1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2015 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 elfutils is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #ifdef HAVE_CONFIG_H
20 # include <config.h>
21 #endif
22
23 #include <argp.h>
24 #include <assert.h>
25 #include <byteswap.h>
26 #include <endian.h>
27 #include <error.h>
28 #include <fcntl.h>
29 #include <gelf.h>
30 #include <inttypes.h>
31 #include <libintl.h>
32 #include <locale.h>
33 #include <stdbool.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <unistd.h>
37 #include <sys/stat.h>
38 #include <sys/param.h>
39
40 #include <elf-knowledge.h>
41 #include <system.h>
42 #include "../libelf/libelfP.h"
43 #include "../libelf/common.h"
44 #include "../libebl/libeblP.h"
45 #include "../libdw/libdwP.h"
46 #include "../libdwfl/libdwflP.h"
47 #include "../libdw/memory-access.h"
48
49
50 /* Name and version of program. */
51 static void print_version (FILE *stream, struct argp_state *state);
52 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
53
54 /* Bug report address. */
55 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
56
57 #define ARGP_strict 300
58 #define ARGP_gnuld 301
59
60 /* Definitions of arguments for argp functions. */
61 static const struct argp_option options[] =
62 {
63 { "strict", ARGP_strict, NULL, 0,
64 N_("Be extremely strict, flag level 2 features."), 0 },
65 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
66 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
67 { "gnu-ld", ARGP_gnuld, NULL, 0,
68 N_("Binary has been created with GNU ld and is therefore known to be \
69 broken in certain ways"), 0 },
70 { NULL, 0, NULL, 0, NULL, 0 }
71 };
72
73 /* Short description of program. */
74 static const char doc[] = N_("\
75 Pedantic checking of ELF files compliance with gABI/psABI spec.");
76
77 /* Strings for arguments in help texts. */
78 static const char args_doc[] = N_("FILE...");
79
80 /* Prototype for option handler. */
81 static error_t parse_opt (int key, char *arg, struct argp_state *state);
82
83 /* Data structure to communicate with argp functions. */
84 static struct argp argp =
85 {
86 options, parse_opt, args_doc, doc, NULL, NULL, NULL
87 };
88
89
90 /* Declarations of local functions. */
91 static void process_file (int fd, Elf *elf, const char *prefix,
92 const char *suffix, const char *fname, size_t size,
93 bool only_one);
94 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
95 const char *fname, size_t size, bool only_one);
96 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
97 GElf_Shdr *shdr, int idx);
98
99
100 /* Report an error. */
101 #define ERROR(str, args...) \
102 do { \
103 printf (str, ##args); \
104 ++error_count; \
105 } while (0)
106 static unsigned int error_count;
107
108 /* True if we should perform very strict testing. */
109 static bool be_strict;
110
111 /* True if no message is to be printed if the run is succesful. */
112 static bool be_quiet;
113
114 /* True if binary is from strip -f, not a normal ELF file. */
115 static bool is_debuginfo;
116
117 /* True if binary is assumed to be generated with GNU ld. */
118 static bool gnuld;
119
120 /* Index of section header string table. */
121 static uint32_t shstrndx;
122
123 /* Array to count references in section groups. */
124 static int *scnref;
125
126 /* Numbers of sections and program headers. */
127 static unsigned int shnum;
128 static unsigned int phnum;
129
130
131 int
main(int argc,char * argv[])132 main (int argc, char *argv[])
133 {
134 /* Set locale. */
135 setlocale (LC_ALL, "");
136
137 /* Initialize the message catalog. */
138 textdomain (PACKAGE_TARNAME);
139
140 /* Parse and process arguments. */
141 int remaining;
142 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
143
144 /* Before we start tell the ELF library which version we are using. */
145 elf_version (EV_CURRENT);
146
147 /* Now process all the files given at the command line. */
148 bool only_one = remaining + 1 == argc;
149 do
150 {
151 /* Open the file. */
152 int fd = open (argv[remaining], O_RDONLY);
153 if (fd == -1)
154 {
155 error (0, errno, gettext ("cannot open input file"));
156 continue;
157 }
158
159 /* Create an `Elf' descriptor. */
160 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
161 if (elf == NULL)
162 ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
163 elf_errmsg (-1));
164 else
165 {
166 unsigned int prev_error_count = error_count;
167 struct stat st;
168
169 if (fstat (fd, &st) != 0)
170 {
171 printf ("cannot stat '%s': %m\n", argv[remaining]);
172 close (fd);
173 continue;
174 }
175
176 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
177 only_one);
178
179 /* Now we can close the descriptor. */
180 if (elf_end (elf) != 0)
181 ERROR (gettext ("error while closing Elf descriptor: %s\n"),
182 elf_errmsg (-1));
183
184 if (prev_error_count == error_count && !be_quiet)
185 puts (gettext ("No errors"));
186 }
187
188 close (fd);
189 }
190 while (++remaining < argc);
191
192 return error_count != 0;
193 }
194
195
196 /* Handle program arguments. */
197 static error_t
parse_opt(int key,char * arg,struct argp_state * state)198 parse_opt (int key, char *arg __attribute__ ((unused)),
199 struct argp_state *state __attribute__ ((unused)))
200 {
201 switch (key)
202 {
203 case ARGP_strict:
204 be_strict = true;
205 break;
206
207 case 'q':
208 be_quiet = true;
209 break;
210
211 case 'd':
212 is_debuginfo = true;
213
214 case ARGP_gnuld:
215 gnuld = true;
216 break;
217
218 case ARGP_KEY_NO_ARGS:
219 fputs (gettext ("Missing file name.\n"), stderr);
220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
221 exit (EXIT_FAILURE);
222
223 default:
224 return ARGP_ERR_UNKNOWN;
225 }
226 return 0;
227 }
228
229
230 /* Print the version information. */
231 static void
print_version(FILE * stream,struct argp_state * state)232 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused)))
233 {
234 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION);
235 fprintf (stream, gettext ("\
236 Copyright (C) %s Red Hat, Inc.\n\
237 This is free software; see the source for copying conditions. There is NO\n\
238 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
239 "), "2012");
240 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
241 }
242
243
244 /* Process one file. */
245 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)246 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
247 const char *fname, size_t size, bool only_one)
248 {
249 /* We can handle two types of files: ELF files and archives. */
250 Elf_Kind kind = elf_kind (elf);
251
252 switch (kind)
253 {
254 case ELF_K_ELF:
255 /* Yes! It's an ELF file. */
256 process_elf_file (elf, prefix, suffix, fname, size, only_one);
257 break;
258
259 case ELF_K_AR:
260 {
261 Elf *subelf;
262 Elf_Cmd cmd = ELF_C_READ_MMAP;
263 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
264 size_t fname_len = strlen (fname) + 1;
265 char new_prefix[prefix_len + 1 + fname_len];
266 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
267 char *cp = new_prefix;
268
269 /* Create the full name of the file. */
270 if (prefix != NULL)
271 {
272 cp = mempcpy (cp, prefix, prefix_len);
273 *cp++ = '(';
274 strcpy (stpcpy (new_suffix, suffix), ")");
275 }
276 else
277 new_suffix[0] = '\0';
278 memcpy (cp, fname, fname_len);
279
280 /* It's an archive. We process each file in it. */
281 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
282 {
283 kind = elf_kind (subelf);
284
285 /* Call this function recursively. */
286 if (kind == ELF_K_ELF || kind == ELF_K_AR)
287 {
288 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
289 assert (arhdr != NULL);
290
291 process_file (fd, subelf, new_prefix, new_suffix,
292 arhdr->ar_name, arhdr->ar_size, false);
293 }
294
295 /* Get next archive element. */
296 cmd = elf_next (subelf);
297 if (elf_end (subelf) != 0)
298 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
299 elf_errmsg (-1));
300 }
301 }
302 break;
303
304 default:
305 /* We cannot do anything. */
306 ERROR (gettext ("\
307 Not an ELF file - it has the wrong magic bytes at the start\n"));
308 break;
309 }
310 }
311
312
313 static const char *
section_name(Ebl * ebl,int idx)314 section_name (Ebl *ebl, int idx)
315 {
316 GElf_Shdr shdr_mem;
317 GElf_Shdr *shdr;
318 const char *ret;
319
320 if ((unsigned int) idx > shnum)
321 return "<invalid>";
322
323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
324 if (shdr == NULL)
325 return "<invalid>";
326
327 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
328 if (ret == NULL)
329 return "<invalid>";
330 return ret;
331 }
332
333
334 static const int valid_e_machine[] =
335 {
336 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
337 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
338 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
339 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
340 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
341 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
342 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
343 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
344 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
345 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
346 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA,
347 EM_TILEGX, EM_TILEPRO, EM_AARCH64
348 };
349 #define nvalid_e_machine \
350 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
351
352
353 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)354 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
355 {
356 char buf[512];
357 size_t cnt;
358
359 /* Check e_ident field. */
360 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
361 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
362 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
363 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
364 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
365 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
366 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
367 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
368
369 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
370 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
371 ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
372 EI_CLASS, ehdr->e_ident[EI_CLASS]);
373
374 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
375 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
376 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
377 EI_DATA, ehdr->e_ident[EI_DATA]);
378
379 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
380 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
381 EI_VERSION, ehdr->e_ident[EI_VERSION]);
382
383 /* We currently don't handle any OS ABIs other than Linux and the
384 kFreeBSD variant of Debian. */
385 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
386 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX
387 && ehdr->e_ident[EI_OSABI] != ELFOSABI_FREEBSD)
388 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"),
389 EI_OSABI,
390 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
391
392 /* No ABI versions other than zero supported either. */
393 if (ehdr->e_ident[EI_ABIVERSION] != 0)
394 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"),
395 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
396
397 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
398 if (ehdr->e_ident[cnt] != 0)
399 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
400
401 /* Check the e_type field. */
402 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
403 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
404 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
405
406 /* Check the e_machine field. */
407 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
408 if (valid_e_machine[cnt] == ehdr->e_machine)
409 break;
410 if (cnt == nvalid_e_machine)
411 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
412
413 /* Check the e_version field. */
414 if (ehdr->e_version != EV_CURRENT)
415 ERROR (gettext ("unknown object file version\n"));
416
417 /* Check the e_phoff and e_phnum fields. */
418 if (ehdr->e_phoff == 0)
419 {
420 if (ehdr->e_phnum != 0)
421 ERROR (gettext ("invalid program header offset\n"));
422 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
423 ERROR (gettext ("\
424 executables and DSOs cannot have zero program header offset\n"));
425 }
426 else if (ehdr->e_phnum == 0)
427 ERROR (gettext ("invalid number of program header entries\n"));
428
429 /* Check the e_shoff field. */
430 shnum = ehdr->e_shnum;
431 shstrndx = ehdr->e_shstrndx;
432 if (ehdr->e_shoff == 0)
433 {
434 if (ehdr->e_shnum != 0)
435 ERROR (gettext ("invalid section header table offset\n"));
436 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
437 && ehdr->e_type != ET_CORE)
438 ERROR (gettext ("section header table must be present\n"));
439 }
440 else
441 {
442 if (ehdr->e_shnum == 0)
443 {
444 /* Get the header of the zeroth section. The sh_size field
445 might contain the section number. */
446 GElf_Shdr shdr_mem;
447 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
448 if (shdr != NULL)
449 {
450 /* The error will be reported later. */
451 if (shdr->sh_size == 0)
452 ERROR (gettext ("\
453 invalid number of section header table entries\n"));
454 else
455 shnum = shdr->sh_size;
456 }
457 }
458
459 if (ehdr->e_shstrndx == SHN_XINDEX)
460 {
461 /* Get the header of the zeroth section. The sh_size field
462 might contain the section number. */
463 GElf_Shdr shdr_mem;
464 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
465 if (shdr != NULL && shdr->sh_link < shnum)
466 shstrndx = shdr->sh_link;
467 }
468 else if (shstrndx >= shnum)
469 ERROR (gettext ("invalid section header index\n"));
470 }
471
472 phnum = ehdr->e_phnum;
473 if (ehdr->e_phnum == PN_XNUM)
474 {
475 /* Get the header of the zeroth section. The sh_info field
476 might contain the phnum count. */
477 GElf_Shdr shdr_mem;
478 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
479 if (shdr != NULL)
480 {
481 /* The error will be reported later. */
482 if (shdr->sh_info < PN_XNUM)
483 ERROR (gettext ("\
484 invalid number of program header table entries\n"));
485 else
486 phnum = shdr->sh_info;
487 }
488 }
489
490 /* Check the e_flags field. */
491 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
492 ERROR (gettext ("invalid machine flags: %s\n"),
493 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
494
495 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
496 if (gelf_getclass (ebl->elf) == ELFCLASS32)
497 {
498 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
499 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
500
501 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
502 ERROR (gettext ("invalid program header size: %hd\n"),
503 ehdr->e_phentsize);
504 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
505 ERROR (gettext ("invalid program header position or size\n"));
506
507 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
508 ERROR (gettext ("invalid section header size: %hd\n"),
509 ehdr->e_shentsize);
510 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
511 ERROR (gettext ("invalid section header position or size\n"));
512 }
513 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
514 {
515 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
516 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
517
518 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
519 ERROR (gettext ("invalid program header size: %hd\n"),
520 ehdr->e_phentsize);
521 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
522 ERROR (gettext ("invalid program header position or size\n"));
523
524 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
525 ERROR (gettext ("invalid section header size: %hd\n"),
526 ehdr->e_shentsize);
527 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
528 ERROR (gettext ("invalid section header position or size\n"));
529 }
530 }
531
532
533 /* Check that there is a section group section with index < IDX which
534 contains section IDX and that there is exactly one. */
535 static void
check_scn_group(Ebl * ebl,int idx)536 check_scn_group (Ebl *ebl, int idx)
537 {
538 if (scnref[idx] == 0)
539 {
540 /* No reference so far. Search following sections, maybe the
541 order is wrong. */
542 size_t cnt;
543
544 for (cnt = idx + 1; cnt < shnum; ++cnt)
545 {
546 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
547 GElf_Shdr shdr_mem;
548 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
549 if (shdr == NULL)
550 /* We cannot get the section header so we cannot check it.
