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1517 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1518 {
1519 GElf_Rela rela_mem;
1520 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1521 if (rela == NULL)
1522 {
1523 ERROR (_("\
1524 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1525 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1526 continue;
1527 }
1528
1529 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1530 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1531 &state);
1532 }
1533
1534 while (loaded != NULL)
1535 {
1536 struct loaded_segment *old = loaded;
1537 loaded = loaded->next;
1538 free (old);
1539 }
1540 }
1541
1542
1543 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1544 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1545 {
1546 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1547 if (data == NULL)
1548 {
1549 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1550 idx, section_name (ebl, idx));
1551 return;
1552 }
1553
1554 /* Check the fields of the section header. */
1555 GElf_Shdr destshdr_mem;
1556 GElf_Shdr *destshdr = NULL;
1557 struct loaded_segment *loaded = NULL;
1558 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1559 &destshdr_mem, &loaded);
1560
1561 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1562 GElf_Shdr symshdr_mem;
1563 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1564 Elf_Data *symdata = elf_getdata (symscn, NULL);
1565 enum load_state state = state_undecided;
1566
1567 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1568 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1569 {
1570 GElf_Rel rel_mem;
1571 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1572 if (rel == NULL)
1573 {
1574 ERROR (_("\
1575 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1576 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1577 continue;
1578 }
1579
1580 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1581 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1582 &state);
1583 }
1584
1585 while (loaded != NULL)
1586 {
1587 struct loaded_segment *old = loaded;
1588 loaded = loaded->next;
1589 free (old);
1590 }
1591 }
1592
1593
1594 /* Number of dynamic sections. */
1595 static int ndynamic;
1596
1597
1598 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1599 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1600 {
1601 Elf_Data *data;
1602 GElf_Shdr strshdr_mem;
1603 GElf_Shdr *strshdr;
1604 size_t cnt;
1605 static const bool dependencies[DT_NUM][DT_NUM] =
1606 {
1607 [DT_NEEDED] = { [DT_STRTAB] = true },
1608 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1609 [DT_HASH] = { [DT_SYMTAB] = true },
1610 [DT_STRTAB] = { [DT_STRSZ] = true },
1611 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1612 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1613 [DT_RELASZ] = { [DT_RELA] = true },
1614 [DT_RELAENT] = { [DT_RELA] = true },
1615 [DT_STRSZ] = { [DT_STRTAB] = true },
1616 [DT_SYMENT] = { [DT_SYMTAB] = true },
1617 [DT_SONAME] = { [DT_STRTAB] = true },
1618 [DT_RPATH] = { [DT_STRTAB] = true },
1619 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1620 [DT_RELSZ] = { [DT_REL] = true },
1621 [DT_RELENT] = { [DT_REL] = true },
1622 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1623 [DT_RUNPATH] = { [DT_STRTAB] = true },
1624 [DT_PLTREL] = { [DT_JMPREL] = true },
1625 };
1626 bool has_dt[DT_NUM];
1627 bool has_val_dt[DT_VALNUM];
1628 bool has_addr_dt[DT_ADDRNUM];
1629 static const bool level2[DT_NUM] =
1630 {
1631 [DT_RPATH] = true,
1632 [DT_SYMBOLIC] = true,
1633 [DT_TEXTREL] = true,
1634 [DT_BIND_NOW] = true
1635 };
1636 static const bool mandatory[DT_NUM] =
1637 {
1638 [DT_NULL] = true,
1639 [DT_STRTAB] = true,
1640 [DT_SYMTAB] = true,
1641 [DT_STRSZ] = true,
1642 [DT_SYMENT] = true
1643 };
1644
1645 memset (has_dt, '\0', sizeof (has_dt));
1646 memset (has_val_dt, '\0', sizeof (has_val_dt));
1647 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1648
1649 if (++ndynamic == 2)
1650 ERROR (_("more than one dynamic section present\n"));
1651
1652 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1653 if (data == NULL)
1654 {
1655 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1656 idx, section_name (ebl, idx));
1657 return;
1658 }
1659
1660 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1661 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1662 ERROR (_("\
1663 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1664 shdr->sh_link, section_name (ebl, shdr->sh_link),
1665 idx, section_name (ebl, idx));
1666 else if (strshdr == NULL)
1667 {
1668 ERROR (_("\
1669 section [%2d]: referenced as string table for section [%2d] '%s' but section link value is invalid\n"),
1670 shdr->sh_link, idx, section_name (ebl, idx));
1671 return;
1672 }
1673
1674 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1675 if (shdr->sh_entsize != sh_entsize)
1676 ERROR (_("\
1677 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1678 idx, section_name (ebl, idx));
1679
1680 if (shdr->sh_info != 0)
1681 ERROR (_("section [%2d] '%s': sh_info not zero\n"),
1682 idx, section_name (ebl, idx));
1683
1684 bool non_null_warned = false;
1685 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1686 {
1687 GElf_Dyn dyn_mem;
1688 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1689 if (dyn == NULL)
1690 {
1691 ERROR (_("\
1692 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1693 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1694 continue;
1695 }
1696
1697 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1698 {
1699 ERROR (_("\
1700 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1701 idx, section_name (ebl, idx));
1702 non_null_warned = true;
1703 }
1704
1705 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1706 ERROR (_("section [%2d] '%s': entry %zu: unknown tag\n"),
1707 idx, section_name (ebl, idx), cnt);
1708
1709 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1710 {
1711 if (has_dt[dyn->d_tag]
1712 && dyn->d_tag != DT_NEEDED
1713 && dyn->d_tag != DT_NULL
1714 && dyn->d_tag != DT_POSFLAG_1)
1715 {
1716 char buf[50];
1717 ERROR (_("\
1718 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1719 idx, section_name (ebl, idx), cnt,
1720 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1721 buf, sizeof (buf)));
1722 }
1723
1724 if (be_strict && level2[dyn->d_tag])
1725 {
1726 char buf[50];
1727 ERROR (_("\
1728 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1729 idx, section_name (ebl, idx), cnt,
1730 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1731 buf, sizeof (buf)));
1732 }
1733
1734 has_dt[dyn->d_tag] = true;
1735 }
1736 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_VALRNGHI
1737 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1738 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1739 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_ADDRRNGHI
1740 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1741 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1742
1743 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1744 && dyn->d_un.d_val != DT_RELA)
1745 ERROR (_("\
1746 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1747 idx, section_name (ebl, idx), cnt);
1748
1749 /* Check that addresses for entries are in loaded segments. */
1750 switch (dyn->d_tag)
1751 {
1752 size_t n;
1753 case DT_STRTAB:
1754 /* We require the referenced section is the same as the one
1755 specified in sh_link. */
1756 if (strshdr->sh_addr != dyn->d_un.d_val)
1757 {
1758 ERROR (_("\
1759 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1760 idx, section_name (ebl, idx), cnt,
1761 shdr->sh_link, section_name (ebl, shdr->sh_link));
1762 break;
1763 }
1764 goto check_addr;
1765
1766 default:
1767 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1768 /* Value is no pointer. */
1769 break;
1770 FALLTHROUGH;
1771
1772 case DT_AUXILIARY:
1773 case DT_FILTER:
1774 case DT_FINI:
1775 case DT_FINI_ARRAY:
1776 case DT_HASH:
1777 case DT_INIT:
1778 case DT_INIT_ARRAY:
1779 case DT_JMPREL:
1780 case DT_PLTGOT:
1781 case DT_REL:
1782 case DT_RELA:
1783 case DT_SYMBOLIC:
1784 case DT_SYMTAB:
1785 case DT_VERDEF:
1786 case DT_VERNEED:
1787 case DT_VERSYM:
1788 check_addr:
1789 for (n = 0; n < phnum; ++n)
1790 {
1791 GElf_Phdr phdr_mem;
1792 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1793 if (phdr != NULL && phdr->p_type == PT_LOAD
1794 && phdr->p_vaddr <= dyn->d_un.d_ptr
1795 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1796 break;
1797 }
1798 if (unlikely (n >= phnum))
1799 {
1800 char buf[50];
1801 ERROR (_("\
1802 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1803 idx, section_name (ebl, idx), cnt,
1804 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1805 sizeof (buf)));
1806 }
1807 break;
1808
1809 case DT_NEEDED:
1810 case DT_RPATH:
1811 case DT_RUNPATH:
1812 case DT_SONAME:
1813 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1814 {
1815 char buf[50];
1816 ERROR (_("\
1817 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1818 idx, section_name (ebl, idx), cnt,
1819 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1820 sizeof (buf)),
1821 shdr->sh_link, section_name (ebl, shdr->sh_link));
1822 }
1823 break;
1824 }
1825 }
1826
1827 for (cnt = 1; cnt < DT_NUM; ++cnt)
1828 if (has_dt[cnt])
1829 {
1830 for (int inner = 0; inner < DT_NUM; ++inner)
1831 if (dependencies[cnt][inner] && ! has_dt[inner])
1832 {
1833 char buf1[50];
1834 char buf2[50];
1835
1836 ERROR (_("\
1837 section [%2d] '%s': contains %s entry but not %s\n"),
1838 idx, section_name (ebl, idx),
1839 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1840 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1841 }
1842 }
1843 else
1844 {
1845 if (mandatory[cnt])
1846 {
1847 char buf[50];
1848 ERROR (_("\
1849 section [%2d] '%s': mandatory tag %s not present\n"),
1850 idx, section_name (ebl, idx),
1851 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1852 }
1853 }
1854
1855 /* Make sure we have an hash table. */
1856 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1857 ERROR (_("\
1858 section [%2d] '%s': no hash section present\n"),
1859 idx, section_name (ebl, idx));
1860
1861 /* The GNU-style hash table also needs a symbol table. */
1862 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1863 && !has_dt[DT_SYMTAB])
1864 ERROR (_("\
1865 section [%2d] '%s': contains %s entry but not %s\n"),
1866 idx, section_name (ebl, idx),
1867 "DT_GNU_HASH", "DT_SYMTAB");
1868
1869 /* Check the rel/rela tags. At least one group must be available. */
1870 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1871 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1872 ERROR (_("\
1873 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1874 idx, section_name (ebl, idx),
1875 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1876
1877 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1878 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1879 ERROR (_("\
1880 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1881 idx, section_name (ebl, idx),
1882 "DT_REL", "DT_RELSZ", "DT_RELENT");
1883
1884 /* Check that all prelink sections are present if any of them is. */
1885 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1886 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1887 {
1888 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1889 ERROR (_("\
1890 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1891 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1892 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1893 ERROR (_("\
1894 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1895 idx, section_name (ebl, idx), "DT_CHECKSUM");
1896
1897 /* Only DSOs can be marked like this. */
1898 if (ehdr->e_type != ET_DYN)
1899 ERROR (_("\
1900 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1901 idx, section_name (ebl, idx));
1902 }
1903
1904 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1905 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1906 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1907 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1908 {
1909 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1910 ERROR (_("\
1911 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1912 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1913 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1914 ERROR (_("\
1915 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1916 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1917 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1918 ERROR (_("\
1919 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1920 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1921 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1922 ERROR (_("\
1923 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1924 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1925 }
1926 }
1927
1928
1929 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1930 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1931 {
1932 if (ehdr->e_type != ET_REL)
1933 {
1934 ERROR (_("\
1935 section [%2d] '%s': only relocatable files can have extended section index\n"),
