1/* Pedantic checking of ELF files compliance with gABI/psABI spec. 2 Copyright (C) 2001-2015 Red Hat, Inc. 3 This file is part of elfutils. 4 Written by Ulrich Drepper <drepper@redhat.com>, 2001. 5 6 This file is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 elfutils is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. */ 18 19#ifdef HAVE_CONFIG_H 20# include <config.h> 21#endif 22 23#include <argp.h> 24#include <assert.h> 25#include <byteswap.h> 26#include <endian.h> 27#include <error.h> 28#include <fcntl.h> 29#include <gelf.h> 30#include <inttypes.h> 31#include <libintl.h> 32#include <locale.h> 33#include <stdbool.h> 34#include <stdlib.h> 35#include <string.h> 36#include <unistd.h> 37#include <sys/stat.h> 38#include <sys/param.h> 39 40#include <elf-knowledge.h> 41#include <system.h> 42#include "../libelf/libelfP.h" 43#include "../libelf/common.h" 44#include "../libebl/libeblP.h" 45#include "../libdw/libdwP.h" 46#include "../libdwfl/libdwflP.h" 47#include "../libdw/memory-access.h" 48 49 50/* Name and version of program. */ 51static void print_version (FILE *stream, struct argp_state *state); 52ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; 53 54/* Bug report address. */ 55ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT; 56 57#define ARGP_strict 300 58#define ARGP_gnuld 301 59 60/* Definitions of arguments for argp functions. */ 61static const struct argp_option options[] = 62{ 63 { "strict", ARGP_strict, NULL, 0, 64 N_("Be extremely strict, flag level 2 features."), 0 }, 65 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 }, 66 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 }, 67 { "gnu-ld", ARGP_gnuld, NULL, 0, 68 N_("Binary has been created with GNU ld and is therefore known to be \ 69broken in certain ways"), 0 }, 70 { NULL, 0, NULL, 0, NULL, 0 } 71}; 72 73/* Short description of program. */ 74static const char doc[] = N_("\ 75Pedantic checking of ELF files compliance with gABI/psABI spec."); 76 77/* Strings for arguments in help texts. */ 78static const char args_doc[] = N_("FILE..."); 79 80/* Prototype for option handler. */ 81static error_t parse_opt (int key, char *arg, struct argp_state *state); 82 83/* Data structure to communicate with argp functions. */ 84static struct argp argp = 85{ 86 options, parse_opt, args_doc, doc, NULL, NULL, NULL 87}; 88 89 90/* Declarations of local functions. */ 91static void process_file (int fd, Elf *elf, const char *prefix, 92 const char *suffix, const char *fname, size_t size, 93 bool only_one); 94static void process_elf_file (Elf *elf, const char *prefix, const char *suffix, 95 const char *fname, size_t size, bool only_one); 96static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, 97 GElf_Shdr *shdr, int idx); 98 99 100/* Report an error. */ 101#define ERROR(str, args...) \ 102 do { \ 103 printf (str, ##args); \ 104 ++error_count; \ 105 } while (0) 106static unsigned int error_count; 107 108/* True if we should perform very strict testing. */ 109static bool be_strict; 110 111/* True if no message is to be printed if the run is succesful. */ 112static bool be_quiet; 113 114/* True if binary is from strip -f, not a normal ELF file. */ 115static bool is_debuginfo; 116 117/* True if binary is assumed to be generated with GNU ld. */ 118static bool gnuld; 119 120/* Index of section header string table. */ 121static uint32_t shstrndx; 122 123/* Array to count references in section groups. */ 124static int *scnref; 125 126/* Numbers of sections and program headers. */ 127static unsigned int shnum; 128static unsigned int phnum; 129 130 131int 132main (int argc, char *argv[]) 133{ 134 /* Set locale. */ 135 setlocale (LC_ALL, ""); 136 137 /* Initialize the message catalog. */ 138 textdomain (PACKAGE_TARNAME); 139 140 /* Parse and process arguments. */ 141 int remaining; 142 argp_parse (&argp, argc, argv, 0, &remaining, NULL); 143 144 /* Before we start tell the ELF library which version we are using. */ 145 elf_version (EV_CURRENT); 146 147 /* Now process all the files given at the command line. */ 148 bool only_one = remaining + 1 == argc; 149 do 150 { 151 /* Open the file. */ 152 int fd = open (argv[remaining], O_RDONLY); 153 if (fd == -1) 154 { 155 error (0, errno, gettext ("cannot open input file")); 156 continue; 157 } 158 159 /* Create an `Elf' descriptor. */ 160 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL); 161 if (elf == NULL) 162 ERROR (gettext ("cannot generate Elf descriptor: %s\n"), 163 elf_errmsg (-1)); 164 else 165 { 166 unsigned int prev_error_count = error_count; 167 struct stat st; 168 169 if (fstat (fd, &st) != 0) 170 { 171 printf ("cannot stat '%s': %m\n", argv[remaining]); 172 close (fd); 173 continue; 174 } 175 176 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size, 177 only_one); 178 179 /* Now we can close the descriptor. */ 180 if (elf_end (elf) != 0) 181 ERROR (gettext ("error while closing Elf descriptor: %s\n"), 182 elf_errmsg (-1)); 183 184 if (prev_error_count == error_count && !be_quiet) 185 puts (gettext ("No errors")); 186 } 187 188 close (fd); 189 } 190 while (++remaining < argc); 191 192 return error_count != 0; 193} 194 195 196/* Handle program arguments. */ 197static error_t 198parse_opt (int key, char *arg __attribute__ ((unused)), 199 struct argp_state *state __attribute__ ((unused))) 200{ 201 switch (key) 202 { 203 case ARGP_strict: 204 be_strict = true; 205 break; 206 207 case 'q': 208 be_quiet = true; 209 break; 210 211 case 'd': 212 is_debuginfo = true; 213 214 case ARGP_gnuld: 215 gnuld = true; 216 break; 217 218 case ARGP_KEY_NO_ARGS: 219 fputs (gettext ("Missing file name.\n"), stderr); 220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name); 221 exit (EXIT_FAILURE); 222 223 default: 224 return ARGP_ERR_UNKNOWN; 225 } 226 return 0; 227} 228 229 230/* Print the version information. */ 231static void 232print_version (FILE *stream, struct argp_state *state __attribute__ ((unused))) 233{ 234 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION); 235 fprintf (stream, gettext ("\ 236Copyright (C) %s Red Hat, Inc.\n\ 237This is free software; see the source for copying conditions. There is NO\n\ 238warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ 239"), "2012"); 240 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper"); 241} 242 243 244/* Process one file. */ 245static void 246process_file (int fd, Elf *elf, const char *prefix, const char *suffix, 247 const char *fname, size_t size, bool only_one) 248{ 249 /* We can handle two types of files: ELF files and archives. */ 250 Elf_Kind kind = elf_kind (elf); 251 252 switch (kind) 253 { 254 case ELF_K_ELF: 255 /* Yes! It's an ELF file. */ 256 process_elf_file (elf, prefix, suffix, fname, size, only_one); 257 break; 258 259 case ELF_K_AR: 260 { 261 Elf *subelf; 262 Elf_Cmd cmd = ELF_C_READ_MMAP; 263 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix); 264 size_t fname_len = strlen (fname) + 1; 265 char new_prefix[prefix_len + 1 + fname_len]; 266 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2]; 267 char *cp = new_prefix; 268 269 /* Create the full name of the file. */ 270 if (prefix != NULL) 271 { 272 cp = mempcpy (cp, prefix, prefix_len); 273 *cp++ = '('; 274 strcpy (stpcpy (new_suffix, suffix), ")"); 275 } 276 else 277 new_suffix[0] = '\0'; 278 memcpy (cp, fname, fname_len); 279 280 /* It's an archive. We process each file in it. */ 281 while ((subelf = elf_begin (fd, cmd, elf)) != NULL) 282 { 283 kind = elf_kind (subelf); 284 285 /* Call this function recursively. */ 286 if (kind == ELF_K_ELF || kind == ELF_K_AR) 287 { 288 Elf_Arhdr *arhdr = elf_getarhdr (subelf); 289 assert (arhdr != NULL); 290 291 process_file (fd, subelf, new_prefix, new_suffix, 292 arhdr->ar_name, arhdr->ar_size, false); 293 } 294 295 /* Get next archive element. */ 296 cmd = elf_next (subelf); 297 if (elf_end (subelf) != 0) 298 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"), 299 elf_errmsg (-1)); 300 } 301 } 302 break; 303 304 default: 305 /* We cannot do anything. */ 306 ERROR (gettext ("\ 307Not an ELF file - it has the wrong magic bytes at the start\n")); 308 break; 309 } 310} 311 312 313static const char * 314section_name (Ebl *ebl, int idx) 315{ 316 GElf_Shdr shdr_mem; 317 GElf_Shdr *shdr; 318 const char *ret; 319 320 if ((unsigned int) idx > shnum) 321 return "<invalid>"; 322 323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem); 324 if (shdr == NULL) 325 return "<invalid>"; 326 327 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 328 if (ret == NULL) 329 return "<invalid>"; 330 return ret; 331} 332 333 334static const int valid_e_machine[] = 335 { 336 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370, 337 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC, 338 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM, 339 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300, 340 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE, 341 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16, 342 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7, 343 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX, 344 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM, 345 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300, 346 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA, 347 EM_TILEGX, EM_TILEPRO, EM_AARCH64 348 }; 349#define nvalid_e_machine \ 350 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0])) 351 352 353static void 354check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size) 355{ 356 char buf[512]; 357 size_t cnt; 358 359 /* Check e_ident field. */ 360 if (ehdr->e_ident[EI_MAG0] != ELFMAG0) 361 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0); 362 if (ehdr->e_ident[EI_MAG1] != ELFMAG1) 363 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1); 364 if (ehdr->e_ident[EI_MAG2] != ELFMAG2) 365 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2); 366 if (ehdr->e_ident[EI_MAG3] != ELFMAG3) 367 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3); 368 369 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32 370 && ehdr->e_ident[EI_CLASS] != ELFCLASS64) 371 ERROR (gettext ("e_ident[%d] == %d is no known class\n"), 372 EI_CLASS, ehdr->e_ident[EI_CLASS]); 373 374 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB 375 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB) 376 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"), 377 EI_DATA, ehdr->e_ident[EI_DATA]); 378 379 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) 380 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"), 381 EI_VERSION, ehdr->e_ident[EI_VERSION]); 382 383 /* We currently don't handle any OS ABIs other than Linux and the 384 kFreeBSD variant of Debian. */ 385 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE 386 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX 387 && ehdr->e_ident[EI_OSABI] != ELFOSABI_FREEBSD) 388 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"), 389 EI_OSABI, 390 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf))); 391 392 /* No ABI versions other than zero supported either. */ 393 if (ehdr->e_ident[EI_ABIVERSION] != 0) 394 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"), 395 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]); 396 397 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt) 398 if (ehdr->e_ident[cnt] != 0) 399 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt); 400 401 /* Check the e_type field. */ 402 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC 403 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE) 404 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type); 405 406 /* Check the e_machine field. */ 407 for (cnt = 0; cnt < nvalid_e_machine; ++cnt) 408 if (valid_e_machine[cnt] == ehdr->e_machine) 409 break; 410 if (cnt == nvalid_e_machine) 411 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine); 412 413 /* Check the e_version field. */ 414 if (ehdr->e_version != EV_CURRENT) 415 ERROR (gettext ("unknown object file version\n")); 416 417 /* Check the e_phoff and e_phnum fields. */ 418 if (ehdr->e_phoff == 0) 419 { 420 if (ehdr->e_phnum != 0) 421 ERROR (gettext ("invalid program header offset\n")); 422 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 423 ERROR (gettext ("\ 424executables and DSOs cannot have zero program header offset\n")); 425 } 426 else if (ehdr->e_phnum == 0) 427 ERROR (gettext ("invalid number of program header entries\n")); 428 429 /* Check the e_shoff field. */ 430 shnum = ehdr->e_shnum; 431 shstrndx = ehdr->e_shstrndx; 432 if (ehdr->e_shoff == 0) 433 { 434 if (ehdr->e_shnum != 0) 435 ERROR (gettext ("invalid section header table offset\n")); 436 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 437 && ehdr->e_type != ET_CORE) 438 ERROR (gettext ("section header table must be present\n")); 439 } 440 else 441 { 442 if (ehdr->e_shnum == 0) 443 { 444 /* Get the header of the zeroth section. The sh_size field 445 might contain the section number. */ 446 GElf_Shdr shdr_mem; 447 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 448 if (shdr != NULL) 449 { 450 /* The error will be reported later. */ 451 if (shdr->sh_size == 0) 452 ERROR (gettext ("\ 453invalid number of section header table entries\n")); 454 else 455 shnum = shdr->sh_size; 456 } 457 } 458 459 if (ehdr->e_shstrndx == SHN_XINDEX) 460 { 461 /* Get the header of the zeroth section. The sh_size field 462 might contain the section number. */ 463 GElf_Shdr shdr_mem; 464 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 465 if (shdr != NULL && shdr->sh_link < shnum) 466 shstrndx = shdr->sh_link; 467 } 468 else if (shstrndx >= shnum) 469 ERROR (gettext ("invalid section header index\n")); 470 } 471 472 phnum = ehdr->e_phnum; 473 if (ehdr->e_phnum == PN_XNUM) 474 { 475 /* Get the header of the zeroth section. The sh_info field 476 might contain the phnum count. */ 477 GElf_Shdr shdr_mem; 478 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 479 if (shdr != NULL) 480 { 481 /* The error will be reported later. */ 482 if (shdr->sh_info < PN_XNUM) 483 ERROR (gettext ("\ 484invalid number of program header table entries\n")); 485 else 486 phnum = shdr->sh_info; 487 } 488 } 489 490 /* Check the e_flags field. */ 491 if (!ebl_machine_flag_check (ebl, ehdr->e_flags)) 