551 The error to get the section header will be shown
552 somewhere else. */
553 continue;
554
555 if (shdr->sh_type != SHT_GROUP)
556 continue;
557
558 Elf_Data *data = elf_getdata (scn, NULL);
559 if (data == NULL || data->d_buf == NULL
560 || data->d_size < sizeof (Elf32_Word))
561 /* Cannot check the section. */
562 continue;
563
564 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
565 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
566 ++inner)
567 if (grpdata[inner] == (Elf32_Word) idx)
568 goto out;
569 }
570
571 out:
572 if (cnt == shnum)
573 ERROR (gettext ("\
574 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
575 idx, section_name (ebl, idx));
576 else
577 ERROR (gettext ("\
578 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
579 idx, section_name (ebl, idx),
580 cnt, section_name (ebl, cnt));
581 }
582 }
583
584
585 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)586 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
587 {
588 bool no_xndx_warned = false;
589 int no_pt_tls = 0;
590 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
591 if (data == NULL)
592 {
593 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
594 idx, section_name (ebl, idx));
595 return;
596 }
597
598 GElf_Shdr strshdr_mem;
599 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
600 &strshdr_mem);
601 if (strshdr == NULL)
602 return;
603
604 if (strshdr->sh_type != SHT_STRTAB)
605 {
606 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
607 shdr->sh_link, section_name (ebl, shdr->sh_link),
608 idx, section_name (ebl, idx));
609 strshdr = NULL;
610 }
611
612 /* Search for an extended section index table section. */
613 Elf_Data *xndxdata = NULL;
614 Elf32_Word xndxscnidx = 0;
615 bool found_xndx = false;
616 for (size_t cnt = 1; cnt < shnum; ++cnt)
617 if (cnt != (size_t) idx)
618 {
619 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
620 GElf_Shdr xndxshdr_mem;
621 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
622 if (xndxshdr == NULL)
623 continue;
624
625 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
626 && xndxshdr->sh_link == (GElf_Word) idx)
627 {
628 if (found_xndx)
629 ERROR (gettext ("\
630 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
631 idx, section_name (ebl, idx));
632
633 xndxdata = elf_getdata (xndxscn, NULL);
634 xndxscnidx = elf_ndxscn (xndxscn);
635 found_xndx = true;
636 }
637 }
638
639 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
640 if (shdr->sh_entsize != sh_entsize)
641 ERROR (gettext ("\
642 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
643 idx, section_name (ebl, idx));
644
645 /* Test the zeroth entry. */
646 GElf_Sym sym_mem;
647 Elf32_Word xndx;
648 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
649 if (sym == NULL)
650 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
651 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
652 else
653 {
654 if (sym->st_name != 0)
655 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
656 idx, section_name (ebl, idx), "st_name");
657 if (sym->st_value != 0)
658 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
659 idx, section_name (ebl, idx), "st_value");
660 if (sym->st_size != 0)
661 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
662 idx, section_name (ebl, idx), "st_size");
663 if (sym->st_info != 0)
664 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
665 idx, section_name (ebl, idx), "st_info");
666 if (sym->st_other != 0)
667 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
668 idx, section_name (ebl, idx), "st_other");
669 if (sym->st_shndx != 0)
670 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
671 idx, section_name (ebl, idx), "st_shndx");
672 if (xndxdata != NULL && xndx != 0)
673 ERROR (gettext ("\
674 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
675 xndxscnidx, section_name (ebl, xndxscnidx));
676 }
677
678 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
679 {
680 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
681 if (sym == NULL)
682 {
683 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
684 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
685 continue;
686 }
687
688 const char *name = NULL;
689 if (strshdr == NULL)
690 name = "";
691 else if (sym->st_name >= strshdr->sh_size)
692 ERROR (gettext ("\
693 section [%2d] '%s': symbol %zu: invalid name value\n"),
694 idx, section_name (ebl, idx), cnt);
695 else
696 {
697 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
698 if (name == NULL)
699 name = "";
700 }
701
702 if (sym->st_shndx == SHN_XINDEX)
703 {
704 if (xndxdata == NULL)
705 {
706 if (!no_xndx_warned)
707 ERROR (gettext ("\
708 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
709 idx, section_name (ebl, idx), cnt);
710 no_xndx_warned = true;
711 }
712 else if (xndx < SHN_LORESERVE)
713 ERROR (gettext ("\
714 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
715 xndxscnidx, section_name (ebl, xndxscnidx), cnt,
716 xndx);
717 }
718 else if ((sym->st_shndx >= SHN_LORESERVE
719 // && sym->st_shndx <= SHN_HIRESERVE always true
720 && sym->st_shndx != SHN_ABS
721 && sym->st_shndx != SHN_COMMON)
722 || (sym->st_shndx >= shnum
723 && (sym->st_shndx < SHN_LORESERVE
724 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
725 ERROR (gettext ("\
726 section [%2d] '%s': symbol %zu: invalid section index\n"),
727 idx, section_name (ebl, idx), cnt);
728 else
729 xndx = sym->st_shndx;
730
731 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
732 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
733 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
734 idx, section_name (ebl, idx), cnt);
735
736 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
737 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
738 0))
739 ERROR (gettext ("\
740 section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
741 idx, section_name (ebl, idx), cnt);
742 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
743 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
744 ERROR (gettext ("\
745 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"),
746 idx, section_name (ebl, idx), cnt);
747
748 if (xndx == SHN_COMMON)
749 {
750 /* Common symbols can only appear in relocatable files. */
751 if (ehdr->e_type != ET_REL)
752 ERROR (gettext ("\
753 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
754 idx, section_name (ebl, idx), cnt);
755 if (cnt < shdr->sh_info)
756 ERROR (gettext ("\
757 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
758 idx, section_name (ebl, idx), cnt);
759 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
760 ERROR (gettext ("\
761 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
762 idx, section_name (ebl, idx), cnt);
763 }
764 else if (xndx > 0 && xndx < shnum)
765 {
766 GElf_Shdr destshdr_mem;
767 GElf_Shdr *destshdr;
768
769 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
770 if (destshdr != NULL)
771 {
772 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
773 : destshdr->sh_addr);
774 GElf_Addr st_value;
775 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC
776 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC))
777 st_value = sym->st_value & ebl_func_addr_mask (ebl);
778 else
779 st_value = sym->st_value;
780 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
781 {
782 if (! ebl_check_special_symbol (ebl, ehdr, sym, name,
783 destshdr))
784 {
785 if (st_value - sh_addr > destshdr->sh_size)
786 {
787 /* GNU ld has severe bugs. When it decides to remove
788 empty sections it leaves symbols referencing them
789 behind. These are symbols in .symtab or .dynsym
790 and for the named symbols have zero size. See
791 sourceware PR13621. */
792 if (!gnuld
793 || (strcmp (section_name (ebl, idx), ".symtab")
794 && strcmp (section_name (ebl, idx),
795 ".dynsym"))
796 || sym->st_size != 0
797 || (strcmp (name, "__preinit_array_start") != 0
798 && strcmp (name, "__preinit_array_end") != 0
799 && strcmp (name, "__init_array_start") != 0
800 && strcmp (name, "__init_array_end") != 0
801 && strcmp (name, "__fini_array_start") != 0
802 && strcmp (name, "__fini_array_end") != 0
803 && strcmp (name, "__bss_start") != 0
804 && strcmp (name, "__bss_start__") != 0
805 && strcmp (name, "__TMC_END__") != 0
806 && strcmp (name, ".TOC.") != 0
807 && strcmp (name, "_edata") != 0
808 && strcmp (name, "__edata") != 0
809 && strcmp (name, "_end") != 0
810 && strcmp (name, "__end") != 0))
811 ERROR (gettext ("\
812 section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
813 idx, section_name (ebl, idx), cnt);
814 }
815 else if ((st_value - sh_addr
816 + sym->st_size) > destshdr->sh_size)
817 ERROR (gettext ("\
818 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
819 idx, section_name (ebl, idx), cnt,
820 (int) xndx, section_name (ebl, xndx));
821 }
822 }
823 else
824 {
825 if ((destshdr->sh_flags & SHF_TLS) == 0)
826 ERROR (gettext ("\
827 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
828 idx, section_name (ebl, idx), cnt,
829 (int) xndx, section_name (ebl, xndx));
830
831 if (ehdr->e_type == ET_REL)
832 {
833 /* For object files the symbol value must fall
834 into the section. */
835 if (st_value > destshdr->sh_size)
836 ERROR (gettext ("\
837 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
838 idx, section_name (ebl, idx), cnt,
839 (int) xndx, section_name (ebl, xndx));
840 else if (st_value + sym->st_size
841 > destshdr->sh_size)
842 ERROR (gettext ("\
843 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
844 idx, section_name (ebl, idx), cnt,
845 (int) xndx, section_name (ebl, xndx));
846 }
847 else
848 {
849 GElf_Phdr phdr_mem;
850 GElf_Phdr *phdr = NULL;
851 unsigned int pcnt;
852
853 for (pcnt = 0; pcnt < phnum; ++pcnt)
854 {
855 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
856 if (phdr != NULL && phdr->p_type == PT_TLS)
857 break;
858 }
859
860 if (pcnt == phnum)
861 {
862 if (no_pt_tls++ == 0)
863 ERROR (gettext ("\
864 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
865 idx, section_name (ebl, idx), cnt);
866 }
867 else if (phdr == NULL)
868 {
869 ERROR (gettext ("\
870 section [%2d] '%s': symbol %zu: TLS symbol but couldn't get TLS program header entry\n"),
871 idx, section_name (ebl, idx), cnt);
872 }
873 else if (!is_debuginfo)
874 {
875 if (st_value
876 < destshdr->sh_offset - phdr->p_offset)
877 ERROR (gettext ("\
878 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
879 idx, section_name (ebl, idx), cnt,
880 (int) xndx, section_name (ebl, xndx));
881 else if (st_value
882 > (destshdr->sh_offset - phdr->p_offset
883 + destshdr->sh_size))
884 ERROR (gettext ("\
885 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
886 idx, section_name (ebl, idx), cnt,
887 (int) xndx, section_name (ebl, xndx));
888 else if (st_value + sym->st_size
889 > (destshdr->sh_offset - phdr->p_offset
890 + destshdr->sh_size))
891 ERROR (gettext ("\
892 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
893 idx, section_name (ebl, idx), cnt,
894 (int) xndx, section_name (ebl, xndx));
895 }
896 }
897 }
898 }
899 }
900
901 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
902 {
903 if (cnt >= shdr->sh_info)
904 ERROR (gettext ("\
905 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
906 idx, section_name (ebl, idx), cnt);
907 }
908 else
909 {
910 if (cnt < shdr->sh_info)
911 ERROR (gettext ("\
912 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
913 idx, section_name (ebl, idx), cnt);
914 }
915
916 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
917 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
918 ERROR (gettext ("\
919 section [%2d] '%s': symbol %zu: non-local section symbol\n"),
920 idx, section_name (ebl, idx), cnt);
921
922 if (name != NULL)
923 {
924 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
925 {
926 /* Check that address and size match the global offset table. */
927
928 GElf_Shdr destshdr_mem;
929 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
930 &destshdr_mem);
931
932 if (destshdr == NULL && xndx == SHN_ABS)
933 {
934 /* In a DSO, we have to find the GOT section by name. */
935 Elf_Scn *gotscn = NULL;
936 Elf_Scn *gscn = NULL;
937 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
938 {
939 destshdr = gelf_getshdr (gscn, &destshdr_mem);
940 assert (destshdr != NULL);
941 const char *sname = elf_strptr (ebl->elf,
942 ehdr->e_shstrndx,
943 destshdr->sh_name);
944 if (sname != NULL)
945 {
946 if (strcmp (sname, ".got.plt") == 0)
947 break;
948 if (strcmp (sname, ".got") == 0)
949 /* Do not stop looking.
950 There might be a .got.plt section. */
951 gotscn = gscn;
952 }
953
954 destshdr = NULL;
955 }
956
957 if (destshdr == NULL && gotscn != NULL)
958 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
959 }
960
961 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
962 ? NULL
963 : elf_strptr (ebl->elf, ehdr->e_shstrndx,
964 destshdr->sh_name));
965 if (sname == NULL)
966 {
967 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
968 ERROR (gettext ("\
969 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
970 bad section [%2d]\n"),
971 idx, section_name (ebl, idx), xndx);
972 }
973 else if (strcmp (sname, ".got.plt") != 0
974 && strcmp (sname, ".got") != 0)
975 ERROR (gettext ("\
976 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
977 section [%2d] '%s'\n"),
978 idx, section_name (ebl, idx), xndx, sname);
979
980 if (destshdr != NULL)
981 {
982 /* Found it. */
983 if (!ebl_check_special_symbol (ebl, ehdr, sym, name,
984 destshdr))
985 {
986 if (ehdr->e_type != ET_REL
987 && sym->st_value != destshdr->sh_addr)
988 /* This test is more strict than the psABIs which
989 usually allow the symbol to be in the middle of
990 the .got section, allowing negative offsets. */
991 ERROR (gettext ("\
992 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
993 idx, section_name (ebl, idx),
994 (uint64_t) sym->st_value,
995 sname, (uint64_t) destshdr->sh_addr);
996
997 if (!gnuld && sym->st_size != destshdr->sh_size)
998 ERROR (gettext ("\
999 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
1000 idx, section_name (ebl, idx),
1001 (uint64_t) sym->st_size,
1002 sname, (uint64_t) destshdr->sh_size);
1003 }
1004 }
1005 else
1006 ERROR (gettext ("\
1007 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
1008 idx, section_name (ebl, idx));
1009 }
1010 else if (strcmp (name, "_DYNAMIC") == 0)
1011 /* Check that address and size match the dynamic section.
1012 We locate the dynamic section via the program header
1013 entry. */
1014 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
1015 {
1016 GElf_Phdr phdr_mem;
1017 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
1018
1019 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
1020 {
1021 if (sym->st_value != phdr->p_vaddr)
1022 ERROR (gettext ("\
1023 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
1024 idx, section_name (ebl, idx),
1025 (uint64_t) sym->st_value,
1026 (uint64_t) phdr->p_vaddr);
1027
1028 if (!gnuld && sym->st_size != phdr->p_memsz)
1029 ERROR (gettext ("\
1030 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1031 idx, section_name (ebl, idx),
1032 (uint64_t) sym->st_size,
1033 (uint64_t) phdr->p_memsz);
1034
1035 break;
1036 }
1037 }
1038 }
1039
1040 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1041 && shdr->sh_type == SHT_DYNSYM)
1042 ERROR (gettext ("\
1043 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"),
1044 idx, section_name (ebl, idx), cnt);
1045 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1046 ERROR (gettext ("\
1047 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"),
1048 idx, section_name (ebl, idx), cnt);
1049
1050 }
1051 }
1052
1053
1054 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1055 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1056 bool is_rela)
1057 {
1058 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1059 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1060 return false;
1061
1062 /* Check the section name. Unfortunately necessary. */
1063 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1064 return false;
1065
1066 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1067 entry can be present as well. */
1068 Elf_Scn *scn = NULL;
1069 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1070 {
1071 GElf_Shdr rcshdr_mem;
1072 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1073
1074 if (rcshdr == NULL)
1075 break;
1076
1077 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize != 0)
1078 {
1079 /* Found the dynamic section. Look through it. */
1080 Elf_Data *d = elf_getdata (scn, NULL);
1081 size_t cnt;
1082
1083 if (d == NULL)
1084 ERROR (gettext ("\
1085 section [%2d] '%s': cannot get section data.\n"),
1086 idx, section_name (ebl, idx));
1087
1088 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1089 {
1090 GElf_Dyn dyn_mem;
1091 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1092
1093 if (dyn == NULL)
1094 break;
1095
1096 if (dyn->d_tag == DT_RELCOUNT)
1097 {
1098 /* Found it. Does the type match. */
1099 if (is_rela)
1100 ERROR (gettext ("\
1101 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1102 idx, section_name (ebl, idx));
1103 else
1104 {
1105 /* Does the number specified number of relative
1106 relocations exceed the total number of
1107 relocations? */
1108 if (shdr->sh_entsize != 0
1109 && dyn->d_un.d_val > (shdr->sh_size
1110 / shdr->sh_entsize))
1111 ERROR (gettext ("\
1112 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1113 idx, section_name (ebl, idx),
1114 (int) dyn->d_un.d_val);
1115
1116 /* Make sure the specified number of relocations are
1117 relative. */
1118 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1119 idx), NULL);
1120 if (reldata != NULL && shdr->sh_entsize != 0)
1121 for (size_t inner = 0;
1122 inner < shdr->sh_size / shdr->sh_entsize;
1123 ++inner)
1124 {
1125 GElf_Rel rel_mem;
1126 GElf_Rel *rel = gelf_getrel (reldata, inner,
1127 &rel_mem);
1128 if (rel == NULL)
1129 /* The problem will be reported elsewhere. */
1130 break;
1131
1132 if (ebl_relative_reloc_p (ebl,
1133 GELF_R_TYPE (rel->r_info)))
1134 {
1135 if (inner >= dyn->d_un.d_val)
1136 ERROR (gettext ("\
1137 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1138 idx, section_name (ebl, idx),
1139 (int) dyn->d_un.d_val);
1140 }
1141 else if (inner < dyn->d_un.d_val)
1142 ERROR (gettext ("\
1143 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1144 idx, section_name (ebl, idx),
1145 inner, (int) dyn->d_un.d_val);
1146 }
1147 }
1148 }
1149
1150 if (dyn->d_tag == DT_RELACOUNT)
1151 {