1936 idx, section_name (ebl, idx));
1937 return;
1938 }
1939
1940 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1941 GElf_Shdr symshdr_mem;
1942 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1943 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1944 ERROR (_("\
1945 section [%2d] '%s': extended section index section not for symbol table\n"),
1946 idx, section_name (ebl, idx));
1947 else if (symshdr == NULL)
1948 ERROR (_("\
1949 section [%2d] '%s': sh_link extended section index [%2d] is invalid\n"),
1950 idx, section_name (ebl, idx), shdr->sh_link);
1951 Elf_Data *symdata = elf_getdata (symscn, NULL);
1952 if (symdata == NULL)
1953 ERROR (_("cannot get data for symbol section\n"));
1954
1955 if (shdr->sh_entsize != sizeof (Elf32_Word))
1956 ERROR (_("\
1957 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1958 idx, section_name (ebl, idx));
1959
1960 if (symshdr != NULL
1961 && shdr->sh_entsize != 0
1962 && symshdr->sh_entsize != 0
1963 && (shdr->sh_size / shdr->sh_entsize
1964 < symshdr->sh_size / symshdr->sh_entsize))
1965 ERROR (_("\
1966 section [%2d] '%s': extended index table too small for symbol table\n"),
1967 idx, section_name (ebl, idx));
1968
1969 if (shdr->sh_info != 0)
1970 ERROR (_("section [%2d] '%s': sh_info not zero\n"),
1971 idx, section_name (ebl, idx));
1972
1973 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
1974 {
1975 GElf_Shdr rshdr_mem;
1976 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1977 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1978 && rshdr->sh_link == shdr->sh_link)
1979 {
1980 ERROR (_("\
1981 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1982 idx, section_name (ebl, idx),
1983 cnt, section_name (ebl, cnt));
1984 break;
1985 }
1986 }
1987
1988 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1989 if (data == NULL || data->d_buf == NULL)
1990 {
1991 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1992 idx, section_name (ebl, idx));
1993 return;
1994 }
1995
1996 if (data->d_size < sizeof (Elf32_Word)
1997 || *((Elf32_Word *) data->d_buf) != 0)
1998 ERROR (_("symbol 0 should have zero extended section index\n"));
1999
2000 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
2001 {
2002 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
2003
2004 if (xndx != 0)
2005 {
2006 GElf_Sym sym_data;
2007 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
2008 if (sym == NULL)
2009 {
2010 ERROR (_("cannot get data for symbol %zu\n"), cnt);
2011 continue;
2012 }
2013
2014 if (sym->st_shndx != SHN_XINDEX)
2015 ERROR (_("\
2016 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
2017 (uint32_t) xndx);
2018 }
2019 }
2020 }
2021
2022
2023 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2024 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2025 GElf_Shdr *symshdr)
2026 {
2027 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
2028 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
2029
2030 if (shdr->sh_size < (2ULL + nbucket + nchain) * sizeof (Elf32_Word))
2031 {
2032 ERROR (_("\
2033 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2034 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2035 (long int) ((2 + nbucket + nchain) * sizeof (Elf32_Word)));
2036 return;
2037 }
2038
2039 size_t maxidx = nchain;
2040
2041 if (symshdr != NULL && symshdr->sh_entsize != 0)
2042 {
2043 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2044
2045 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2046 ERROR (_("section [%2d] '%s': chain array too large\n"),
2047 idx, section_name (ebl, idx));
2048
2049 maxidx = symsize;
2050 }
2051
2052 Elf32_Word *buf = (Elf32_Word *) data->d_buf;
2053 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
2054 size_t cnt;
2055 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2056 {
2057 if (buf + cnt >= end)
2058 break;
2059 else if (buf[cnt] >= maxidx)
2060 ERROR (_("\
2061 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2062 idx, section_name (ebl, idx), cnt - 2);
2063 }
2064
2065 for (; cnt < 2 + nbucket + nchain; ++cnt)
2066 {
2067 if (buf + cnt >= end)
2068 break;
2069 else if (buf[cnt] >= maxidx)
2070 ERROR (_("\
2071 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
2072 idx, section_name (ebl, idx), cnt - 2 - nbucket);
2073 }
2074 }
2075
2076
2077 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2078 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2079 GElf_Shdr *symshdr)
2080 {
2081 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
2082 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
2083
2084 uint64_t maxwords = shdr->sh_size / sizeof (Elf64_Xword);
2085 if (maxwords < 2
2086 || maxwords - 2 < nbucket
2087 || maxwords - 2 - nbucket < nchain)
2088 {
2089 ERROR (_("\
2090 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2091 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2092 (long int) ((2 + nbucket + nchain) * sizeof (Elf64_Xword)));
2093 return;
2094 }
2095
2096 size_t maxidx = nchain;
2097
2098 if (symshdr != NULL && symshdr->sh_entsize != 0)
2099 {
2100 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2101
2102 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2103 ERROR (_("section [%2d] '%s': chain array too large\n"),
2104 idx, section_name (ebl, idx));
2105
2106 maxidx = symsize;
2107 }
2108
2109 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
2110 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
2111 size_t cnt;
2112 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2113 {
2114 if (buf + cnt >= end)
2115 break;
2116 else if (buf[cnt] >= maxidx)
2117 ERROR (_("\
2118 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2119 idx, section_name (ebl, idx), cnt - 2);
2120 }
2121
2122 for (; cnt < 2 + nbucket + nchain; ++cnt)
2123 {
2124 if (buf + cnt >= end)
2125 break;
2126 else if (buf[cnt] >= maxidx)
2127 ERROR (_("\
2128 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2129 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
2130 }
2131 }
2132
2133
2134 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2135 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2136 GElf_Shdr *symshdr)
2137 {
2138 if (data->d_size < 4 * sizeof (Elf32_Word))
2139 {
2140 ERROR (_("\
2141 section [%2d] '%s': not enough data\n"),
2142 idx, section_name (ebl, idx));
2143 return;
2144 }
2145
2146 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2147 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2148 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2149
2150 if (bitmask_words == 0 || !powerof2 (bitmask_words))
2151 {
2152 ERROR (_("\
2153 section [%2d] '%s': bitmask size zero or not power of 2: %u\n"),
2154 idx, section_name (ebl, idx), bitmask_words);
2155 return;
2156 }
2157
2158 size_t bitmask_idxmask = bitmask_words - 1;
2159 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2160 bitmask_words *= 2;
2161 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2162
2163 /* Is there still room for the sym chain?
2164 Use uint64_t calculation to prevent 32bit overflow. */
2165 uint64_t used_buf = (4ULL + bitmask_words + nbuckets) * sizeof (Elf32_Word);
2166 if (used_buf > data->d_size)
2167 {
2168 ERROR (_("\
2169 section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
2170 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2171 (long int) used_buf);
2172 return;
2173 }
2174
2175 if (shift > 31)
2176 {
2177 ERROR (_("\
2178 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2179 idx, section_name (ebl, idx), shift);
2180 return;
2181 }
2182
2183 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2184 + nbuckets);
2185
2186 if (symshdr != NULL && symshdr->sh_entsize != 0)
2187 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2188
2189 /* We need the symbol section data. */
2190 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2191
2192 union
2193 {
2194 Elf32_Word *p32;
2195 Elf64_Xword *p64;
2196 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2197 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2198
2199 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2200
2201 size_t cnt;
2202 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2203 {
2204 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2205
2206 if (symidx == 0)
2207 continue;
2208
2209 if (symidx < symbias)
2210 {
2211 ERROR (_("\
2212 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2213 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2214 continue;
2215 }
2216
2217 while (symidx - symbias < maxidx)
2218 {
2219 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2220 + bitmask_words
2221 + nbuckets
2222 + symidx
2223 - symbias];
2224
2225 if (symdata != NULL)
2226 {
2227 /* Check that the referenced symbol is not undefined. */
2228 GElf_Sym sym_mem;
2229 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2230 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2231 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2232 ERROR (_("\
2233 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2234 idx, section_name (ebl, idx), symidx,
2235 cnt - (4 + bitmask_words));
2236
2237 const char *symname = (sym != NULL
2238 ? elf_strptr (ebl->elf, symshdr->sh_link,
2239 sym->st_name)
2240 : NULL);
2241 if (symname != NULL)
2242 {
2243 Elf32_Word hval = elf_gnu_hash (symname);
2244 if ((hval & ~1u) != (chainhash & ~1u))
2245 ERROR (_("\
2246 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2247 idx, section_name (ebl, idx), symidx,
2248 cnt - (4 + bitmask_words));
2249
2250 /* Set the bits in the bitmask. */
2251 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2252 if (maskidx >= bitmask_words)
2253 {
2254 ERROR (_("\
2255 section [%2d] '%s': mask index for symbol %u in chain for bucket %zu wrong\n"),
2256 idx, section_name (ebl, idx), symidx,
2257 cnt - (4 + bitmask_words));
2258 return;
2259 }
2260 if (classbits == 32)
2261 {
2262 collected.p32[maskidx]
2263 |= UINT32_C (1) << (hval & (classbits - 1));
2264 collected.p32[maskidx]
2265 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2266 }
2267 else
2268 {
2269 collected.p64[maskidx]
2270 |= UINT64_C (1) << (hval & (classbits - 1));
2271 collected.p64[maskidx]
2272 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2273 }
2274 }
2275 }
2276
2277 if ((chainhash & 1) != 0)
2278 break;
2279
2280 ++symidx;
2281 }
2282
2283 if (symidx - symbias >= maxidx)
2284 ERROR (_("\
2285 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2286 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2287 else if (symshdr != NULL && symshdr->sh_entsize != 0
2288 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2289 ERROR (_("\
2290 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2291 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2292 }
2293
2294 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2295 ERROR (_("\
2296 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2297 idx, section_name (ebl, idx));
2298
2299 free (collected.p32);
2300 }
2301
2302
2303 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2304 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2305 {
2306 if (ehdr->e_type == ET_REL)
2307 {
2308 ERROR (_("\
2309 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2310 idx, section_name (ebl, idx));
2311 return;
2312 }
2313
2314 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2315 if (data == NULL || data->d_buf == NULL)
2316 {
2317 ERROR (_("section [%2d] '%s': cannot get section data\n"),
2318 idx, section_name (ebl, idx));
2319 return;
2320 }
2321
2322 GElf_Shdr symshdr_mem;
2323 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2324 &symshdr_mem);
2325 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2326 ERROR (_("\
2327 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2328 idx, section_name (ebl, idx));
2329 else if (symshdr == NULL)
2330 ERROR (_("\
2331 section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"),
2332 idx, section_name (ebl, idx), shdr->sh_link);
2333
2334 size_t expect_entsize = (tag == SHT_GNU_HASH
2335 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2336 ? sizeof (Elf32_Word) : 0)
2337 : (size_t) ebl_sysvhash_entrysize (ebl));
2338
2339 if (shdr->sh_entsize != expect_entsize)
2340 ERROR (_("\
2341 section [%2d] '%s': hash table entry size incorrect\n"),
2342 idx, section_name (ebl, idx));
2343
2344 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2345 ERROR (_("section [%2d] '%s': not marked to be allocated\n"),
2346 idx, section_name (ebl, idx));
2347
2348 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (expect_entsize ?: 4))
2349 {
2350 ERROR (_("\
2351 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2352 idx, section_name (ebl, idx));
2353 return;
2354 }
2355
2356 switch (tag)
2357 {
2358 case SHT_HASH:
2359 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2360 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2361 else
2362 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2363 break;
2364
2365 case SHT_GNU_HASH:
2366 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2367 break;
2368
2369 default:
2370 assert (! "should not happen");
2371 }
2372 }
2373
2374
2375 /* Compare content of both hash tables, it must be identical. */