492 ERROR (gettext ("invalid machine flags: %s\n"), 493 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf))); 494 495 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */ 496 if (gelf_getclass (ebl->elf) == ELFCLASS32) 497 { 498 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr)) 499 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 500 501 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr)) 502 ERROR (gettext ("invalid program header size: %hd\n"), 503 ehdr->e_phentsize); 504 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 505 ERROR (gettext ("invalid program header position or size\n")); 506 507 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr)) 508 ERROR (gettext ("invalid section header size: %hd\n"), 509 ehdr->e_shentsize); 510 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size) 511 ERROR (gettext ("invalid section header position or size\n")); 512 } 513 else if (gelf_getclass (ebl->elf) == ELFCLASS64) 514 { 515 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr)) 516 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 517 518 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr)) 519 ERROR (gettext ("invalid program header size: %hd\n"), 520 ehdr->e_phentsize); 521 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 522 ERROR (gettext ("invalid program header position or size\n")); 523 524 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr)) 525 ERROR (gettext ("invalid section header size: %hd\n"), 526 ehdr->e_shentsize); 527 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size) 528 ERROR (gettext ("invalid section header position or size\n")); 529 } 530} 531 532 533/* Check that there is a section group section with index < IDX which 534 contains section IDX and that there is exactly one. */ 535static void 536check_scn_group (Ebl *ebl, int idx) 537{ 538 if (scnref[idx] == 0) 539 { 540 /* No reference so far. Search following sections, maybe the 541 order is wrong. */ 542 size_t cnt; 543 544 for (cnt = idx + 1; cnt < shnum; ++cnt) 545 { 546 Elf_Scn *scn = elf_getscn (ebl->elf, cnt); 547 GElf_Shdr shdr_mem; 548 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 549 if (shdr == NULL) 550 /* We cannot get the section header so we cannot check it. 551 The error to get the section header will be shown 552 somewhere else. */ 553 continue; 554 555 if (shdr->sh_type != SHT_GROUP) 556 continue; 557 558 Elf_Data *data = elf_getdata (scn, NULL); 559 if (data == NULL || data->d_buf == NULL 560 || data->d_size < sizeof (Elf32_Word)) 561 /* Cannot check the section. */ 562 continue; 563 564 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf; 565 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word); 566 ++inner) 567 if (grpdata[inner] == (Elf32_Word) idx) 568 goto out; 569 } 570 571 out: 572 if (cnt == shnum) 573 ERROR (gettext ("\ 574section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"), 575 idx, section_name (ebl, idx)); 576 else 577 ERROR (gettext ("\ 578section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"), 579 idx, section_name (ebl, idx), 580 cnt, section_name (ebl, cnt)); 581 } 582} 583 584 585static void 586check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 587{ 588 bool no_xndx_warned = false; 589 int no_pt_tls = 0; 590 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 591 if (data == NULL) 592 { 593 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 594 idx, section_name (ebl, idx)); 595 return; 596 } 597 598 GElf_Shdr strshdr_mem; 599 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 600 &strshdr_mem); 601 if (strshdr == NULL) 602 return; 603 604 if (strshdr->sh_type != SHT_STRTAB) 605 { 606 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 607 shdr->sh_link, section_name (ebl, shdr->sh_link), 608 idx, section_name (ebl, idx)); 609 strshdr = NULL; 610 } 611 612 /* Search for an extended section index table section. */ 613 Elf_Data *xndxdata = NULL; 614 Elf32_Word xndxscnidx = 0; 615 bool found_xndx = false; 616 for (size_t cnt = 1; cnt < shnum; ++cnt) 617 if (cnt != (size_t) idx) 618 { 619 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt); 620 GElf_Shdr xndxshdr_mem; 621 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem); 622 if (xndxshdr == NULL) 623 continue; 624 625 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX 626 && xndxshdr->sh_link == (GElf_Word) idx) 627 { 628 if (found_xndx) 629 ERROR (gettext ("\ 630section [%2d] '%s': symbol table cannot have more than one extended index section\n"), 631 idx, section_name (ebl, idx)); 632 633 xndxdata = elf_getdata (xndxscn, NULL); 634 xndxscnidx = elf_ndxscn (xndxscn); 635 found_xndx = true; 636 } 637 } 638 639 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT); 640 if (shdr->sh_entsize != sh_entsize) 641 ERROR (gettext ("\ 642section [%2u] '%s': entry size is does not match ElfXX_Sym\n"), 643 idx, section_name (ebl, idx)); 644 645 /* Test the zeroth entry. */ 646 GElf_Sym sym_mem; 647 Elf32_Word xndx; 648 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx); 649 if (sym == NULL) 650 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"), 651 idx, section_name (ebl, idx), 0, elf_errmsg (-1)); 652 else 653 { 654 if (sym->st_name != 0) 655 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 656 idx, section_name (ebl, idx), "st_name"); 657 if (sym->st_value != 0) 658 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 659 idx, section_name (ebl, idx), "st_value"); 660 if (sym->st_size != 0) 661 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 662 idx, section_name (ebl, idx), "st_size"); 663 if (sym->st_info != 0) 664 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 665 idx, section_name (ebl, idx), "st_info"); 666 if (sym->st_other != 0) 667 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 668 idx, section_name (ebl, idx), "st_other"); 669 if (sym->st_shndx != 0) 670 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 671 idx, section_name (ebl, idx), "st_shndx"); 672 if (xndxdata != NULL && xndx != 0) 673 ERROR (gettext ("\ 674section [%2d] '%s': XINDEX for zeroth entry not zero\n"), 675 xndxscnidx, section_name (ebl, xndxscnidx)); 676 } 677 678 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt) 679 { 680 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx); 681 if (sym == NULL) 682 { 683 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"), 684 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 685 continue; 686 } 687 688 const char *name = NULL; 689 if (strshdr == NULL) 690 name = ""; 691 else if (sym->st_name >= strshdr->sh_size) 692 ERROR (gettext ("\ 693section [%2d] '%s': symbol %zu: invalid name value\n"), 694 idx, section_name (ebl, idx), cnt); 695 else 696 { 697 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name); 698 if (name == NULL) 699 name = ""; 700 } 701 702 if (sym->st_shndx == SHN_XINDEX) 703 { 704 if (xndxdata == NULL) 705 { 706 if (!no_xndx_warned) 707 ERROR (gettext ("\ 708section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"), 709 idx, section_name (ebl, idx), cnt); 710 no_xndx_warned = true; 711 } 712 else if (xndx < SHN_LORESERVE) 713 ERROR (gettext ("\ 714section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"), 715 xndxscnidx, section_name (ebl, xndxscnidx), cnt, 716 xndx); 717 } 718 else if ((sym->st_shndx >= SHN_LORESERVE 719 // && sym->st_shndx <= SHN_HIRESERVE always true 720 && sym->st_shndx != SHN_ABS 721 && sym->st_shndx != SHN_COMMON) 722 || (sym->st_shndx >= shnum 723 && (sym->st_shndx < SHN_LORESERVE 724 /* || sym->st_shndx > SHN_HIRESERVE always false */))) 725 ERROR (gettext ("\ 726section [%2d] '%s': symbol %zu: invalid section index\n"), 727 idx, section_name (ebl, idx), cnt); 728 else 729 xndx = sym->st_shndx; 730 731 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM 732 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0)) 733 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"), 734 idx, section_name (ebl, idx), cnt); 735 736 if (GELF_ST_BIND (sym->st_info) >= STB_NUM 737 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL, 738 0)) 739 ERROR (gettext ("\ 740section [%2d] '%s': symbol %zu: unknown symbol binding\n"), 741 idx, section_name (ebl, idx), cnt); 742 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE 743 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 744 ERROR (gettext ("\ 745section [%2d] '%s': symbol %zu: unique symbol not of object type\n"), 746 idx, section_name (ebl, idx), cnt); 747 748 if (xndx == SHN_COMMON) 749 { 750 /* Common symbols can only appear in relocatable files. */ 751 if (ehdr->e_type != ET_REL) 752 ERROR (gettext ("\ 753section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"), 754 idx, section_name (ebl, idx), cnt); 755 if (cnt < shdr->sh_info) 756 ERROR (gettext ("\ 757section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"), 758 idx, section_name (ebl, idx), cnt); 759 if (GELF_R_TYPE (sym->st_info) == STT_FUNC) 760 ERROR (gettext ("\ 761section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"), 762 idx, section_name (ebl, idx), cnt); 763 } 764 else if (xndx > 0 && xndx < shnum) 765 { 766 GElf_Shdr destshdr_mem; 767 GElf_Shdr *destshdr; 768 769 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem); 770 if (destshdr != NULL) 771 { 772 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0 773 : destshdr->sh_addr); 774 GElf_Addr st_value; 775 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC 776 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC)) 777 st_value = sym->st_value & ebl_func_addr_mask (ebl); 778 else 779 st_value = sym->st_value; 780 if (GELF_ST_TYPE (sym->st_info) != STT_TLS) 781 { 782 if (! ebl_check_special_symbol (ebl, ehdr, sym, name, 783 destshdr)) 784 { 785 if (st_value - sh_addr > destshdr->sh_size) 786 { 787 /* GNU ld has severe bugs. When it decides to remove 788 empty sections it leaves symbols referencing them 789 behind. These are symbols in .symtab or .dynsym 790 and for the named symbols have zero size. See 791 sourceware PR13621. */ 792 if (!gnuld 793 || (strcmp (section_name (ebl, idx), ".symtab") 794 && strcmp (section_name (ebl, idx), 795 ".dynsym")) 796 || sym->st_size != 0 797 || (strcmp (name, "__preinit_array_start") != 0 798 && strcmp (name, "__preinit_array_end") != 0 799 && strcmp (name, "__init_array_start") != 0 800 && strcmp (name, "__init_array_end") != 0 801 && strcmp (name, "__fini_array_start") != 0 802 && strcmp (name, "__fini_array_end") != 0 803 && strcmp (name, "__bss_start") != 0 804 && strcmp (name, "__bss_start__") != 0 805 && strcmp (name, "__TMC_END__") != 0 806 && strcmp (name, ".TOC.") != 0 807 && strcmp (name, "_edata") != 0 808 && strcmp (name, "__edata") != 0 809 && strcmp (name, "_end") != 0 810 && strcmp (name, "__end") != 0)) 811 ERROR (gettext ("\ 812section [%2d] '%s': symbol %zu: st_value out of bounds\n"), 813 idx, section_name (ebl, idx), cnt); 814 } 815 else if ((st_value - sh_addr 816 + sym->st_size) > destshdr->sh_size) 817 ERROR (gettext ("\ 818section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 819 idx, section_name (ebl, idx), cnt, 820 (int) xndx, section_name (ebl, xndx)); 821 } 822 } 823 else 824 { 825 if ((destshdr->sh_flags & SHF_TLS) == 0) 826 ERROR (gettext ("\ 827section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"), 828 idx, section_name (ebl, idx), cnt, 829 (int) xndx, section_name (ebl, xndx)); 830 831 if (ehdr->e_type == ET_REL) 832 { 833 /* For object files the symbol value must fall 834 into the section. */ 835 if (st_value > destshdr->sh_size) 836 ERROR (gettext ("\ 837section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 838 idx, section_name (ebl, idx), cnt, 839 (int) xndx, section_name (ebl, xndx)); 840 else if (st_value + sym->st_size 841 > destshdr->sh_size) 842 ERROR (gettext ("\ 843section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 844 idx, section_name (ebl, idx), cnt, 845 (int) xndx, section_name (ebl, xndx)); 846 } 847 else 848 { 849 GElf_Phdr phdr_mem; 850 GElf_Phdr *phdr = NULL; 851 unsigned int pcnt; 852 853 for (pcnt = 0; pcnt < phnum; ++pcnt) 854 { 855 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 856 if (phdr != NULL && phdr->p_type == PT_TLS) 857 break; 858 } 859 860 if (pcnt == phnum) 861 { 862 if (no_pt_tls++ == 0) 863 ERROR (gettext ("\ 864section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"), 865 idx, section_name (ebl, idx), cnt); 866 } 867 else if (phdr == NULL) 868 { 869 ERROR (gettext ("\ 870section [%2d] '%s': symbol %zu: TLS symbol but couldn't get TLS program header entry\n"), 871 idx, section_name (ebl, idx), cnt); 872 } 873 else if (!is_debuginfo) 874 { 875 if (st_value 876 < destshdr->sh_offset - phdr->p_offset) 877 ERROR (gettext ("\ 878section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"), 879 idx, section_name (ebl, idx), cnt, 880 (int) xndx, section_name (ebl, xndx)); 881 else if (st_value 882 > (destshdr->sh_offset - phdr->p_offset 883 + destshdr->sh_size)) 884 ERROR (gettext ("\ 885section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 886 idx, section_name (ebl, idx), cnt, 887 (int) xndx, section_name (ebl, xndx)); 888 else if (st_value + sym->st_size 889 > (destshdr->sh_offset - phdr->p_offset 890 + destshdr->sh_size)) 891 ERROR (gettext ("\ 892section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 893 idx, section_name (ebl, idx), cnt, 894 (int) xndx, section_name (ebl, xndx)); 895 } 896 } 897 } 898 } 899 } 900 901 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 902 { 903 if (cnt >= shdr->sh_info) 904 ERROR (gettext ("\ 905section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"), 906 idx, section_name (ebl, idx), cnt); 907 } 908 else 909 { 910 if (cnt < shdr->sh_info) 911 ERROR (gettext ("\ 912section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"), 913 idx, section_name (ebl, idx), cnt); 914 } 915 916 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION 917 && GELF_ST_BIND (sym->st_info) != STB_LOCAL) 918 ERROR (gettext ("\ 919section [%2d] '%s': symbol %zu: non-local section symbol\n"), 920 idx, section_name (ebl, idx), cnt); 921 922 if (name != NULL) 923 { 924 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0) 925 { 926 /* Check that address and size match the global offset table. */ 927 928 GElf_Shdr destshdr_mem; 929 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), 930 &destshdr_mem); 931 932 if (destshdr == NULL && xndx == SHN_ABS) 933 { 934 /* In a DSO, we have to find the GOT section by name. */ 935 Elf_Scn *gotscn = NULL; 936 Elf_Scn *gscn = NULL; 937 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL) 938 { 939 destshdr = gelf_getshdr (gscn, &destshdr_mem); 940 assert (destshdr != NULL); 941 const char *sname = elf_strptr (ebl->elf, 942 ehdr->e_shstrndx, 943 destshdr->sh_name); 944 if (sname != NULL) 945 { 946 if (strcmp (sname, ".got.plt") == 0) 947 break; 948 if (strcmp (sname, ".got") == 0) 949 /* Do not stop looking. 