| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
When reading the debug_line opcode arguments we have to make sure there
is enough data to read the arguments (if there are any(.
The similar code in dwarf_getsrclines already had these checks.
https://sourceware.org/bugzilla/show_bug.cgi?id=24116
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The check for whether a symbol used the extended section table was
wrong causing the run-strip-test-many.sh testcase to declare the
testfile was an illformed file.
Fixing this exposed a strict elfutils check for the '.shstrtab'
section having this exact name and a SHT_STRTAB type. This might
be a little too strict, but easily worked around by changing the
name of the "old" shstrtab section in the addsections program.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
| |
https://sourceware.org/bugzilla/show_bug.cgi?id=24116
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For DWARF version < 5 the .debug_line directory and file tables consist
of a terminating NUL byte after all strings. The code used to just skip
this without checking it actually existed. This could case a spurious
read past the end of data.
Fix the same issue in readelf.
https://sourceware.org/bugzilla/show_bug.cgi?id=24102
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
Most strings in core notes are fixed size. But NT_PLATFORM contains just
a variable length string. Check that it is actually zero terminated
before passing to readelf to print.
https://sourceware.org/bugzilla/show_bug.cgi?id=24089
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
The gold linker might generate an .eh_frame_hdr with a SHT_X86_64_UNWIND
type instead of a SHT_PROGBITS type.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Check whether a section was gnu compressed and decompress it first
before trying to resolve relocations. Recompress it afterwards.
This found a bug in elf_compress_gnu which would use the "raw" file
contents even if the user had just created the section (copying over
the section from the original input file).
Add compressed ET_REL tests to run-strip-reloc.sh testcase.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU Build Attribute ELF Notes are generated by the GCC annobin plugin
and described at https://fedoraproject.org/wiki/Toolchain/Watermark
Unfortunately the constants aren't yet described in the standard glibc
elf.h so they have been added to the elfutils specific elf-knowledge.h.
The notes abuse the name owner field to encode some data not in the
description. This makes it a bit hard to parse. We have to match the
note owner name prefix (to "GA") to be sure the type is valid. We also
cannot rely on the owner name being a valid C string since the attribute
name and value can contain zero (terminators). So pass around namesz
to the ebl note parsing functions.
eu-elflint will recognize and eu-readelf -n will now show the notes:
Note section [27] '.gnu.build.attributes' of 56080 bytes at offset 0x114564:
Owner Data size Type
GA 16 GNU Build Attribute OPEN
Address Range: 0x2f30f - 0x2f30f
VERSION: "3p8"
GA 0 GNU Build Attribute OPEN
TOOL: "gcc 8.2.1 20180801"
GA 0 GNU Build Attribute OPEN
"GOW": 45
GA 0 GNU Build Attribute OPEN
STACK_PROT: 0
GA 0 GNU Build Attribute OPEN
"stack_clash": TRUE
GA 0 GNU Build Attribute OPEN
"cf_protection": 0
GA 0 GNU Build Attribute OPEN
"GLIBCXX_ASSERTIONS": TRUE
GA 0 GNU Build Attribute OPEN
"FORTIFY": 0
GA 0 GNU Build Attribute OPEN
PIC: 3
GA 0 GNU Build Attribute OPEN
SHORT_ENUM: FALSE
GA 0 GNU Build Attribute OPEN
ABI: c001100000012
GA 0 GNU Build Attribute OPEN
"stack_realign": FALSE
A new test was added to run-readelf -n for the existing annobin file.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
NT_VERSION notes are emitted by the gas .version directive.
They have an empty description and (ab)use the owner name to store the
version data string.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new function dwelf_elf_begin which creates a (read-only)
ELF handle from a possibly compressed file handle or a file that start
with a linux kernel header. This can be used in eu-readelf to (re)open a
(pure) ELF.
eu-readelf uses libdwfl to relocate addresses in the original file in
case it is ET_REL. But to show the "raw" data it might need to (re)open
the file. Which could fail if the file was compressed. And produced an
obscure error message: "cannot create EBL handle".