2376 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2377 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2378 size_t gnu_hash_idx)
2379 {
2380 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2381 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2382 GElf_Shdr hash_shdr_mem;
2383 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2384 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2385 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2386 GElf_Shdr gnu_hash_shdr_mem;
2387 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2388
2389 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2390 || hash_data == NULL || hash_data->d_buf == NULL
2391 || gnu_hash_data == NULL || gnu_hash_data->d_buf == NULL)
2392 /* None of these pointers should be NULL since we used the
2393 sections already. We are careful nonetheless. */
2394 return;
2395
2396 /* The link must point to the same symbol table. */
2397 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2398 {
2399 ERROR (_("\
2400 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2401 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2402 gnu_hash_idx,
2403 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2404 return;
2405 }
2406
2407 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2408 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2409 GElf_Shdr sym_shdr_mem;
2410 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2411
2412 if (sym_data == NULL || sym_data->d_buf == NULL
2413 || sym_shdr == NULL || sym_shdr->sh_entsize == 0)
2414 return;
2415
2416 const char *hash_name;
2417 const char *gnu_hash_name;
2418 hash_name = elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name);
2419 gnu_hash_name = elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name);
2420
2421 if (gnu_hash_data->d_size < 4 * sizeof (Elf32_Word))
2422 {
2423 ERROR (_("\
2424 hash section [%2zu] '%s' does not contain enough data\n"),
2425 gnu_hash_idx, gnu_hash_name);
2426 return;
2427 }
2428
2429 uint32_t nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2430 char *used = alloca (nentries);
2431 memset (used, '\0', nentries);
2432
2433 /* First go over the GNU_HASH table and mark the entries as used. */
2434 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2435 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2436 Elf32_Word gnu_symbias = gnu_hasharr[1];
2437 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2438 const Elf32_Word *gnu_bucket = (gnu_hasharr
2439 + (4 + gnu_hasharr[2] * bitmap_factor));
2440 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0];
2441
2442 if (gnu_hasharr[2] == 0)
2443 {
2444 ERROR (_("\
2445 hash section [%2zu] '%s' has zero bit mask words\n"),
2446 gnu_hash_idx, gnu_hash_name);
2447 return;
2448 }
2449
2450 uint64_t used_buf = ((4ULL + gnu_hasharr[2] * bitmap_factor + gnu_nbucket)
2451 * sizeof (Elf32_Word));
2452 uint32_t max_nsyms = (gnu_hash_data->d_size - used_buf) / sizeof (Elf32_Word);
2453 if (used_buf > gnu_hash_data->d_size)
2454 {
2455 ERROR (_("\
2456 hash section [%2zu] '%s' uses too much data\n"),
2457 gnu_hash_idx, gnu_hash_name);
2458 return;
2459 }
2460
2461 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2462 {
2463 if (gnu_bucket[cnt] != STN_UNDEF)
2464 {
2465 Elf32_Word symidx = gnu_bucket[cnt] - gnu_symbias;
2466 do
2467 {
2468 if (symidx >= max_nsyms || symidx + gnu_symbias >= nentries)
2469 {
2470 ERROR (_("\
2471 hash section [%2zu] '%s' invalid symbol index %" PRIu32 " (max_nsyms: %" PRIu32 ", nentries: %" PRIu32 "\n"),
2472 gnu_hash_idx, gnu_hash_name, symidx, max_nsyms, nentries);
2473 return;
2474 }
2475 used[symidx + gnu_symbias] |= 1;
2476 }
2477 while ((gnu_chain[symidx++] & 1u) == 0);
2478 }
2479 }
2480
2481 /* Now go over the old hash table and check that we cover the same
2482 entries. */
2483 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2484 {
2485 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2486 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2487 {
2488 ERROR (_("\
2489 hash section [%2zu] '%s' does not contain enough data\n"),
2490 hash_idx, hash_name);
2491 return;
2492 }
2493
2494 Elf32_Word nbucket = hasharr[0];
2495 Elf32_Word nchain = hasharr[1];
2496 uint64_t hash_used = (2ULL + nchain + nbucket) * sizeof (Elf32_Word);
2497 if (hash_used > hash_data->d_size)
2498 {
2499 ERROR (_("\
2500 hash section [%2zu] '%s' uses too much data\n"),
2501 hash_idx, hash_name);
2502 return;
2503 }
2504
2505 const Elf32_Word *bucket = &hasharr[2];
2506 const Elf32_Word *chain = &hasharr[2 + nbucket];
2507
2508 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2509 {
2510 Elf32_Word symidx = bucket[cnt];
2511 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2512 {
2513 used[symidx] |= 2;
2514 symidx = chain[symidx];
2515 }
2516 }
2517 }
2518 else if (hash_shdr->sh_entsize == sizeof (Elf64_Xword))
2519 {
2520 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2521 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2522 {
2523 ERROR (_("\
2524 hash section [%2zu] '%s' does not contain enough data\n"),
2525 hash_idx, hash_name);
2526 return;
2527 }
2528
2529 Elf64_Xword nbucket = hasharr[0];
2530 Elf64_Xword nchain = hasharr[1];
2531 uint64_t maxwords = hash_data->d_size / sizeof (Elf64_Xword);
2532 if (maxwords < 2
2533 || maxwords - 2 < nbucket
2534 || maxwords - 2 - nbucket < nchain)
2535 {
2536 ERROR (_("\
2537 hash section [%2zu] '%s' uses too much data\n"),
2538 hash_idx, hash_name);
2539 return;
2540 }
2541
2542 const Elf64_Xword *bucket = &hasharr[2];
2543 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2544
2545 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2546 {
2547 Elf64_Xword symidx = bucket[cnt];
2548 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2549 {
2550 used[symidx] |= 2;
2551 symidx = chain[symidx];
2552 }
2553 }
2554 }
2555 else
2556 {
2557 ERROR (_("\
2558 hash section [%2zu] '%s' invalid sh_entsize\n"),
2559 hash_idx, hash_name);
2560 return;
2561 }
2562
2563 /* Now see which entries are not set in one or both hash tables
2564 (unless the symbol is undefined in which case it can be omitted
2565 in the new table format). */
2566 if ((used[0] & 1) != 0)
2567 ERROR (_("section [%2zu] '%s': reference to symbol index 0\n"),
2568 gnu_hash_idx,
2569 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2570 if ((used[0] & 2) != 0)
2571 ERROR (_("section [%2zu] '%s': reference to symbol index 0\n"),
2572 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2573
2574 for (uint32_t cnt = 1; cnt < nentries; ++cnt)
2575 if (used[cnt] != 0 && used[cnt] != 3)
2576 {
2577 if (used[cnt] == 1)
2578 ERROR (_("\
2579 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2580 cnt, gnu_hash_idx,
2581 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2582 hash_idx,
2583 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2584 else
2585 {
2586 GElf_Sym sym_mem;
2587 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2588
2589 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2590 ERROR (_("\
2591 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2592 cnt, hash_idx,
2593 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2594 gnu_hash_idx,
2595 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2596 }
2597 }
2598 }
2599
2600
2601 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2602 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2603 {
2604 #define TEST(name, extra) \
2605 if (extra && shdr->sh_##name != 0) \
2606 ERROR (_("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2607 idx, section_name (ebl, idx), #name)
2608
2609 TEST (name, 1);
2610 TEST (flags, 1);
2611 TEST (addr, 1);
2612 TEST (offset, 1);
2613 TEST (size, idx != 0);
2614 TEST (link, idx != 0);
2615 TEST (info, 1);
2616 TEST (addralign, 1);
2617 TEST (entsize, 1);
2618 }
2619
2620
2621 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2622 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2623 {
2624 if (ehdr->e_type != ET_REL)
2625 {
2626 ERROR (_("\
2627 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2628 idx, section_name (ebl, idx));
2629 return;
2630 }
2631
2632 /* Check that sh_link is an index of a symbol table. */
2633 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2634 GElf_Shdr symshdr_mem;
2635 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2636 if (symshdr == NULL)
2637 ERROR (_("section [%2d] '%s': cannot get symbol table: %s\n"),
2638 idx, section_name (ebl, idx), elf_errmsg (-1));
2639 else
2640 {
2641 if (symshdr->sh_type != SHT_SYMTAB)
2642 ERROR (_("\
2643 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2644 idx, section_name (ebl, idx));
2645
2646 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2647 1, EV_CURRENT))
2648 ERROR (_("\
2649 section [%2d] '%s': invalid symbol index in sh_info\n"),
2650 idx, section_name (ebl, idx));
2651
2652 if (shdr->sh_flags != 0)
2653 ERROR (_("section [%2d] '%s': sh_flags not zero\n"),
2654 idx, section_name (ebl, idx));
2655
2656 GElf_Sym sym_data;
2657 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2658 &sym_data);
2659 if (sym == NULL)
2660 ERROR (_("\
2661 section [%2d] '%s': cannot get symbol for signature\n"),
2662 idx, section_name (ebl, idx));
2663 else if (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name) == NULL)
2664 ERROR (_("\
2665 section [%2d] '%s': cannot get symbol name for signature\n"),
2666 idx, section_name (ebl, idx));
2667 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2668 "") == 0)
2669 ERROR (_("\
2670 section [%2d] '%s': signature symbol cannot be empty string\n"),
2671 idx, section_name (ebl, idx));
2672
2673 if (be_strict
2674 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2675 ERROR (_("section [%2d] '%s': sh_flags not set correctly\n"),
2676 idx, section_name (ebl, idx));
2677 }
2678
2679 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2680 if (data == NULL || data->d_buf == NULL)
2681 ERROR (_("section [%2d] '%s': cannot get data: %s\n"),
2682 idx, section_name (ebl, idx), elf_errmsg (-1));
2683 else
2684 {
2685 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2686 size_t cnt;
2687 Elf32_Word val;
2688
2689 if (data->d_size % elsize != 0)
2690 ERROR (_("\
2691 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2692 idx, section_name (ebl, idx));
2693
2694 if (data->d_size < elsize)
2695 {
2696 ERROR (_("\
2697 section [%2d] '%s': section group without flags word\n"),
2698 idx, section_name (ebl, idx));
2699 return;
2700 }
2701 else if (be_strict)
2702 {
2703 if (data->d_size < 2 * elsize)
2704 ERROR (_("\
2705 section [%2d] '%s': section group without member\n"),
2706 idx, section_name (ebl, idx));
2707 else if (data->d_size < 3 * elsize)
2708 ERROR (_("\
2709 section [%2d] '%s': section group with only one member\n"),
2710 idx, section_name (ebl, idx));
2711 }
2712
2713 #if ALLOW_UNALIGNED
2714 val = *((Elf32_Word *) data->d_buf);
2715 #else
2716 memcpy (&val, data->d_buf, elsize);
2717 #endif
2718 if ((val & ~GRP_COMDAT) != 0)
2719 ERROR (_("section [%2d] '%s': unknown section group flags\n"),
2720 idx, section_name (ebl, idx));
2721
2722 for (cnt = elsize; cnt + elsize <= data->d_size; cnt += elsize)
2723 {
2724 #if ALLOW_UNALIGNED
2725 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2726 #else
2727 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2728 #endif
2729
2730 if (val > shnum)
2731 ERROR (_("\
2732 section [%2d] '%s': section index %zu out of range\n"),
2733 idx, section_name (ebl, idx), cnt / elsize);
2734 else
2735 {
2736 GElf_Shdr refshdr_mem;
2737 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2738 &refshdr_mem);
2739 if (refshdr == NULL)
2740 ERROR (_("\
2741 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2742 idx, section_name (ebl, idx), cnt / elsize,
2743 elf_errmsg (-1));
2744 else
2745 {
2746 if (refshdr->sh_type == SHT_GROUP)
2747 ERROR (_("\
2748 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2749 idx, section_name (ebl, idx),
2750 val, section_name (ebl, val));
2751
2752 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2753 ERROR (_("\
2754 section [%2d] '%s': element %zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2755 idx, section_name (ebl, idx), cnt / elsize,
2756 val, section_name (ebl, val));
2757 }
2758
2759 if (val < shnum && ++scnref[val] == 2)
2760 ERROR (_("\
2761 section [%2d] '%s' is contained in more than one section group\n"),
2762 val, section_name (ebl, val));
2763 }
2764 }
2765 }
2766 }
2767
2768
2769 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2770 section_flags_string (GElf_Word flags, char *buf, size_t len)
2771 {
2772 if (flags == 0)
2773 return "none";
2774
2775 static const struct
2776 {
2777 GElf_Word flag;
2778 const char *name;
2779 } known_flags[] =
2780 {
2781 #define NEWFLAG(name) { SHF_##name, #name }
2782 NEWFLAG (WRITE),
2783 NEWFLAG (ALLOC),
2784 NEWFLAG (EXECINSTR),
2785 NEWFLAG (MERGE),
2786 NEWFLAG (STRINGS),
2787 NEWFLAG (INFO_LINK),
2788 NEWFLAG (LINK_ORDER),
2789 NEWFLAG (OS_NONCONFORMING),
2790 NEWFLAG (GROUP),
2791 NEWFLAG (TLS),
2792 NEWFLAG (COMPRESSED),
2793 NEWFLAG (GNU_RETAIN),
2794 NEWFLAG (ORDERED),
2795 NEWFLAG (EXCLUDE)