950 There might be a .got.plt section. */ 951 gotscn = gscn; 952 } 953 954 destshdr = NULL; 955 } 956 957 if (destshdr == NULL && gotscn != NULL) 958 destshdr = gelf_getshdr (gotscn, &destshdr_mem); 959 } 960 961 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF) 962 ? NULL 963 : elf_strptr (ebl->elf, ehdr->e_shstrndx, 964 destshdr->sh_name)); 965 if (sname == NULL) 966 { 967 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL) 968 ERROR (gettext ("\ 969section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 970bad section [%2d]\n"), 971 idx, section_name (ebl, idx), xndx); 972 } 973 else if (strcmp (sname, ".got.plt") != 0 974 && strcmp (sname, ".got") != 0) 975 ERROR (gettext ("\ 976section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 977section [%2d] '%s'\n"), 978 idx, section_name (ebl, idx), xndx, sname); 979 980 if (destshdr != NULL) 981 { 982 /* Found it. */ 983 if (!ebl_check_special_symbol (ebl, ehdr, sym, name, 984 destshdr)) 985 { 986 if (ehdr->e_type != ET_REL 987 && sym->st_value != destshdr->sh_addr) 988 /* This test is more strict than the psABIs which 989 usually allow the symbol to be in the middle of 990 the .got section, allowing negative offsets. */ 991 ERROR (gettext ("\ 992section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"), 993 idx, section_name (ebl, idx), 994 (uint64_t) sym->st_value, 995 sname, (uint64_t) destshdr->sh_addr); 996 997 if (!gnuld && sym->st_size != destshdr->sh_size) 998 ERROR (gettext ("\ 999section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"), 1000 idx, section_name (ebl, idx), 1001 (uint64_t) sym->st_size, 1002 sname, (uint64_t) destshdr->sh_size); 1003 } 1004 } 1005 else 1006 ERROR (gettext ("\ 1007section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"), 1008 idx, section_name (ebl, idx)); 1009 } 1010 else if (strcmp (name, "_DYNAMIC") == 0) 1011 /* Check that address and size match the dynamic section. 1012 We locate the dynamic section via the program header 1013 entry. */ 1014 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 1015 { 1016 GElf_Phdr phdr_mem; 1017 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 1018 1019 if (phdr != NULL && phdr->p_type == PT_DYNAMIC) 1020 { 1021 if (sym->st_value != phdr->p_vaddr) 1022 ERROR (gettext ("\ 1023section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"), 1024 idx, section_name (ebl, idx), 1025 (uint64_t) sym->st_value, 1026 (uint64_t) phdr->p_vaddr); 1027 1028 if (!gnuld && sym->st_size != phdr->p_memsz) 1029 ERROR (gettext ("\ 1030section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"), 1031 idx, section_name (ebl, idx), 1032 (uint64_t) sym->st_size, 1033 (uint64_t) phdr->p_memsz); 1034 1035 break; 1036 } 1037 } 1038 } 1039 1040 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT 1041 && shdr->sh_type == SHT_DYNSYM) 1042 ERROR (gettext ("\ 1043section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"), 1044 idx, section_name (ebl, idx), cnt); 1045 if (! ebl_check_st_other_bits (ebl, sym->st_other)) 1046 ERROR (gettext ("\ 1047section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"), 1048 idx, section_name (ebl, idx), cnt); 1049 1050 } 1051} 1052 1053 1054static bool 1055is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr, 1056 bool is_rela) 1057{ 1058 /* If this is no executable or DSO it cannot be a .rel.dyn section. */ 1059 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1060 return false; 1061 1062 /* Check the section name. Unfortunately necessary. */ 1063 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn")) 1064 return false; 1065 1066 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section 1067 entry can be present as well. */ 1068 Elf_Scn *scn = NULL; 1069 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 1070 { 1071 GElf_Shdr rcshdr_mem; 1072 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem); 1073 1074 if (rcshdr == NULL) 1075 break; 1076 1077 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize != 0) 1078 { 1079 /* Found the dynamic section. Look through it. */ 1080 Elf_Data *d = elf_getdata (scn, NULL); 1081 size_t cnt; 1082 1083 if (d == NULL) 1084 ERROR (gettext ("\ 1085section [%2d] '%s': cannot get section data.\n"), 1086 idx, section_name (ebl, idx)); 1087 1088 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt) 1089 { 1090 GElf_Dyn dyn_mem; 1091 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem); 1092 1093 if (dyn == NULL) 1094 break; 1095 1096 if (dyn->d_tag == DT_RELCOUNT) 1097 { 1098 /* Found it. Does the type match. */ 1099 if (is_rela) 1100 ERROR (gettext ("\ 1101section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"), 1102 idx, section_name (ebl, idx)); 1103 else 1104 { 1105 /* Does the number specified number of relative 1106 relocations exceed the total number of 1107 relocations? */ 1108 if (shdr->sh_entsize != 0 1109 && dyn->d_un.d_val > (shdr->sh_size 1110 / shdr->sh_entsize)) 1111 ERROR (gettext ("\ 1112section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1113 idx, section_name (ebl, idx), 1114 (int) dyn->d_un.d_val); 1115 1116 /* Make sure the specified number of relocations are 1117 relative. */ 1118 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1119 idx), NULL); 1120 if (reldata != NULL && shdr->sh_entsize != 0) 1121 for (size_t inner = 0; 1122 inner < shdr->sh_size / shdr->sh_entsize; 1123 ++inner) 1124 { 1125 GElf_Rel rel_mem; 1126 GElf_Rel *rel = gelf_getrel (reldata, inner, 1127 &rel_mem); 1128 if (rel == NULL) 1129 /* The problem will be reported elsewhere. */ 1130 break; 1131 1132 if (ebl_relative_reloc_p (ebl, 1133 GELF_R_TYPE (rel->r_info))) 1134 { 1135 if (inner >= dyn->d_un.d_val) 1136 ERROR (gettext ("\ 1137section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1138 idx, section_name (ebl, idx), 1139 (int) dyn->d_un.d_val); 1140 } 1141 else if (inner < dyn->d_un.d_val) 1142 ERROR (gettext ("\ 1143section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1144 idx, section_name (ebl, idx), 1145 inner, (int) dyn->d_un.d_val); 1146 } 1147 } 1148 } 1149 1150 if (dyn->d_tag == DT_RELACOUNT) 1151 { 1152 /* Found it. Does the type match. */ 1153 if (!is_rela) 1154 ERROR (gettext ("\ 1155section [%2d] '%s': DT_RELACOUNT used for this REL section\n"), 1156 idx, section_name (ebl, idx)); 1157 else 1158 { 1159 /* Does the number specified number of relative 1160 relocations exceed the total number of 1161 relocations? */ 1162 if (shdr->sh_entsize != 0 1163 && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1164 ERROR (gettext ("\ 1165section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1166 idx, section_name (ebl, idx), 1167 (int) dyn->d_un.d_val); 1168 1169 /* Make sure the specified number of relocations are 1170 relative. */ 1171 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1172 idx), NULL); 1173 if (reldata != NULL && shdr->sh_entsize != 0) 1174 for (size_t inner = 0; 1175 inner < shdr->sh_size / shdr->sh_entsize; 1176 ++inner) 1177 { 1178 GElf_Rela rela_mem; 1179 GElf_Rela *rela = gelf_getrela (reldata, inner, 1180 &rela_mem); 1181 if (rela == NULL) 1182 /* The problem will be reported elsewhere. */ 1183 break; 1184 1185 if (ebl_relative_reloc_p (ebl, 1186 GELF_R_TYPE (rela->r_info))) 1187 { 1188 if (inner >= dyn->d_un.d_val) 1189 ERROR (gettext ("\ 1190section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1191 idx, section_name (ebl, idx), 1192 (int) dyn->d_un.d_val); 1193 } 1194 else if (inner < dyn->d_un.d_val) 1195 ERROR (gettext ("\ 1196section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1197 idx, section_name (ebl, idx), 1198 inner, (int) dyn->d_un.d_val); 1199 } 1200 } 1201 } 1202 } 1203 1204 break; 1205 } 1206 } 1207 1208 return true; 1209} 1210 1211 1212struct loaded_segment 1213{ 1214 GElf_Addr from; 1215 GElf_Addr to; 1216 bool read_only; 1217 struct loaded_segment *next; 1218}; 1219 1220 1221/* Check whether binary has text relocation flag set. */ 1222static bool textrel; 1223 1224/* Keep track of whether text relocation flag is needed. */ 1225static bool needed_textrel; 1226 1227 1228static bool 1229check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr, 1230 int idx, int reltype, GElf_Shdr **destshdrp, 1231 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp) 1232{ 1233 bool reldyn = false; 1234 1235 /* Check whether the link to the section we relocate is reasonable. */ 1236 if (shdr->sh_info >= shnum) 1237 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"), 1238 idx, section_name (ebl, idx)); 1239 else if (shdr->sh_info != 0) 1240 { 1241 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info), 1242 destshdr_memp); 1243 if (*destshdrp != NULL) 1244 { 1245 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type)) 1246 { 1247 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true); 1248 if (!reldyn) 1249 ERROR (gettext ("\ 1250section [%2d] '%s': invalid destination section type\n"), 1251 idx, section_name (ebl, idx)); 1252 else 1253 { 1254 /* There is no standard, but we require that .rel{,a}.dyn 1255 sections have a sh_info value of zero. */ 1256 if (shdr->sh_info != 0) 1257 ERROR (gettext ("\ 1258section [%2d] '%s': sh_info should be zero\n"), 1259 idx, section_name (ebl, idx)); 1260 } 1261 } 1262 1263 if ((((*destshdrp)->sh_flags & SHF_MERGE) != 0) 1264 && ((*destshdrp)->sh_flags & SHF_STRINGS) != 0) 1265 ERROR (gettext ("\ 1266section [%2d] '%s': no relocations for merge-able string sections possible\n"), 1267 idx, section_name (ebl, idx)); 1268 } 1269 } 1270 1271 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT); 1272 if (shdr->sh_entsize != sh_entsize) 1273 ERROR (gettext (reltype == ELF_T_RELA ? "\ 1274section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\ 1275section [%2d] '%s': section entry size does not match ElfXX_Rel\n"), 1276 idx, section_name (ebl, idx)); 1277 1278 /* In preparation of checking whether relocations are text 1279 relocations or not we need to determine whether the file is 1280 flagged to have text relocation and we need to determine a) what 1281 the loaded segments are and b) which are read-only. This will 1282 also allow us to determine whether the same reloc section is 1283 modifying loaded and not loaded segments. */ 1284 for (unsigned int i = 0; i < phnum; ++i) 1285 { 1286 GElf_Phdr phdr_mem; 1287 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); 1288 if (phdr == NULL) 1289 continue; 1290 1291 if (phdr->p_type == PT_LOAD) 1292 { 1293 struct loaded_segment *newp = xmalloc (sizeof (*newp)); 1294 newp->from = phdr->p_vaddr; 1295 newp->to = phdr->p_vaddr + phdr->p_memsz; 1296 newp->read_only = (phdr->p_flags & PF_W) == 0; 1297 newp->next = *loadedp; 1298 *loadedp = newp; 1299 } 1300 else if (phdr->p_type == PT_DYNAMIC) 1301 { 1302 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset); 1303 GElf_Shdr dynshdr_mem; 1304 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem); 1305 Elf_Data *dyndata = elf_getdata (dynscn, NULL); 1306 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC 1307 && dyndata != NULL && dynshdr->sh_entsize != 0) 1308 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j) 1309 { 1310 GElf_Dyn dyn_mem; 1311 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem); 1312 if (dyn != NULL 1313 && (dyn->d_tag == DT_TEXTREL 1314 || (dyn->d_tag == DT_FLAGS 1315 && (dyn->d_un.d_val & DF_TEXTREL) != 0))) 1316 { 1317 textrel = true; 1318 break; 1319 } 1320 } 1321 } 1322 } 1323 1324 /* A quick test which can be easily done here (although it is a bit 1325 out of place): the text relocation flag makes only sense if there 1326 is a segment which is not writable. */ 1327 if (textrel) 1328 { 1329 struct loaded_segment *seg = *loadedp; 1330 while (seg != NULL && !seg->read_only) 1331 seg = seg->next; 1332 if (seg == NULL) 1333 ERROR (gettext ("\ 1334text relocation flag set but there is no read-only segment\n")); 1335 } 1336 1337 return reldyn; 1338} 1339 1340 1341enum load_state 1342 { 1343 state_undecided, 1344 state_loaded, 1345 state_unloaded, 1346 state_error 1347 }; 1348 1349 1350static void 1351check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx, 1352 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata, 1353 GElf_Addr r_offset, GElf_Xword r_info, 1354 const GElf_Shdr *destshdr, bool reldyn, 1355 struct loaded_segment *loaded, enum load_state *statep) 1356{ 1357 bool known_broken = gnuld; 1358 1359 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info))) 1360 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"), 1361 idx, section_name (ebl, idx), cnt); 1362 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1363 /* The executable/DSO can contain relocation sections with 1364 all the relocations the linker has applied. Those sections 1365 are marked non-loaded, though. */ 1366 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1367 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info))) 1368 ERROR (gettext ("\ 1369section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"), 1370 idx, section_name (ebl, idx), cnt); 1371 1372 if (symshdr != NULL 1373 && ((GELF_R_SYM (r_info) + 1) 1374 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT) 1375 > symshdr->sh_size)) 1376 ERROR (gettext ("\ 1377section [%2d] '%s': relocation %zu: invalid symbol index\n"), 1378 idx, section_name (ebl, idx), cnt); 1379 1380 /* No more tests if this is a no-op relocation. */ 1381 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info))) 1382 return; 1383 1384 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info))) 1385 { 1386 const char *name; 1387 char buf[64]; 1388 GElf_Sym sym_mem; 1389 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1390 if (sym != NULL 1391 /* Get the name for the symbol. */ 1392 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name)) 1393 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 ) 1394 ERROR (gettext ("\ 1395section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"), 1396 idx, section_name (ebl, idx), cnt, 1397 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info), 1398 buf, sizeof (buf))); 1399 } 1400 1401 if (reldyn) 1402 { 1403 // XXX TODO Check .rel.dyn section addresses. 