1152 /* Found it. Does the type match. */
1153 if (!is_rela)
1154 ERROR (gettext ("\
1155 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1156 idx, section_name (ebl, idx));
1157 else
1158 {
1159 /* Does the number specified number of relative
1160 relocations exceed the total number of
1161 relocations? */
1162 if (shdr->sh_entsize != 0
1163 && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1164 ERROR (gettext ("\
1165 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1166 idx, section_name (ebl, idx),
1167 (int) dyn->d_un.d_val);
1168
1169 /* Make sure the specified number of relocations are
1170 relative. */
1171 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1172 idx), NULL);
1173 if (reldata != NULL && shdr->sh_entsize != 0)
1174 for (size_t inner = 0;
1175 inner < shdr->sh_size / shdr->sh_entsize;
1176 ++inner)
1177 {
1178 GElf_Rela rela_mem;
1179 GElf_Rela *rela = gelf_getrela (reldata, inner,
1180 &rela_mem);
1181 if (rela == NULL)
1182 /* The problem will be reported elsewhere. */
1183 break;
1184
1185 if (ebl_relative_reloc_p (ebl,
1186 GELF_R_TYPE (rela->r_info)))
1187 {
1188 if (inner >= dyn->d_un.d_val)
1189 ERROR (gettext ("\
1190 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1191 idx, section_name (ebl, idx),
1192 (int) dyn->d_un.d_val);
1193 }
1194 else if (inner < dyn->d_un.d_val)
1195 ERROR (gettext ("\
1196 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1197 idx, section_name (ebl, idx),
1198 inner, (int) dyn->d_un.d_val);
1199 }
1200 }
1201 }
1202 }
1203
1204 break;
1205 }
1206 }
1207
1208 return true;
1209 }
1210
1211
1212 struct loaded_segment
1213 {
1214 GElf_Addr from;
1215 GElf_Addr to;
1216 bool read_only;
1217 struct loaded_segment *next;
1218 };
1219
1220
1221 /* Check whether binary has text relocation flag set. */
1222 static bool textrel;
1223
1224 /* Keep track of whether text relocation flag is needed. */
1225 static bool needed_textrel;
1226
1227
1228 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1229 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1230 int idx, int reltype, GElf_Shdr **destshdrp,
1231 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1232 {
1233 bool reldyn = false;
1234
1235 /* Check whether the link to the section we relocate is reasonable. */
1236 if (shdr->sh_info >= shnum)
1237 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1238 idx, section_name (ebl, idx));
1239 else if (shdr->sh_info != 0)
1240 {
1241 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1242 destshdr_memp);
1243 if (*destshdrp != NULL)
1244 {
1245 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type))
1246 {
1247 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1248 if (!reldyn)
1249 ERROR (gettext ("\
1250 section [%2d] '%s': invalid destination section type\n"),
1251 idx, section_name (ebl, idx));
1252 else
1253 {
1254 /* There is no standard, but we require that .rel{,a}.dyn
1255 sections have a sh_info value of zero. */
1256 if (shdr->sh_info != 0)
1257 ERROR (gettext ("\
1258 section [%2d] '%s': sh_info should be zero\n"),
1259 idx, section_name (ebl, idx));
1260 }
1261 }
1262
1263 if ((((*destshdrp)->sh_flags & SHF_MERGE) != 0)
1264 && ((*destshdrp)->sh_flags & SHF_STRINGS) != 0)
1265 ERROR (gettext ("\
1266 section [%2d] '%s': no relocations for merge-able string sections possible\n"),
1267 idx, section_name (ebl, idx));
1268 }
1269 }
1270
1271 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1272 if (shdr->sh_entsize != sh_entsize)
1273 ERROR (gettext (reltype == ELF_T_RELA ? "\
1274 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1275 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1276 idx, section_name (ebl, idx));
1277
1278 /* In preparation of checking whether relocations are text
1279 relocations or not we need to determine whether the file is
1280 flagged to have text relocation and we need to determine a) what
1281 the loaded segments are and b) which are read-only. This will
1282 also allow us to determine whether the same reloc section is
1283 modifying loaded and not loaded segments. */
1284 for (unsigned int i = 0; i < phnum; ++i)
1285 {
1286 GElf_Phdr phdr_mem;
1287 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1288 if (phdr == NULL)
1289 continue;
1290
1291 if (phdr->p_type == PT_LOAD)
1292 {
1293 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1294 newp->from = phdr->p_vaddr;
1295 newp->to = phdr->p_vaddr + phdr->p_memsz;
1296 newp->read_only = (phdr->p_flags & PF_W) == 0;
1297 newp->next = *loadedp;
1298 *loadedp = newp;
1299 }
1300 else if (phdr->p_type == PT_DYNAMIC)
1301 {
1302 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1303 GElf_Shdr dynshdr_mem;
1304 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1305 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1306 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1307 && dyndata != NULL && dynshdr->sh_entsize != 0)
1308 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1309 {
1310 GElf_Dyn dyn_mem;
1311 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1312 if (dyn != NULL
1313 && (dyn->d_tag == DT_TEXTREL
1314 || (dyn->d_tag == DT_FLAGS
1315 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1316 {
1317 textrel = true;
1318 break;
1319 }
1320 }
1321 }
1322 }
1323
1324 /* A quick test which can be easily done here (although it is a bit
1325 out of place): the text relocation flag makes only sense if there
1326 is a segment which is not writable. */
1327 if (textrel)
1328 {
1329 struct loaded_segment *seg = *loadedp;
1330 while (seg != NULL && !seg->read_only)
1331 seg = seg->next;
1332 if (seg == NULL)
1333 ERROR (gettext ("\
1334 text relocation flag set but there is no read-only segment\n"));
1335 }
1336
1337 return reldyn;
1338 }
1339
1340
1341 enum load_state
1342 {
1343 state_undecided,
1344 state_loaded,
1345 state_unloaded,
1346 state_error
1347 };
1348
1349
1350 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1351 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1352 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1353 GElf_Addr r_offset, GElf_Xword r_info,
1354 const GElf_Shdr *destshdr, bool reldyn,
1355 struct loaded_segment *loaded, enum load_state *statep)
1356 {
1357 bool known_broken = gnuld;
1358
1359 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1360 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1361 idx, section_name (ebl, idx), cnt);
1362 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1363 /* The executable/DSO can contain relocation sections with
1364 all the relocations the linker has applied. Those sections
1365 are marked non-loaded, though. */
1366 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1367 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1368 ERROR (gettext ("\
1369 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1370 idx, section_name (ebl, idx), cnt);
1371
1372 if (symshdr != NULL
1373 && ((GELF_R_SYM (r_info) + 1)
1374 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1375 > symshdr->sh_size))
1376 ERROR (gettext ("\
1377 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1378 idx, section_name (ebl, idx), cnt);
1379
1380 /* No more tests if this is a no-op relocation. */
1381 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1382 return;
1383
1384 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1385 {
1386 const char *name;
1387 char buf[64];
1388 GElf_Sym sym_mem;
1389 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1390 if (sym != NULL
1391 /* Get the name for the symbol. */
1392 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1393 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1394 ERROR (gettext ("\
1395 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1396 idx, section_name (ebl, idx), cnt,
1397 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1398 buf, sizeof (buf)));
1399 }
1400
1401 if (reldyn)
1402 {
1403 // XXX TODO Check .rel.dyn section addresses.
1404 }
1405 else if (!known_broken)
1406 {
1407 if (destshdr != NULL
1408 && GELF_R_TYPE (r_info) != 0
1409 && (r_offset - (ehdr->e_type == ET_REL ? 0
1410 : destshdr->sh_addr)) >= destshdr->sh_size)
1411 ERROR (gettext ("\
1412 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1413 idx, section_name (ebl, idx), cnt);
1414 }
1415
1416 GElf_Sym sym_mem;
1417 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1418
1419 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1420 /* Make sure the referenced symbol is an object or unspecified. */
1421 && sym != NULL
1422 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1423 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1424 {
1425 char buf[64];
1426 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1427 idx, section_name (ebl, idx), cnt,
1428 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1429 buf, sizeof (buf)));
1430 }
1431
1432 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1433 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1434 {
1435 bool in_loaded_seg = false;
1436 while (loaded != NULL)
1437 {
1438 if (r_offset < loaded->to
1439 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1440 {
1441 /* The symbol is in this segment. */
1442 if (loaded->read_only)
1443 {
1444 if (textrel)
1445 needed_textrel = true;
1446 else
1447 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1448 idx, section_name (ebl, idx), cnt);
1449 }
1450
1451 in_loaded_seg = true;
1452 }
1453
1454 loaded = loaded->next;
1455 }
1456
1457 if (*statep == state_undecided)
1458 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1459 else if ((*statep == state_unloaded && in_loaded_seg)
1460 || (*statep == state_loaded && !in_loaded_seg))
1461 {
1462 ERROR (gettext ("\
1463 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1464 idx, section_name (ebl, idx));
1465 *statep = state_error;
1466 }
1467 }
1468 }
1469
1470
1471 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1472 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1473 {
1474 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1475 if (data == NULL)
1476 {
1477 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1478 idx, section_name (ebl, idx));
1479 return;
1480 }
1481
1482 /* Check the fields of the section header. */
1483 GElf_Shdr destshdr_mem;
1484 GElf_Shdr *destshdr = NULL;
1485 struct loaded_segment *loaded = NULL;
1486 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1487 &destshdr_mem, &loaded);
1488
1489 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1490 GElf_Shdr symshdr_mem;
1491 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1492 Elf_Data *symdata = elf_getdata (symscn, NULL);
1493 enum load_state state = state_undecided;
1494
1495 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1496 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1497 {
1498 GElf_Rela rela_mem;
1499 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1500 if (rela == NULL)
1501 {
1502 ERROR (gettext ("\
1503 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1504 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1505 continue;
1506 }
1507
1508 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1509 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1510 &state);
1511 }
1512
1513 while (loaded != NULL)
1514 {
1515 struct loaded_segment *old = loaded;
1516 loaded = loaded->next;
1517 free (old);
1518 }
1519 }
1520
1521
1522 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1523 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1524 {
1525 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1526 if (data == NULL)
1527 {
1528 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1529 idx, section_name (ebl, idx));
1530 return;
1531 }
1532
1533 /* Check the fields of the section header. */
1534 GElf_Shdr destshdr_mem;
1535 GElf_Shdr *destshdr = NULL;
1536 struct loaded_segment *loaded = NULL;
1537 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1538 &destshdr_mem, &loaded);
1539
1540 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1541 GElf_Shdr symshdr_mem;
1542 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1543 Elf_Data *symdata = elf_getdata (symscn, NULL);
1544 enum load_state state = state_undecided;
1545
1546 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1547 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1548 {
1549 GElf_Rel rel_mem;
1550 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1551 if (rel == NULL)
1552 {
1553 ERROR (gettext ("\
1554 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1555 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1556 continue;
1557 }
1558
1559 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1560 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1561 &state);
1562 }
1563
1564 while (loaded != NULL)
1565 {
1566 struct loaded_segment *old = loaded;
1567 loaded = loaded->next;
1568 free (old);
1569 }
1570 }
1571
1572
1573 /* Number of dynamic sections. */
1574 static int ndynamic;
1575
1576
1577 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1578 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1579 {
1580 Elf_Data *data;
1581 GElf_Shdr strshdr_mem;
1582 GElf_Shdr *strshdr;
1583 size_t cnt;
1584 static const bool dependencies[DT_NUM][DT_NUM] =
1585 {
1586 [DT_NEEDED] = { [DT_STRTAB] = true },
1587 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1588 [DT_HASH] = { [DT_SYMTAB] = true },
1589 [DT_STRTAB] = { [DT_STRSZ] = true },
1590 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1591 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1592 [DT_RELASZ] = { [DT_RELA] = true },
1593 [DT_RELAENT] = { [DT_RELA] = true },
1594 [DT_STRSZ] = { [DT_STRTAB] = true },
1595 [DT_SYMENT] = { [DT_SYMTAB] = true },
1596 [DT_SONAME] = { [DT_STRTAB] = true },
1597 [DT_RPATH] = { [DT_STRTAB] = true },
1598 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1599 [DT_RELSZ] = { [DT_REL] = true },
1600 [DT_RELENT] = { [DT_REL] = true },
1601 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1602 [DT_RUNPATH] = { [DT_STRTAB] = true },
1603 [DT_PLTREL] = { [DT_JMPREL] = true },
1604 };
1605 bool has_dt[DT_NUM];
1606 bool has_val_dt[DT_VALNUM];
1607 bool has_addr_dt[DT_ADDRNUM];
1608 static const bool level2[DT_NUM] =
1609 {
1610 [DT_RPATH] = true,
1611 [DT_SYMBOLIC] = true,
1612 [DT_TEXTREL] = true,
1613 [DT_BIND_NOW] = true
1614 };
1615 static const bool mandatory[DT_NUM] =
1616 {
1617 [DT_NULL] = true,
1618 [DT_STRTAB] = true,
1619 [DT_SYMTAB] = true,
1620 [DT_STRSZ] = true,
1621 [DT_SYMENT] = true
1622 };
1623
1624 memset (has_dt, '\0', sizeof (has_dt));
1625 memset (has_val_dt, '\0', sizeof (has_val_dt));
1626 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1627
1628 if (++ndynamic == 2)
1629 ERROR (gettext ("more than one dynamic section present\n"));
1630
1631 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1632 if (data == NULL)
1633 {
1634 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1635 idx, section_name (ebl, idx));
1636 return;
1637 }
1638
1639 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1640 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1641 ERROR (gettext ("\
1642 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1643 shdr->sh_link, section_name (ebl, shdr->sh_link),
1644 idx, section_name (ebl, idx));
1645 else if (strshdr == NULL)
1646 {
1647 ERROR (gettext ("\
1648 section [%2d]: referenced as string table for section [%2d] '%s' but section link value is invalid\n"),
1649 shdr->sh_link, idx, section_name (ebl, idx));
1650 return;
1651 }
1652
1653 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1654 if (shdr->sh_entsize != sh_entsize)
1655 ERROR (gettext ("\
1656 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1657 idx, section_name (ebl, idx));
1658
1659 if (shdr->sh_info != 0)
1660 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1661 idx, section_name (ebl, idx));
1662
1663 bool non_null_warned = false;
1664 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1665 {
1666 GElf_Dyn dyn_mem;
1667 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1668 if (dyn == NULL)
1669 {
1670 ERROR (gettext ("\
1671 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1672 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1673 continue;
1674 }
1675
1676 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1677 {
1678 ERROR (gettext ("\
1679 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1680 idx, section_name (ebl, idx));
1681 non_null_warned = true;
1682 }
1683
1684 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1685 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
1686 idx, section_name (ebl, idx), cnt);
1687
1688 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1689 {
1690 if (has_dt[dyn->d_tag]
1691 && dyn->d_tag != DT_NEEDED
1692 && dyn->d_tag != DT_NULL
1693 && dyn->d_tag != DT_POSFLAG_1)
1694 {
1695 char buf[50];
1696 ERROR (gettext ("\
1697 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1698 idx, section_name (ebl, idx), cnt,
1699 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1700 buf, sizeof (buf)));
1701 }
1702
1703 if (be_strict && level2[dyn->d_tag])
1704 {
1705 char buf[50];
1706 ERROR (gettext ("\
1707 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1708 idx, section_name (ebl, idx), cnt,
1709 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1710 buf, sizeof (buf)));
1711 }
1712
1713 has_dt[dyn->d_tag] = true;
1714 }
1715 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_VALRNGHI
1716 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1717 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1718 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_ADDRRNGHI
1719 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1720 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1721
1722 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1723 && dyn->d_un.d_val != DT_RELA)
1724 ERROR (gettext ("\
1725 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1726 idx, section_name (ebl, idx), cnt);
1727
1728 /* Check that addresses for entries are in loaded segments. */
1729 switch (dyn->d_tag)
1730 {
1731 size_t n;
1732 case DT_STRTAB:
1733 /* We require the referenced section is the same as the one
1734 specified in sh_link. */
1735 if (strshdr->sh_addr != dyn->d_un.d_val)
1736 {
1737 ERROR (gettext ("\
1738 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1739 idx, section_name (ebl, idx), cnt,
1740 shdr->sh_link, section_name (ebl, shdr->sh_link));
1741 break;
1742 }
1743 goto check_addr;
1744
1745 default:
1746 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1747 /* Value is no pointer. */
1748 break;
1749 /* FALLTHROUGH */
1750
1751 case DT_AUXILIARY:
1752 case DT_FILTER:
1753 case DT_FINI:
1754 case DT_FINI_ARRAY:
1755 case DT_HASH:
1756 case DT_INIT:
1757 case DT_INIT_ARRAY:
1758 case DT_JMPREL:
1759 case DT_PLTGOT:
1760 case DT_REL:
1761 case DT_RELA:
1762 case DT_SYMBOLIC:
1763 case DT_SYMTAB:
1764 case DT_VERDEF:
1765 case DT_VERNEED:
1766 case DT_VERSYM:
1767 check_addr:
1768 for (n = 0; n < phnum; ++n)
1769 {
1770 GElf_Phdr phdr_mem;
1771 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1772 if (phdr != NULL && phdr->p_type == PT_LOAD
1773 && phdr->p_vaddr <= dyn->d_un.d_ptr
1774 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1775 break;
1776 }
1777 if (unlikely (n >= phnum))
1778 {
1779 char buf[50];
1780 ERROR (gettext ("\
1781 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1782 idx, section_name (ebl, idx), cnt,
1783 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1784 sizeof (buf)));
1785 }
1786 break;
1787
1788 case DT_NEEDED:
1789 case DT_RPATH:
1790 case DT_RUNPATH:
1791 case DT_SONAME:
1792 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1793 {
1794 char buf[50];
1795 ERROR (gettext ("\
1796 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1797 idx, section_name (ebl, idx), cnt,
1798 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1799 sizeof (buf)),
1800 shdr->sh_link, section_name (ebl, shdr->sh_link));
1801 }
1802 break;
1803 }
1804 }
1805
1806 for (cnt = 1; cnt < DT_NUM; ++cnt)
1807 if (has_dt[cnt])
1808 {
1809 for (int inner = 0; inner < DT_NUM; ++inner)
1810 if (dependencies[cnt][inner] && ! has_dt[inner])
1811 {
1812 char buf1[50];
1813 char buf2[50];
1814
1815 ERROR (gettext ("\
1816 section [%2d] '%s': contains %s entry but not %s\n"),
1817 idx, section_name (ebl, idx),
1818 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1819 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1820 }
1821 }
1822 else
1823 {
1824 if (mandatory[cnt])
1825 {
1826 char buf[50];
1827 ERROR (gettext ("\
1828 section [%2d] '%s': mandatory tag %s not present\n"),
1829 idx, section_name (ebl, idx),
1830 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1831 }
1832 }
1833
1834 /* Make sure we have an hash table. */
1835 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1836 ERROR (gettext ("\
1837 section [%2d] '%s': no hash section present\n"),
1838 idx, section_name (ebl, idx));
1839
1840 /* The GNU-style hash table also needs a symbol table. */
1841 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1842 && !has_dt[DT_SYMTAB])
1843 ERROR (gettext ("\
1844 section [%2d] '%s': contains %s entry but not %s\n"),
1845 idx, section_name (ebl, idx),
1846 "DT_GNU_HASH", "DT_SYMTAB");
1847
1848 /* Check the rel/rela tags. At least one group must be available. */
1849 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1850 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1851 ERROR (gettext ("\
1852 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1853 idx, section_name (ebl, idx),
1854 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1855
1856 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1857 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1858 ERROR (gettext ("\
1859 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1860 idx, section_name (ebl, idx),
1861 "DT_REL", "DT_RELSZ", "DT_RELENT");
1862
1863 /* Check that all prelink sections are present if any of them is. */
1864 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1865 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1866 {
1867 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1868 ERROR (gettext ("\
1869 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1870 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1871 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1872 ERROR (gettext ("\
1873 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1874 idx, section_name (ebl, idx), "DT_CHECKSUM");
1875
1876 /* Only DSOs can be marked like this. */
1877 if (ehdr->e_type != ET_DYN)
1878 ERROR (gettext ("\
1879 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1880 idx, section_name (ebl, idx));
1881 }
1882
1883 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1884 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1885 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1886 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1887 {
1888 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1889 ERROR (gettext ("\
1890 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1891 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1892 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1893 ERROR (gettext ("\
1894 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1895 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1896 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1897 ERROR (gettext ("\
1898 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1899 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1900 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1901 ERROR (gettext ("\
1902 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1903 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1904 }
1905 }
1906
1907
1908 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1909 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1910 {
1911 if (ehdr->e_type != ET_REL)
1912 {
1913 ERROR (gettext ("\
1914 section [%2d] '%s': only relocatable files can have extended section index\n"),
1915 idx, section_name (ebl, idx));
1916 return;
1917 }
1918
1919 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1920 GElf_Shdr symshdr_mem;
1921 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1922 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1923 ERROR (gettext ("\
1924 section [%2d] '%s': extended section index section not for symbol table\n"),
1925 idx, section_name (ebl, idx));
1926 else if (symshdr == NULL)
1927 ERROR (gettext ("\
1928 section [%2d] '%s': sh_link extended section index [%2d] is invalid\n"),
1929 idx, section_name (ebl, idx), shdr->sh_link);
1930 Elf_Data *symdata = elf_getdata (symscn, NULL);
1931 if (symdata == NULL)
1932 ERROR (gettext ("cannot get data for symbol section\n"));
1933
1934 if (shdr->sh_entsize != sizeof (Elf32_Word))
1935 ERROR (gettext ("\
1936 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1937 idx, section_name (ebl, idx));
1938
1939 if (symshdr != NULL
1940 && shdr->sh_entsize != 0
1941 && symshdr->sh_entsize != 0
1942 && (shdr->sh_size / shdr->sh_entsize
1943 < symshdr->sh_size / symshdr->sh_entsize))
1944 ERROR (gettext ("\
1945 section [%2d] '%s': extended index table too small for symbol table\n"),
1946 idx, section_name (ebl, idx));
1947
1948 if (shdr->sh_info != 0)
1949 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1950 idx, section_name (ebl, idx));
1951
1952 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
1953 {
1954 GElf_Shdr rshdr_mem;
1955 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1956 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1957 && rshdr->sh_link == shdr->sh_link)
1958 {
1959 ERROR (gettext ("\
1960 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1961 idx, section_name (ebl, idx),
1962 cnt, section_name (ebl, cnt));
1963 break;
1964 }
1965 }
1966
1967 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1968 if (data == NULL || data->d_buf == NULL)
1969 {
1970 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1971 idx, section_name (ebl, idx));
1972 return;
1973 }
1974
1975 if (*((Elf32_Word *) data->d_buf) != 0)
1976 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1977
1978 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
1979 {
1980 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
1981
1982 if (xndx != 0)
1983 {
1984 GElf_Sym sym_data;
1985 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
1986 if (sym == NULL)
1987 {
1988 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
1989 continue;
1990 }
1991
1992 if (sym->st_shndx != SHN_XINDEX)
1993 ERROR (gettext ("\
1994 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
1995 (uint32_t) xndx);
1996 }
1997 }
1998 }
1999
2000
2001 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2002 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2003 GElf_Shdr *symshdr)
2004 {
2005 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
2006 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
2007
2008 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
2009 ERROR (gettext ("\
2010 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2011 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2012 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
2013
2014 size_t maxidx = nchain;
2015
2016 if (symshdr != NULL && symshdr->sh_entsize != 0)
2017 {
2018 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2019
2020 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2021 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
2022 idx, section_name (ebl, idx));
2023
2024 maxidx = symsize;
2025 }
2026
2027 Elf32_Word *buf = (Elf32_Word *) data->d_buf;
2028 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
2029 size_t cnt;
2030 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2031 {
2032 if (buf + cnt >= end)
2033 break;
2034 else if (buf[cnt] >= maxidx)
2035 ERROR (gettext ("\
2036 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2037 idx, section_name (ebl, idx), cnt - 2);
2038 }
2039
2040 for (; cnt < 2 + nbucket + nchain; ++cnt)
2041 {
2042 if (buf + cnt >= end)
2043 break;
2044 else if (buf[cnt] >= maxidx)
2045 ERROR (gettext ("\
2046 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
2047 idx, section_name (ebl, idx), cnt - 2 - nbucket);
2048 }
2049 }
2050
2051
2052 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2053 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2054 GElf_Shdr *symshdr)
2055 {
2056 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
2057 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
2058
2059 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
2060 ERROR (gettext ("\
2061 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2062 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2063 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
2064
2065 size_t maxidx = nchain;
2066
2067 if (symshdr != NULL && symshdr->sh_entsize != 0)
2068 {
2069 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2070
2071 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2072 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
2073 idx, section_name (ebl, idx));
2074
2075 maxidx = symsize;
2076 }
2077
2078 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
2079 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
2080 size_t cnt;
2081 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2082 {
2083 if (buf + cnt >= end)
2084 break;
2085 else if (buf[cnt] >= maxidx)
2086 ERROR (gettext ("\
2087 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2088 idx, section_name (ebl, idx), cnt - 2);
2089 }
2090
2091 for (; cnt < 2 + nbucket + nchain; ++cnt)
2092 {
2093 if (buf + cnt >= end)
2094 break;
2095 else if (buf[cnt] >= maxidx)
2096 ERROR (gettext ("\
2097 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2098 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
2099 }
2100 }
2101
2102
2103 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2104 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2105 GElf_Shdr *symshdr)
2106 {
2107 if (data->d_size < 4 * sizeof (Elf32_Word))
2108 {
2109 ERROR (gettext ("\
2110 section [%2d] '%s': not enough data\n"),
2111 idx, section_name (ebl, idx));
2112 return;
2113 }
2114
2115 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2116 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2117 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2118
2119 if (bitmask_words == 0 || !powerof2 (bitmask_words))
2120 {
2121 ERROR (gettext ("\
2122 section [%2d] '%s': bitmask size zero or not power of 2: %u\n"),
2123 idx, section_name (ebl, idx), bitmask_words);
2124 return;
2125 }
2126
2127 size_t bitmask_idxmask = bitmask_words - 1;
2128 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2129 bitmask_words *= 2;
2130 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2131
2132 /* Is there still room for the sym chain?
2133 Use uint64_t calculation to prevent 32bit overlow. */
2134 uint64_t used_buf = (4ULL + bitmask_words + nbuckets) * sizeof (Elf32_Word);
2135 if (used_buf > data->d_size)
2136 {
2137 ERROR (gettext ("\
2138 section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
2139 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2140 (long int) used_buf);
2141 return;
2142 }
2143
2144 if (shift > 31)
2145 {
2146 ERROR (gettext ("\
2147 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2148 idx, section_name (ebl, idx), shift);
2149 return;
2150 }
2151
2152 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2153 + nbuckets);
2154
2155 if (symshdr != NULL && symshdr->sh_entsize != 0)
2156 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2157
2158 /* We need the symbol section data. */
2159 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2160
2161 union
2162 {
2163 Elf32_Word *p32;
2164 Elf64_Xword *p64;
2165 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2166 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2167
2168 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2169
2170 size_t cnt;
2171 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2172 {
2173 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2174
2175 if (symidx == 0)
2176 continue;
2177
2178 if (symidx < symbias)
2179 {
2180 ERROR (gettext ("\
2181 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2182 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2183 continue;
2184 }
2185
2186 while (symidx - symbias < maxidx)
2187 {
2188 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2189 + bitmask_words
2190 + nbuckets
2191 + symidx
2192 - symbias];
2193
2194 if (symdata != NULL)
2195 {
2196 /* Check that the referenced symbol is not undefined. */
2197 GElf_Sym sym_mem;
2198 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2199 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2200 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2201 ERROR (gettext ("\
2202 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2203 idx, section_name (ebl, idx), symidx,
2204 cnt - (4 + bitmask_words));
2205
2206 const char *symname = (sym != NULL
2207 ? elf_strptr (ebl->elf, symshdr->sh_link,
2208 sym->st_name)
2209 : NULL);
2210 if (symname != NULL)
2211 {
2212 Elf32_Word hval = elf_gnu_hash (symname);
2213 if ((hval & ~1u) != (chainhash & ~1u))
2214 ERROR (gettext ("\
2215 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2216 idx, section_name (ebl, idx), symidx,
2217 cnt - (4 + bitmask_words));
2218
2219 /* Set the bits in the bitmask. */
2220 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2221 if (maskidx >= bitmask_words)
2222 {
2223 ERROR (gettext ("\
2224 section [%2d] '%s': mask index for symbol %u in chain for bucket %zu wrong\n"),
2225 idx, section_name (ebl, idx), symidx,
2226 cnt - (4 + bitmask_words));
2227 return;
2228 }
2229 if (classbits == 32)
2230 {
2231 collected.p32[maskidx]
2232 |= UINT32_C (1) << (hval & (classbits - 1));
2233 collected.p32[maskidx]
2234 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2235 }
2236 else
2237 {
2238 collected.p64[maskidx]
2239 |= UINT64_C (1) << (hval & (classbits - 1));
2240 collected.p64[maskidx]
2241 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2242 }
2243 }
2244 }
2245
2246 if ((chainhash & 1) != 0)
2247 break;
2248
2249 ++symidx;
2250 }
2251
2252 if (symidx - symbias >= maxidx)
2253 ERROR (gettext ("\
2254 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2255 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2256 else if (symshdr != NULL && symshdr->sh_entsize != 0
2257 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2258 ERROR (gettext ("\
2259 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2260 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2261 }
2262
2263 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2264 ERROR (gettext ("\
2265 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2266 idx, section_name (ebl, idx));
2267
2268 free (collected.p32);
2269 }
2270
2271
2272 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2273 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2274 {
2275 if (ehdr->e_type == ET_REL)
2276 {
2277 ERROR (gettext ("\
2278 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2279 idx, section_name (ebl, idx));
2280 return;
2281 }
2282
2283 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2284 if (data == NULL || data->d_buf == NULL)
2285 {
2286 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2287 idx, section_name (ebl, idx));
2288 return;
2289 }
2290
2291 GElf_Shdr symshdr_mem;
2292 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2293 &symshdr_mem);
2294 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2295 ERROR (gettext ("\
2296 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2297 idx, section_name (ebl, idx));
2298 else if (symshdr == NULL)
2299 ERROR (gettext ("\
2300 section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"),
2301 idx, section_name (ebl, idx), shdr->sh_link);
2302
2303 if (shdr->sh_entsize != (tag == SHT_GNU_HASH
2304 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2305 ? sizeof (Elf32_Word) : 0)
2306 : (size_t) ebl_sysvhash_entrysize (ebl)))
2307 ERROR (gettext ("\
2308 section [%2d] '%s': hash table entry size incorrect\n"),
2309 idx, section_name (ebl, idx));
2310
2311 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2312 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
2313 idx, section_name (ebl, idx));
2314
2315 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
2316 {
2317 ERROR (gettext ("\
2318 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2319 idx, section_name (ebl, idx));
2320 return;
2321 }
2322
2323 switch (tag)
2324 {
2325 case SHT_HASH:
2326 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2327 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2328 else
2329 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2330 break;
2331
2332 case SHT_GNU_HASH:
2333 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2334 break;
2335
2336 default:
2337 assert (! "should not happen");
2338 }
2339 }
2340
2341