This rewrites __libdw_open_file a little so that the given file handle
will never be closed (whether on success or failure) and introduces a
new internal function __libdw_open_elf that dwelf_elf_begin wraps.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This option does the same thing as --reloc-debug-sections without doing
any other strip operation. This is useful when you want to remove the
debug section relocations in a separate ET_REL debug file that was created
without --reloc-debug-sections, or for a file (like the linux debug vmlinux)
that you don't want to strip, but for which the debug section relocations
can be resolved already.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
Extract a couple of helper functions out of handle_elf (secndx_name,
get_xndxdata and remove_debug_relocations) so they can be reused more
easily in the future.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
Ignore the type of ELF file, just copy over any phdrs if the original
file contained any. Also refuse to move around any allocated sections
based on whether there are any phdrs instead of on ELF file type.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU Property notes are different from normal notes because they use
variable alignment/padding of their fields. They are 8 byte aligned,
but use 4 byte fields. The name is aligned at 4 bytes and padded so
that, the desc is aligned at 8 bytes. The whole note is padded to
8 bytes again. For normal notes all fields are both 4 bytes wide and
4 bytes aligned.
To recognize these new kind of ELF Notes a new Elf_Type is introduced,
ELF_T_NHDR8. This type is used in the xlate functions to determine
how to align and pad the various fields. Since the fields themselves
can now have different alignments we will have to keep track of the
current alignement and use either NOTE_ALIGN4 or NOTE_ALIGN8 to
determine the padding.
To set the correct Elf_Type on the Elf_Data we use either the section
sh_addralign or the segment p_align values. Assuming 8 means the
section or segment contains the new style notes, otherwise normal
notes.
When we cannot determine the "alignment" directly, like when parsing
special kernel sys files, we check the name "GNU" and type
"GNU_PROPERTY_TYPE_0" fields.
ebl_object_note now parses the new NT_GNU_PROPERTY_TYPE_0 and can
extract the GNU_PROPERTY_STACK_SIZE, GNU_PROPERTY_NO_COPY_ON_PROTECTED
and GNU_PROPERTY_X86_FEATURE_1_AND types GNU_PROPERTY_X86_FEATURE_1_IBT
and GNU_PROPERTY_X86_FEATURE_1_SHSTK.
Tests are added for extracting the note from sections or segments
as set by gcc -fcf-protection.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
Using the Ehdr field directly doesn't work when there are a large number
of sections.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
The function section_name would use the Ehdr e_shstrndx field to find the
index of the section index string table directly. But it should use
elf_getshdrstrndx. Adjust all callers.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
We could end up with a negative length in a call to memchr.
https://sourceware.org/bugzilla/show_bug.cgi?id=23782
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
We could end up with a negative length in a call to memchr.
https://sourceware.org/bugzilla/show_bug.cgi?id=23782
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
There were some recent bug reports where we trusted the ELF section header
to be sane and divided the sh_size by the sh_entsize to get the number of
objects in the section. This would cause a divide by zero if the file was
corrupt and the sh_entsize was zero. Add checks for any such code.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
eu-size didn't handle an ELF ar file that contained an ar file itself
correctly. handle_ar would recursively call itself but close the ELF
file before returning. Only close the ELF file at the top-level.
https://sourceware.org/bugzilla/show_bug.cgi?id=23787
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
but just assume there are no symbols in the section.
https://sourceware.org/bugzilla/show_bug.cgi?id=23786
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
If the ar header contains a bogus ar_date then in verbose mode we would
get a NULL pointer from localtime. Just assume the entry was created
during the epoch.
https://sourceware.org/bugzilla/show_bug.cgi?id=23754
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
but just assume there are no entries in the section.
https://sourceware.org/bugzilla/show_bug.cgi?id=23755
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In object files there could be multiple .debug_macro sections.
These are COMDAT sections used as imports. Note that the output for
DW_MACRO_import isn't ideal since the offset is printed against the
start of the .debug_macro section, but it doesn't show which one.
We currently don't have that information and no interface yet for
libdw users.
Also decode the macro header flag byte for convenience.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
When unstripping we might need to renumber the group section indexes.
Just like we do when stripping.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of annobin in Fedora showed a couple of bugs when using
eu-strip and eu-unstrip on ET_REL files that contain multiple group
sections.
When stripping we should not remove the SHF_GROUP flag from sections
even if the group section itself might be removed. Either the section
itself gets removed, and so the flag doesn't matter. Or it gets moved
together with the group section into the debug file, and then it still
needs to have the flag set. Also we would "renumber" the section group
flag field (which isn't a section index, and so shouldn't be changed).
Often the group sections have the exact same name (".group"), flags
(none) and sometimes the same sizes. Which makes matching them hard.