2796 };
2797 #undef NEWFLAG
2798 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2799
2800 char *cp = buf;
2801
2802 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2803 if (flags & known_flags[cnt].flag)
2804 {
2805 if (cp != buf && len > 1)
2806 {
2807 *cp++ = '|';
2808 --len;
2809 }
2810
2811 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2812 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2813 len -= ncopy;
2814
2815 flags ^= known_flags[cnt].flag;
2816 }
2817
2818 if (flags != 0 || cp == buf)
2819 {
2820 int r = snprintf (cp, len - 1, "%s%" PRIx64,
2821 (cp == buf) ? "" : "|", (uint64_t) flags);
2822 if (r > 0)
2823 cp += r;
2824 }
2825 *cp = '\0';
2826
2827 return buf;
2828 }
2829
2830
2831 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2832 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2833 {
2834 /* First find the relocation section for the symbol table. */
2835 Elf_Scn *scn = NULL;
2836 GElf_Shdr shdr_mem;
2837 GElf_Shdr *shdr = NULL;
2838 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2839 {
2840 shdr = gelf_getshdr (scn, &shdr_mem);
2841 if (shdr != NULL
2842 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2843 && shdr->sh_link == symscnndx)
2844 /* Found the section. */
2845 break;
2846 }
2847
2848 if (scn == NULL)
2849 return 0;
2850
2851 Elf_Data *data = elf_getdata (scn, NULL);
2852 if (data == NULL || shdr->sh_entsize == 0)
2853 return 0;
2854
2855 if (shdr->sh_type == SHT_REL)
2856 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2857 {
2858 GElf_Rel rel_mem;
2859 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2860 if (rel == NULL)
2861 continue;
2862
2863 if (GELF_R_SYM (rel->r_info) == symndx
2864 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2865 return 1;
2866 }
2867 else
2868 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2869 {
2870 GElf_Rela rela_mem;
2871 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2872 if (rela == NULL)
2873 continue;
2874
2875 if (GELF_R_SYM (rela->r_info) == symndx
2876 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2877 return 1;
2878 }
2879
2880 return 0;
2881 }
2882
2883
2884 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2885 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2886 {
2887 GElf_Shdr shdr_mem;
2888 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2889 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2890 }
2891
2892
2893 static struct version_namelist
2894 {
2895 const char *objname;
2896 const char *name;
2897 GElf_Versym ndx;
2898 enum { ver_def, ver_need } type;
2899 struct version_namelist *next;
2900 } *version_namelist;
2901
2902
2903 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2904 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2905 {
2906 /* Check that there are no duplications. */
2907 struct version_namelist *nlp = version_namelist;
2908 while (nlp != NULL)
2909 {
2910 if (((nlp->objname == NULL && objname == NULL)
2911 || (nlp->objname != NULL && objname != NULL
2912 && strcmp (nlp->objname, objname) == 0))
2913 && strcmp (nlp->name, name) == 0)
2914 return nlp->type == ver_def ? 1 : -1;
2915 nlp = nlp->next;
2916 }
2917
2918 nlp = xmalloc (sizeof (*nlp));
2919 nlp->objname = objname;
2920 nlp->name = name;
2921 nlp->ndx = ndx;
2922 nlp->type = type;
2923 nlp->next = version_namelist;
2924 version_namelist = nlp;
2925
2926 return 0;
2927 }
2928
2929
2930 static void
check_versym(Ebl * ebl,int idx)2931 check_versym (Ebl *ebl, int idx)
2932 {
2933 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2934 GElf_Shdr shdr_mem;
2935 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2936 if (shdr == NULL)
2937 /* The error has already been reported. */
2938 return;
2939
2940 Elf_Data *data = elf_getdata (scn, NULL);
2941 if (data == NULL)
2942 {
2943 ERROR (_("section [%2d] '%s': cannot get section data\n"),
2944 idx, section_name (ebl, idx));
2945 return;
2946 }
2947
2948 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2949 GElf_Shdr symshdr_mem;
2950 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2951 if (symshdr == NULL)
2952 /* The error has already been reported. */
2953 return;
2954
2955 if (symshdr->sh_type != SHT_DYNSYM)
2956 {
2957 ERROR (_("\
2958 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2959 idx, section_name (ebl, idx),
2960 shdr->sh_link, section_name (ebl, shdr->sh_link));
2961 return;
2962 }
2963
2964 /* The number of elements in the version symbol table must be the
2965 same as the number of symbols. */
2966 if (shdr->sh_entsize != 0 && symshdr->sh_entsize != 0
2967 && (shdr->sh_size / shdr->sh_entsize
2968 != symshdr->sh_size / symshdr->sh_entsize))
2969 ERROR (_("\
2970 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
2971 idx, section_name (ebl, idx),
2972 shdr->sh_link, section_name (ebl, shdr->sh_link));
2973
2974 Elf_Data *symdata = elf_getdata (symscn, NULL);
2975 if (symdata == NULL || shdr->sh_entsize == 0)
2976 /* The error has already been reported. */
2977 return;
2978
2979 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
2980 {
2981 GElf_Versym versym_mem;
2982 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
2983 if (versym == NULL)
2984 {
2985 ERROR (_("\
2986 section [%2d] '%s': symbol %d: cannot read version data\n"),
2987 idx, section_name (ebl, idx), cnt);
2988 break;
2989 }
2990
2991 GElf_Sym sym_mem;
2992 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
2993 if (sym == NULL)
2994 /* Already reported elsewhere. */
2995 continue;
2996
2997 if (*versym == VER_NDX_GLOBAL)
2998 {
2999 /* Global symbol. Make sure it is not defined as local. */
3000 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
3001 ERROR (_("\
3002 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
3003 idx, section_name (ebl, idx), cnt);
3004 }
3005 else if (*versym != VER_NDX_LOCAL)
3006 {
3007 /* Versioned symbol. Make sure it is not defined as local. */
3008 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
3009 ERROR (_("\
3010 section [%2d] '%s': symbol %d: local symbol with version\n"),
3011 idx, section_name (ebl, idx), cnt);
3012
3013 /* Look through the list of defined versions and locate the
3014 index we need for this symbol. */
3015 struct version_namelist *runp = version_namelist;
3016 while (runp != NULL)
3017 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
3018 break;
3019 else
3020 runp = runp->next;
3021
3022 if (runp == NULL)
3023 ERROR (_("\
3024 section [%2d] '%s': symbol %d: invalid version index %d\n"),
3025 idx, section_name (ebl, idx), cnt, (int) *versym);
3026 else if (sym->st_shndx == SHN_UNDEF
3027 && runp->type == ver_def)
3028 ERROR (_("\
3029 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
3030 idx, section_name (ebl, idx), cnt, (int) *versym);
3031 else if (sym->st_shndx != SHN_UNDEF
3032 && runp->type == ver_need)
3033 {
3034 /* Unless this symbol has a copy relocation associated
3035 this must not happen. */
3036 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
3037 && !in_nobits_scn (ebl, sym->st_shndx))
3038 ERROR (_("\
3039 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
3040 idx, section_name (ebl, idx), cnt, (int) *versym);
3041 }
3042 }
3043 }
3044 }
3045
3046
3047 static int
unknown_dependency_p(Elf * elf,const char * fname)3048 unknown_dependency_p (Elf *elf, const char *fname)
3049 {
3050 GElf_Phdr phdr_mem;
3051 GElf_Phdr *phdr = NULL;
3052
3053 unsigned int i;
3054 for (i = 0; i < phnum; ++i)
3055 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
3056 && phdr->p_type == PT_DYNAMIC)
3057 break;
3058
3059 if (i == phnum)
3060 return 1;
3061 assert (phdr != NULL);
3062 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
3063 GElf_Shdr shdr_mem;
3064 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
3065 Elf_Data *data = elf_getdata (scn, NULL);
3066 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC
3067 && data != NULL && shdr->sh_entsize != 0)
3068 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
3069 {
3070 GElf_Dyn dyn_mem;
3071 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
3072 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
3073 {
3074 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
3075 if (str != NULL && strcmp (str, fname) == 0)
3076 /* Found it. */
3077 return 0;
3078 }
3079 }
3080
3081 return 1;
3082 }
3083
3084
3085 static unsigned int nverneed;
3086
3087 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)3088 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
3089 {
3090 if (++nverneed == 2)
3091 ERROR (_("more than one version reference section present\n"));
3092
3093 GElf_Shdr strshdr_mem;
3094 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3095 &strshdr_mem);
3096 if (strshdr == NULL)
3097 return;
3098 if (strshdr->sh_type != SHT_STRTAB)
3099 ERROR (_("\
3100 section [%2d] '%s': sh_link does not link to string table\n"),
3101 idx, section_name (ebl, idx));
3102
3103 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3104 if (data == NULL)
3105 {
3106 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3107 idx, section_name (ebl, idx));
3108 return;
3109 }
3110 unsigned int offset = 0;
3111 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3112 {
3113 cnt--;
3114
3115 /* Get the data at the next offset. */
3116 GElf_Verneed needmem;
3117 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
3118 if (need == NULL)
3119 break;
3120
3121 unsigned int auxoffset = offset + need->vn_aux;
3122
3123 if (need->vn_version != EV_CURRENT)
3124 ERROR (_("\
3125 section [%2d] '%s': entry %d has wrong version %d\n"),
3126 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
3127
3128 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
3129 1, EV_CURRENT))
3130 {
3131 ERROR (_("\
3132 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3133 idx, section_name (ebl, idx), cnt);
3134 break;
3135 }
3136
3137 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
3138 need->vn_file);
3139 if (libname == NULL)
3140 {
3141 ERROR (_("\
3142 section [%2d] '%s': entry %d has invalid file reference\n"),
3143 idx, section_name (ebl, idx), cnt);
3144 goto next_need;
3145 }
3146
3147 /* Check that there is a DT_NEEDED entry for the referenced library. */
3148 if (unknown_dependency_p (ebl->elf, libname))
3149 ERROR (_("\
3150 section [%2d] '%s': entry %d references unknown dependency\n"),
3151 idx, section_name (ebl, idx), cnt);
3152
3153 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
3154 {
3155 GElf_Vernaux auxmem;
3156 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
3157 if (aux == NULL)
3158 break;
3159
3160 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
3161 ERROR (_("\
3162 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
3163 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3164
3165 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
3166 aux->vna_name);
3167 if (verstr == NULL)
3168 {
3169 ERROR (_("\
3170 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
3171 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3172 break;
3173 }
3174 else
3175 {
3176 GElf_Word hashval = elf_hash (verstr);
3177 if (hashval != aux->vna_hash)
3178 ERROR (_("\
3179 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
3180 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3181 cnt, (int) hashval, (int) aux->vna_hash);
3182
3183 int res = add_version (libname, verstr, aux->vna_other,
3184 ver_need);
3185 if (unlikely (res !=0))
3186 {
3187 ERROR (_("\
3188 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
3189 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3190 cnt, verstr);
3191 }
3192 }
3193
3194 if ((aux->vna_next != 0 || cnt2 > 0)
3195 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
3196 EV_CURRENT))
3197 {
3198 ERROR (_("\
3199 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
3200 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3201 break;
3202 }
3203
3204 auxoffset += MAX (aux->vna_next,
3205 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
3206 }
3207
3208 /* Find the next offset. */
3209 next_need:
3210 offset += need->vn_next;
3211
3212 if ((need->vn_next != 0 || cnt > 0)
3213 && offset < auxoffset)
3214 {
3215 ERROR (_("\
3216 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3217 idx, section_name (ebl, idx), cnt);
3218 break;
3219 }
3220
3221 if (need->vn_next == 0 && cnt > 0)
3222 {
3223 ERROR (_("\
3224 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3225 idx, section_name (ebl, idx), cnt);
3226 break;
3227 }
3228 }
3229 }
3230
3231
3232 static unsigned int nverdef;
3233
3234 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)3235 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
3236 {
3237 if (++nverdef == 2)
3238 ERROR (_("more than one version definition section present\n"));
3239
3240 GElf_Shdr strshdr_mem;
3241 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3242 &strshdr_mem);
3243 if (strshdr == NULL)
3244 return;
3245 if (strshdr->sh_type != SHT_STRTAB)
3246 ERROR (_("\
3247 section [%2d] '%s': sh_link does not link to string table\n"),
3248 idx, section_name (ebl, idx));
3249
3250 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3251 if (data == NULL)
3252 {