2342 /* Compare content of both hash tables, it must be identical. */
2343 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2344 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2345 size_t gnu_hash_idx)
2346 {
2347 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2348 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2349 GElf_Shdr hash_shdr_mem;
2350 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2351 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2352 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2353 GElf_Shdr gnu_hash_shdr_mem;
2354 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2355
2356 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2357 || hash_data == NULL || hash_data->d_buf == NULL
2358 || gnu_hash_data == NULL || gnu_hash_data->d_buf == NULL)
2359 /* None of these pointers should be NULL since we used the
2360 sections already. We are careful nonetheless. */
2361 return;
2362
2363 /* The link must point to the same symbol table. */
2364 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2365 {
2366 ERROR (gettext ("\
2367 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2368 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2369 gnu_hash_idx,
2370 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2371 return;
2372 }
2373
2374 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2375 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2376 GElf_Shdr sym_shdr_mem;
2377 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2378
2379 if (sym_data == NULL || sym_data->d_buf == NULL
2380 || sym_shdr == NULL || sym_shdr->sh_entsize == 0)
2381 return;
2382
2383 const char *hash_name;
2384 const char *gnu_hash_name;
2385 hash_name = elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name);
2386 gnu_hash_name = elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name);
2387
2388 if (gnu_hash_data->d_size < 4 * sizeof (Elf32_Word))
2389 {
2390 ERROR (gettext ("\
2391 hash section [%2zu] '%s' does not contain enough data\n"),
2392 gnu_hash_idx, gnu_hash_name);
2393 return;
2394 }
2395
2396 uint32_t nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2397 char *used = alloca (nentries);
2398 memset (used, '\0', nentries);
2399
2400 /* First go over the GNU_HASH table and mark the entries as used. */
2401 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2402 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2403 Elf32_Word gnu_symbias = gnu_hasharr[1];
2404 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2405 const Elf32_Word *gnu_bucket = (gnu_hasharr
2406 + (4 + gnu_hasharr[2] * bitmap_factor));
2407 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0];
2408
2409 if (gnu_hasharr[2] == 0)
2410 {
2411 ERROR (gettext ("\
2412 hash section [%2zu] '%s' has zero bit mask words\n"),
2413 gnu_hash_idx, gnu_hash_name);
2414 return;
2415 }
2416
2417 uint64_t used_buf = ((4ULL + gnu_hasharr[2] * bitmap_factor + gnu_nbucket)
2418 * sizeof (Elf32_Word));
2419 uint32_t max_nsyms = (gnu_hash_data->d_size - used_buf) / sizeof (Elf32_Word);
2420 if (used_buf > gnu_hash_data->d_size)
2421 {
2422 ERROR (gettext ("\
2423 hash section [%2zu] '%s' uses too much data\n"),
2424 gnu_hash_idx, gnu_hash_name);
2425 return;
2426 }
2427
2428 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2429 {
2430 if (gnu_bucket[cnt] != STN_UNDEF)
2431 {
2432 Elf32_Word symidx = gnu_bucket[cnt] - gnu_symbias;
2433 do
2434 {
2435 if (symidx >= max_nsyms || symidx + gnu_symbias >= nentries)
2436 {
2437 ERROR (gettext ("\
2438 hash section [%2zu] '%s' invalid symbol index %" PRIu32 " (max_nsyms: %" PRIu32 ", nentries: %" PRIu32 "\n"),
2439 gnu_hash_idx, gnu_hash_name, symidx, max_nsyms, nentries);
2440 return;
2441 }
2442 used[symidx + gnu_symbias] |= 1;
2443 }
2444 while ((gnu_chain[symidx++] & 1u) == 0);
2445 }
2446 }
2447
2448 /* Now go over the old hash table and check that we cover the same
2449 entries. */
2450 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2451 {
2452 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2453 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2454 {
2455 ERROR (gettext ("\
2456 hash section [%2zu] '%s' does not contain enough data\n"),
2457 hash_idx, hash_name);
2458 return;
2459 }
2460
2461 Elf32_Word nbucket = hasharr[0];
2462 Elf32_Word nchain = hasharr[1];
2463 uint64_t hash_used = (2ULL + nchain + nbucket) * sizeof (Elf32_Word);
2464 if (hash_used > hash_data->d_size)
2465 {
2466 ERROR (gettext ("\
2467 hash section [%2zu] '%s' uses too much data\n"),
2468 hash_idx, hash_name);
2469 return;
2470 }
2471
2472 const Elf32_Word *bucket = &hasharr[2];
2473 const Elf32_Word *chain = &hasharr[2 + nbucket];
2474
2475 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2476 {
2477 Elf32_Word symidx = bucket[cnt];
2478 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2479 {
2480 used[symidx] |= 2;
2481 symidx = chain[symidx];
2482 }
2483 }
2484 }
2485 else if (hash_shdr->sh_entsize == sizeof (Elf64_Word))
2486 {
2487 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2488 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2489 {
2490 ERROR (gettext ("\
2491 hash section [%2zu] '%s' does not contain enough data\n"),
2492 hash_idx, hash_name);
2493 return;
2494 }
2495
2496 Elf64_Xword nbucket = hasharr[0];
2497 Elf64_Xword nchain = hasharr[1];
2498 uint64_t maxwords = hash_data->d_size / sizeof (Elf64_Xword);
2499 if (maxwords < 2
2500 || maxwords - 2 < nbucket
2501 || maxwords - 2 - nbucket < nchain)
2502 {
2503 ERROR (gettext ("\
2504 hash section [%2zu] '%s' uses too much data\n"),
2505 hash_idx, hash_name);
2506 return;
2507 }
2508
2509 const Elf64_Xword *bucket = &hasharr[2];
2510 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2511
2512 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2513 {
2514 Elf64_Xword symidx = bucket[cnt];
2515 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2516 {
2517 used[symidx] |= 2;
2518 symidx = chain[symidx];
2519 }
2520 }
2521 }
2522 else
2523 {
2524 ERROR (gettext ("\
2525 hash section [%2zu] '%s' invalid sh_entsize\n"),
2526 gnu_hash_idx, gnu_hash_name);
2527 return;
2528 }
2529
2530 /* Now see which entries are not set in one or both hash tables
2531 (unless the symbol is undefined in which case it can be omitted
2532 in the new table format). */
2533 if ((used[0] & 1) != 0)
2534 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2535 gnu_hash_idx,
2536 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2537 if ((used[0] & 2) != 0)
2538 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2539 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2540
2541 for (uint32_t cnt = 1; cnt < nentries; ++cnt)
2542 if (used[cnt] != 0 && used[cnt] != 3)
2543 {
2544 if (used[cnt] == 1)
2545 ERROR (gettext ("\
2546 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2547 cnt, gnu_hash_idx,
2548 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2549 hash_idx,
2550 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2551 else
2552 {
2553 GElf_Sym sym_mem;
2554 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2555
2556 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2557 ERROR (gettext ("\
2558 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2559 cnt, hash_idx,
2560 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2561 gnu_hash_idx,
2562 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2563 }
2564 }
2565 }
2566
2567
2568 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2569 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2570 {
2571 #define TEST(name, extra) \
2572 if (extra && shdr->sh_##name != 0) \
2573 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2574 idx, section_name (ebl, idx), #name)
2575
2576 TEST (name, 1);
2577 TEST (flags, 1);
2578 TEST (addr, 1);
2579 TEST (offset, 1);
2580 TEST (size, idx != 0);
2581 TEST (link, idx != 0);
2582 TEST (info, 1);
2583 TEST (addralign, 1);
2584 TEST (entsize, 1);
2585 }
2586
2587
2588 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2589 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2590 {
2591 if (ehdr->e_type != ET_REL)
2592 {
2593 ERROR (gettext ("\
2594 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2595 idx, section_name (ebl, idx));
2596 return;
2597 }
2598
2599 /* Check that sh_link is an index of a symbol table. */
2600 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2601 GElf_Shdr symshdr_mem;
2602 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2603 if (symshdr == NULL)
2604 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
2605 idx, section_name (ebl, idx), elf_errmsg (-1));
2606 else
2607 {
2608 if (symshdr->sh_type != SHT_SYMTAB)
2609 ERROR (gettext ("\
2610 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2611 idx, section_name (ebl, idx));
2612
2613 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2614 1, EV_CURRENT))
2615 ERROR (gettext ("\
2616 section [%2d] '%s': invalid symbol index in sh_info\n"),
2617 idx, section_name (ebl, idx));
2618
2619 if (shdr->sh_flags != 0)
2620 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
2621 idx, section_name (ebl, idx));
2622
2623 GElf_Sym sym_data;
2624 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2625 &sym_data);
2626 if (sym == NULL)
2627 ERROR (gettext ("\
2628 section [%2d] '%s': cannot get symbol for signature\n"),
2629 idx, section_name (ebl, idx));
2630 else if (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name) == NULL)
2631 ERROR (gettext ("\
2632 section [%2d] '%s': cannot get symbol name for signature\n"),
2633 idx, section_name (ebl, idx));
2634 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2635 "") == 0)
2636 ERROR (gettext ("\
2637 section [%2d] '%s': signature symbol cannot be empty string\n"),
2638 idx, section_name (ebl, idx));
2639
2640 if (be_strict
2641 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2642 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
2643 idx, section_name (ebl, idx));
2644 }
2645
2646 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2647 if (data == NULL || data->d_buf == NULL)
2648 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
2649 idx, section_name (ebl, idx), elf_errmsg (-1));
2650 else
2651 {
2652 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2653 size_t cnt;
2654 Elf32_Word val;
2655
2656 if (data->d_size % elsize != 0)
2657 ERROR (gettext ("\
2658 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2659 idx, section_name (ebl, idx));
2660
2661 if (data->d_size < elsize)
2662 ERROR (gettext ("\
2663 section [%2d] '%s': section group without flags word\n"),
2664 idx, section_name (ebl, idx));
2665 else if (be_strict)
2666 {
2667 if (data->d_size < 2 * elsize)
2668 ERROR (gettext ("\
2669 section [%2d] '%s': section group without member\n"),
2670 idx, section_name (ebl, idx));
2671 else if (data->d_size < 3 * elsize)
2672 ERROR (gettext ("\
2673 section [%2d] '%s': section group with only one member\n"),
2674 idx, section_name (ebl, idx));
2675 }
2676
2677 #if ALLOW_UNALIGNED
2678 val = *((Elf32_Word *) data->d_buf);
2679 #else
2680 memcpy (&val, data->d_buf, elsize);
2681 #endif
2682 if ((val & ~GRP_COMDAT) != 0)
2683 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
2684 idx, section_name (ebl, idx));
2685
2686 for (cnt = elsize; cnt < data->d_size; cnt += elsize)
2687 {
2688 #if ALLOW_UNALIGNED
2689 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2690 #else
2691 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2692 #endif
2693
2694 if (val > shnum)
2695 ERROR (gettext ("\
2696 section [%2d] '%s': section index %zu out of range\n"),
2697 idx, section_name (ebl, idx), cnt / elsize);
2698 else
2699 {
2700 GElf_Shdr refshdr_mem;
2701 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2702 &refshdr_mem);
2703 if (refshdr == NULL)
2704 ERROR (gettext ("\
2705 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2706 idx, section_name (ebl, idx), cnt / elsize,
2707 elf_errmsg (-1));
2708 else
2709 {
2710 if (refshdr->sh_type == SHT_GROUP)
2711 ERROR (gettext ("\
2712 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2713 idx, section_name (ebl, idx),
2714 val, section_name (ebl, val));
2715
2716 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2717 ERROR (gettext ("\
2718 section [%2d] '%s': element %zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2719 idx, section_name (ebl, idx), cnt / elsize,
2720 val, section_name (ebl, val));
2721 }
2722
2723 if (val < shnum && ++scnref[val] == 2)
2724 ERROR (gettext ("\
2725 section [%2d] '%s' is contained in more than one section group\n"),
2726 val, section_name (ebl, val));
2727 }
2728 }
2729 }
2730 }
2731
2732
2733 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2734 section_flags_string (GElf_Word flags, char *buf, size_t len)
2735 {
2736 if (flags == 0)
2737 return "none";
2738
2739 static const struct
2740 {
2741 GElf_Word flag;
2742 const char *name;
2743 } known_flags[] =
2744 {
2745 #define NEWFLAG(name) { SHF_##name, #name }
2746 NEWFLAG (WRITE),
2747 NEWFLAG (ALLOC),
2748 NEWFLAG (EXECINSTR),
2749 NEWFLAG (MERGE),
2750 NEWFLAG (STRINGS),
2751 NEWFLAG (INFO_LINK),
2752 NEWFLAG (LINK_ORDER),
2753 NEWFLAG (OS_NONCONFORMING),
2754 NEWFLAG (GROUP),
2755 NEWFLAG (TLS),
2756 NEWFLAG (COMPRESSED)
2757 };
2758 #undef NEWFLAG
2759 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2760
2761 char *cp = buf;
2762
2763 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2764 if (flags & known_flags[cnt].flag)
2765 {
2766 if (cp != buf && len > 1)
2767 {
2768 *cp++ = '|';
2769 --len;
2770 }
2771
2772 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2773 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2774 len -= ncopy;
2775
2776 flags ^= known_flags[cnt].flag;
2777 }
2778
2779 if (flags != 0 || cp == buf)
2780 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
2781
2782 *cp = '\0';
2783
2784 return buf;
2785 }
2786
2787
2788 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2789 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2790 {
2791 /* First find the relocation section for the symbol table. */
2792 Elf_Scn *scn = NULL;
2793 GElf_Shdr shdr_mem;
2794 GElf_Shdr *shdr = NULL;
2795 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2796 {
2797 shdr = gelf_getshdr (scn, &shdr_mem);
2798 if (shdr != NULL
2799 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2800 && shdr->sh_link == symscnndx)
2801 /* Found the section. */
2802 break;
2803 }
2804
2805 if (scn == NULL)
2806 return 0;
2807
2808 Elf_Data *data = elf_getdata (scn, NULL);
2809 if (data == NULL || shdr->sh_entsize == 0)
2810 return 0;
2811
2812 if (shdr->sh_type == SHT_REL)
2813 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2814 {
2815 GElf_Rel rel_mem;
2816 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2817 if (rel == NULL)
2818 continue;
2819
2820 if (GELF_R_SYM (rel->r_info) == symndx
2821 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2822 return 1;
2823 }
2824 else
2825 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2826 {
2827 GElf_Rela rela_mem;
2828 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2829 if (rela == NULL)
2830 continue;
2831
2832 if (GELF_R_SYM (rela->r_info) == symndx
2833 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2834 return 1;
2835 }
2836
2837 return 0;
2838 }
2839
2840
2841 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2842 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2843 {
2844 GElf_Shdr shdr_mem;
2845 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2846 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2847 }
2848
2849
2850 static struct version_namelist
2851 {
2852 const char *objname;
2853 const char *name;
2854 GElf_Versym ndx;
2855 enum { ver_def, ver_need } type;
2856 struct version_namelist *next;
2857 } *version_namelist;
2858
2859
2860 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2861 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2862 {
2863 /* Check that there are no duplications. */
2864 struct version_namelist *nlp = version_namelist;
2865 while (nlp != NULL)
2866 {
2867 if (((nlp->objname == NULL && objname == NULL)
2868 || (nlp->objname != NULL && objname != NULL
2869 && strcmp (nlp->objname, objname) == 0))
2870 && strcmp (nlp->name, name) == 0)
2871 return nlp->type == ver_def ? 1 : -1;
2872 nlp = nlp->next;
2873 }
2874
2875 nlp = xmalloc (sizeof (*nlp));
2876 nlp->objname = objname;
2877 nlp->name = name;
2878 nlp->ndx = ndx;
2879 nlp->type = type;
2880 nlp->next = version_namelist;
2881 version_namelist = nlp;
2882
2883 return 0;
2884 }
2885
2886
2887 static void
check_versym(Ebl * ebl,int idx)2888 check_versym (Ebl *ebl, int idx)
2889 {
2890 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2891 GElf_Shdr shdr_mem;
2892 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2893 if (shdr == NULL)
2894 /* The error has already been reported. */
2895 return;
2896
2897 Elf_Data *data = elf_getdata (scn, NULL);
2898 if (data == NULL)
2899 {
2900 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2901 idx, section_name (ebl, idx));
2902 return;
2903 }
2904
2905 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2906 GElf_Shdr symshdr_mem;
2907 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2908 if (symshdr == NULL)
2909 /* The error has already been reported. */
2910 return;
2911
2912 if (symshdr->sh_type != SHT_DYNSYM)
2913 {
2914 ERROR (gettext ("\
2915 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2916 idx, section_name (ebl, idx),
2917 shdr->sh_link, section_name (ebl, shdr->sh_link));
2918 return;
2919 }
2920
2921 /* The number of elements in the version symbol table must be the
2922 same as the number of symbols. */
2923 if (shdr->sh_entsize != 0 && symshdr->sh_entsize != 0
2924 && (shdr->sh_size / shdr->sh_entsize
2925 != symshdr->sh_size / symshdr->sh_entsize))
2926 ERROR (gettext ("\
2927 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
2928 idx, section_name (ebl, idx),
2929 shdr->sh_link, section_name (ebl, shdr->sh_link));
2930
2931 Elf_Data *symdata = elf_getdata (symscn, NULL);
2932 if (symdata == NULL || shdr->sh_entsize == 0)
2933 /* The error has already been reported. */
2934 return;
2935
2936 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
2937 {
2938 GElf_Versym versym_mem;
2939 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
2940 if (versym == NULL)
2941 {
2942 ERROR (gettext ("\
2943 section [%2d] '%s': symbol %d: cannot read version data\n"),
2944 idx, section_name (ebl, idx), cnt);
2945 break;
2946 }
2947
2948 GElf_Sym sym_mem;