1404 } 1405 else if (!known_broken) 1406 { 1407 if (destshdr != NULL 1408 && GELF_R_TYPE (r_info) != 0 1409 && (r_offset - (ehdr->e_type == ET_REL ? 0 1410 : destshdr->sh_addr)) >= destshdr->sh_size) 1411 ERROR (gettext ("\ 1412section [%2d] '%s': relocation %zu: offset out of bounds\n"), 1413 idx, section_name (ebl, idx), cnt); 1414 } 1415 1416 GElf_Sym sym_mem; 1417 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1418 1419 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info)) 1420 /* Make sure the referenced symbol is an object or unspecified. */ 1421 && sym != NULL 1422 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE 1423 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 1424 { 1425 char buf[64]; 1426 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"), 1427 idx, section_name (ebl, idx), cnt, 1428 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), 1429 buf, sizeof (buf))); 1430 } 1431 1432 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1433 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1434 { 1435 bool in_loaded_seg = false; 1436 while (loaded != NULL) 1437 { 1438 if (r_offset < loaded->to 1439 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from) 1440 { 1441 /* The symbol is in this segment. */ 1442 if (loaded->read_only) 1443 { 1444 if (textrel) 1445 needed_textrel = true; 1446 else 1447 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"), 1448 idx, section_name (ebl, idx), cnt); 1449 } 1450 1451 in_loaded_seg = true; 1452 } 1453 1454 loaded = loaded->next; 1455 } 1456 1457 if (*statep == state_undecided) 1458 *statep = in_loaded_seg ? state_loaded : state_unloaded; 1459 else if ((*statep == state_unloaded && in_loaded_seg) 1460 || (*statep == state_loaded && !in_loaded_seg)) 1461 { 1462 ERROR (gettext ("\ 1463section [%2d] '%s': relocations are against loaded and unloaded data\n"), 1464 idx, section_name (ebl, idx)); 1465 *statep = state_error; 1466 } 1467 } 1468} 1469 1470 1471static void 1472check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1473{ 1474 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1475 if (data == NULL) 1476 { 1477 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1478 idx, section_name (ebl, idx)); 1479 return; 1480 } 1481 1482 /* Check the fields of the section header. */ 1483 GElf_Shdr destshdr_mem; 1484 GElf_Shdr *destshdr = NULL; 1485 struct loaded_segment *loaded = NULL; 1486 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr, 1487 &destshdr_mem, &loaded); 1488 1489 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1490 GElf_Shdr symshdr_mem; 1491 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1492 Elf_Data *symdata = elf_getdata (symscn, NULL); 1493 enum load_state state = state_undecided; 1494 1495 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT); 1496 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1497 { 1498 GElf_Rela rela_mem; 1499 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem); 1500 if (rela == NULL) 1501 { 1502 ERROR (gettext ("\ 1503section [%2d] '%s': cannot get relocation %zu: %s\n"), 1504 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1505 continue; 1506 } 1507 1508 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1509 rela->r_offset, rela->r_info, destshdr, reldyn, loaded, 1510 &state); 1511 } 1512 1513 while (loaded != NULL) 1514 { 1515 struct loaded_segment *old = loaded; 1516 loaded = loaded->next; 1517 free (old); 1518 } 1519} 1520 1521 1522static void 1523check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1524{ 1525 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1526 if (data == NULL) 1527 { 1528 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1529 idx, section_name (ebl, idx)); 1530 return; 1531 } 1532 1533 /* Check the fields of the section header. */ 1534 GElf_Shdr destshdr_mem; 1535 GElf_Shdr *destshdr = NULL; 1536 struct loaded_segment *loaded = NULL; 1537 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr, 1538 &destshdr_mem, &loaded); 1539 1540 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1541 GElf_Shdr symshdr_mem; 1542 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1543 Elf_Data *symdata = elf_getdata (symscn, NULL); 1544 enum load_state state = state_undecided; 1545 1546 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT); 1547 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1548 { 1549 GElf_Rel rel_mem; 1550 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem); 1551 if (rel == NULL) 1552 { 1553 ERROR (gettext ("\ 1554section [%2d] '%s': cannot get relocation %zu: %s\n"), 1555 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1556 continue; 1557 } 1558 1559 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1560 rel->r_offset, rel->r_info, destshdr, reldyn, loaded, 1561 &state); 1562 } 1563 1564 while (loaded != NULL) 1565 { 1566 struct loaded_segment *old = loaded; 1567 loaded = loaded->next; 1568 free (old); 1569 } 1570} 1571 1572 1573/* Number of dynamic sections. */ 1574static int ndynamic; 1575 1576 1577static void 1578check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1579{ 1580 Elf_Data *data; 1581 GElf_Shdr strshdr_mem; 1582 GElf_Shdr *strshdr; 1583 size_t cnt; 1584 static const bool dependencies[DT_NUM][DT_NUM] = 1585 { 1586 [DT_NEEDED] = { [DT_STRTAB] = true }, 1587 [DT_PLTRELSZ] = { [DT_JMPREL] = true }, 1588 [DT_HASH] = { [DT_SYMTAB] = true }, 1589 [DT_STRTAB] = { [DT_STRSZ] = true }, 1590 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true }, 1591 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true }, 1592 [DT_RELASZ] = { [DT_RELA] = true }, 1593 [DT_RELAENT] = { [DT_RELA] = true }, 1594 [DT_STRSZ] = { [DT_STRTAB] = true }, 1595 [DT_SYMENT] = { [DT_SYMTAB] = true }, 1596 [DT_SONAME] = { [DT_STRTAB] = true }, 1597 [DT_RPATH] = { [DT_STRTAB] = true }, 1598 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true }, 1599 [DT_RELSZ] = { [DT_REL] = true }, 1600 [DT_RELENT] = { [DT_REL] = true }, 1601 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true }, 1602 [DT_RUNPATH] = { [DT_STRTAB] = true }, 1603 [DT_PLTREL] = { [DT_JMPREL] = true }, 1604 }; 1605 bool has_dt[DT_NUM]; 1606 bool has_val_dt[DT_VALNUM]; 1607 bool has_addr_dt[DT_ADDRNUM]; 1608 static const bool level2[DT_NUM] = 1609 { 1610 [DT_RPATH] = true, 1611 [DT_SYMBOLIC] = true, 1612 [DT_TEXTREL] = true, 1613 [DT_BIND_NOW] = true 1614 }; 1615 static const bool mandatory[DT_NUM] = 1616 { 1617 [DT_NULL] = true, 1618 [DT_STRTAB] = true, 1619 [DT_SYMTAB] = true, 1620 [DT_STRSZ] = true, 1621 [DT_SYMENT] = true 1622 }; 1623 1624 memset (has_dt, '\0', sizeof (has_dt)); 1625 memset (has_val_dt, '\0', sizeof (has_val_dt)); 1626 memset (has_addr_dt, '\0', sizeof (has_addr_dt)); 1627 1628 if (++ndynamic == 2) 1629 ERROR (gettext ("more than one dynamic section present\n")); 1630 1631 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1632 if (data == NULL) 1633 { 1634 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1635 idx, section_name (ebl, idx)); 1636 return; 1637 } 1638 1639 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem); 1640 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB) 1641 ERROR (gettext ("\ 1642section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 1643 shdr->sh_link, section_name (ebl, shdr->sh_link), 1644 idx, section_name (ebl, idx)); 1645 else if (strshdr == NULL) 1646 { 1647 ERROR (gettext ("\ 1648section [%2d]: referenced as string table for section [%2d] '%s' but section link value is invalid\n"), 1649 shdr->sh_link, idx, section_name (ebl, idx)); 1650 return; 1651 } 1652 1653 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT); 1654 if (shdr->sh_entsize != sh_entsize) 1655 ERROR (gettext ("\ 1656section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"), 1657 idx, section_name (ebl, idx)); 1658 1659 if (shdr->sh_info != 0) 1660 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1661 idx, section_name (ebl, idx)); 1662 1663 bool non_null_warned = false; 1664 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1665 { 1666 GElf_Dyn dyn_mem; 1667 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem); 1668 if (dyn == NULL) 1669 { 1670 ERROR (gettext ("\ 1671section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"), 1672 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1673 continue; 1674 } 1675 1676 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned) 1677 { 1678 ERROR (gettext ("\ 1679section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"), 1680 idx, section_name (ebl, idx)); 1681 non_null_warned = true; 1682 } 1683 1684 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag)) 1685 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"), 1686 idx, section_name (ebl, idx), cnt); 1687 1688 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM) 1689 { 1690 if (has_dt[dyn->d_tag] 1691 && dyn->d_tag != DT_NEEDED 1692 && dyn->d_tag != DT_NULL 1693 && dyn->d_tag != DT_POSFLAG_1) 1694 { 1695 char buf[50]; 1696 ERROR (gettext ("\ 1697section [%2d] '%s': entry %zu: more than one entry with tag %s\n"), 1698 idx, section_name (ebl, idx), cnt, 1699 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1700 buf, sizeof (buf))); 1701 } 1702 1703 if (be_strict && level2[dyn->d_tag]) 1704 { 1705 char buf[50]; 1706 ERROR (gettext ("\ 1707section [%2d] '%s': entry %zu: level 2 tag %s used\n"), 1708 idx, section_name (ebl, idx), cnt, 1709 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1710 buf, sizeof (buf))); 1711 } 1712 1713 has_dt[dyn->d_tag] = true; 1714 } 1715 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_VALRNGHI 1716 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM) 1717 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true; 1718 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_ADDRRNGHI 1719 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) 1720 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true; 1721 1722 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL 1723 && dyn->d_un.d_val != DT_RELA) 1724 ERROR (gettext ("\ 1725section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"), 1726 idx, section_name (ebl, idx), cnt); 1727 1728 /* Check that addresses for entries are in loaded segments. */ 1729 switch (dyn->d_tag) 1730 { 1731 size_t n; 1732 case DT_STRTAB: 1733 /* We require the referenced section is the same as the one 1734 specified in sh_link. */ 1735 if (strshdr->sh_addr != dyn->d_un.d_val) 1736 { 1737 ERROR (gettext ("\ 1738section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"), 1739 idx, section_name (ebl, idx), cnt, 1740 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1741 break; 1742 } 1743 goto check_addr; 1744 1745 default: 1746 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI) 1747 /* Value is no pointer. */ 1748 break; 1749 /* FALLTHROUGH */ 1750 1751 case DT_AUXILIARY: 1752 case DT_FILTER: 1753 case DT_FINI: 1754 case DT_FINI_ARRAY: 1755 case DT_HASH: 1756 case DT_INIT: 1757 case DT_INIT_ARRAY: 1758 case DT_JMPREL: 1759 case DT_PLTGOT: 1760 case DT_REL: 1761 case DT_RELA: 1762 case DT_SYMBOLIC: 1763 case DT_SYMTAB: 1764 case DT_VERDEF: 1765 case DT_VERNEED: 1766 case DT_VERSYM: 1767 check_addr: 1768 for (n = 0; n < phnum; ++n) 1769 { 1770 GElf_Phdr phdr_mem; 1771 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem); 1772 if (phdr != NULL && phdr->p_type == PT_LOAD 1773 && phdr->p_vaddr <= dyn->d_un.d_ptr 1774 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr) 1775 break; 1776 } 1777 if (unlikely (n >= phnum)) 1778 { 1779 char buf[50]; 1780 ERROR (gettext ("\ 1781section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"), 1782 idx, section_name (ebl, idx), cnt, 1783 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1784 sizeof (buf))); 1785 } 1786 break; 1787 1788 case DT_NEEDED: 1789 case DT_RPATH: 1790 case DT_RUNPATH: 1791 case DT_SONAME: 1792 if (dyn->d_un.d_ptr >= strshdr->sh_size) 1793 { 1794 char buf[50]; 1795 ERROR (gettext ("\ 1796section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"), 1797 idx, section_name (ebl, idx), cnt, 1798 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1799 sizeof (buf)), 1800 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1801 } 1802 break; 1803 } 1804 } 1805 1806 for (cnt = 1; cnt < DT_NUM; ++cnt) 1807 if (has_dt[cnt]) 1808 { 1809 for (int inner = 0; inner < DT_NUM; ++inner) 1810 if (dependencies[cnt][inner] && ! has_dt[inner]) 1811 { 1812 char buf1[50]; 1813 char buf2[50]; 1814 1815 ERROR (gettext ("\ 1816section [%2d] '%s': contains %s entry but not %s\n"), 1817 idx, section_name (ebl, idx), 1818 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)), 1819 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2))); 1820 } 1821 } 1822 else 1823 { 1824 if (mandatory[cnt]) 1825 { 1826 char buf[50]; 1827 ERROR (gettext ("\ 1828section [%2d] '%s': mandatory tag %s not present\n"), 1829 idx, section_name (ebl, idx), 1830 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf))); 1831 } 1832 } 1833 1834 /* Make sure we have an hash table. */ 1835 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]) 1836 ERROR (gettext ("\ 1837section [%2d] '%s': no hash section present\n"), 1838 idx, section_name (ebl, idx)); 1839 1840 /* The GNU-style hash table also needs a symbol table. */ 1841 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)] 1842 && !has_dt[DT_SYMTAB]) 1843 ERROR (gettext ("\ 1844section [%2d] '%s': contains %s entry but not %s\n"), 1845 idx, section_name (ebl, idx), 1846 "DT_GNU_HASH", "DT_SYMTAB"); 1847 1848 /* Check the rel/rela tags. At least one group must be available. */ 1849 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT]) 1850 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT])) 1851 ERROR (gettext ("\ 1852section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1853 idx, section_name (ebl, idx), 1854 "DT_RELA", "DT_RELASZ", "DT_RELAENT"); 1855 1856 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT]) 1857 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT])) 1858 ERROR (gettext ("\ 1859section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1860 idx, section_name (ebl, idx), 1861 "DT_REL", "DT_RELSZ", "DT_RELENT"); 1862 1863 /* Check that all prelink sections are present if any of them is. */ 1864 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)] 1865 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1866 { 1867 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]) 1868 ERROR (gettext ("\ 1869section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1870 idx, section_name (ebl, idx), "DT_GNU_PRELINKED"); 1871 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1872 ERROR (gettext ("\ 1873section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1874 idx, section_name (ebl, idx), "DT_CHECKSUM"); 1875 1876 /* Only DSOs can be marked like this. */ 1877 if (ehdr->e_type != ET_DYN) 1878 ERROR (gettext ("\ 1879section [%2d] '%s': non-DSO file marked as dependency during prelink\n"), 1880 idx, section_name (ebl, idx)); 1881 } 1882 1883 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)] 1884 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)] 1885 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)] 1886 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1887 { 1888 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]) 1889 ERROR (gettext ("\ 1890section [%2d] '%s': %s tag missing in prelinked executable\n"), 1891 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ"); 1892 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]) 1893 ERROR (gettext ("\ 1894section [%2d] '%s': %s tag missing in prelinked executable\n"), 1895 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ"); 1896 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]) 1897 ERROR (gettext ("\ 1898section [%2d] '%s': %s tag missing in prelinked executable\n"), 1899 idx, section_name (ebl, idx), "DT_GNU_CONFLICT"); 1900 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1901 ERROR (gettext ("\ 1902section [%2d] '%s': %s tag missing in prelinked executable\n"), 1903 idx, section_name (ebl, idx), "DT_GNU_LIBLIST"); 1904 } 1905} 1906 1907 1908static void 1909check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1910{ 1911 if (ehdr->e_type != ET_REL) 1912 { 1913 ERROR (gettext ("\ 1914section [%2d] '%s': only relocatable files can have extended section index\n"), 1915 idx, section_name (ebl, idx)); 1916 return; 1917 } 1918 1919 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1920 GElf_Shdr symshdr_mem; 1921 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1922 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB) 1923 ERROR (gettext ("\ 1924section [%2d] '%s': extended section index section not for symbol table\n"), 1925 idx, section_name (ebl, idx)); 1926 else if (symshdr == NULL) 1927 ERROR (gettext ("\ 1928section [%2d] '%s': sh_link extended section index [%2d] is invalid\n"), 1929 idx, section_name (ebl, idx), shdr->sh_link); 1930 Elf_Data *symdata = elf_getdata (symscn, NULL); 1931 if (symdata == NULL) 1932 ERROR (gettext ("cannot get data for symbol section\n")); 1933 1934 if (shdr->sh_entsize != sizeof (Elf32_Word)) 1935 ERROR (gettext ("\ 1936section [%2d] '%s': entry size does not match Elf32_Word\n"), 1937 idx, section_name (ebl, idx)); 1938 1939 if (symshdr != NULL 1940 && shdr->sh_entsize != 0 1941 && symshdr->sh_entsize != 0 1942 && (shdr->sh_size / shdr->sh_entsize 1943 < symshdr->sh_size / symshdr->sh_entsize)) 1944 ERROR (gettext ("\ 1945section [%2d] '%s': extended index table too small for symbol table\n"), 1946 idx, section_name (ebl, idx)); 1947 1948 if (shdr->sh_info != 0) 1949 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1950 idx, section_name (ebl, idx)); 1951 1952 for (size_t cnt = idx + 1; cnt < shnum; ++cnt) 1953 { 1954 GElf_Shdr rshdr_mem; 1955 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem); 1956 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX 1957 && rshdr->sh_link == shdr->sh_link) 1958 { 1959 ERROR (gettext ("\ 1960section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"), 1961 idx, section_name (ebl, idx), 1962 cnt, section_name (ebl, cnt)); 1963 break; 1964 } 1965 } 1966 1967 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1968 if (data == NULL || data->d_buf == NULL) 1969 { 1970 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1971 idx, section_name (ebl, idx)); 1972 return; 1973 } 1974 1975 if (*((Elf32_Word *) data->d_buf) != 0) 1976 ERROR (gettext ("symbol 0 should have zero extended section index\n")); 1977 1978 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt) 1979 { 1980 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt]; 1981 1982 if (xndx != 0) 1983 { 1984 GElf_Sym sym_data; 1985 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data); 1986 if (sym == NULL) 1987 { 1988 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt); 1989 continue; 1990 } 1991 1992 if (sym->st_shndx != SHN_XINDEX) 1993 ERROR (gettext ("\ 1994extended section index is %" PRIu32 " but symbol index is not XINDEX\n"), 1995 (uint32_t) xndx); 1996 } 1997 } 1998} 1999 2000 2001static void 2002check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2003 GElf_Shdr *symshdr) 2004{ 2005 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0]; 2006 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1]; 2007 2008 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 2009 ERROR (gettext ("\ 2010section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 2011 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2012 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 2013 2014 size_t maxidx = nchain; 2015 2016 if (symshdr != NULL && symshdr->sh_entsize != 0) 2017 { 2018 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 2019 2020 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 2021 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 2022 idx, section_name (ebl, idx)); 2023 2024 maxidx = symsize; 2025 } 2026 2027 Elf32_Word *buf = (Elf32_Word *) data->d_buf; 2028 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size); 2029 size_t cnt; 2030 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 2031 { 2032 if (buf + cnt >= end) 2033 break; 2034 else if (buf[cnt] >= maxidx) 2035 ERROR (gettext ("\ 2036section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 2037 idx, section_name (ebl, idx), cnt - 2); 2038 } 2039 2040 for (; cnt < 2 + nbucket + nchain; ++cnt) 2041 { 2042 if (buf + cnt >= end) 2043 break; 2044 else if (buf[cnt] >= maxidx) 2045 ERROR (gettext ("\ 2046section [%2d] '%s': hash chain reference %zu out of bounds\n"), 2047 idx, section_name (ebl, idx), cnt - 2 - nbucket); 2048 } 2049} 2050 2051 2052static void 2053check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2054 GElf_Shdr *symshdr) 2055{ 2056 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0]; 2057 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1]; 2058 2059 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 2060 ERROR (gettext ("\ 2061section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 2062 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2063 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 2064 2065 size_t maxidx = nchain; 2066 2067 if (symshdr != NULL && symshdr->sh_entsize != 0) 2068 { 2069 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 2070 2071 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 2072 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 2073 idx, section_name (ebl, idx)); 2074 2075 maxidx = symsize; 2076 } 2077 2078 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf; 2079 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size); 2080 size_t cnt; 2081 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 2082 { 2083 if (buf + cnt >= end) 2084 break; 2085 else if (buf[cnt] >= maxidx) 2086 ERROR (gettext ("\ 2087section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 2088 idx, section_name (ebl, idx), cnt - 2); 2089 } 2090 2091 for (; cnt < 2 + nbucket + nchain; ++cnt) 2092 { 2093 if (buf + cnt >= end) 2094 break; 2095 else if (buf[cnt] >= maxidx) 2096 ERROR (gettext ("\ 2097section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"), 2098 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket); 2099 } 2100} 2101 2102 2103static void 2104check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2105 GElf_Shdr *symshdr) 2106{ 2107 if (data->d_size < 4 * sizeof (Elf32_Word)) 2108 { 2109 ERROR (gettext ("\ 2110section [%2d] '%s': not enough data\n"), 2111 idx, section_name (ebl, idx)); 2112 return; 2113 } 2114 2115 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0]; 2116 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1]; 2117 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2]; 2118 2119 if (bitmask_words == 0 || !powerof2 (bitmask_words)) 2120 { 2121 ERROR (gettext ("\ 2122section [%2d] '%s': bitmask size zero or not power of 2: %u\n"), 2123 idx, section_name (ebl, idx), bitmask_words); 2124 return; 2125 } 2126 2127 size_t bitmask_idxmask = bitmask_words - 1; 2128 if (gelf_getclass (ebl->elf) == ELFCLASS64) 2129 bitmask_words *= 2; 2130 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3]; 2131 2132 /* Is there still room for the sym chain? 2133 Use uint64_t calculation to prevent 32bit overlow. */ 2134 uint64_t used_buf = (4ULL + bitmask_words + nbuckets) * sizeof (Elf32_Word); 2135 if (used_buf > data->d_size) 2136 { 2137 ERROR (gettext ("\ 2138section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"), 2139 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2140 (long int) used_buf); 2141 return; 2142 } 2143 2144 if (shift > 31) 2145 { 2146 ERROR (gettext ("\ 2147section [%2d] '%s': 2nd hash function shift too big: %u\n"), 2148 idx, section_name (ebl, idx), shift); 2149 return; 2150 } 2151 2152 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words 2153 + nbuckets); 2154 2155 if (symshdr != NULL && symshdr->sh_entsize != 0) 2156 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize); 2157 2158 /* We need the symbol section data. */ 2159 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL); 2160 2161 union 2162 { 2163 Elf32_Word *p32; 2164 Elf64_Xword *p64; 2165 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] }, 2166 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) }; 2167 2168 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64; 2169 2170 size_t cnt; 2171 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt) 2172 { 2173 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt]; 2174 2175 if (symidx == 0) 2176 continue; 2177 2178 if (symidx < symbias) 2179 { 2180 ERROR (gettext ("\ 2181section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"), 2182 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2183 continue; 2184 } 2185 2186 while (symidx - symbias < maxidx) 2187 { 2188 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4 2189 + bitmask_words 2190 + nbuckets 2191 + symidx 2192 - symbias]; 2193 2194 if (symdata != NULL) 2195 { 2196 /* Check that the referenced symbol is not undefined. */ 2197 GElf_Sym sym_mem; 2198 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem); 2199 if (sym != NULL && sym->st_shndx == SHN_UNDEF 2200 && GELF_ST_TYPE (sym->st_info) != STT_FUNC) 2201 ERROR (gettext ("\ 2202section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"), 2203 idx, section_name (ebl, idx), symidx, 2204 cnt - (4 + bitmask_words)); 2205 2206 const char *symname = (sym != NULL 2207 ? elf_strptr (ebl->elf, symshdr->sh_link, 2208 sym->st_name) 2209 : NULL); 2210 if (symname != NULL) 2211 { 2212 Elf32_Word hval = elf_gnu_hash (symname); 2213 if ((hval & ~1u) != (chainhash & ~1u)) 2214 ERROR (gettext ("\ 2215section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"), 2216 idx, section_name (ebl, idx), symidx, 2217 cnt - (4 + bitmask_words)); 2218 2219 /* Set the bits in the bitmask. */ 2220 size_t maskidx = (hval / classbits) & bitmask_idxmask; 2221 if (maskidx >= bitmask_words) 2222 { 2223 ERROR (gettext ("\ 2224section [%2d] '%s': mask index for symbol %u in chain for bucket %zu wrong\n"), 2225 idx, section_name (ebl, idx), symidx, 2226 cnt - (4 + bitmask_words)); 2227 return; 2228 } 2229 if (classbits == 32) 2230 { 2231 collected.p32[maskidx] 2232 |= UINT32_C (1) << (hval & (classbits - 1)); 2233 collected.p32[maskidx] 2234 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1)); 2235 } 2236 else 2237 { 2238 collected.p64[maskidx] 2239 |= UINT64_C (1) << (hval & (classbits - 1)); 2240 collected.p64[maskidx] 2241 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1)); 2242 } 2243 } 2244 } 2245 2246 if ((chainhash & 1) != 0) 2247 break; 2248 2249 ++symidx; 2250 } 2251 2252 if (symidx - symbias >= maxidx) 2253 ERROR (gettext ("\ 2254section [%2d] '%s': hash chain for bucket %zu out of bounds\n"), 2255 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2256 else if (symshdr != NULL && symshdr->sh_entsize != 0 2257 && symidx > symshdr->sh_size / symshdr->sh_entsize) 2258 ERROR (gettext ("\ 2259section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"), 2260 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2261 } 2262 2263 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word))) 2264 ERROR (gettext ("\ 2265section [%2d] '%s': bitmask does not match names in the hash table\n"), 2266 idx, section_name (ebl, idx)); 2267 2268 free (collected.p32); 2269} 2270 2271 2272static void 2273check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2274{ 2275 if (ehdr->e_type == ET_REL) 2276 { 2277 ERROR (gettext ("\ 2278section [%2d] '%s': relocatable files cannot have hash tables\n"), 2279 idx, section_name (ebl, idx)); 2280 return; 2281 } 2282 2283 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2284 if (data == NULL || data->d_buf == NULL) 2285 { 2286 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2287 idx, section_name (ebl, idx)); 2288 return; 2289 } 2290 2291 GElf_Shdr symshdr_mem; 2292 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2293 &symshdr_mem); 2294 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM) 2295 ERROR (gettext ("\ 2296section [%2d] '%s': hash