3253 no_data:
3254 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3255 idx, section_name (ebl, idx));
3256 return;
3257 }
3258
3259 /* Iterate over all version definition entries. We check that there
3260 is a BASE entry and that each index is unique. To do the later
3261 we collection the information in a list which is later
3262 examined. */
3263 struct namelist
3264 {
3265 const char *name;
3266 struct namelist *next;
3267 } *namelist = NULL;
3268 struct namelist *refnamelist = NULL;
3269
3270 bool has_base = false;
3271 unsigned int offset = 0;
3272 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3273 {
3274 cnt--;
3275
3276 /* Get the data at the next offset. */
3277 GElf_Verdef defmem;
3278 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3279 if (def == NULL)
3280 goto no_data;
3281
3282 if ((def->vd_flags & VER_FLG_BASE) != 0)
3283 {
3284 if (has_base)
3285 ERROR (_("\
3286 section [%2d] '%s': more than one BASE definition\n"),
3287 idx, section_name (ebl, idx));
3288 if (def->vd_ndx != VER_NDX_GLOBAL)
3289 ERROR (_("\
3290 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3291 idx, section_name (ebl, idx));
3292 has_base = true;
3293 }
3294 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3295 ERROR (_("\
3296 section [%2d] '%s': entry %d has unknown flag\n"),
3297 idx, section_name (ebl, idx), cnt);
3298
3299 if (def->vd_version != EV_CURRENT)
3300 ERROR (_("\
3301 section [%2d] '%s': entry %d has wrong version %d\n"),
3302 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3303
3304 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3305 1, EV_CURRENT))
3306 {
3307 ERROR (_("\
3308 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3309 idx, section_name (ebl, idx), cnt);
3310 break;
3311 }
3312
3313 unsigned int auxoffset = offset + def->vd_aux;
3314 GElf_Verdaux auxmem;
3315 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3316 if (aux == NULL)
3317 goto no_data;
3318
3319 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3320 if (name == NULL)
3321 {
3322 ERROR (_("\
3323 section [%2d] '%s': entry %d has invalid name reference\n"),
3324 idx, section_name (ebl, idx), cnt);
3325 goto next_def;
3326 }
3327 GElf_Word hashval = elf_hash (name);
3328 if (def->vd_hash != hashval)
3329 ERROR (_("\
3330 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3331 idx, section_name (ebl, idx), cnt, (int) hashval,
3332 (int) def->vd_hash);
3333
3334 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3335 if (unlikely (res !=0))
3336 {
3337 ERROR (_("\
3338 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3339 idx, section_name (ebl, idx), cnt, name);
3340 }
3341
3342 struct namelist *newname = alloca (sizeof (*newname));
3343 newname->name = name;
3344 newname->next = namelist;
3345 namelist = newname;
3346
3347 auxoffset += aux->vda_next;
3348 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3349 {
3350 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3351 if (aux == NULL)
3352 goto no_data;
3353
3354 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3355 if (name == NULL)
3356 {
3357 ERROR (_("\
3358 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3359 idx, section_name (ebl, idx), cnt);
3360 break;
3361 }
3362 else
3363 {
3364 newname = alloca (sizeof (*newname));
3365 newname->name = name;
3366 newname->next = refnamelist;
3367 refnamelist = newname;
3368 }
3369
3370 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3371 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3372 EV_CURRENT))
3373 {
3374 ERROR (_("\
3375 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3376 idx, section_name (ebl, idx), cnt);
3377 break;
3378 }
3379
3380 auxoffset += MAX (aux->vda_next,
3381 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3382 }
3383
3384 /* Find the next offset. */
3385 next_def:
3386 offset += def->vd_next;
3387
3388 if ((def->vd_next != 0 || cnt > 0)
3389 && offset < auxoffset)
3390 {
3391 ERROR (_("\
3392 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3393 idx, section_name (ebl, idx), cnt);
3394 break;
3395 }
3396
3397 if (def->vd_next == 0 && cnt > 0)
3398 {
3399 ERROR (_("\
3400 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3401 idx, section_name (ebl, idx), cnt);
3402 break;
3403 }
3404 }
3405
3406 if (!has_base)
3407 ERROR (_("section [%2d] '%s': no BASE definition\n"),
3408 idx, section_name (ebl, idx));
3409
3410 /* Check whether the referenced names are available. */
3411 while (namelist != NULL)
3412 {
3413 struct version_namelist *runp = version_namelist;
3414 while (runp != NULL)
3415 {
3416 if (runp->type == ver_def
3417 && strcmp (runp->name, namelist->name) == 0)
3418 break;
3419 runp = runp->next;
3420 }
3421
3422 if (runp == NULL)
3423 ERROR (_("\
3424 section [%2d] '%s': unknown parent version '%s'\n"),
3425 idx, section_name (ebl, idx), namelist->name);
3426
3427 namelist = namelist->next;
3428 }
3429 }
3430
3431 static inline size_t
buffer_pos(Elf_Data * data,const unsigned char * p)3432 buffer_pos (Elf_Data *data, const unsigned char *p)
3433 {
3434 return p - (const unsigned char *) data->d_buf;
3435 }
3436
3437 static inline size_t
buffer_left(Elf_Data * data,const unsigned char * p)3438 buffer_left (Elf_Data *data, const unsigned char *p)
3439 {
3440 return (const unsigned char *) data->d_buf + data->d_size - p;
3441 }
3442
3443 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3444 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3445 {
3446 if (shdr->sh_size == 0)
3447 {
3448 ERROR (_("section [%2d] '%s': empty object attributes section\n"),
3449 idx, section_name (ebl, idx));
3450 return;
3451 }
3452
3453 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3454 if (data == NULL || data->d_size == 0 || data->d_buf == NULL)
3455 {
3456 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3457 idx, section_name (ebl, idx));
3458 return;
3459 }
3460
3461 const unsigned char *p = data->d_buf;
3462 if (*p++ != 'A')
3463 {
3464 ERROR (_("section [%2d] '%s': unrecognized attribute format\n"),
3465 idx, section_name (ebl, idx));
3466 return;
3467 }
3468
3469 while (buffer_left (data, p) >= 4)
3470 {
3471 uint32_t len;
3472 memcpy (&len, p, sizeof len);
3473
3474 if (len == 0)
3475 ERROR (_("\
3476 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3477 idx, section_name (ebl, idx), buffer_pos (data, p));
3478
3479 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3480 CONVERT (len);
3481
3482 if (len > buffer_left (data, p))
3483 {
3484 ERROR (_("\
3485 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3486 idx, section_name (ebl, idx), buffer_pos (data, p));
3487 break;
3488 }
3489
3490 const unsigned char *name = p + sizeof len;
3491 p += len;
3492
3493 unsigned const char *q = memchr (name, '\0', len);
3494 if (q == NULL)
3495 {
3496 ERROR (_("\
3497 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3498 idx, section_name (ebl, idx), buffer_pos (data, p));
3499 break;
3500 }
3501 ++q;
3502
3503 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3504 while (q < p)
3505 {
3506 unsigned const char *chunk = q;
3507
3508 unsigned int subsection_tag;
3509 get_uleb128 (subsection_tag, q, p);
3510
3511 if (q >= p)
3512 {
3513 ERROR (_("\
3514 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3515 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3516 break;
3517 }
3518
3519 uint32_t subsection_len;
3520 if (p - q < (ptrdiff_t) sizeof subsection_len)
3521 {
3522 ERROR (_("\
3523 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3524 idx, section_name (ebl, idx), buffer_pos (data, q));
3525 break;
3526 }
3527
3528 memcpy (&subsection_len, q, sizeof subsection_len);
3529 if (subsection_len == 0)
3530 {
3531 ERROR (_("\
3532 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3533 idx, section_name (ebl, idx), buffer_pos (data, q));
3534
3535 q += sizeof subsection_len;
3536 continue;
3537 }
3538
3539 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3540 CONVERT (subsection_len);
3541
3542 /* Don't overflow, ptrdiff_t might be 32bits, but signed. */
3543 if (p - chunk < (ptrdiff_t) subsection_len
3544 || subsection_len >= (uint32_t) PTRDIFF_MAX)
3545 {
3546 ERROR (_("\
3547 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3548 idx, section_name (ebl, idx), buffer_pos (data, q));
3549 break;
3550 }
3551
3552 const unsigned char *subsection_end = chunk + subsection_len;
3553 chunk = q;
3554 q = subsection_end;
3555
3556 if (subsection_tag != 1) /* Tag_File */
3557 ERROR (_("\
3558 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3559 idx, section_name (ebl, idx), buffer_pos (data, chunk), subsection_tag);
3560 else
3561 {
3562 chunk += sizeof subsection_len;
3563 while (chunk < q)
3564 {
3565 unsigned int tag;
3566 get_uleb128 (tag, chunk, q);
3567
3568 uint64_t value = 0;
3569 const unsigned char *r = chunk;
3570 if (tag == 32 || (tag & 1) == 0)
3571 {
3572 get_uleb128 (value, r, q);
3573 if (r > q)
3574 {
3575 ERROR (_("\
3576 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3577 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3578 break;
3579 }
3580 }
3581 if (tag == 32 || (tag & 1) != 0)
3582 {
3583 r = memchr (r, '\0', q - r);
3584 if (r == NULL)
3585 {
3586 ERROR (_("\
3587 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3588 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3589 break;
3590 }
3591 ++r;
3592 }
3593
3594 const char *tag_name = NULL;
3595 const char *value_name = NULL;
3596 if (!ebl_check_object_attribute (ebl, (const char *) name,
3597 tag, value,
3598 &tag_name, &value_name))
3599 ERROR (_("\
3600 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3601 idx, section_name (ebl, idx), buffer_pos (data, chunk), tag);
3602 else if ((tag & 1) == 0 && value_name == NULL)
3603 ERROR (_("\
3604 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3605 idx, section_name (ebl, idx), buffer_pos (data, chunk),
3606 tag_name, value);
3607
3608 chunk = r;
3609 }
3610 }
3611 }
3612 else
3613 ERROR (_("\
3614 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3615 idx, section_name (ebl, idx), buffer_pos (data, p), name);
3616 }
3617
3618 if (buffer_left (data, p) != 0)
3619 ERROR (_("\
3620 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3621 idx, section_name (ebl, idx), buffer_pos (data, p));
3622 }
3623
3624 static bool has_loadable_segment;
3625 static bool has_interp_segment;
3626
3627 static const struct
3628 {
3629 const char *name;
3630 size_t namelen;
3631 GElf_Word type;
3632 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3633 GElf_Word attr;
3634 GElf_Word attr2;
3635 } special_sections[] =
3636 {
3637 /* See figure 4-14 in the gABI. */
3638 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3639 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3640 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3641 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3642 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3643 { ".debug_line_str", 16, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3644 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3645 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3646 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3647 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3648 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3649 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3650 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3651 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3652 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3653 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3654 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3655 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3656 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3657 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3658 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3659 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3660 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3661 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3662 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3663 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3664 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3665 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3666 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3667 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3668 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3669 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3670 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3671
3672 /* The following are GNU extensions. */
3673 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3674 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3675 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3676 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3677 };
3678 #define nspecial_sections \
3679 (sizeof (special_sections) / sizeof (special_sections[0]))
3680
3681 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3682 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3683 && !memcmp (special_sections[idx].name, string, \
3684 sizeof string - (prefix ? 1 : 0)))