2949 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
2950 if (sym == NULL)
2951 /* Already reported elsewhere. */
2952 continue;
2953
2954 if (*versym == VER_NDX_GLOBAL)
2955 {
2956 /* Global symbol. Make sure it is not defined as local. */
2957 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2958 ERROR (gettext ("\
2959 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
2960 idx, section_name (ebl, idx), cnt);
2961 }
2962 else if (*versym != VER_NDX_LOCAL)
2963 {
2964 /* Versioned symbol. Make sure it is not defined as local. */
2965 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2966 ERROR (gettext ("\
2967 section [%2d] '%s': symbol %d: local symbol with version\n"),
2968 idx, section_name (ebl, idx), cnt);
2969
2970 /* Look through the list of defined versions and locate the
2971 index we need for this symbol. */
2972 struct version_namelist *runp = version_namelist;
2973 while (runp != NULL)
2974 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
2975 break;
2976 else
2977 runp = runp->next;
2978
2979 if (runp == NULL)
2980 ERROR (gettext ("\
2981 section [%2d] '%s': symbol %d: invalid version index %d\n"),
2982 idx, section_name (ebl, idx), cnt, (int) *versym);
2983 else if (sym->st_shndx == SHN_UNDEF
2984 && runp->type == ver_def)
2985 ERROR (gettext ("\
2986 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
2987 idx, section_name (ebl, idx), cnt, (int) *versym);
2988 else if (sym->st_shndx != SHN_UNDEF
2989 && runp->type == ver_need)
2990 {
2991 /* Unless this symbol has a copy relocation associated
2992 this must not happen. */
2993 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
2994 && !in_nobits_scn (ebl, sym->st_shndx))
2995 ERROR (gettext ("\
2996 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
2997 idx, section_name (ebl, idx), cnt, (int) *versym);
2998 }
2999 }
3000 }
3001 }
3002
3003
3004 static int
unknown_dependency_p(Elf * elf,const char * fname)3005 unknown_dependency_p (Elf *elf, const char *fname)
3006 {
3007 GElf_Phdr phdr_mem;
3008 GElf_Phdr *phdr = NULL;
3009
3010 unsigned int i;
3011 for (i = 0; i < phnum; ++i)
3012 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
3013 && phdr->p_type == PT_DYNAMIC)
3014 break;
3015
3016 if (i == phnum)
3017 return 1;
3018 assert (phdr != NULL);
3019 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
3020 GElf_Shdr shdr_mem;
3021 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
3022 Elf_Data *data = elf_getdata (scn, NULL);
3023 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC
3024 && data != NULL && shdr->sh_entsize != 0)
3025 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
3026 {
3027 GElf_Dyn dyn_mem;
3028 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
3029 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
3030 {
3031 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
3032 if (str != NULL && strcmp (str, fname) == 0)
3033 /* Found it. */
3034 return 0;
3035 }
3036 }
3037
3038 return 1;
3039 }
3040
3041
3042 static unsigned int nverneed;
3043
3044 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)3045 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
3046 {
3047 if (++nverneed == 2)
3048 ERROR (gettext ("more than one version reference section present\n"));
3049
3050 GElf_Shdr strshdr_mem;
3051 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3052 &strshdr_mem);
3053 if (strshdr == NULL)
3054 return;
3055 if (strshdr->sh_type != SHT_STRTAB)
3056 ERROR (gettext ("\
3057 section [%2d] '%s': sh_link does not link to string table\n"),
3058 idx, section_name (ebl, idx));
3059
3060 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3061 if (data == NULL)
3062 {
3063 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3064 idx, section_name (ebl, idx));
3065 return;
3066 }
3067 unsigned int offset = 0;
3068 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3069 {
3070 cnt--;
3071
3072 /* Get the data at the next offset. */
3073 GElf_Verneed needmem;
3074 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
3075 if (need == NULL)
3076 break;
3077
3078 unsigned int auxoffset = offset + need->vn_aux;
3079
3080 if (need->vn_version != EV_CURRENT)
3081 ERROR (gettext ("\
3082 section [%2d] '%s': entry %d has wrong version %d\n"),
3083 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
3084
3085 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
3086 1, EV_CURRENT))
3087 {
3088 ERROR (gettext ("\
3089 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3090 idx, section_name (ebl, idx), cnt);
3091 break;
3092 }
3093
3094 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
3095 need->vn_file);
3096 if (libname == NULL)
3097 {
3098 ERROR (gettext ("\
3099 section [%2d] '%s': entry %d has invalid file reference\n"),
3100 idx, section_name (ebl, idx), cnt);
3101 goto next_need;
3102 }
3103
3104 /* Check that there is a DT_NEEDED entry for the referenced library. */
3105 if (unknown_dependency_p (ebl->elf, libname))
3106 ERROR (gettext ("\
3107 section [%2d] '%s': entry %d references unknown dependency\n"),
3108 idx, section_name (ebl, idx), cnt);
3109
3110 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
3111 {
3112 GElf_Vernaux auxmem;
3113 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
3114 if (aux == NULL)
3115 break;
3116
3117 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
3118 ERROR (gettext ("\
3119 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
3120 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3121
3122 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
3123 aux->vna_name);
3124 if (verstr == NULL)
3125 {
3126 ERROR (gettext ("\
3127 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
3128 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3129 break;
3130 }
3131 else
3132 {
3133 GElf_Word hashval = elf_hash (verstr);
3134 if (hashval != aux->vna_hash)
3135 ERROR (gettext ("\
3136 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
3137 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3138 cnt, (int) hashval, (int) aux->vna_hash);
3139
3140 int res = add_version (libname, verstr, aux->vna_other,
3141 ver_need);
3142 if (unlikely (res !=0))
3143 {
3144 ERROR (gettext ("\
3145 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
3146 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3147 cnt, verstr);
3148 }
3149 }
3150
3151 if ((aux->vna_next != 0 || cnt2 > 0)
3152 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
3153 EV_CURRENT))
3154 {
3155 ERROR (gettext ("\
3156 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
3157 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3158 break;
3159 }
3160
3161 auxoffset += MAX (aux->vna_next,
3162 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
3163 }
3164
3165 /* Find the next offset. */
3166 next_need:
3167 offset += need->vn_next;
3168
3169 if ((need->vn_next != 0 || cnt > 0)
3170 && offset < auxoffset)
3171 {
3172 ERROR (gettext ("\
3173 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3174 idx, section_name (ebl, idx), cnt);
3175 break;
3176 }
3177
3178 if (need->vn_next == 0 && cnt > 0)
3179 {
3180 ERROR (gettext ("\
3181 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3182 idx, section_name (ebl, idx), cnt);
3183 break;
3184 }
3185 }
3186 }
3187
3188
3189 static unsigned int nverdef;
3190
3191 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)3192 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
3193 {
3194 if (++nverdef == 2)
3195 ERROR (gettext ("more than one version definition section present\n"));
3196
3197 GElf_Shdr strshdr_mem;
3198 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3199 &strshdr_mem);
3200 if (strshdr == NULL)
3201 return;
3202 if (strshdr->sh_type != SHT_STRTAB)
3203 ERROR (gettext ("\
3204 section [%2d] '%s': sh_link does not link to string table\n"),
3205 idx, section_name (ebl, idx));
3206
3207 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3208 if (data == NULL)
3209 {
3210 no_data:
3211 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3212 idx, section_name (ebl, idx));
3213 return;
3214 }
3215
3216 /* Iterate over all version definition entries. We check that there
3217 is a BASE entry and that each index is unique. To do the later
3218 we collection the information in a list which is later
3219 examined. */
3220 struct namelist
3221 {
3222 const char *name;
3223 struct namelist *next;
3224 } *namelist = NULL;
3225 struct namelist *refnamelist = NULL;
3226
3227 bool has_base = false;
3228 unsigned int offset = 0;
3229 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3230 {
3231 cnt--;
3232
3233 /* Get the data at the next offset. */
3234 GElf_Verdef defmem;
3235 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3236 if (def == NULL)
3237 goto no_data;
3238
3239 if ((def->vd_flags & VER_FLG_BASE) != 0)
3240 {
3241 if (has_base)
3242 ERROR (gettext ("\
3243 section [%2d] '%s': more than one BASE definition\n"),
3244 idx, section_name (ebl, idx));
3245 if (def->vd_ndx != VER_NDX_GLOBAL)
3246 ERROR (gettext ("\
3247 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3248 idx, section_name (ebl, idx));
3249 has_base = true;
3250 }
3251 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3252 ERROR (gettext ("\
3253 section [%2d] '%s': entry %d has unknown flag\n"),
3254 idx, section_name (ebl, idx), cnt);
3255
3256 if (def->vd_version != EV_CURRENT)
3257 ERROR (gettext ("\
3258 section [%2d] '%s': entry %d has wrong version %d\n"),
3259 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3260
3261 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3262 1, EV_CURRENT))
3263 {
3264 ERROR (gettext ("\
3265 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3266 idx, section_name (ebl, idx), cnt);
3267 break;
3268 }
3269
3270 unsigned int auxoffset = offset + def->vd_aux;
3271 GElf_Verdaux auxmem;
3272 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3273 if (aux == NULL)
3274 goto no_data;
3275
3276 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3277 if (name == NULL)
3278 {
3279 ERROR (gettext ("\
3280 section [%2d] '%s': entry %d has invalid name reference\n"),
3281 idx, section_name (ebl, idx), cnt);
3282 goto next_def;
3283 }
3284 GElf_Word hashval = elf_hash (name);
3285 if (def->vd_hash != hashval)
3286 ERROR (gettext ("\
3287 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3288 idx, section_name (ebl, idx), cnt, (int) hashval,
3289 (int) def->vd_hash);
3290
3291 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3292 if (unlikely (res !=0))
3293 {
3294 ERROR (gettext ("\
3295 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3296 idx, section_name (ebl, idx), cnt, name);
3297 }
3298
3299 struct namelist *newname = alloca (sizeof (*newname));
3300 newname->name = name;
3301 newname->next = namelist;
3302 namelist = newname;
3303
3304 auxoffset += aux->vda_next;
3305 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3306 {
3307 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3308 if (aux == NULL)
3309 goto no_data;
3310
3311 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3312 if (name == NULL)
3313 {
3314 ERROR (gettext ("\
3315 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3316 idx, section_name (ebl, idx), cnt);
3317 break;
3318 }
3319 else
3320 {
3321 newname = alloca (sizeof (*newname));
3322 newname->name = name;
3323 newname->next = refnamelist;
3324 refnamelist = newname;
3325 }
3326
3327 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3328 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3329 EV_CURRENT))
3330 {
3331 ERROR (gettext ("\
3332 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3333 idx, section_name (ebl, idx), cnt);
3334 break;
3335 }
3336
3337 auxoffset += MAX (aux->vda_next,
3338 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3339 }
3340
3341 /* Find the next offset. */
3342 next_def:
3343 offset += def->vd_next;
3344
3345 if ((def->vd_next != 0 || cnt > 0)
3346 && offset < auxoffset)
3347 {
3348 ERROR (gettext ("\
3349 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3350 idx, section_name (ebl, idx), cnt);
3351 break;
3352 }
3353
3354 if (def->vd_next == 0 && cnt > 0)
3355 {
3356 ERROR (gettext ("\
3357 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3358 idx, section_name (ebl, idx), cnt);
3359 break;
3360 }
3361 }
3362
3363 if (!has_base)
3364 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"),
3365 idx, section_name (ebl, idx));
3366
3367 /* Check whether the referenced names are available. */
3368 while (namelist != NULL)
3369 {
3370 struct version_namelist *runp = version_namelist;
3371 while (runp != NULL)
3372 {
3373 if (runp->type == ver_def
3374 && strcmp (runp->name, namelist->name) == 0)
3375 break;
3376 runp = runp->next;
3377 }
3378
3379 if (runp == NULL)
3380 ERROR (gettext ("\
3381 section [%2d] '%s': unknown parent version '%s'\n"),
3382 idx, section_name (ebl, idx), namelist->name);
3383
3384 namelist = namelist->next;
3385 }
3386 }
3387
3388 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3389 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3390 {
3391 if (shdr->sh_size == 0)
3392 {
3393 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"),
3394 idx, section_name (ebl, idx));
3395 return;
3396 }
3397
3398 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3399 if (data == NULL || data->d_size == 0 || data->d_buf == NULL)
3400 {
3401 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3402 idx, section_name (ebl, idx));
3403 return;
3404 }
3405
3406 inline size_t pos (const unsigned char *p)
3407 {
3408 return p - (const unsigned char *) data->d_buf;
3409 }
3410
3411 const unsigned char *p = data->d_buf;
3412 if (*p++ != 'A')
3413 {
3414 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"),
3415 idx, section_name (ebl, idx));
3416 return;
3417 }
3418
3419 inline size_t left (void)
3420 {
3421 return (const unsigned char *) data->d_buf + data->d_size - p;
3422 }
3423
3424 while (left () >= 4)
3425 {
3426 uint32_t len;
3427 memcpy (&len, p, sizeof len);
3428
3429 if (len == 0)
3430 ERROR (gettext ("\
3431 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3432 idx, section_name (ebl, idx), pos (p));
3433
3434 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3435 CONVERT (len);
3436
3437 if (len > left ())
3438 {
3439 ERROR (gettext ("\
3440 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3441 idx, section_name (ebl, idx), pos (p));
3442 break;
3443 }
3444
3445 const unsigned char *name = p + sizeof len;
3446 p += len;
3447
3448 unsigned const char *q = memchr (name, '\0', len);
3449 if (q == NULL)
3450 {
3451 ERROR (gettext ("\
3452 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3453 idx, section_name (ebl, idx), pos (p));
3454 break;
3455 }
3456 ++q;
3457
3458 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3459 while (q < p)
3460 {
3461 unsigned const char *chunk = q;
3462
3463 unsigned int subsection_tag;
3464 get_uleb128 (subsection_tag, q, p);
3465
3466 if (q >= p)
3467 {
3468 ERROR (gettext ("\
3469 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3470 idx, section_name (ebl, idx), pos (chunk));
3471 break;
3472 }
3473
3474 uint32_t subsection_len;
3475 if (p - q < (ptrdiff_t) sizeof subsection_len)
3476 {
3477 ERROR (gettext ("\
3478 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3479 idx, section_name (ebl, idx), pos (q));
3480 break;
3481 }
3482
3483 memcpy (&subsection_len, q, sizeof subsection_len);
3484 if (subsection_len == 0)
3485 {
3486 ERROR (gettext ("\
3487 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3488 idx, section_name (ebl, idx), pos (q));
3489
3490 q += sizeof subsection_len;
3491 continue;
3492 }
3493
3494 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3495 CONVERT (subsection_len);
3496
3497 /* Don't overflow, ptrdiff_t might be 32bits, but signed. */
3498 if (p - chunk < (ptrdiff_t) subsection_len
3499 || subsection_len >= (uint32_t) PTRDIFF_MAX)
3500 {
3501 ERROR (gettext ("\
3502 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3503 idx, section_name (ebl, idx), pos (q));
3504 break;
3505 }
3506
3507 const unsigned char *subsection_end = chunk + subsection_len;
3508 chunk = q;
3509 q = subsection_end;
3510
3511 if (subsection_tag != 1) /* Tag_File */
3512 ERROR (gettext ("\
3513 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3514 idx, section_name (ebl, idx), pos (chunk), subsection_tag);
3515 else
3516 {
3517 chunk += sizeof subsection_len;
3518 while (chunk < q)
3519 {
3520 unsigned int tag;
3521 get_uleb128 (tag, chunk, q);
3522
3523 uint64_t value = 0;
3524 const unsigned char *r = chunk;
3525 if (tag == 32 || (tag & 1) == 0)
3526 {
3527 get_uleb128 (value, r, q);
3528 if (r > q)
3529 {
3530 ERROR (gettext ("\
3531 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3532 idx, section_name (ebl, idx), pos (chunk));
3533 break;
3534 }
3535 }
3536 if (tag == 32 || (tag & 1) != 0)
3537 {
3538 r = memchr (r, '\0', q - r);
3539 if (r == NULL)
3540 {
3541 ERROR (gettext ("\
3542 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3543 idx, section_name (ebl, idx), pos (chunk));
3544 break;
3545 }
3546 ++r;
3547 }
3548
3549 const char *tag_name = NULL;
3550 const char *value_name = NULL;
3551 if (!ebl_check_object_attribute (ebl, (const char *) name,
3552 tag, value,
3553 &tag_name, &value_name))
3554 ERROR (gettext ("\
3555 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3556 idx, section_name (ebl, idx), pos (chunk), tag);
3557 else if ((tag & 1) == 0 && value_name == NULL)
3558 ERROR (gettext ("\
3559 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3560 idx, section_name (ebl, idx), pos (chunk),
3561 tag_name, value);
3562
3563 chunk = r;
3564 }
3565 }
3566 }
3567 else
3568 ERROR (gettext ("\
3569 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3570 idx, section_name (ebl, idx), pos (p), name);
3571 }
3572
3573 if (left () != 0)
3574 ERROR (gettext ("\
3575 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3576 idx, section_name (ebl, idx), pos (p));
3577 }
3578
3579 static bool has_loadable_segment;
3580 static bool has_interp_segment;
3581
3582 static const struct
3583 {
3584 const char *name;
3585 size_t namelen;
3586 GElf_Word type;
3587 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3588 GElf_Word attr;
3589 GElf_Word attr2;
3590 } special_sections[] =
3591 {
3592 /* See figure 4-14 in the gABI. */