Extract the group signature and compare those when comparing two
group sections.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
| |
This adds support for ADD and SUB relocations as seen on RISC-V.
Signed-off-by: Andreas Schwab <schwab@suse.de>
|
| |
|
|
|
|
|
|
|
| |
print_shdr didn't print the correct number of sections if there were
more than SHN_LORESERVE sections. print_phdr wouldn't match up the
(allocated) sections and segements if there were more than SHN_LORESERVE
sections in the ELF file.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
In various places in strip we used e_shstrndx instead of shdrstrndx and we
didn't setup the shdrstrndx for the debug file. In unstrip we forgot to copy
the shdrstrndx in case the -o output option was used.
Added a new testcase that adds many sections to a testfile and runs strip, elflint,
unstrip and elfcmp.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
We already got the right shnum and shstrndx. But were still using
e_shnum in one check for ELFCLASS64 (it was correct for ELFCLASS32).
And when getting section names in check_symtab we still used
e_shstrndx in two places.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
elfcmp would use the Ehdr e_shstrndx field to find the shdr string
index table. Use elf_getshdrstrndx instead to be able to handle ELF
files with more than SHN_LORESERVE sections.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
The ebl_section_strip_p function used the Ehdr e_shstrndx field
to get at the name of the (debug) sections. This is not correct
if there are more than SHN_LORESERVE sections. Use elf_getshdrstrndx
to get at the shstrtab section. And drop the Ehdr argument that isn't
necessary anymore.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
The check_special_symbol backend functions used the Ehdr e_shstrndx
field to get at the name of sections. This is not correct if there
are more than SHN_LORESERVE sections. Always use elf_getshdrstrndx
to get the shstrtab section. And drop the Ehdr argument that isn't
necessary anymore.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally in non-ET_REL files all allocated sections come before
all non-allocated sections. eu-strip relies on this when stripping
a file and calculating the file offsets. But recently on Fedora
there are non-allocated .gnu.build.attributes NOTE sections in
the middle of the allocated sections, with a sh_offset field that
is larger then the next section. This confuses eu-strip so much that
it might corrupt the stripped file.
Work around this by calculating the sh_offset fields in two phases
when detecting mixed allocated/non-allocated sections. First handle
the allocated ones, then use the offset after the last allocated
section to calculate the offsets of the non-allocated sections left
in the stripped file.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
dwarf_getaranges didn't check if there was enough data left to read both
the address and segment size. readelf didn't check there was enough data
left to read the segment size.
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
The sanity checks for how many words were needed in the section could
overflow causing errors. Fix the checks.
https://sourceware.org/bugzilla/show_bug.cgi?id=23542
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
compare_unalloc_sections only checked sh_flags and the section names.
This would cause stripped/debug section mismatches when there were
multiple sections with the same name and flags. Fix this by also checking
the size of the section matches.
Add a testcase that has two ".group" sections created on i386 with the
gcc annobin plugin.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
SHT_GROUP sections are put in both the stripped and debug file.
Handle correcting the symbol table/name entry of the group only once.
The testfile was generated with the gcc annobin plugin.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the input and output file are the same and no section needs to
be updated we really don't need to rewrite the file.
Check whether any matching section is already compressed or decompressed.
Skip the section if it doesn't need to be changed. If no section data
needs updating end with success without rewriting/updating file.
With --force the file will still always be updated/rewritten even if
no section data needs to be (de)compressed.
Acked-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Calling fchmod with a suid bit on a file might silently fail or the suid
bit might be slilently cleared by a call to fchown if already set. Swap
the calls so that the owner is set first and then set the suid bit.
https://bugzilla.redhat.com/show_bug.cgi?id=1607044
Reported-and-tested-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On some ancient GCC versions (4.4.7 at least) -Wshadow warns about local
variables "shadowing" global function definitions.
readelf.c: In function ‘print_debug_addr_section’:
readelf.c:5265: error: declaration of ‘index’ shadows a global declaration
/usr/include/string.h:489: error: shadowed declaration is here
This is silly of course, but easy to work around.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
error.h isn't standard and so isn't part of the musl C library.
To easy future porting, consolidate the inclusion of error.h into system.h.
https://sourceware.org/bugzilla/show_bug.cgi?id=21008
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is sometimes useful to read .debug_line tables on their own without
having an associated CU DIE. DWARF5 line tables are self-contained.
Adjust dwarf_begin_elf to accept ELF files with just a .debug_line.