table not for dynamic symbol table\n"), 2297 idx, section_name (ebl, idx)); 2298 else if (symshdr == NULL) 2299 ERROR (gettext ("\ 2300section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"), 2301 idx, section_name (ebl, idx), shdr->sh_link); 2302 2303 if (shdr->sh_entsize != (tag == SHT_GNU_HASH 2304 ? (gelf_getclass (ebl->elf) == ELFCLASS32 2305 ? sizeof (Elf32_Word) : 0) 2306 : (size_t) ebl_sysvhash_entrysize (ebl))) 2307 ERROR (gettext ("\ 2308section [%2d] '%s': hash table entry size incorrect\n"), 2309 idx, section_name (ebl, idx)); 2310 2311 if ((shdr->sh_flags & SHF_ALLOC) == 0) 2312 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"), 2313 idx, section_name (ebl, idx)); 2314 2315 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4)) 2316 { 2317 ERROR (gettext ("\ 2318section [%2d] '%s': hash table has not even room for initial administrative entries\n"), 2319 idx, section_name (ebl, idx)); 2320 return; 2321 } 2322 2323 switch (tag) 2324 { 2325 case SHT_HASH: 2326 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword)) 2327 check_sysv_hash64 (ebl, shdr, data, idx, symshdr); 2328 else 2329 check_sysv_hash (ebl, shdr, data, idx, symshdr); 2330 break; 2331 2332 case SHT_GNU_HASH: 2333 check_gnu_hash (ebl, shdr, data, idx, symshdr); 2334 break; 2335 2336 default: 2337 assert (! "should not happen"); 2338 } 2339} 2340 2341 2342/* Compare content of both hash tables, it must be identical. */ 2343static void 2344compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx, 2345 size_t gnu_hash_idx) 2346{ 2347 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx); 2348 Elf_Data *hash_data = elf_getdata (hash_scn, NULL); 2349 GElf_Shdr hash_shdr_mem; 2350 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem); 2351 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx); 2352 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL); 2353 GElf_Shdr gnu_hash_shdr_mem; 2354 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem); 2355 2356 if (hash_shdr == NULL || gnu_hash_shdr == NULL 2357 || hash_data == NULL || hash_data->d_buf == NULL 2358 || gnu_hash_data == NULL || gnu_hash_data->d_buf == NULL) 2359 /* None of these pointers should be NULL since we used the 2360 sections already. We are careful nonetheless. */ 2361 return; 2362 2363 /* The link must point to the same symbol table. */ 2364 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link) 2365 { 2366 ERROR (gettext ("\ 2367sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"), 2368 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2369 gnu_hash_idx, 2370 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2371 return; 2372 } 2373 2374 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link); 2375 Elf_Data *sym_data = elf_getdata (sym_scn, NULL); 2376 GElf_Shdr sym_shdr_mem; 2377 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem); 2378 2379 if (sym_data == NULL || sym_data->d_buf == NULL 2380 || sym_shdr == NULL || sym_shdr->sh_entsize == 0) 2381 return; 2382 2383 const char *hash_name; 2384 const char *gnu_hash_name; 2385 hash_name = elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name); 2386 gnu_hash_name = elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name); 2387 2388 if (gnu_hash_data->d_size < 4 * sizeof (Elf32_Word)) 2389 { 2390 ERROR (gettext ("\ 2391hash section [%2zu] '%s' does not contain enough data\n"), 2392 gnu_hash_idx, gnu_hash_name); 2393 return; 2394 } 2395 2396 uint32_t nentries = sym_shdr->sh_size / sym_shdr->sh_entsize; 2397 char *used = alloca (nentries); 2398 memset (used, '\0', nentries); 2399 2400 /* First go over the GNU_HASH table and mark the entries as used. */ 2401 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf; 2402 Elf32_Word gnu_nbucket = gnu_hasharr[0]; 2403 Elf32_Word gnu_symbias = gnu_hasharr[1]; 2404 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2; 2405 const Elf32_Word *gnu_bucket = (gnu_hasharr 2406 + (4 + gnu_hasharr[2] * bitmap_factor)); 2407 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0]; 2408 2409 if (gnu_hasharr[2] == 0) 2410 { 2411 ERROR (gettext ("\ 2412hash section [%2zu] '%s' has zero bit mask words\n"), 2413 gnu_hash_idx, gnu_hash_name); 2414 return; 2415 } 2416 2417 uint64_t used_buf = ((4ULL + gnu_hasharr[2] * bitmap_factor + gnu_nbucket) 2418 * sizeof (Elf32_Word)); 2419 uint32_t max_nsyms = (gnu_hash_data->d_size - used_buf) / sizeof (Elf32_Word); 2420 if (used_buf > gnu_hash_data->d_size) 2421 { 2422 ERROR (gettext ("\ 2423hash section [%2zu] '%s' uses too much data\n"), 2424 gnu_hash_idx, gnu_hash_name); 2425 return; 2426 } 2427 2428 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt) 2429 { 2430 if (gnu_bucket[cnt] != STN_UNDEF) 2431 { 2432 Elf32_Word symidx = gnu_bucket[cnt] - gnu_symbias; 2433 do 2434 { 2435 if (symidx >= max_nsyms || symidx + gnu_symbias >= nentries) 2436 { 2437 ERROR (gettext ("\ 2438hash section [%2zu] '%s' invalid symbol index %" PRIu32 " (max_nsyms: %" PRIu32 ", nentries: %" PRIu32 "\n"), 2439 gnu_hash_idx, gnu_hash_name, symidx, max_nsyms, nentries); 2440 return; 2441 } 2442 used[symidx + gnu_symbias] |= 1; 2443 } 2444 while ((gnu_chain[symidx++] & 1u) == 0); 2445 } 2446 } 2447 2448 /* Now go over the old hash table and check that we cover the same 2449 entries. */ 2450 if (hash_shdr->sh_entsize == sizeof (Elf32_Word)) 2451 { 2452 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf; 2453 if (hash_data->d_size < 2 * sizeof (Elf32_Word)) 2454 { 2455 ERROR (gettext ("\ 2456hash section [%2zu] '%s' does not contain enough data\n"), 2457 hash_idx, hash_name); 2458 return; 2459 } 2460 2461 Elf32_Word nbucket = hasharr[0]; 2462 Elf32_Word nchain = hasharr[1]; 2463 uint64_t hash_used = (2ULL + nchain + nbucket) * sizeof (Elf32_Word); 2464 if (hash_used > hash_data->d_size) 2465 { 2466 ERROR (gettext ("\ 2467hash section [%2zu] '%s' uses too much data\n"), 2468 hash_idx, hash_name); 2469 return; 2470 } 2471 2472 const Elf32_Word *bucket = &hasharr[2]; 2473 const Elf32_Word *chain = &hasharr[2 + nbucket]; 2474 2475 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt) 2476 { 2477 Elf32_Word symidx = bucket[cnt]; 2478 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain) 2479 { 2480 used[symidx] |= 2; 2481 symidx = chain[symidx]; 2482 } 2483 } 2484 } 2485 else if (hash_shdr->sh_entsize == sizeof (Elf64_Word)) 2486 { 2487 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf; 2488 if (hash_data->d_size < 2 * sizeof (Elf32_Word)) 2489 { 2490 ERROR (gettext ("\ 2491hash section [%2zu] '%s' does not contain enough data\n"), 2492 hash_idx, hash_name); 2493 return; 2494 } 2495 2496 Elf64_Xword nbucket = hasharr[0]; 2497 Elf64_Xword nchain = hasharr[1]; 2498 uint64_t maxwords = hash_data->d_size / sizeof (Elf64_Xword); 2499 if (maxwords < 2 2500 || maxwords - 2 < nbucket 2501 || maxwords - 2 - nbucket < nchain) 2502 { 2503 ERROR (gettext ("\ 2504hash section [%2zu] '%s' uses too much data\n"), 2505 hash_idx, hash_name); 2506 return; 2507 } 2508 2509 const Elf64_Xword *bucket = &hasharr[2]; 2510 const Elf64_Xword *chain = &hasharr[2 + nbucket]; 2511 2512 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt) 2513 { 2514 Elf64_Xword symidx = bucket[cnt]; 2515 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain) 2516 { 2517 used[symidx] |= 2; 2518 symidx = chain[symidx]; 2519 } 2520 } 2521 } 2522 else 2523 { 2524 ERROR (gettext ("\ 2525hash section [%2zu] '%s' invalid sh_entsize\n"), 2526 gnu_hash_idx, gnu_hash_name); 2527 return; 2528 } 2529 2530 /* Now see which entries are not set in one or both hash tables 2531 (unless the symbol is undefined in which case it can be omitted 2532 in the new table format). */ 2533 if ((used[0] & 1) != 0) 2534 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2535 gnu_hash_idx, 2536 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2537 if ((used[0] & 2) != 0) 2538 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2539 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2540 2541 for (uint32_t cnt = 1; cnt < nentries; ++cnt) 2542 if (used[cnt] != 0 && used[cnt] != 3) 2543 { 2544 if (used[cnt] == 1) 2545 ERROR (gettext ("\ 2546symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"), 2547 cnt, gnu_hash_idx, 2548 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name), 2549 hash_idx, 2550 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2551 else 2552 { 2553 GElf_Sym sym_mem; 2554 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem); 2555 2556 if (sym != NULL && sym->st_shndx != STN_UNDEF) 2557 ERROR (gettext ("\ 2558symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"), 2559 cnt, hash_idx, 2560 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2561 gnu_hash_idx, 2562 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2563 } 2564 } 2565} 2566 2567 2568static void 2569check_null (Ebl *ebl, GElf_Shdr *shdr, int idx) 2570{ 2571#define TEST(name, extra) \ 2572 if (extra && shdr->sh_##name != 0) \ 2573 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \ 2574 idx, section_name (ebl, idx), #name) 2575 2576 TEST (name, 1); 2577 TEST (flags, 1); 2578 TEST (addr, 1); 2579 TEST (offset, 1); 2580 TEST (size, idx != 0); 2581 TEST (link, idx != 0); 2582 TEST (info, 1); 2583 TEST (addralign, 1); 2584 TEST (entsize, 1); 2585} 2586 2587 2588static void 2589check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2590{ 2591 if (ehdr->e_type != ET_REL) 2592 { 2593 ERROR (gettext ("\ 2594section [%2d] '%s': section groups only allowed in relocatable object files\n"), 2595 idx, section_name (ebl, idx)); 2596 return; 2597 } 2598 2599 /* Check that sh_link is an index of a symbol table. */ 2600 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2601 GElf_Shdr symshdr_mem; 2602 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2603 if (symshdr == NULL) 2604 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"), 2605 idx, section_name (ebl, idx), elf_errmsg (-1)); 2606 else 2607 { 2608 if (symshdr->sh_type != SHT_SYMTAB) 2609 ERROR (gettext ("\ 2610section [%2d] '%s': section reference in sh_link is no symbol table\n"), 2611 idx, section_name (ebl, idx)); 2612 2613 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM, 2614 1, EV_CURRENT)) 2615 ERROR (gettext ("\ 2616section [%2d] '%s': invalid symbol index in sh_info\n"), 2617 idx, section_name (ebl, idx)); 2618 2619 if (shdr->sh_flags != 0) 2620 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"), 2621 idx, section_name (ebl, idx)); 2622 2623 GElf_Sym sym_data; 2624 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info, 2625 &sym_data); 2626 if (sym == NULL) 2627 ERROR (gettext ("\ 2628section [%2d] '%s': cannot get symbol for signature\n"), 2629 idx, section_name (ebl, idx)); 2630 else if (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name) == NULL) 2631 ERROR (gettext ("\ 2632section [%2d] '%s': cannot get symbol name for signature\n"), 2633 idx, section_name (ebl, idx)); 2634 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name), 2635 "") == 0) 2636 ERROR (gettext ("\ 2637section [%2d] '%s': signature symbol cannot be empty string\n"), 2638 idx, section_name (ebl, idx)); 2639 2640 if (be_strict 2641 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT)) 2642 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"), 2643 idx, section_name (ebl, idx)); 2644 } 2645 2646 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2647 if (data == NULL || data->d_buf == NULL) 2648 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"), 2649 idx, section_name (ebl, idx), elf_errmsg (-1)); 2650 else 2651 { 2652 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT); 2653 size_t cnt; 2654 Elf32_Word val; 2655 2656 if (data->d_size % elsize != 0) 2657 ERROR (gettext ("\ 2658section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"), 2659 idx, section_name (ebl, idx)); 2660 2661 if (data->d_size < elsize) 2662 ERROR (gettext ("\ 2663section [%2d] '%s': section group without flags word\n"), 2664 idx, section_name (ebl, idx)); 2665 else if (be_strict) 2666 { 2667 if (data->d_size < 2 * elsize) 2668 ERROR (gettext ("\ 2669section [%2d] '%s': section group without member\n"), 2670 idx, section_name (ebl, idx)); 2671 else if (data->d_size < 3 * elsize) 2672 ERROR (gettext ("\ 2673section [%2d] '%s': section group with only one member\n"), 2674 idx, section_name (ebl, idx)); 2675 } 2676 2677#if ALLOW_UNALIGNED 2678 val = *((Elf32_Word *) data->d_buf); 2679#else 2680 memcpy (&val, data->d_buf, elsize); 2681#endif 2682 if ((val & ~GRP_COMDAT) != 0) 2683 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"), 2684 idx, section_name (ebl, idx)); 2685 2686 for (cnt = elsize; cnt < data->d_size; cnt += elsize) 2687 { 2688#if ALLOW_UNALIGNED 2689 val = *((Elf32_Word *) ((char *) data->d_buf + cnt)); 2690#else 2691 memcpy (&val, (char *) data->d_buf + cnt, elsize); 2692#endif 2693 2694 if (val > shnum) 2695 ERROR (gettext ("\ 2696section [%2d] '%s': section index %zu out of range\n"), 2697 idx, section_name (ebl, idx), cnt / elsize); 2698 else 2699 { 2700 GElf_Shdr refshdr_mem; 2701 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val), 2702 &refshdr_mem); 2703 if (refshdr == NULL) 2704 ERROR (gettext ("\ 2705section [%2d] '%s': cannot get section header for element %zu: %s\n"), 2706 idx, section_name (ebl, idx), cnt / elsize, 2707 elf_errmsg (-1)); 2708 else 2709 { 2710 if (refshdr->sh_type == SHT_GROUP) 2711 ERROR (gettext ("\ 2712section [%2d] '%s': section group contains another group [%2d] '%s'\n"), 2713 idx, section_name (ebl, idx), 2714 val, section_name (ebl, val)); 2715 2716 if ((refshdr->sh_flags & SHF_GROUP) == 0) 2717 ERROR (gettext ("\ 2718section [%2d] '%s': element %zu references section [%2d] '%s' without SHF_GROUP flag set\n"), 2719 idx, section_name (ebl, idx), cnt / elsize, 2720 val, section_name (ebl, val)); 2721 } 2722 2723 if (val < shnum && ++scnref[val] == 2) 2724 ERROR (gettext ("\ 2725section [%2d] '%s' is contained in more than one section group\n"), 2726 val, section_name (ebl, val)); 2727 } 2728 } 2729 } 2730} 2731 2732 2733static const char * 2734section_flags_string (GElf_Word flags, char *buf, size_t len) 2735{ 2736 if (flags == 0) 2737 return "none"; 2738 2739 static const struct 2740 { 2741 GElf_Word flag; 2742 const char *name; 2743 } known_flags[] = 