3685
3686 /* Extra section flags that might or might not be added to the section
3687 and have to be ignored. */
3688 #define EXTRA_SHFLAGS (SHF_LINK_ORDER \
3689 | SHF_GNU_RETAIN \
3690 | SHF_GROUP \
3691 | SHF_COMPRESSED)
3692
3693
3694 /* Indices of some sections we need later. */
3695 static size_t eh_frame_hdr_scnndx;
3696 static size_t eh_frame_scnndx;
3697 static size_t gcc_except_table_scnndx;
3698
3699
3700 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3701 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3702 {
3703 if (ehdr->e_shoff == 0)
3704 /* No section header. */
3705 return;
3706
3707 /* Allocate array to count references in section groups. */
3708 scnref = xcalloc (shnum, sizeof (int));
3709
3710 /* Check the zeroth section first. It must not have any contents
3711 and the section header must contain nonzero value at most in the
3712 sh_size and sh_link fields. */
3713 GElf_Shdr shdr_mem;
3714 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3715 if (shdr == NULL)
3716 ERROR (_("cannot get section header of zeroth section\n"));
3717 else
3718 {
3719 if (shdr->sh_name != 0)
3720 ERROR (_("zeroth section has nonzero name\n"));
3721 if (shdr->sh_type != 0)
3722 ERROR (_("zeroth section has nonzero type\n"));
3723 if (shdr->sh_flags != 0)
3724 ERROR (_("zeroth section has nonzero flags\n"));
3725 if (shdr->sh_addr != 0)
3726 ERROR (_("zeroth section has nonzero address\n"));
3727 if (shdr->sh_offset != 0)
3728 ERROR (_("zeroth section has nonzero offset\n"));
3729 if (shdr->sh_addralign != 0)
3730 ERROR (_("zeroth section has nonzero align value\n"));
3731 if (shdr->sh_entsize != 0)
3732 ERROR (_("zeroth section has nonzero entry size value\n"));
3733
3734 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3735 ERROR (_("\
3736 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3737
3738 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3739 ERROR (_("\
3740 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3741
3742 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3743 ERROR (_("\
3744 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3745 }
3746
3747 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3748
3749 bool dot_interp_section = false;
3750
3751 size_t hash_idx = 0;
3752 size_t gnu_hash_idx = 0;
3753
3754 size_t versym_scnndx = 0;
3755 for (size_t cnt = 1; cnt < shnum; ++cnt)
3756 {
3757 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
3758 shdr = gelf_getshdr (scn, &shdr_mem);
3759 if (shdr == NULL)
3760 {
3761 ERROR (_("\
3762 cannot get section header for section [%2zu] '%s': %s\n"),
3763 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3764 continue;
3765 }
3766
3767 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3768
3769 if (scnname == NULL)
3770 ERROR (_("section [%2zu]: invalid name\n"), cnt);
3771 else
3772 {
3773 /* Check whether it is one of the special sections defined in
3774 the gABI. */
3775 size_t s;
3776 for (s = 0; s < nspecial_sections; ++s)
3777 if (strncmp (scnname, special_sections[s].name,
3778 special_sections[s].namelen) == 0)
3779 {
3780 char stbuf1[100];
3781 char stbuf2[100];
3782 char stbuf3[100];
3783
3784 GElf_Word good_type = special_sections[s].type;
3785 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3786 && ebl_bss_plt_p (ebl))
3787 good_type = SHT_NOBITS;
3788
3789 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3790 This is only invalid for DWARF sections and .shstrtab. */
3791 if (shdr->sh_type != good_type
3792 && (shdr->sh_type != SHT_NOBITS
3793 || !is_debuginfo
3794 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3795 || IS_KNOWN_SPECIAL (s, ".debug", true)
3796 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3797 ERROR (_("\
3798 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3799 (int) cnt, scnname,
3800 ebl_section_type_name (ebl, special_sections[s].type,
3801 stbuf1, sizeof (stbuf1)),
3802 ebl_section_type_name (ebl, shdr->sh_type,
3803 stbuf2, sizeof (stbuf2)));
3804
3805 if (special_sections[s].attrflag == exact
3806 || special_sections[s].attrflag == exact_or_gnuld)
3807 {
3808 /* Except for the link order, retain, group bit and
3809 compression flag all the other bits should
3810 match exactly. */
3811 if ((shdr->sh_flags & ~EXTRA_SHFLAGS)
3812 != special_sections[s].attr
3813 && (special_sections[s].attrflag == exact || !gnuld))
3814 ERROR (_("\
3815 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3816 cnt, scnname,
3817 section_flags_string (special_sections[s].attr,
3818 stbuf1, sizeof (stbuf1)),
3819 section_flags_string (shdr->sh_flags
3820 & ~EXTRA_SHFLAGS,
3821 stbuf2, sizeof (stbuf2)));
3822 }
3823 else if (special_sections[s].attrflag == atleast)
3824 {
3825 if ((shdr->sh_flags & special_sections[s].attr)
3826 != special_sections[s].attr
3827 || ((shdr->sh_flags
3828 & ~(EXTRA_SHFLAGS
3829 | special_sections[s].attr
3830 | special_sections[s].attr2))
3831 != 0))
3832 ERROR (_("\
3833 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3834 cnt, scnname,
3835 section_flags_string (special_sections[s].attr,
3836 stbuf1, sizeof (stbuf1)),
3837 section_flags_string (special_sections[s].attr2,
3838 stbuf2, sizeof (stbuf2)),
3839 section_flags_string (shdr->sh_flags
3840 & ~EXTRA_SHFLAGS,
3841 stbuf3, sizeof (stbuf3)));
3842 }
3843
3844 if (strcmp (scnname, ".interp") == 0)
3845 {
3846 dot_interp_section = true;
3847
3848 if (ehdr->e_type == ET_REL)
3849 ERROR (_("\
3850 section [%2zu] '%s' present in object file\n"),
3851 cnt, scnname);
3852
3853 if ((shdr->sh_flags & SHF_ALLOC) != 0
3854 && !has_loadable_segment)
3855 ERROR (_("\
3856 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3857 cnt, scnname);
3858 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3859 && has_loadable_segment)
3860 ERROR (_("\
3861 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3862 cnt, scnname);
3863 }
3864 else
3865 {
3866 if (strcmp (scnname, ".symtab_shndx") == 0
3867 && ehdr->e_type != ET_REL)
3868 ERROR (_("\
3869 section [%2zu] '%s' is extension section index table in non-object file\n"),
3870 cnt, scnname);
3871
3872 /* These sections must have the SHF_ALLOC flag set iff
3873 a loadable segment is available.
3874
3875 .relxxx
3876 .strtab
3877 .symtab
3878 .symtab_shndx
3879
3880 Check that if there is a reference from the
3881 loaded section these sections also have the
3882 ALLOC flag set. */
3883 #if 0
3884 // XXX TODO
3885 if ((shdr->sh_flags & SHF_ALLOC) != 0
3886 && !has_loadable_segment)
3887 ERROR (_("\
3888 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3889 cnt, scnname);
3890 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3891 && has_loadable_segment)
3892 ERROR (_("\
3893 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3894 cnt, scnname);
3895 #endif
3896 }
3897
3898 break;
3899 }
3900
3901 /* Remember a few special sections for later. */
3902 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3903 eh_frame_hdr_scnndx = cnt;
3904 else if (strcmp (scnname, ".eh_frame") == 0)
3905 eh_frame_scnndx = cnt;
3906 else if (strcmp (scnname, ".gcc_except_table") == 0)
3907 gcc_except_table_scnndx = cnt;
3908 }
3909
3910 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3911 ERROR (_("\
3912 section [%2zu] '%s': size not multiple of entry size\n"),
3913 cnt, section_name (ebl, cnt));
3914
3915 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3916 ERROR (_("cannot get section header\n"));
3917
3918 if (shdr->sh_type >= SHT_NUM
3919 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3920 && shdr->sh_type != SHT_GNU_LIBLIST
3921 && shdr->sh_type != SHT_CHECKSUM
3922 && shdr->sh_type != SHT_GNU_verdef
3923 && shdr->sh_type != SHT_GNU_verneed
3924 && shdr->sh_type != SHT_GNU_versym
3925 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3926 ERROR (_("section [%2zu] '%s' has unsupported type %d\n"),
3927 cnt, section_name (ebl, cnt),
3928 (int) shdr->sh_type);
3929
3930 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3931 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3932 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS \
3933 | SHF_COMPRESSED | SHF_GNU_RETAIN)
3934 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3935 {
3936 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3937 if (sh_flags & SHF_MASKPROC)
3938 {
3939 /* Strictly speaking SHF_EXCLUDE is a processor specific
3940 section flag, but it is used generically in the GNU
3941 toolchain. */
3942 if (gnuld)
3943 sh_flags &= ~(GElf_Xword) SHF_EXCLUDE;
3944 if (!ebl_machine_section_flag_check (ebl,
3945 sh_flags & SHF_MASKPROC))
3946 ERROR (_("section [%2zu] '%s'"
3947 " contains invalid processor-specific flag(s)"
3948 " %#" PRIx64 "\n"),
3949 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3950 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3951 }
3952 if (sh_flags & SHF_MASKOS)
3953 if (gnuld)
3954 sh_flags &= ~(GElf_Xword) SHF_GNU_RETAIN;
3955 if (sh_flags != 0)
3956 ERROR (_("section [%2zu] '%s' contains unknown flag(s)"
3957 " %#" PRIx64 "\n"),
3958 cnt, section_name (ebl, cnt), sh_flags);
3959 }
3960 if (shdr->sh_flags & SHF_TLS)
3961 {
3962 // XXX Correct?
3963 if (shdr->sh_addr != 0 && !gnuld)
3964 ERROR (_("\
3965 section [%2zu] '%s': thread-local data sections address not zero\n"),
3966 cnt, section_name (ebl, cnt));
3967
3968 // XXX TODO more tests!?
3969 }
3970
3971 if (shdr->sh_flags & SHF_COMPRESSED)
3972 {
3973 if (shdr->sh_flags & SHF_ALLOC)
3974 ERROR (_("\
3975 section [%2zu] '%s': allocated section cannot be compressed\n"),
3976 cnt, section_name (ebl, cnt));
3977
3978 if (shdr->sh_type == SHT_NOBITS)
3979 ERROR (_("\
3980 section [%2zu] '%s': nobits section cannot be compressed\n"),
3981 cnt, section_name (ebl, cnt));
3982
3983 GElf_Chdr chdr;
3984 if (gelf_getchdr (scn, &chdr) == NULL)
3985 ERROR (_("\
3986 section [%2zu] '%s': compressed section with no compression header: %s\n"),
3987 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3988 }
3989
3990 if (shdr->sh_link >= shnum)
3991 ERROR (_("\
3992 section [%2zu] '%s': invalid section reference in link value\n"),
3993 cnt, section_name (ebl, cnt));
3994
3995 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
3996 ERROR (_("\
3997 section [%2zu] '%s': invalid section reference in info value\n"),
3998 cnt, section_name (ebl, cnt));
3999
4000 if ((shdr->sh_flags & SHF_MERGE) == 0
4001 && (shdr->sh_flags & SHF_STRINGS) != 0
4002 && be_strict)
4003 ERROR (_("\
4004 section [%2zu] '%s': strings flag set without merge flag\n"),
4005 cnt, section_name (ebl, cnt));
4006
4007 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
4008 ERROR (_("\
4009 section [%2zu] '%s': merge flag set but entry size is zero\n"),
4010 cnt, section_name (ebl, cnt));
4011
4012 if (shdr->sh_flags & SHF_GROUP)
4013 check_scn_group (ebl, cnt);
4014
4015 if (shdr->sh_flags & SHF_EXECINSTR)
4016 {
4017 switch (shdr->sh_type)
4018 {
4019 case SHT_PROGBITS:
4020 break;
4021
4022 case SHT_NOBITS:
4023 if (is_debuginfo)
4024 break;
4025 FALLTHROUGH;
4026 default:
4027 ERROR (_("\
4028 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
4029 cnt, section_name (ebl, cnt), shdr->sh_type);
4030 break;
4031 }
4032
4033 if (shdr->sh_flags & SHF_WRITE)
4034 {
4035 if (is_debuginfo && shdr->sh_type != SHT_NOBITS)
4036 ERROR (_("\
4037 section [%2zu] '%s' must be of type NOBITS in debuginfo files\n"),
4038 cnt, section_name (ebl, cnt));
4039
4040 if (!is_debuginfo
4041 && !ebl_check_special_section (ebl, cnt, shdr,
4042 section_name (ebl, cnt)))
4043 ERROR (_("\
4044 section [%2zu] '%s' is both executable and writable\n"),
4045 cnt, section_name (ebl, cnt));
4046 }
4047 }
4048
4049 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0
4050 && !is_debuginfo)
4051 {
4052 /* Make sure the section is contained in a loaded segment
4053 and that the initialization part matches NOBITS sections. */
4054 unsigned int pcnt;
4055 GElf_Phdr phdr_mem;
4056 GElf_Phdr *phdr;
4057
4058 for (pcnt = 0; pcnt < phnum; ++pcnt)
4059 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
4060 && ((phdr->p_type == PT_LOAD
4061 && (shdr->sh_flags & SHF_TLS) == 0)
4062 || (phdr->p_type == PT_TLS
4063 && (shdr->sh_flags & SHF_TLS) != 0))
4064 && phdr->p_offset <= shdr->sh_offset
4065 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
4066 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
4067 || shdr->sh_size == 0))
4068 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
4069 && shdr->sh_type == SHT_NOBITS)))
4070 {
4071 /* Found the segment. */
4072 if (phdr->p_offset + phdr->p_memsz
4073 < shdr->sh_offset + shdr->sh_size)
4074 ERROR (_("\
4075 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
4076 cnt, section_name (ebl, cnt), pcnt);
4077
4078 if (shdr->sh_type == SHT_NOBITS)
4079 {
4080 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
4081 && !is_debuginfo)
4082 {
4083 if (!gnuld)
4084 ERROR (_("\
4085 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
4086 cnt, section_name (ebl, cnt), pcnt);
4087 else
4088 {
4089 /* This is truly horrible. GNU ld might put a
4090 NOBITS section in the middle of a PT_LOAD
4091 segment, assuming the next gap in the file
4092 actually consists of zero bits...