3593 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3594 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3595 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3596 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3597 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3598 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3599 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3600 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3601 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3602 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3603 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3604 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3605 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3606 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3607 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3608 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3609 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3610 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3611 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3612 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3613 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3614 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3615 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3616 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3617 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3618 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3619 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3620 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3621 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3622 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3623 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3624 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3625
3626 /* The following are GNU extensions. */
3627 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3628 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3629 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3630 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3631 };
3632 #define nspecial_sections \
3633 (sizeof (special_sections) / sizeof (special_sections[0]))
3634
3635 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3636 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3637 && !memcmp (special_sections[idx].name, string, \
3638 sizeof string - (prefix ? 1 : 0)))
3639
3640
3641 /* Indeces of some sections we need later. */
3642 static size_t eh_frame_hdr_scnndx;
3643 static size_t eh_frame_scnndx;
3644 static size_t gcc_except_table_scnndx;
3645
3646
3647 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3648 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3649 {
3650 if (ehdr->e_shoff == 0)
3651 /* No section header. */
3652 return;
3653
3654 /* Allocate array to count references in section groups. */
3655 scnref = (int *) xcalloc (shnum, sizeof (int));
3656
3657 /* Check the zeroth section first. It must not have any contents
3658 and the section header must contain nonzero value at most in the
3659 sh_size and sh_link fields. */
3660 GElf_Shdr shdr_mem;
3661 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3662 if (shdr == NULL)
3663 ERROR (gettext ("cannot get section header of zeroth section\n"));
3664 else
3665 {
3666 if (shdr->sh_name != 0)
3667 ERROR (gettext ("zeroth section has nonzero name\n"));
3668 if (shdr->sh_type != 0)
3669 ERROR (gettext ("zeroth section has nonzero type\n"));
3670 if (shdr->sh_flags != 0)
3671 ERROR (gettext ("zeroth section has nonzero flags\n"));
3672 if (shdr->sh_addr != 0)
3673 ERROR (gettext ("zeroth section has nonzero address\n"));
3674 if (shdr->sh_offset != 0)
3675 ERROR (gettext ("zeroth section has nonzero offset\n"));
3676 if (shdr->sh_addralign != 0)
3677 ERROR (gettext ("zeroth section has nonzero align value\n"));
3678 if (shdr->sh_entsize != 0)
3679 ERROR (gettext ("zeroth section has nonzero entry size value\n"));
3680
3681 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3682 ERROR (gettext ("\
3683 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3684
3685 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3686 ERROR (gettext ("\
3687 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3688
3689 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3690 ERROR (gettext ("\
3691 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3692 }
3693
3694 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3695
3696 bool dot_interp_section = false;
3697
3698 size_t hash_idx = 0;
3699 size_t gnu_hash_idx = 0;
3700
3701 size_t versym_scnndx = 0;
3702 for (size_t cnt = 1; cnt < shnum; ++cnt)
3703 {
3704 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
3705 shdr = gelf_getshdr (scn, &shdr_mem);
3706 if (shdr == NULL)
3707 {
3708 ERROR (gettext ("\
3709 cannot get section header for section [%2zu] '%s': %s\n"),
3710 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3711 continue;
3712 }
3713
3714 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3715
3716 if (scnname == NULL)
3717 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
3718 else
3719 {
3720 /* Check whether it is one of the special sections defined in
3721 the gABI. */
3722 size_t s;
3723 for (s = 0; s < nspecial_sections; ++s)
3724 if (strncmp (scnname, special_sections[s].name,
3725 special_sections[s].namelen) == 0)
3726 {
3727 char stbuf1[100];
3728 char stbuf2[100];
3729 char stbuf3[100];
3730
3731 GElf_Word good_type = special_sections[s].type;
3732 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3733 && ebl_bss_plt_p (ebl))
3734 good_type = SHT_NOBITS;
3735
3736 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3737 This is only invalid for DWARF sections and .shstrtab. */
3738 if (shdr->sh_type != good_type
3739 && (shdr->sh_type != SHT_NOBITS
3740 || !is_debuginfo
3741 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3742 || IS_KNOWN_SPECIAL (s, ".debug", true)
3743 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3744 ERROR (gettext ("\
3745 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3746 (int) cnt, scnname,
3747 ebl_section_type_name (ebl, special_sections[s].type,
3748 stbuf1, sizeof (stbuf1)),
3749 ebl_section_type_name (ebl, shdr->sh_type,
3750 stbuf2, sizeof (stbuf2)));
3751
3752 if (special_sections[s].attrflag == exact
3753 || special_sections[s].attrflag == exact_or_gnuld)
3754 {
3755 /* Except for the link order, group bit and
3756 compression flag all the other bits should
3757 match exactly. */
3758 if ((shdr->sh_flags
3759 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED))
3760 != special_sections[s].attr
3761 && (special_sections[s].attrflag == exact || !gnuld))
3762 ERROR (gettext ("\
3763 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3764 cnt, scnname,
3765 section_flags_string (special_sections[s].attr,
3766 stbuf1, sizeof (stbuf1)),
3767 section_flags_string (shdr->sh_flags
3768 & ~SHF_LINK_ORDER,
3769 stbuf2, sizeof (stbuf2)));
3770 }
3771 else if (special_sections[s].attrflag == atleast)
3772 {
3773 if ((shdr->sh_flags & special_sections[s].attr)
3774 != special_sections[s].attr
3775 || ((shdr->sh_flags
3776 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED
3777 | special_sections[s].attr
3778 | special_sections[s].attr2))
3779 != 0))
3780 ERROR (gettext ("\
3781 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3782 cnt, scnname,
3783 section_flags_string (special_sections[s].attr,
3784 stbuf1, sizeof (stbuf1)),
3785 section_flags_string (special_sections[s].attr2,
3786 stbuf2, sizeof (stbuf2)),
3787 section_flags_string (shdr->sh_flags
3788 & ~(SHF_LINK_ORDER
3789 | SHF_GROUP),
3790 stbuf3, sizeof (stbuf3)));
3791 }
3792
3793 if (strcmp (scnname, ".interp") == 0)
3794 {
3795 dot_interp_section = true;
3796
3797 if (ehdr->e_type == ET_REL)
3798 ERROR (gettext ("\
3799 section [%2zu] '%s' present in object file\n"),
3800 cnt, scnname);
3801
3802 if ((shdr->sh_flags & SHF_ALLOC) != 0
3803 && !has_loadable_segment)
3804 ERROR (gettext ("\
3805 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3806 cnt, scnname);
3807 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3808 && has_loadable_segment)
3809 ERROR (gettext ("\
3810 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3811 cnt, scnname);
3812 }
3813 else
3814 {
3815 if (strcmp (scnname, ".symtab_shndx") == 0
3816 && ehdr->e_type != ET_REL)
3817 ERROR (gettext ("\
3818 section [%2zu] '%s' is extension section index table in non-object file\n"),
3819 cnt, scnname);
3820
3821 /* These sections must have the SHF_ALLOC flag set iff
3822 a loadable segment is available.
3823
3824 .relxxx
3825 .strtab
3826 .symtab
3827 .symtab_shndx
3828
3829 Check that if there is a reference from the
3830 loaded section these sections also have the
3831 ALLOC flag set. */
3832 #if 0
3833 // XXX TODO
3834 if ((shdr->sh_flags & SHF_ALLOC) != 0
3835 && !has_loadable_segment)
3836 ERROR (gettext ("\
3837 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3838 cnt, scnname);
3839 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3840 && has_loadable_segment)
3841 ERROR (gettext ("\
3842 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3843 cnt, scnname);
3844 #endif
3845 }
3846
3847 break;
3848 }
3849
3850 /* Remember a few special sections for later. */
3851 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3852 eh_frame_hdr_scnndx = cnt;
3853 else if (strcmp (scnname, ".eh_frame") == 0)
3854 eh_frame_scnndx = cnt;
3855 else if (strcmp (scnname, ".gcc_except_table") == 0)
3856 gcc_except_table_scnndx = cnt;
3857 }
3858
3859 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3860 ERROR (gettext ("\
3861 section [%2zu] '%s': size not multiple of entry size\n"),
3862 cnt, section_name (ebl, cnt));
3863
3864 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3865 ERROR (gettext ("cannot get section header\n"));
3866
3867 if (shdr->sh_type >= SHT_NUM
3868 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3869 && shdr->sh_type != SHT_GNU_LIBLIST
3870 && shdr->sh_type != SHT_CHECKSUM
3871 && shdr->sh_type != SHT_GNU_verdef
3872 && shdr->sh_type != SHT_GNU_verneed
3873 && shdr->sh_type != SHT_GNU_versym
3874 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3875 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"),
3876 cnt, section_name (ebl, cnt),
3877 (int) shdr->sh_type);
3878
3879 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3880 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3881 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS \
3882 | SHF_COMPRESSED)
3883 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3884 {
3885 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3886 if (sh_flags & SHF_MASKPROC)
3887 {
3888 if (!ebl_machine_section_flag_check (ebl,
3889 sh_flags & SHF_MASKPROC))
3890 ERROR (gettext ("section [%2zu] '%s'"
3891 " contains invalid processor-specific flag(s)"
3892 " %#" PRIx64 "\n"),
3893 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3894 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3895 }
3896 if (sh_flags != 0)
3897 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)"
3898 " %#" PRIx64 "\n"),
3899 cnt, section_name (ebl, cnt), sh_flags);
3900 }
3901 if (shdr->sh_flags & SHF_TLS)
3902 {
3903 // XXX Correct?
3904 if (shdr->sh_addr != 0 && !gnuld)
3905 ERROR (gettext ("\
3906 section [%2zu] '%s': thread-local data sections address not zero\n"),
3907 cnt, section_name (ebl, cnt));
3908
3909 // XXX TODO more tests!?
3910 }
3911
3912 if (shdr->sh_flags & SHF_COMPRESSED)
3913 {
3914 if (shdr->sh_flags & SHF_ALLOC)
3915 ERROR (gettext ("\
3916 section [%2zu] '%s': allocated section cannot be compressed\n"),
3917 cnt, section_name (ebl, cnt));
3918
3919 if (shdr->sh_type == SHT_NOBITS)
3920 ERROR (gettext ("\
3921 section [%2zu] '%s': nobits section cannot be compressed\n"),
3922 cnt, section_name (ebl, cnt));
3923
3924 GElf_Chdr chdr;
3925 if (gelf_getchdr (scn, &chdr) == NULL)
3926 ERROR (gettext ("\
3927 section [%2zu] '%s': compressed section with no compression header: %s\n"),
3928 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3929 }
3930
3931 if (shdr->sh_link >= shnum)
3932 ERROR (gettext ("\
3933 section [%2zu] '%s': invalid section reference in link value\n"),
3934 cnt, section_name (ebl, cnt));
3935
3936 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
3937 ERROR (gettext ("\
3938 section [%2zu] '%s': invalid section reference in info value\n"),
3939 cnt, section_name (ebl, cnt));
3940
3941 if ((shdr->sh_flags & SHF_MERGE) == 0
3942 && (shdr->sh_flags & SHF_STRINGS) != 0
3943 && be_strict)
3944 ERROR (gettext ("\
3945 section [%2zu] '%s': strings flag set without merge flag\n"),
3946 cnt, section_name (ebl, cnt));
3947
3948 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
3949 ERROR (gettext ("\
3950 section [%2zu] '%s': merge flag set but entry size is zero\n"),
3951 cnt, section_name (ebl, cnt));
3952
3953 if (shdr->sh_flags & SHF_GROUP)
3954 check_scn_group (ebl, cnt);
3955
3956 if (shdr->sh_flags & SHF_EXECINSTR)
3957 {
3958 switch (shdr->sh_type)
3959 {
3960 case SHT_PROGBITS:
3961 break;
3962
3963 case SHT_NOBITS:
3964 if (is_debuginfo)
3965 break;
3966 default:
3967 ERROR (gettext ("\
3968 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
3969 cnt, section_name (ebl, cnt), shdr->sh_type);
3970 break;
3971 }
3972
3973 if (shdr->sh_flags & SHF_WRITE)
3974 {
3975 if (is_debuginfo && shdr->sh_type != SHT_NOBITS)
3976 ERROR (gettext ("\
3977 section [%2zu] '%s' must be of type NOBITS in debuginfo files\n"),
3978 cnt, section_name (ebl, cnt));
3979
3980 if (!is_debuginfo
3981 && !ebl_check_special_section (ebl, cnt, shdr,
3982 section_name (ebl, cnt)))
3983 ERROR (gettext ("\
3984 section [%2zu] '%s' is both executable and writable\n"),
3985 cnt, section_name (ebl, cnt));
3986 }
3987 }
3988
3989 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0
3990 && !is_debuginfo)
3991 {
3992 /* Make sure the section is contained in a loaded segment
3993 and that the initialization part matches NOBITS sections. */
3994 unsigned int pcnt;
3995 GElf_Phdr phdr_mem;
3996 GElf_Phdr *phdr;
3997
3998 for (pcnt = 0; pcnt < phnum; ++pcnt)
3999 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
4000 && ((phdr->p_type == PT_LOAD
4001 && (shdr->sh_flags & SHF_TLS) == 0)
4002 || (phdr->p_type == PT_TLS
4003 && (shdr->sh_flags & SHF_TLS) != 0))
4004 && phdr->p_offset <= shdr->sh_offset
4005 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
4006 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
4007 || shdr->sh_size == 0))
4008 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
4009 && shdr->sh_type == SHT_NOBITS)))
4010 {
4011 /* Found the segment. */
4012 if (phdr->p_offset + phdr->p_memsz
4013 < shdr->sh_offset + shdr->sh_size)
4014 ERROR (gettext ("\
4015 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
4016 cnt, section_name (ebl, cnt), pcnt);
4017
4018 if (shdr->sh_type == SHT_NOBITS)
4019 {
4020 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
4021 && !is_debuginfo)
4022 {
4023 if (!gnuld)
4024 ERROR (gettext ("\
4025 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
4026 cnt, section_name (ebl, cnt), pcnt);
4027 else
4028 {
4029 /* This is truly horrible. GNU ld might put a
4030 NOBITS section in the middle of a PT_LOAD
4031 segment, assuming the next gap in the file
4032 actually consists of zero bits...
4033 So it really is like a PROGBITS section
4034 where the data is all zeros. Check those
4035 zero bytes are really there. */
4036 bool bad;
4037 Elf_Data *databits;
4038 databits = elf_getdata_rawchunk (ebl->elf,
4039 shdr->sh_offset,
4040 shdr->sh_size,
4041 ELF_T_BYTE);
4042 bad = (databits == NULL
4043 || databits->d_size != shdr->sh_size);
4044 for (size_t idx = 0;
4045 idx < databits->d_size && ! bad;
4046 idx++)
4047 bad = ((char *) databits->d_buf)[idx] != 0;
4048
4049 if (bad)
4050 ERROR (gettext ("\
4051 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d and file contents is non-zero\n"),
4052 cnt, section_name (ebl, cnt), pcnt);
4053 }
4054 }
4055 }
4056 else
4057 {
4058 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
4059 if (shdr->sh_offset > end ||
4060 (shdr->sh_offset == end && shdr->sh_size != 0))
4061 ERROR (gettext ("\
4062 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
4063 cnt, section_name (ebl, cnt), pcnt);
4064 }
4065
4066 if (shdr->sh_type != SHT_NOBITS)
4067 {
4068 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
4069 {
4070 segment_flags[pcnt] |= PF_X;
4071 if ((phdr->p_flags & PF_X) == 0)
4072 ERROR (gettext ("\
4073 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
4074 cnt, section_name (ebl, cnt), pcnt);
4075 }
4076
4077 if ((shdr->sh_flags & SHF_WRITE) != 0)
4078 {
4079 segment_flags[pcnt] |= PF_W;
4080 if (0 /* XXX vdso images have this */
4081 && (phdr->p_flags & PF_W) == 0)
4082 ERROR (gettext ("\
4083 section [%2zu] '%s' is writable in unwritable segment %d\n"),
4084 cnt, section_name (ebl, cnt), pcnt);
4085 }
4086 }
4087
4088 break;
4089 }
4090
4091 if (pcnt == phnum)
4092 ERROR (gettext ("\
4093 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
4094 cnt, section_name (ebl, cnt));
4095 }
4096
4097 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
4098 ERROR (gettext ("\
4099 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
4100 cnt, section_name (ebl, cnt));
4101
4102 switch (shdr->sh_type)
4103 {
4104 case SHT_DYNSYM:
4105 if (ehdr->e_type == ET_REL)
4106 ERROR (gettext ("\
4107 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
4108 cnt, section_name (ebl, cnt));
4109 /* FALLTHROUGH */
4110 case SHT_SYMTAB:
4111 check_symtab (ebl, ehdr, shdr, cnt);
4112 break;
4113
4114 case SHT_RELA:
4115 check_rela (ebl, ehdr, shdr, cnt);
4116 break;
4117
4118 case SHT_REL:
4119 check_rel (ebl, ehdr, shdr, cnt);
4120 break;
4121
4122 case SHT_DYNAMIC:
4123 check_dynamic (ebl, ehdr, shdr, cnt);
4124 break;
4125
4126 case SHT_SYMTAB_SHNDX:
4127 check_symtab_shndx (ebl, ehdr, shdr, cnt);
4128 break;
4129
4130 case SHT_HASH:
4131 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4132 hash_idx = cnt;
4133 break;
4134
4135 case SHT_GNU_HASH:
4136 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4137 gnu_hash_idx = cnt;
4138 break;
4139
4140 case SHT_NULL:
4141 check_null (ebl, shdr, cnt);
4142 break;
4143
4144 case SHT_GROUP:
4145 check_group (ebl, ehdr, shdr, cnt);
4146 break;
4147
4148 case SHT_NOTE:
4149 check_note_section (ebl, ehdr, shdr, cnt);
4150 break;
4151
4152 case SHT_GNU_versym:
4153 /* We cannot process this section now since we have no guarantee
4154 that the verneed and verdef sections have already been read.