2744 { 2745#define NEWFLAG(name) { SHF_##name, #name } 2746 NEWFLAG (WRITE), 2747 NEWFLAG (ALLOC), 2748 NEWFLAG (EXECINSTR), 2749 NEWFLAG (MERGE), 2750 NEWFLAG (STRINGS), 2751 NEWFLAG (INFO_LINK), 2752 NEWFLAG (LINK_ORDER), 2753 NEWFLAG (OS_NONCONFORMING), 2754 NEWFLAG (GROUP), 2755 NEWFLAG (TLS), 2756 NEWFLAG (COMPRESSED) 2757 }; 2758#undef NEWFLAG 2759 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]); 2760 2761 char *cp = buf; 2762 2763 for (size_t cnt = 0; cnt < nknown_flags; ++cnt) 2764 if (flags & known_flags[cnt].flag) 2765 { 2766 if (cp != buf && len > 1) 2767 { 2768 *cp++ = '|'; 2769 --len; 2770 } 2771 2772 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name)); 2773 cp = mempcpy (cp, known_flags[cnt].name, ncopy); 2774 len -= ncopy; 2775 2776 flags ^= known_flags[cnt].flag; 2777 } 2778 2779 if (flags != 0 || cp == buf) 2780 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags); 2781 2782 *cp = '\0'; 2783 2784 return buf; 2785} 2786 2787 2788static int 2789has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx) 2790{ 2791 /* First find the relocation section for the symbol table. */ 2792 Elf_Scn *scn = NULL; 2793 GElf_Shdr shdr_mem; 2794 GElf_Shdr *shdr = NULL; 2795 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 2796 { 2797 shdr = gelf_getshdr (scn, &shdr_mem); 2798 if (shdr != NULL 2799 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA) 2800 && shdr->sh_link == symscnndx) 2801 /* Found the section. */ 2802 break; 2803 } 2804 2805 if (scn == NULL) 2806 return 0; 2807 2808 Elf_Data *data = elf_getdata (scn, NULL); 2809 if (data == NULL || shdr->sh_entsize == 0) 2810 return 0; 2811 2812 if (shdr->sh_type == SHT_REL) 2813 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2814 { 2815 GElf_Rel rel_mem; 2816 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem); 2817 if (rel == NULL) 2818 continue; 2819 2820 if (GELF_R_SYM (rel->r_info) == symndx 2821 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info))) 2822 return 1; 2823 } 2824 else 2825 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2826 { 2827 GElf_Rela rela_mem; 2828 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem); 2829 if (rela == NULL) 2830 continue; 2831 2832 if (GELF_R_SYM (rela->r_info) == symndx 2833 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info))) 2834 return 1; 2835 } 2836 2837 return 0; 2838} 2839 2840 2841static int 2842in_nobits_scn (Ebl *ebl, unsigned int shndx) 2843{ 2844 GElf_Shdr shdr_mem; 2845 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem); 2846 return shdr != NULL && shdr->sh_type == SHT_NOBITS; 2847} 2848 2849 2850static struct version_namelist 2851{ 2852 const char *objname; 2853 const char *name; 2854 GElf_Versym ndx; 2855 enum { ver_def, ver_need } type; 2856 struct version_namelist *next; 2857} *version_namelist; 2858 2859 2860static int 2861add_version (const char *objname, const char *name, GElf_Versym ndx, int type) 2862{ 2863 /* Check that there are no duplications. */ 2864 struct version_namelist *nlp = version_namelist; 2865 while (nlp != NULL) 2866 { 2867 if (((nlp->objname == NULL && objname == NULL) 2868 || (nlp->objname != NULL && objname != NULL 2869 && strcmp (nlp->objname, objname) == 0)) 2870 && strcmp (nlp->name, name) == 0) 2871 return nlp->type == ver_def ? 1 : -1; 2872 nlp = nlp->next; 2873 } 2874 2875 nlp = xmalloc (sizeof (*nlp)); 2876 nlp->objname = objname; 2877 nlp->name = name; 2878 nlp->ndx = ndx; 2879 nlp->type = type; 2880 nlp->next = version_namelist; 2881 version_namelist = nlp; 2882 2883 return 0; 2884} 2885 2886 2887static void 2888check_versym (Ebl *ebl, int idx) 2889{ 2890 Elf_Scn *scn = elf_getscn (ebl->elf, idx); 2891 GElf_Shdr shdr_mem; 2892 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2893 if (shdr == NULL) 2894 /* The error has already been reported. */ 2895 return; 2896 2897 Elf_Data *data = elf_getdata (scn, NULL); 2898 if (data == NULL) 2899 { 2900 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2901 idx, section_name (ebl, idx)); 2902 return; 2903 } 2904 2905 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2906 GElf_Shdr symshdr_mem; 2907 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2908 if (symshdr == NULL) 2909 /* The error has already been reported. */ 2910 return; 2911 2912 if (symshdr->sh_type != SHT_DYNSYM) 2913 { 2914 ERROR (gettext ("\ 2915section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"), 2916 idx, section_name (ebl, idx), 2917 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2918 return; 2919 } 2920 2921 /* The number of elements in the version symbol table must be the 2922 same as the number of symbols. */ 2923 if (shdr->sh_entsize != 0 && symshdr->sh_entsize != 0 2924 && (shdr->sh_size / shdr->sh_entsize 2925 != symshdr->sh_size / symshdr->sh_entsize)) 2926 ERROR (gettext ("\ 2927section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"), 2928 idx, section_name (ebl, idx), 2929 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2930 2931 Elf_Data *symdata = elf_getdata (symscn, NULL); 2932 if (symdata == NULL || shdr->sh_entsize == 0) 2933 /* The error has already been reported. */ 2934 return; 2935 2936 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 2937 { 2938 GElf_Versym versym_mem; 2939 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem); 2940 if (versym == NULL) 2941 { 2942 ERROR (gettext ("\ 2943section [%2d] '%s': symbol %d: cannot read version data\n"), 2944 idx, section_name (ebl, idx), cnt); 2945 break; 2946 } 2947 2948 GElf_Sym sym_mem; 2949 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem); 2950 if (sym == NULL) 2951 /* Already reported elsewhere. */ 2952 continue; 2953 2954 if (*versym == VER_NDX_GLOBAL) 2955 { 2956 /* Global symbol. Make sure it is not defined as local. */ 2957 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2958 ERROR (gettext ("\ 2959section [%2d] '%s': symbol %d: local symbol with global scope\n"), 2960 idx, section_name (ebl, idx), cnt); 2961 } 2962 else if (*versym != VER_NDX_LOCAL) 2963 { 2964 /* Versioned symbol. Make sure it is not defined as local. */ 2965 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2966 ERROR (gettext ("\ 2967section [%2d] '%s': symbol %d: local symbol with version\n"), 2968 idx, section_name (ebl, idx), cnt); 2969 2970 /* Look through the list of defined versions and locate the 2971 index we need for this symbol. */ 2972 struct version_namelist *runp = version_namelist; 2973 while (runp != NULL) 2974 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff)) 2975 break; 2976 else 2977 runp = runp->next; 2978 2979 if (runp == NULL) 2980 ERROR (gettext ("\ 2981section [%2d] '%s': symbol %d: invalid version index %d\n"), 2982 idx, section_name (ebl, idx), cnt, (int) *versym); 2983 else if (sym->st_shndx == SHN_UNDEF 2984 && runp->type == ver_def) 2985 ERROR (gettext ("\ 2986section [%2d] '%s': symbol %d: version index %d is for defined version\n"), 2987 idx, section_name (ebl, idx), cnt, (int) *versym); 2988 else if (sym->st_shndx != SHN_UNDEF 2989 && runp->type == ver_need) 2990 { 2991 /* Unless this symbol has a copy relocation associated 2992 this must not happen. */ 2993 if (!has_copy_reloc (ebl, shdr->sh_link, cnt) 2994 && !in_nobits_scn (ebl, sym->st_shndx)) 2995 ERROR (gettext ("\ 2996section [%2d] '%s': symbol %d: version index %d is for requested version\n"), 2997 idx, section_name (ebl, idx), cnt, (int) *versym); 2998 } 2999 } 3000 } 3001} 3002 3003 3004static int 3005unknown_dependency_p (Elf *elf, const char *fname) 3006{ 3007 GElf_Phdr phdr_mem; 3008 GElf_Phdr *phdr = NULL; 3009 3010 unsigned int i; 3011 for (i = 0; i < phnum; ++i) 3012 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL 3013 && phdr->p_type == PT_DYNAMIC) 3014 break; 3015 3016 if (i == phnum) 3017 return 1; 3018 assert (phdr != NULL); 3019 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset); 3020 GElf_Shdr shdr_mem; 3021 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 3022 Elf_Data *data = elf_getdata (scn, NULL); 3023 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC 3024 && data != NULL && shdr->sh_entsize != 0) 3025 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j) 3026 { 3027 GElf_Dyn dyn_mem; 3028 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem); 3029 if (dyn != NULL && dyn->d_tag == DT_NEEDED) 3030 { 3031 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val); 3032 if (str != NULL && strcmp (str, fname) == 0) 3033 /* Found it. */ 3034 return 0; 3035 } 3036 } 3037 3038 return 1; 3039} 3040 3041 3042static unsigned int nverneed; 3043 3044static void 3045check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx) 3046{ 3047 if (++nverneed == 2) 3048 ERROR (gettext ("more than one version reference section present\n")); 3049 3050 GElf_Shdr strshdr_mem; 3051 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 3052 &strshdr_mem); 3053 if (strshdr == NULL) 3054 return; 3055 if (strshdr->sh_type != SHT_STRTAB) 3056 ERROR (gettext ("\ 3057section [%2d] '%s': sh_link does not link to string table\n"), 3058 idx, section_name (ebl, idx)); 3059 3060 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 3061 if (data == NULL) 3062 { 3063 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3064 idx, section_name (ebl, idx)); 3065 return; 3066 } 3067 unsigned int offset = 0; 3068 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; ) 3069 { 3070 cnt--; 3071 3072 /* Get the data at the next offset. */ 3073 GElf_Verneed needmem; 3074 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem); 3075 if (need == NULL) 3076 break; 3077 3078 unsigned int auxoffset = offset + need->vn_aux; 3079 3080 if (need->vn_version != EV_CURRENT) 3081 ERROR (gettext ("\ 3082section [%2d] '%s': entry %d has wrong version %d\n"), 3083 idx, section_name (ebl, idx), cnt, (int) need->vn_version); 3084 3085 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED, 3086 1, EV_CURRENT)) 3087 { 3088 ERROR (gettext ("\ 3089section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 3090 idx, section_name (ebl, idx), cnt); 3091 break; 3092 } 3093 3094 const char *libname = elf_strptr (ebl->elf, shdr->sh_link, 3095 need->vn_file); 3096 if (libname == NULL) 3097 { 3098 ERROR (gettext ("\ 3099section [%2d] '%s': entry %d has invalid file reference\n"), 3100 idx, section_name (ebl, idx), cnt); 3101 goto next_need; 3102 } 3103 3104 /* Check that there is a DT_NEEDED entry for the referenced library. */ 3105 if (unknown_dependency_p (ebl->elf, libname)) 3106 ERROR (gettext ("\ 3107section [%2d] '%s': entry %d references unknown dependency\n"), 3108 idx, section_name (ebl, idx), cnt); 3109 3110 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; ) 3111 { 3112 GElf_Vernaux auxmem; 3113 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem); 3114 if (aux == NULL) 3115 break; 3116 3117 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0) 3118 ERROR (gettext ("\ 3119section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"), 3120 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 3121 3122 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link, 3123 aux->vna_name); 3124 if (verstr == NULL) 3125 { 3126 ERROR (gettext ("\ 3127section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"), 3128 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 3129 break; 3130 } 3131 else 3132 { 3133 GElf_Word hashval = elf_hash (verstr); 3134 if (hashval != aux->vna_hash) 3135 ERROR (gettext ("\ 3136section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"), 3137 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 3138 cnt, (int) hashval, (int) aux->vna_hash); 3139 3140 int res = add_version (libname, verstr, aux->vna_other, 3141 ver_need); 3142 if (unlikely (res !=0)) 3143 { 3144 ERROR (gettext ("\ 3145section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"), 3146 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 3147 cnt, verstr); 3148 } 3149 } 3150 3151 if ((aux->vna_next != 0 || cnt2 > 0) 3152 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, 3153 EV_CURRENT)) 3154 { 3155 ERROR (gettext ("\ 3156section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"), 3157 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 3158 break; 3159 } 3160 3161 auxoffset += MAX (aux->vna_next, 3162 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT)); 3163 } 3164 3165 /* Find the next offset. */ 3166 next_need: 3167 offset += need->vn_next; 3168 3169 if ((need->vn_next != 0 || cnt > 0) 3170 && offset < auxoffset) 3171 { 3172 ERROR (gettext ("\ 3173section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3174 idx, section_name (ebl, idx), cnt); 3175 break; 3176 } 3177 3178 if (need->vn_next == 0 && cnt > 0) 3179 { 3180 ERROR (gettext ("\ 3181section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"), 3182 idx, section_name (ebl, idx), cnt); 3183 break; 3184 } 3185 } 3186} 3187 3188 3189static unsigned int nverdef; 3190 3191static void 3192check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx) 3193{ 3194 if (++nverdef == 2) 3195 ERROR (gettext ("more than one version definition section present\n")); 3196 3197 GElf_Shdr strshdr_mem; 3198 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 3199 &strshdr_mem); 3200 if (strshdr == NULL) 3201 return; 3202 if (strshdr->sh_type != SHT_STRTAB) 3203 ERROR (gettext ("\ 3204section [%2d] '%s': sh_link does not link to string table\n"), 3205 idx, section_name (ebl, idx)); 3206 3207 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 3208 if (data == NULL) 3209 { 3210 no_data: 3211 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3212 idx, section_name (ebl, idx)); 3213 return; 3214 } 3215 3216 /* Iterate over all version definition entries. We check that there 3217 is a BASE entry and that each index is unique. To do the later 3218 we collection the information in a list which is later 3219 examined. */ 3220 struct namelist 3221 { 3222 const char *name; 3223 struct namelist *next; 3224 } *namelist = NULL; 3225 struct namelist *refnamelist = NULL; 3226 3227 bool has_base = false; 3228 unsigned int offset = 0; 3229 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; ) 3230 { 3231 cnt--; 3232 3233 /* Get the data at the next offset. */ 3234 GElf_Verdef defmem; 3235 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem); 3236 if (def == NULL) 3237 goto no_data; 3238 3239 if ((def->vd_flags & VER_FLG_BASE) != 0) 3240 { 3241 if (has_base) 3242 ERROR (gettext ("\ 3243section [%2d] '%s': more than one BASE definition\n"), 3244 idx, section_name (ebl, idx)); 3245 if (def->vd_ndx != VER_NDX_GLOBAL) 3246 ERROR (gettext ("\ 3247section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"), 3248 idx, section_name (ebl, idx)); 3249 has_base = true; 3250 } 3251 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0) 3252 ERROR (gettext ("\ 3253section [%2d] '%s': entry %d has unknown flag\n"), 3254 idx, section_name (ebl, idx), cnt); 3255 3256 if (def->vd_version != EV_CURRENT) 3257 ERROR (gettext ("\ 3258section [%2d] '%s': entry %d has wrong version %d\n"), 3259 idx, section_name (ebl, idx), cnt, (int) def->vd_version); 3260 3261 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF, 3262 1, EV_CURRENT)) 3263 { 3264 ERROR (gettext ("\ 3265section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 3266 idx, section_name (ebl, idx), cnt); 3267 break; 3268 } 3269 3270 unsigned int auxoffset = offset + def->vd_aux; 3271 GElf_Verdaux auxmem; 3272 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem); 3273 if (aux == NULL) 3274 goto no_data; 3275 3276 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3277 if (name == NULL) 3278 { 3279 ERROR (gettext ("\ 3280section [%2d] '%s': entry %d has invalid name reference\n"), 3281 idx, section_name (ebl, idx), cnt); 3282 goto next_def; 3283 } 3284 GElf_Word hashval = elf_hash (name); 3285 if (def->vd_hash != hashval) 3286 ERROR (gettext ("\ 3287section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"), 3288 idx, section_name (ebl, idx), cnt, (int) hashval, 3289 (int) def->vd_hash); 3290 3291 int res = add_version (NULL, name, def->vd_ndx, ver_def); 3292 if (unlikely (res !