Add a new function dwarf_next_lines that returns the Dwarf_Files and
Dwarf_Lines while iterating over just the .debug_lines section. Since
we parse and cache the information it also will try to match the CU
a table is associated with. This is only necessary for DWARF4 line
tables (we will need at least the compilation dir from the CU) and
won't be done for DWARF5 line tables. It also isn't an error if there
is no associated CU (but will mean for DWARF4 line tables the dir list
and the file paths might not be complete).
A typical way to call this new function is:
Dwarf_Off off, next_off = 0;
Dwarf_CU *cu = NULL;
Dwarf_Files *files;
size_t nfiles;
Dwarf_Lines *lines;
size_t nlines;
int res;
while ((res = dwarf_next_lines (dbg, off = next_off, &next_off, &cu,
&files, &nfiles, &lines, &nlines)) == 0)
{
/* ... handle files and lines ... */
}
if (res < 0)
printf ("BAD dwarf_next_lines: %s\n", dwarf_errmsg (-1));
See libdw.h for the full documentation. For more examples on how to use
the function see the new testcases next-files and next-lines.
Also adjust the file paths for line tables missing a comp_dir.
They are no longer made "absolute" by prepending a slash '/' in front
of them. This really was not useful and didn't happen in any of the
testcases. They are now just kept relative.
Make eu-readelf --debug-dump=decodedline use dwarf_next_lines instead
of iterating over the CUs to show the (decoded) line tables. This allows
it to show decoded line tables even if there is no .debug_info section.
New tests have been added that mimic the get-files and get-lines tests
but use dwarf_next_lines instead of iterating over all CUs. They produce
identical output (modulo the CU information). Also add a new test file
that contains only a .debug_line section.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Also found by afl-fuzz on the varlocs testcase.
DW_FORM_data16 is constant form according to the DWARF5 spec.
But since it is 128bits it isn't really representable as Dwarf_Word.
So we treat it as block form. But we cannot treat it as an expression
block. Make sure readelf prints it as a regular block and that
dwarf_getlocation[s|_addr] doesn't treat it as location expression.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
Found by afl-fuzz. When printing a DWARF_FORM_block4 we checked there
were only 2 bytes available (copy/paste from DW_FORM_block2 right
before). Obviously we need at least 4 bytes to read the length of a
DW_FORM_block4.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
Found by afl-fuzz. When printing DW_FORM_strx[1234] data eu-readelf didn't
increase readp which meant eu-readelf would keep printing the same line
dirs or files encoded with strx[1234] names. This meant that for insane
large dir or file counts eu-readelf would just keep printing endlessly
because we never reached and of the .debug_line buffer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
Found by the afl fuzzer. The next offset (after a locview) comes from a
DIE loclist attribute. This could be a bogus value so large it overflows
the buffer and makes us print past the end of buffer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We only handles DW_FORM_sdata as a signed form, but DW_FORM_implicit_const
is also signed by default. For DW_AT_const_value we can do a little better.
GCC encodes some const_values with signed forms, even though the type
is unsigned. Lookup the (base) type of the DIE and display the const value
as their (signed) type/size (if we can determine that).
Add a new testcase run-readelf-const-values.sh that shows that.
With the new testcase the const values would come out as follows:
name (string) "i"
const_value (implicit_const) 18446744073709551615
name (string) "j"
const_value (implicit_const) 18446744073709551615
name (string) "sc"
const_value (sdata) -2
name (string) "uc"
const_value (sdata) -2
name (string) "ss"
const_value (sdata) -16
name (string) "us"
const_value (sdata) -16
name (string) "si"
const_value (sdata) -3
name (string) "ui"
const_value (sdata) -94967296
name (string) "sl"
const_value (sdata) -1
name (string) "ul"
const_value (sdata) -1
With this patch they show up as:
name (string) "i"
const_value (implicit_const) -1
name (string) "j"
const_value (implicit_const) -1
name (string) "sc"
const_value (sdata) -2
name (string) "uc"
const_value (sdata) 254 (-2)
name (string) "ss"
const_value (sdata) -16
name (string) "us"
const_value (sdata) 65520 (-16)
name (string) "si"
const_value (sdata) -3
name (string) "ui"
const_value (sdata) 4200000000 (-94967296)
name (string) "sl"
const_value (sdata) -1
name (string) "ul"
const_value (sdata) 18446744073709551615 (-1)
(for signed/unsigned int char, short and long)
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