4155 Just remember the section index. */
4156 if (versym_scnndx != 0)
4157 ERROR (gettext ("more than one version symbol table present\n"));
4158 versym_scnndx = cnt;
4159 break;
4160
4161 case SHT_GNU_verneed:
4162 check_verneed (ebl, shdr, cnt);
4163 break;
4164
4165 case SHT_GNU_verdef:
4166 check_verdef (ebl, shdr, cnt);
4167 break;
4168
4169 case SHT_GNU_ATTRIBUTES:
4170 check_attributes (ebl, ehdr, shdr, cnt);
4171 break;
4172
4173 default:
4174 /* Nothing. */
4175 break;
4176 }
4177 }
4178
4179 if (has_interp_segment && !dot_interp_section)
4180 ERROR (gettext ("INTERP program header entry but no .interp section\n"));
4181
4182 if (!is_debuginfo)
4183 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
4184 {
4185 GElf_Phdr phdr_mem;
4186 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
4187 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
4188 {
4189 if ((phdr->p_flags & PF_X) != 0
4190 && (segment_flags[pcnt] & PF_X) == 0)
4191 ERROR (gettext ("\
4192 loadable segment [%u] is executable but contains no executable sections\n"),
4193 pcnt);
4194
4195 if ((phdr->p_flags & PF_W) != 0
4196 && (segment_flags[pcnt] & PF_W) == 0)
4197 ERROR (gettext ("\
4198 loadable segment [%u] is writable but contains no writable sections\n"),
4199 pcnt);
4200 }
4201 }
4202
4203 free (segment_flags);
4204
4205 if (version_namelist != NULL)
4206 {
4207 if (versym_scnndx == 0)
4208 ERROR (gettext ("\
4209 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
4210 else
4211 check_versym (ebl, versym_scnndx);
4212
4213 /* Check for duplicate index numbers. */
4214 do
4215 {
4216 struct version_namelist *runp = version_namelist->next;
4217 while (runp != NULL)
4218 {
4219 if (version_namelist->ndx == runp->ndx)
4220 {
4221 ERROR (gettext ("duplicate version index %d\n"),
4222 (int) version_namelist->ndx);
4223 break;
4224 }
4225 runp = runp->next;
4226 }
4227
4228 struct version_namelist *old = version_namelist;
4229 version_namelist = version_namelist->next;
4230 free (old);
4231 }
4232 while (version_namelist != NULL);
4233 }
4234 else if (versym_scnndx != 0)
4235 ERROR (gettext ("\
4236 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
4237
4238 if (hash_idx != 0 && gnu_hash_idx != 0)
4239 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
4240
4241 free (scnref);
4242 }
4243
4244
4245 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)4246 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
4247 Elf_Data *data, int shndx, int phndx, GElf_Off start)
4248 {
4249 size_t offset = 0;
4250 size_t last_offset = 0;
4251 GElf_Nhdr nhdr;
4252 size_t name_offset;
4253 size_t desc_offset;
4254 while (offset < data->d_size
4255 && (offset = gelf_getnote (data, offset,
4256 &nhdr, &name_offset, &desc_offset)) > 0)
4257 {
4258 last_offset = offset;
4259
4260 /* Make sure it is one of the note types we know about. */
4261 if (ehdr->e_type == ET_CORE)
4262 switch (nhdr.n_type)
4263 {
4264 case NT_PRSTATUS:
4265 case NT_FPREGSET:
4266 case NT_PRPSINFO:
4267 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
4268 case NT_PLATFORM:
4269 case NT_AUXV:
4270 case NT_GWINDOWS:
4271 case NT_ASRS:
4272 case NT_PSTATUS:
4273 case NT_PSINFO:
4274 case NT_PRCRED:
4275 case NT_UTSNAME:
4276 case NT_LWPSTATUS:
4277 case NT_LWPSINFO:
4278 case NT_PRFPXREG:
4279 /* Known type. */
4280 break;
4281
4282 default:
4283 if (shndx == 0)
4284 ERROR (gettext ("\
4285 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
4286 phndx, (uint32_t) nhdr.n_type, start + offset);
4287 else
4288 ERROR (gettext ("\
4289 section [%2d] '%s': unknown core file note type %" PRIu32
4290 " at offset %zu\n"),
4291 shndx, section_name (ebl, shndx),
4292 (uint32_t) nhdr.n_type, offset);
4293 }
4294 else
4295 switch (nhdr.n_type)
4296 {
4297 case NT_GNU_ABI_TAG:
4298 case NT_GNU_HWCAP:
4299 case NT_GNU_BUILD_ID:
4300 case NT_GNU_GOLD_VERSION:
4301 break;
4302
4303 case 0:
4304 /* Linux vDSOs use a type 0 note for the kernel version word. */
4305 if (nhdr.n_namesz == sizeof "Linux"
4306 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
4307 break;
4308
4309 default:
4310 if (shndx == 0)
4311 ERROR (gettext ("\
4312 phdr[%d]: unknown object file note type %" PRIu32 " at offset %zu\n"),
4313 phndx, (uint32_t) nhdr.n_type, offset);
4314 else
4315 ERROR (gettext ("\
4316 section [%2d] '%s': unknown object file note type %" PRIu32
4317 " at offset %zu\n"),
4318 shndx, section_name (ebl, shndx),
4319 (uint32_t) nhdr.n_type, offset);
4320 }
4321 }
4322
4323 return last_offset;
4324 }
4325
4326
4327 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4328 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4329 {
4330 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4331 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4332 ERROR (gettext ("\
4333 phdr[%d]: no note entries defined for the type of file\n"),
4334 cnt);
4335
4336 if (is_debuginfo)
4337 /* The p_offset values in a separate debug file are bogus. */
4338 return;
4339
4340 if (phdr->p_filesz == 0)
4341 return;
4342
4343 GElf_Off notes_size = 0;
4344 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4345 phdr->p_offset, phdr->p_filesz,
4346 ELF_T_NHDR);
4347 if (data != NULL && data->d_buf != NULL)
4348 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4349
4350 if (notes_size == 0)
4351 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"),
4352 cnt, elf_errmsg (-1));
4353 else if (notes_size != phdr->p_filesz)
4354 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4355 cnt, phdr->p_filesz - notes_size);
4356 }
4357
4358
4359 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4360 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4361 {
4362 if (shdr->sh_size == 0)
4363 return;
4364
4365 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4366 if (data == NULL || data->d_buf == NULL)
4367 {
4368 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
4369 idx, section_name (ebl, idx));
4370 return;
4371 }
4372
4373 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4374 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4375 ERROR (gettext ("\
4376 section [%2d] '%s': no note entries defined for the type of file\n"),
4377 idx, section_name (ebl, idx));
4378
4379 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4380
4381 if (notes_size == 0)
4382 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"),
4383 idx, section_name (ebl, idx));
4384 else if (notes_size != shdr->sh_size)
4385 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64
4386 " bytes after last note\n"),
4387 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4388 }
4389
4390
4391 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4392 static int pt_gnu_eh_frame_pndx;
4393
4394
4395 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4396 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4397 {
4398 if (ehdr->e_phoff == 0)
4399 return;
4400
4401 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4402 && ehdr->e_type != ET_CORE)
4403 ERROR (gettext ("\
4404 only executables, shared objects, and core files can have program headers\n"));
4405
4406 int num_pt_interp = 0;
4407 int num_pt_tls = 0;
4408 int num_pt_relro = 0;
4409
4410 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4411 {
4412 GElf_Phdr phdr_mem;
4413 GElf_Phdr *phdr;
4414
4415 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4416 if (phdr == NULL)
4417 {
4418 ERROR (gettext ("cannot get program header entry %d: %s\n"),
4419 cnt, elf_errmsg (-1));
4420 continue;
4421 }
4422
4423 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4424 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4425 /* Check for a known machine-specific type. */
4426 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4427 ERROR (gettext ("\
4428 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4429 cnt, (uint64_t) phdr->p_type);
4430
4431 if (phdr->p_type == PT_LOAD)
4432 has_loadable_segment = true;
4433 else if (phdr->p_type == PT_INTERP)
4434 {
4435 if (++num_pt_interp != 1)
4436 {
4437 if (num_pt_interp == 2)
4438 ERROR (gettext ("\
4439 more than one INTERP entry in program header\n"));
4440 }
4441 has_interp_segment = true;
4442 }
4443 else if (phdr->p_type == PT_TLS)
4444 {
4445 if (++num_pt_tls == 2)
4446 ERROR (gettext ("more than one TLS entry in program header\n"));
4447 }
4448 else if (phdr->p_type == PT_NOTE)
4449 check_note (ebl, ehdr, phdr, cnt);
4450 else if (phdr->p_type == PT_DYNAMIC)
4451 {
4452 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4453 ERROR (gettext ("\
4454 static executable cannot have dynamic sections\n"));
4455 else
4456 {
4457 /* Check that the .dynamic section, if it exists, has
4458 the same address. */
4459 Elf_Scn *scn = NULL;
4460 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4461 {
4462 GElf_Shdr shdr_mem;
4463 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4464 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4465 {
4466 if (phdr->p_offset != shdr->sh_offset)
4467 ERROR (gettext ("\
4468 dynamic section reference in program header has wrong offset\n"));
4469 if (phdr->p_memsz != shdr->sh_size)
4470 ERROR (gettext ("\
4471 dynamic section size mismatch in program and section header\n"));
4472 break;
4473 }
4474 }
4475 }
4476 }
4477 else if (phdr->p_type == PT_GNU_RELRO)
4478 {
4479 if (++num_pt_relro == 2)
4480 ERROR (gettext ("\
4481 more than one GNU_RELRO entry in program header\n"));
4482 else
4483 {
4484 /* Check that the region is in a writable segment. */
4485 unsigned int inner;
4486 for (inner = 0; inner < phnum; ++inner)
4487 {
4488 GElf_Phdr phdr2_mem;
4489 GElf_Phdr *phdr2;
4490
4491 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4492 if (phdr2 == NULL)
4493 continue;
4494
4495 if (phdr2->p_type == PT_LOAD
4496 && phdr->p_vaddr >= phdr2->p_vaddr
4497 && (phdr->p_vaddr + phdr->p_memsz
4498 <= phdr2->p_vaddr + phdr2->p_memsz))
4499 {
4500 if ((phdr2->p_flags & PF_W) == 0)
4501 ERROR (gettext ("\
4502 loadable segment GNU_RELRO applies to is not writable\n"));
4503 /* Unless fully covered, relro flags could be a
4504 subset of the phdrs2 flags. For example the load
4505 segment could also have PF_X set. */
4506 if (phdr->p_vaddr == phdr2->p_vaddr
4507 && (phdr->p_vaddr + phdr->p_memsz
4508 == phdr2->p_vaddr + phdr2->p_memsz))
4509 {
4510 if ((phdr2->p_flags & ~PF_W)
4511 != (phdr->p_flags & ~PF_W))
4512 ERROR (gettext ("\
4513 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4514 cnt, inner);
4515 }
4516 else
4517 {
4518 if ((phdr->p_flags & ~phdr2->p_flags) != 0)
4519 ERROR (gettext ("\
4520 GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"),
4521 inner, cnt);
4522 }
4523 break;
4524 }
4525 }
4526
4527 if (inner >= phnum)
4528 ERROR (gettext ("\
4529 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4530 }
4531 }
4532 else if (phdr->p_type == PT_PHDR)
4533 {
4534 /* Check that the region is in a writable segment. */
4535 unsigned int inner;
4536 for (inner = 0; inner < phnum; ++inner)
4537 {
4538 GElf_Phdr phdr2_mem;
4539 GElf_Phdr *phdr2;
4540
4541 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4542 if (phdr2 != NULL
4543 && phdr2->p_type == PT_LOAD
4544 && phdr->p_vaddr >= phdr2->p_vaddr
4545 && (phdr->p_vaddr + phdr->p_memsz
4546 <= phdr2->p_vaddr + phdr2->p_memsz))
4547 break;
4548 }
4549
4550 if (inner >= phnum)
4551 ERROR (gettext ("\
4552 %s segment not contained in a loaded segment\n"), "PHDR");
4553
4554 /* Check that offset in segment corresponds to offset in ELF
4555 header. */
4556 if (phdr->p_offset != ehdr->e_phoff)
4557 ERROR (gettext ("\
4558 program header offset in ELF header and PHDR entry do not match"));
4559 }
4560 else if (phdr->p_type == PT_GNU_EH_FRAME)
4561 {
4562 /* If there is an .eh_frame_hdr section it must be
4563 referenced by this program header entry. */
4564 Elf_Scn *scn = NULL;
4565 GElf_Shdr shdr_mem;
4566 GElf_Shdr *shdr = NULL;
4567 bool any = false;
4568 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4569 {
4570 any = true;
4571 shdr = gelf_getshdr (scn, &shdr_mem);
4572 if (shdr != NULL
4573 && shdr->sh_type == (is_debuginfo
4574 ? SHT_NOBITS : SHT_PROGBITS)
4575 && elf_strptr (ebl->elf, shstrndx, shdr->sh_name) != NULL
4576 && ! strcmp (".eh_frame_hdr",
4577 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4578 {
4579 if (! is_debuginfo)
4580 {
4581 if (phdr->p_offset != shdr->sh_offset)
4582 ERROR (gettext ("\
4583 call frame search table reference in program header has wrong offset\n"));
4584 if (phdr->p_memsz != shdr->sh_size)
4585 ERROR (gettext ("\
4586 call frame search table size mismatch in program and section header\n"));
4587 }
4588 break;
4589 }
4590 }
4591
4592 if (scn == NULL)
4593 {
4594 /* If there is no section header table we don't
4595 complain. But if there is one there should be an
4596 entry for .eh_frame_hdr. */
4597 if (any)
4598 ERROR (gettext ("\
4599 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4600 }
4601 else
4602 {
4603 /* The section must be allocated and not be writable and
4604 executable. */
4605 if ((phdr->p_flags & PF_R) == 0)
4606 ERROR (gettext ("\
4607 call frame search table must be allocated\n"));
4608 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4609 ERROR (gettext ("\
4610 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4611
4612 if ((phdr->p_flags & PF_W) != 0)
4613 ERROR (gettext ("\
4614 call frame search table must not be writable\n"));
4615 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4616 ERROR (gettext ("\
4617 section [%2zu] '%s' must not be writable\n"),
4618 elf_ndxscn (scn), ".eh_frame_hdr");
4619
4620 if ((phdr->p_flags & PF_X) != 0)
4621 ERROR (gettext ("\
4622 call frame search table must not be executable\n"));
4623 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4624 ERROR (gettext ("\
4625 section [%2zu] '%s' must not be executable\n"),
4626 elf_ndxscn (scn), ".eh_frame_hdr");
4627 }
4628
4629 /* Remember which entry this is. */
4630 pt_gnu_eh_frame_pndx = cnt;
4631 }
4632
4633 if (phdr->p_filesz > phdr->p_memsz
4634 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
4635 ERROR (gettext ("\
4636 program header entry %d: file size greater than memory size\n"),
4637 cnt);
4638
4639 if (phdr->p_align > 1)
4640 {
4641 if (!powerof2 (phdr->p_align))
4642 ERROR (gettext ("\
4643 program header entry %d: alignment not a power of 2\n"), cnt);
4644 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4645 ERROR (gettext ("\
4646 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4647 }
4648 }
4649 }
4650
4651
4652 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4653 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4654 GElf_Ehdr *ehdr __attribute__ ((unused)))
4655 {
4656 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4657 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4658 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have "
4659 "a PT_GNU_EH_FRAME program header entry"));
4660 }
4661
4662
4663 /* Process one file. */
4664 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4665 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4666 const char *fname, size_t size, bool only_one)
4667 {
4668 /* Reset variables. */
4669 ndynamic = 0;
4670 nverneed = 0;
4671 nverdef = 0;
4672 textrel = false;
4673 needed_textrel = false;
4674 has_loadable_segment = false;
4675 has_interp_segment = false;
4676
4677 GElf_Ehdr ehdr_mem;
4678 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4679 Ebl *ebl;
4680
4681 /* Print the file name. */
4682 if (!only_one)
4683 {
4684 if (prefix != NULL)
4685 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4686 else
4687 printf ("\n%s:\n", fname);
4688 }
4689
4690 if (ehdr == NULL)
4691 {
4692 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
4693 return;
4694 }
4695
4696 ebl = ebl_openbackend (elf);
4697 /* If there is no appropriate backend library we cannot test
4698 architecture and OS specific features. Any encountered extension
4699 is an error. */
4700
4701 /* Go straight by the gABI, check all the parts in turn. */
4702 check_elf_header (ebl, ehdr, size);
4703
4704 /* Check the program header. */
4705 check_program_header (ebl, ehdr);
4706
4707 /* Next the section headers. It is OK if there are no section
4708 headers at all. */
4709 check_sections (ebl, ehdr);
4710
4711 /* Check the exception handling data, if it exists. */
4712 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4713 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4714 check_exception_data (ebl, ehdr);
4715
4716 /* Report if no relocation section needed the text relocation flag. */
4717 if (textrel && !needed_textrel)
4718 ERROR (gettext ("text relocation flag set but not needed\n"));
4719
4720 /* Free the resources. */
4721 ebl_closebackend (ebl);
4722 }
4723
4724
4725 #include "debugpred.h"
4726