4093 So it really is like a PROGBITS section
4094 where the data is all zeros. Check those
4095 zero bytes are really there. */
4096 bool bad;
4097 Elf_Data *databits;
4098 databits = elf_getdata_rawchunk (ebl->elf,
4099 shdr->sh_offset,
4100 shdr->sh_size,
4101 ELF_T_BYTE);
4102 bad = (databits == NULL
4103 || databits->d_size != shdr->sh_size);
4104 for (size_t idx = 0;
4105 ! bad && idx < databits->d_size;
4106 idx++)
4107 bad = ((char *) databits->d_buf)[idx] != 0;
4108
4109 if (bad)
4110 ERROR (_("\
4111 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d and file contents is non-zero\n"),
4112 cnt, section_name (ebl, cnt), pcnt);
4113 }
4114 }
4115 }
4116 else
4117 {
4118 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
4119 if (shdr->sh_offset > end ||
4120 (shdr->sh_offset == end && shdr->sh_size != 0))
4121 ERROR (_("\
4122 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
4123 cnt, section_name (ebl, cnt), pcnt);
4124 }
4125
4126 if (shdr->sh_type != SHT_NOBITS)
4127 {
4128 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
4129 {
4130 segment_flags[pcnt] |= PF_X;
4131 if ((phdr->p_flags & PF_X) == 0)
4132 ERROR (_("\
4133 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
4134 cnt, section_name (ebl, cnt), pcnt);
4135 }
4136
4137 if ((shdr->sh_flags & SHF_WRITE) != 0)
4138 {
4139 segment_flags[pcnt] |= PF_W;
4140 if (0 /* XXX vdso images have this */
4141 && (phdr->p_flags & PF_W) == 0)
4142 ERROR (_("\
4143 section [%2zu] '%s' is writable in unwritable segment %d\n"),
4144 cnt, section_name (ebl, cnt), pcnt);
4145 }
4146 }
4147
4148 break;
4149 }
4150
4151 if (pcnt == phnum)
4152 ERROR (_("\
4153 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
4154 cnt, section_name (ebl, cnt));
4155 }
4156
4157 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
4158 ERROR (_("\
4159 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
4160 cnt, section_name (ebl, cnt));
4161
4162 switch (shdr->sh_type)
4163 {
4164 case SHT_DYNSYM:
4165 if (ehdr->e_type == ET_REL)
4166 ERROR (_("\
4167 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
4168 cnt, section_name (ebl, cnt));
4169 FALLTHROUGH;
4170 case SHT_SYMTAB:
4171 check_symtab (ebl, ehdr, shdr, cnt);
4172 break;
4173
4174 case SHT_RELA:
4175 check_rela (ebl, ehdr, shdr, cnt);
4176 break;
4177
4178 case SHT_REL:
4179 check_rel (ebl, ehdr, shdr, cnt);
4180 break;
4181
4182 case SHT_DYNAMIC:
4183 check_dynamic (ebl, ehdr, shdr, cnt);
4184 break;
4185
4186 case SHT_SYMTAB_SHNDX:
4187 check_symtab_shndx (ebl, ehdr, shdr, cnt);
4188 break;
4189
4190 case SHT_HASH:
4191 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4192 hash_idx = cnt;
4193 break;
4194
4195 case SHT_GNU_HASH:
4196 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4197 gnu_hash_idx = cnt;
4198 break;
4199
4200 case SHT_NULL:
4201 check_null (ebl, shdr, cnt);
4202 break;
4203
4204 case SHT_GROUP:
4205 check_group (ebl, ehdr, shdr, cnt);
4206 break;
4207
4208 case SHT_NOTE:
4209 check_note_section (ebl, ehdr, shdr, cnt);
4210 break;
4211
4212 case SHT_GNU_versym:
4213 /* We cannot process this section now since we have no guarantee
4214 that the verneed and verdef sections have already been read.
4215 Just remember the section index. */
4216 if (versym_scnndx != 0)
4217 ERROR (_("more than one version symbol table present\n"));
4218 versym_scnndx = cnt;
4219 break;
4220
4221 case SHT_GNU_verneed:
4222 check_verneed (ebl, shdr, cnt);
4223 break;
4224
4225 case SHT_GNU_verdef:
4226 check_verdef (ebl, shdr, cnt);
4227 break;
4228
4229 case SHT_GNU_ATTRIBUTES:
4230 check_attributes (ebl, ehdr, shdr, cnt);
4231 break;
4232
4233 default:
4234 /* Nothing. */
4235 break;
4236 }
4237 }
4238
4239 if (has_interp_segment && !dot_interp_section)
4240 ERROR (_("INTERP program header entry but no .interp section\n"));
4241
4242 if (!is_debuginfo)
4243 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
4244 {
4245 GElf_Phdr phdr_mem;
4246 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
4247 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
4248 {
4249 if ((phdr->p_flags & PF_X) != 0
4250 && (segment_flags[pcnt] & PF_X) == 0)
4251 ERROR (_("\
4252 loadable segment [%u] is executable but contains no executable sections\n"),
4253 pcnt);
4254
4255 if ((phdr->p_flags & PF_W) != 0
4256 && (segment_flags[pcnt] & PF_W) == 0)
4257 ERROR (_("\
4258 loadable segment [%u] is writable but contains no writable sections\n"),
4259 pcnt);
4260 }
4261 }
4262
4263 free (segment_flags);
4264
4265 if (version_namelist != NULL)
4266 {
4267 if (versym_scnndx == 0)
4268 ERROR (_("\
4269 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
4270 else
4271 check_versym (ebl, versym_scnndx);
4272
4273 /* Check for duplicate index numbers. */
4274 do
4275 {
4276 struct version_namelist *runp = version_namelist->next;
4277 while (runp != NULL)
4278 {
4279 if (version_namelist->ndx == runp->ndx)
4280 {
4281 ERROR (_("duplicate version index %d\n"),
4282 (int) version_namelist->ndx);
4283 break;
4284 }
4285 runp = runp->next;
4286 }
4287
4288 struct version_namelist *old = version_namelist;
4289 version_namelist = version_namelist->next;
4290 free (old);
4291 }
4292 while (version_namelist != NULL);
4293 }
4294 else if (versym_scnndx != 0)
4295 ERROR (_("\
4296 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
4297
4298 if (hash_idx != 0 && gnu_hash_idx != 0)
4299 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
4300
4301 free (scnref);
4302 }
4303
4304
4305 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)4306 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
4307 Elf_Data *data, int shndx, int phndx, GElf_Off start)
4308 {
4309 size_t offset = 0;
4310 size_t last_offset = 0;
4311 GElf_Nhdr nhdr;
4312 size_t name_offset;
4313 size_t desc_offset;
4314 while (offset < data->d_size
4315 && (offset = gelf_getnote (data, offset,
4316 &nhdr, &name_offset, &desc_offset)) > 0)
4317 {
4318 last_offset = offset;
4319
4320 /* Make sure it is one of the note types we know about. */
4321 if (ehdr->e_type == ET_CORE)
4322 switch (nhdr.n_type)
4323 {
4324 case NT_PRSTATUS:
4325 case NT_FPREGSET:
4326 case NT_PRPSINFO:
4327 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
4328 case NT_PLATFORM:
4329 case NT_AUXV:
4330 case NT_GWINDOWS:
4331 case NT_ASRS:
4332 case NT_PSTATUS:
4333 case NT_PSINFO:
4334 case NT_PRCRED:
4335 case NT_UTSNAME:
4336 case NT_LWPSTATUS:
4337 case NT_LWPSINFO:
4338 case NT_PRFPXREG:
4339 /* Known type. */
4340 break;
4341
4342 default:
4343 if (shndx == 0)
4344 ERROR (_("\
4345 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
4346 phndx, (uint32_t) nhdr.n_type, start + offset);
4347 else
4348 ERROR (_("\
4349 section [%2d] '%s': unknown core file note type %" PRIu32
4350 " at offset %zu\n"),
4351 shndx, section_name (ebl, shndx),
4352 (uint32_t) nhdr.n_type, offset);
4353 }
4354 else
4355 switch (nhdr.n_type)
4356 {
4357 case NT_GNU_ABI_TAG:
4358 case NT_GNU_HWCAP:
4359 case NT_GNU_BUILD_ID:
4360 case NT_GNU_GOLD_VERSION:
4361 case NT_GNU_PROPERTY_TYPE_0:
4362 if (nhdr.n_namesz == sizeof ELF_NOTE_GNU
4363 && strcmp (data->d_buf + name_offset, ELF_NOTE_GNU) == 0)
4364 break;
4365 else
4366 {
4367 /* NT_VERSION is 1, same as NT_GNU_ABI_TAG. It has no
4368 descriptor and (ab)uses the name as version string. */
4369 if (nhdr.n_descsz == 0 && nhdr.n_type == NT_VERSION)
4370 break;
4371 }
4372 goto unknown_note;
4373
4374 case NT_GNU_BUILD_ATTRIBUTE_OPEN:
4375 case NT_GNU_BUILD_ATTRIBUTE_FUNC:
4376 /* GNU Build Attributes store most data in the owner
4377 name, which must start with the
4378 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX "GA". */
4379 if (nhdr.n_namesz >= sizeof ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX
4380 && strncmp (data->d_buf + name_offset,
4381 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX,
4382 strlen (ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX)) == 0)
4383 break;
4384 else
4385 goto unknown_note;
4386
4387 case 0:
4388 /* Linux vDSOs use a type 0 note for the kernel version word. */
4389 if (nhdr.n_namesz == sizeof "Linux"
4390 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
4391 break;
4392 FALLTHROUGH;
4393 default:
4394 {
4395 unknown_note:
4396 if (shndx == 0)
4397 ERROR (_("\
4398 phdr[%d]: unknown object file note type %" PRIu32 " with owner name '%s' at offset %zu\n"),
4399 phndx, (uint32_t) nhdr.n_type,
4400 (char *) data->d_buf + name_offset, offset);
4401 else
4402 ERROR (_("\
4403 section [%2d] '%s': unknown object file note type %" PRIu32
4404 " with owner name '%s' at offset %zu\n"),
4405 shndx, section_name (ebl, shndx),
4406 (uint32_t) nhdr.n_type,
4407 (char *) data->d_buf + name_offset, offset);
4408 }
4409 }
4410 }
4411
4412 return last_offset;
4413 }
4414
4415
4416 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4417 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4418 {
4419 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4420 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4421 ERROR (_("\
4422 phdr[%d]: no note entries defined for the type of file\n"),
4423 cnt);
4424
4425 if (is_debuginfo)
4426 /* The p_offset values in a separate debug file are bogus. */
4427 return;
4428
4429 if (phdr->p_filesz == 0)
4430 return;
4431
4432 GElf_Off notes_size = 0;
4433 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4434 phdr->p_offset, phdr->p_filesz,
4435 (phdr->p_align == 8
4436 ? ELF_T_NHDR8 : ELF_T_NHDR));
4437 if (data != NULL && data->d_buf != NULL)
4438 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4439
4440 if (notes_size == 0)
4441 ERROR (_("phdr[%d]: cannot get content of note section: %s\n"),
4442 cnt, elf_errmsg (-1));
4443 else if (notes_size != phdr->p_filesz)
4444 ERROR (_("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4445 cnt, phdr->p_filesz - notes_size);
4446 }
4447
4448
4449 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4450 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4451 {
4452 if (shdr->sh_size == 0)
4453 return;
4454
4455 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4456 if (data == NULL || data->d_buf == NULL)
4457 {
4458 ERROR (_("section [%2d] '%s': cannot get section data\n"),
4459 idx, section_name (ebl, idx));
4460 return;
4461 }
4462
4463 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4464 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4465 ERROR (_("\
4466 section [%2d] '%s': no note entries defined for the type of file\n"),
4467 idx, section_name (ebl, idx));
4468
4469 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4470
4471 if (notes_size == 0)
4472 ERROR (_("section [%2d] '%s': cannot get content of note section\n"),
4473 idx, section_name (ebl, idx));
4474 else if (notes_size != shdr->sh_size)
4475 ERROR (_("section [%2d] '%s': extra %" PRIu64
4476 " bytes after last note\n"),
4477 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4478 }
4479
4480
4481 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4482 static int pt_gnu_eh_frame_pndx;
4483
4484
4485 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4486 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4487 {
4488 if (ehdr->e_phoff == 0)
4489 return;
4490
4491 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4492 && ehdr->e_type != ET_CORE)
4493 ERROR (_("\
4494 only executables, shared objects, and core files can have program headers\n"));
4495
4496 int num_pt_interp = 0;
4497 int num_pt_tls = 0;
4498 int num_pt_relro = 0;
4499
4500 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4501 {
4502 GElf_Phdr phdr_mem;
4503 GElf_Phdr *phdr;
4504
4505 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4506 if (phdr == NULL)
4507 {
4508 ERROR (_("cannot get program header entry %d: %s\n"),
4509 cnt, elf_errmsg (-1));
4510 continue;
4511 }
4512
4513 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4514 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4515 && phdr->p_type != PT_GNU_PROPERTY
4516 /* Check for a known machine-specific type. */
4517 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4518 ERROR (_("\
4519 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4520 cnt, (uint64_t) phdr->p_type);
4521
4522 if (phdr->p_type == PT_LOAD)
4523 has_loadable_segment = true;
4524 else if (phdr->p_type == PT_INTERP)
4525 {
4526 if (++num_pt_interp != 1)
4527 {
4528 if (num_pt_interp == 2)
4529 ERROR (_("\
4530 more than one INTERP entry in program header\n"));
4531 }
4532 has_interp_segment = true;
4533 }
4534 else if (phdr->p_type == PT_TLS)
4535 {
4536 if (++num_pt_tls == 2)
4537 ERROR (_("more than one TLS entry in program header\n"));
4538 }
4539 else if (phdr->p_type == PT_NOTE)
4540 check_note (ebl, ehdr, phdr, cnt);
4541 else if (phdr->p_type == PT_DYNAMIC)
4542 {
4543 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4544 ERROR (_("\
4545 static executable cannot have dynamic sections\n"));
4546 else
4547 {
4548 /* Check that the .dynamic section, if it exists, has
4549 the same address. */
4550 Elf_Scn *scn = NULL;
4551 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4552 {
4553 GElf_Shdr shdr_mem;
4554 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4555 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4556 {
4557 if (phdr->p_offset != shdr->sh_offset)
4558 ERROR (_("\
4559 dynamic section reference in program header has wrong offset\n"));
4560 if (phdr->p_memsz != shdr->sh_size)
4561 ERROR (_("\
4562 dynamic section size mismatch in program and section header\n"));
4563 break;
4564 }
4565 }
4566 }
4567 }
4568 else if (phdr->p_type == PT_GNU_RELRO)
4569 {
4570 if (++num_pt_relro == 2)
4571 ERROR (_("\
4572 more than one GNU_RELRO entry in program header\n"));
4573 else
4574 {
4575 /* Check that the region is in a writable segment. */
4576 unsigned int inner;
4577 for (inner = 0; inner < phnum; ++inner)
4578 {
4579 GElf_Phdr phdr2_mem;
4580 GElf_Phdr *phdr2;
4581
4582 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4583 if (phdr2 == NULL)
4584 continue;
4585
4586 if (phdr2->p_type == PT_LOAD
4587 && phdr->p_vaddr >= phdr2->p_vaddr
4588 && (phdr->p_vaddr + phdr->p_memsz
4589 <= phdr2->p_vaddr + phdr2->p_memsz))
4590 {
4591 if ((phdr2->p_flags & PF_W) == 0)
4592 ERROR (_("\
4593 loadable segment GNU_RELRO applies to is not writable\n"));
4594 /* Unless fully covered, relro flags could be a
4595 subset of the phdrs2 flags. For example the load
4596 segment could also have PF_X set. */
4597 if (phdr->p_vaddr == phdr2->p_vaddr
4598 && (phdr->p_vaddr + phdr->p_memsz
4599 == phdr2->p_vaddr + phdr2->p_memsz))
4600 {
4601 if ((phdr2->p_flags & ~PF_W)
4602 != (phdr->p_flags & ~PF_W))
4603 ERROR (_("\
4604 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4605 cnt, inner);
4606 }
4607 else
4608 {
4609 if ((phdr->p_flags & ~phdr2->p_flags) != 0)
4610 ERROR (_("\
4611 GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"),
4612 inner, cnt);
4613 }
4614 break;
4615 }
4616 }
4617
4618 if (inner >= phnum)
4619 ERROR (_("\
4620 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4621 }
4622 }
4623 else if (phdr->p_type == PT_PHDR)
4624 {
4625 /* Check that the region is in a writable segment. */
4626 unsigned int inner;
4627 for (inner = 0; inner < phnum; ++inner)
4628 {
4629 GElf_Phdr phdr2_mem;
4630 GElf_Phdr *phdr2;
4631
4632 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4633 if (phdr2 != NULL
4634 && phdr2->p_type == PT_LOAD
4635 && phdr->p_vaddr >= phdr2->p_vaddr
4636 && (phdr->p_vaddr + phdr->p_memsz
4637 <= phdr2->p_vaddr + phdr2->p_memsz))
4638 break;
4639 }
4640
4641 if (inner >= phnum)
4642 ERROR (_("\
4643 %s segment not contained in a loaded segment\n"), "PHDR");
4644
4645 /* Check that offset in segment corresponds to offset in ELF
4646 header. */
4647 if (phdr->p_offset != ehdr->e_phoff)
4648 ERROR (_("\
4649 program header offset in ELF header and PHDR entry do not match"));
4650 }
4651 else if (phdr->p_type == PT_GNU_EH_FRAME)
4652 {
4653 /* If there is an .eh_frame_hdr section it must be
4654 referenced by this program header entry. */
4655 Elf_Scn *scn = NULL;
4656 GElf_Shdr shdr_mem;
4657 GElf_Shdr *shdr = NULL;
4658 bool any = false;
4659 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4660 {
4661 any = true;
4662 shdr = gelf_getshdr (scn, &shdr_mem);
4663 if (shdr != NULL
4664 && ((is_debuginfo && shdr->sh_type == SHT_NOBITS)
4665 || (! is_debuginfo
4666 && (shdr->sh_type == SHT_PROGBITS
4667 || shdr->sh_type == SHT_X86_64_UNWIND)))
4668 && elf_strptr (ebl->elf, shstrndx, shdr->sh_name) != NULL
4669 && ! strcmp (".eh_frame_hdr",
4670 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4671 {
4672 if (! is_debuginfo)
4673 {
4674 if (phdr->p_offset != shdr->sh_offset)
4675 ERROR (_("\
4676 call frame search table reference in program header has wrong offset\n"));
4677 if (phdr->p_memsz != shdr->sh_size)
4678 ERROR (_("\
4679 call frame search table size mismatch in program and section header\n"));
4680 }
4681 break;
4682 }
4683 }
4684
4685 if (scn == NULL)
4686 {
4687 /* If there is no section header table we don't
4688 complain. But if there is one there should be an
4689 entry for .eh_frame_hdr. */
4690 if (any)
4691 ERROR (_("\
4692 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4693 }
4694 else
4695 {
4696 /* The section must be allocated and not be writable and
4697 executable. */
4698 if ((phdr->p_flags & PF_R) == 0)
4699 ERROR (_("\
4700 call frame search table must be allocated\n"));
4701 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4702 ERROR (_("\
4703 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4704
4705 if ((phdr->p_flags & PF_W) != 0)
4706 ERROR (_("\
4707 call frame search table must not be writable\n"));
4708 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4709 ERROR (_("\
4710 section [%2zu] '%s' must not be writable\n"),
4711 elf_ndxscn (scn), ".eh_frame_hdr");
4712
4713 if ((phdr->p_flags & PF_X) != 0)
4714 ERROR (_("\
4715 call frame search table must not be executable\n"));
4716 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4717 ERROR (_("\
4718 section [%2zu] '%s' must not be executable\n"),
4719 elf_ndxscn (scn), ".eh_frame_hdr");
4720 }
4721
4722 /* Remember which entry this is. */
4723 pt_gnu_eh_frame_pndx = cnt;
4724 }
4725
4726 if (phdr->p_filesz > phdr->p_memsz
4727 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
4728 ERROR (_("\
4729 program header entry %d: file size greater than memory size\n"),
4730 cnt);
4731
4732 if (phdr->p_align > 1)
4733 {
4734 if (!powerof2 (phdr->p_align))
4735 ERROR (_("\
4736 program header entry %d: alignment not a power of 2\n"), cnt);
4737 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4738 ERROR (_("\
4739 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4740 }
4741 }
4742 }
4743
4744
4745 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4746 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4747 GElf_Ehdr *ehdr __attribute__ ((unused)))
4748 {
4749 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4750 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4751 ERROR (_("executable/DSO with .eh_frame_hdr section does not have "
4752 "a PT_GNU_EH_FRAME program header entry"));
4753 }
4754
4755
4756 /* Process one file. */
4757 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4758 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4759 const char *fname, size_t size, bool only_one)
4760 {
4761 /* Reset variables. */
4762 ndynamic = 0;
4763 nverneed = 0;
4764 nverdef = 0;
4765 textrel = false;
4766 needed_textrel = false;
4767 has_loadable_segment = false;
4768 has_interp_segment = false;
4769
4770 GElf_Ehdr ehdr_mem;
4771 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4772 Ebl *ebl;
4773
4774 /* Print the file name. */
4775 if (!only_one)
4776 {
4777 if (prefix != NULL)
4778 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4779 else
4780 printf ("\n%s:\n", fname);
4781 }
4782
4783 if (ehdr == NULL)
4784 {
4785 ERROR (_("cannot read ELF header: %s\n"), elf_errmsg (-1));
4786 return;
4787 }
4788
4789 ebl = ebl_openbackend (elf);
4790 /* If there is no appropriate backend library we cannot test
4791 architecture and OS specific features. Any encountered extension
4792 is an error. Often we'll get a "dummy" ebl, except if something
4793 really bad happen, like a totally corrupted ELF file or out of
4794 memory situation. */
4795 if (ebl == NULL)
4796 {
4797 ERROR (_("cannot create backend for ELF file\n"));
4798 return;
4799 }
4800
4801 /* Go straight by the gABI, check all the parts in turn. */
4802 check_elf_header (ebl, ehdr, size);
4803
4804 /* Check the program header. */
4805 check_program_header (ebl, ehdr);
4806
4807 /* Next the section headers. It is OK if there are no section
4808 headers at all. */
4809 check_sections (ebl, ehdr);
4810
4811 /* Check the exception handling data, if it exists. */
4812 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4813 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4814 check_exception_data (ebl, ehdr);
4815
4816 /* Report if no relocation section needed the text relocation flag. */
4817 if (textrel && !needed_textrel)
4818 ERROR (_("text relocation flag set but not needed\n"));
4819
4820 /* Free the resources. */
4821 ebl_closebackend (ebl);
4822 }
4823
4824
4825 #include "debugpred.h"
4826