=0)) 3293 { 3294 ERROR (gettext ("\ 3295section [%2d] '%s': entry %d has duplicate version name '%s'\n"), 3296 idx, section_name (ebl, idx), cnt, name); 3297 } 3298 3299 struct namelist *newname = alloca (sizeof (*newname)); 3300 newname->name = name; 3301 newname->next = namelist; 3302 namelist = newname; 3303 3304 auxoffset += aux->vda_next; 3305 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2) 3306 { 3307 aux = gelf_getverdaux (data, auxoffset, &auxmem); 3308 if (aux == NULL) 3309 goto no_data; 3310 3311 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3312 if (name == NULL) 3313 { 3314 ERROR (gettext ("\ 3315section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"), 3316 idx, section_name (ebl, idx), cnt); 3317 break; 3318 } 3319 else 3320 { 3321 newname = alloca (sizeof (*newname)); 3322 newname->name = name; 3323 newname->next = refnamelist; 3324 refnamelist = newname; 3325 } 3326 3327 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt) 3328 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, 3329 EV_CURRENT)) 3330 { 3331 ERROR (gettext ("\ 3332section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"), 3333 idx, section_name (ebl, idx), cnt); 3334 break; 3335 } 3336 3337 auxoffset += MAX (aux->vda_next, 3338 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT)); 3339 } 3340 3341 /* Find the next offset. */ 3342 next_def: 3343 offset += def->vd_next; 3344 3345 if ((def->vd_next != 0 || cnt > 0) 3346 && offset < auxoffset) 3347 { 3348 ERROR (gettext ("\ 3349section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3350 idx, section_name (ebl, idx), cnt); 3351 break; 3352 } 3353 3354 if (def->vd_next == 0 && cnt > 0) 3355 { 3356 ERROR (gettext ("\ 3357section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"), 3358 idx, section_name (ebl, idx), cnt); 3359 break; 3360 } 3361 } 3362 3363 if (!has_base) 3364 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"), 3365 idx, section_name (ebl, idx)); 3366 3367 /* Check whether the referenced names are available. */ 3368 while (namelist != NULL) 3369 { 3370 struct version_namelist *runp = version_namelist; 3371 while (runp != NULL) 3372 { 3373 if (runp->type == ver_def 3374 && strcmp (runp->name, namelist->name) == 0) 3375 break; 3376 runp = runp->next; 3377 } 3378 3379 if (runp == NULL) 3380 ERROR (gettext ("\ 3381section [%2d] '%s': unknown parent version '%s'\n"), 3382 idx, section_name (ebl, idx), namelist->name); 3383 3384 namelist = namelist->next; 3385 } 3386} 3387 3388static void 3389check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 3390{ 3391 if (shdr->sh_size == 0) 3392 { 3393 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"), 3394 idx, section_name (ebl, idx)); 3395 return; 3396 } 3397 3398 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL); 3399 if (data == NULL || data->d_size == 0 || data->d_buf == NULL) 3400 { 3401 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3402 idx, section_name (ebl, idx)); 3403 return; 3404 } 3405 3406 inline size_t pos (const unsigned char *p) 3407 { 3408 return p - (const unsigned char *) data->d_buf; 3409 } 3410 3411 const unsigned char *p = data->d_buf; 3412 if (*p++ != 'A') 3413 { 3414 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"), 3415 idx, section_name (ebl, idx)); 3416 return; 3417 } 3418 3419 inline size_t left (void) 3420 { 3421 return (const unsigned char *) data->d_buf + data->d_size - p; 3422 } 3423 3424 while (left () >= 4) 3425 { 3426 uint32_t len; 3427 memcpy (&len, p, sizeof len); 3428 3429 if (len == 0) 3430 ERROR (gettext ("\ 3431section [%2d] '%s': offset %zu: zero length field in attribute section\n"), 3432 idx, section_name (ebl, idx), pos (p)); 3433 3434 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3435 CONVERT (len); 3436 3437 if (len > left ()) 3438 { 3439 ERROR (gettext ("\ 3440section [%2d] '%s': offset %zu: invalid length in attribute section\n"), 3441 idx, section_name (ebl, idx), pos (p)); 3442 break; 3443 } 3444 3445 const unsigned char *name = p + sizeof len; 3446 p += len; 3447 3448 unsigned const char *q = memchr (name, '\0', len); 3449 if (q == NULL) 3450 { 3451 ERROR (gettext ("\ 3452section [%2d] '%s': offset %zu: unterminated vendor name string\n"), 3453 idx, section_name (ebl, idx), pos (p)); 3454 break; 3455 } 3456 ++q; 3457 3458 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu")) 3459 while (q < p) 3460 { 3461 unsigned const char *chunk = q; 3462 3463 unsigned int subsection_tag; 3464 get_uleb128 (subsection_tag, q, p); 3465 3466 if (q >= p) 3467 { 3468 ERROR (gettext ("\ 3469section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"), 3470 idx, section_name (ebl, idx), pos (chunk)); 3471 break; 3472 } 3473 3474 uint32_t subsection_len; 3475 if (p - q < (ptrdiff_t) sizeof subsection_len) 3476 { 3477 ERROR (gettext ("\ 3478section [%2d] '%s': offset %zu: truncated attribute section\n"), 3479 idx, section_name (ebl, idx), pos (q)); 3480 break; 3481 } 3482 3483 memcpy (&subsection_len, q, sizeof subsection_len); 3484 if (subsection_len == 0) 3485 { 3486 ERROR (gettext ("\ 3487section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"), 3488 idx, section_name (ebl, idx), pos (q)); 3489 3490 q += sizeof subsection_len; 3491 continue; 3492 } 3493 3494 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3495 CONVERT (subsection_len); 3496 3497 /* Don't overflow, ptrdiff_t might be 32bits, but signed. */ 3498 if (p - chunk < (ptrdiff_t) subsection_len 3499 || subsection_len >= (uint32_t) PTRDIFF_MAX) 3500 { 3501 ERROR (gettext ("\ 3502section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"), 3503 idx, section_name (ebl, idx), pos (q)); 3504 break; 3505 } 3506 3507 const unsigned char *subsection_end = chunk + subsection_len; 3508 chunk = q; 3509 q = subsection_end; 3510 3511 if (subsection_tag != 1) /* Tag_File */ 3512 ERROR (gettext ("\ 3513section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"), 3514 idx, section_name (ebl, idx), pos (chunk), subsection_tag); 3515 else 3516 { 3517 chunk += sizeof subsection_len; 3518 while (chunk < q) 3519 { 3520 unsigned int tag; 3521 get_uleb128 (tag, chunk, q); 3522 3523 uint64_t value = 0; 3524 const unsigned char *r = chunk; 3525 if (tag == 32 || (tag & 1) == 0) 3526 { 3527 get_uleb128 (value, r, q); 3528 if (r > q) 3529 { 3530 ERROR (gettext ("\ 3531section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"), 3532 idx, section_name (ebl, idx), pos (chunk)); 3533 break; 3534 } 3535 } 3536 if (tag == 32 || (tag & 1) != 0) 3537 { 3538 r = memchr (r, '\0', q - r); 3539 if (r == NULL) 3540 { 3541 ERROR (gettext ("\ 3542section [%2d] '%s': offset %zu: unterminated string in attribute\n"), 3543 idx, section_name (ebl, idx), pos (chunk)); 3544 break; 3545 } 3546 ++r; 3547 } 3548 3549 const char *tag_name = NULL; 3550 const char *value_name = NULL; 3551 if (!ebl_check_object_attribute (ebl, (const char *) name, 3552 tag, value, 3553 &tag_name, &value_name)) 3554 ERROR (gettext ("\ 3555section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"), 3556 idx, section_name (ebl, idx), pos (chunk), tag); 3557 else if ((tag & 1) == 0 && value_name == NULL) 3558 ERROR (gettext ("\ 3559section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"), 3560 idx, section_name (ebl, idx), pos (chunk), 3561 tag_name, value); 3562 3563 chunk = r; 3564 } 3565 } 3566 } 3567 else 3568 ERROR (gettext ("\ 3569section [%2d] '%s': offset %zu: vendor '%s' unknown\n"), 3570 idx, section_name (ebl, idx), pos (p), name); 3571 } 3572 3573 if (left () != 0) 3574 ERROR (gettext ("\ 3575section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"), 3576 idx, section_name (ebl, idx), pos (p)); 3577} 3578 3579static bool has_loadable_segment; 3580static bool has_interp_segment; 3581 3582static const struct 3583{ 3584 const char *name; 3585 size_t namelen; 3586 GElf_Word type; 3587 enum { unused, exact, atleast, exact_or_gnuld } attrflag; 3588 GElf_Word attr; 3589 GElf_Word attr2; 3590} special_sections[] = 3591 { 3592 /* See figure 4-14 in the gABI. */ 3593 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3594 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS }, 3595 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3596 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3597 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 }, 3598 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 }, 3599 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE }, 3600 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 }, 3601 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 }, 3602 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3603 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3604 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info? 3605 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 }, 3606 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3607 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3608 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests? 3609 { ".line", 6, SHT_PROGBITS, exact, 0, 0 }, 3610 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC }, 3611 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests 3612 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3613 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests 3614 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests 3615 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3616 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3617 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 }, 3618 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3619 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3620 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests 3621 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3622 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3623 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3624 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3625 3626 /* The following are GNU extensions. */ 3627 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 }, 3628 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 }, 3629 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 }, 3630 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 }, 3631 }; 3632#define nspecial_sections \ 3633 (sizeof (special_sections) / sizeof (special_sections[0])) 3634 3635#define IS_KNOWN_SPECIAL(idx, string, prefix) \ 3636 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \ 3637 && !memcmp (special_sections[idx].name, string, \ 3638 sizeof string - (prefix ? 1 : 0))) 3639 3640 3641/* Indeces of some sections we need later. */ 3642static size_t eh_frame_hdr_scnndx; 3643static size_t eh_frame_scnndx; 3644static size_t gcc_except_table_scnndx; 3645 3646 3647static void 3648check_sections (Ebl *ebl, GElf_Ehdr *ehdr) 3649{ 3650 if (ehdr->e_shoff == 0) 3651 /* No section header. */ 3652 return; 3653 3654 /* Allocate array to count references in section groups. */ 3655 scnref = (int *) xcalloc (shnum, sizeof (int)); 3656 3657 /* Check the zeroth section first. It must not have any contents 3658 and the section header must contain nonzero value at most in the 3659 sh_size and sh_link fields. */ 3660 GElf_Shdr shdr_mem; 3661 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 3662 if (shdr == NULL) 3663 ERROR (gettext ("cannot get section header of zeroth section\n")); 3664 else 3665 { 3666 if (shdr->sh_name != 0) 3667 ERROR (gettext ("zeroth section has nonzero name\n")); 3668 if (shdr->sh_type != 0) 3669 ERROR (gettext ("zeroth section has nonzero type\n")); 3670 if (shdr->sh_flags != 0) 3671 ERROR (gettext ("zeroth section has nonzero flags\n")); 3672 if (shdr->sh_addr != 0) 3673 ERROR (gettext ("zeroth section has nonzero address\n")); 3674 if (shdr->sh_offset != 0) 3675 ERROR (gettext ("zeroth section has nonzero offset\n")); 3676 if (shdr->sh_addralign != 0) 3677 ERROR (gettext ("zeroth section has nonzero align value\n")); 3678 if (shdr->sh_entsize != 0) 3679 ERROR (gettext ("zeroth section has nonzero entry size value\n")); 3680 3681 if (shdr->sh_size != 0 && ehdr->e_shnum != 0) 3682 ERROR (gettext ("\ 3683zeroth section has nonzero size value while ELF header has nonzero shnum value\n")); 3684 3685 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX) 3686 ERROR (gettext ("\ 3687zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n")); 3688 3689 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM) 3690 ERROR (gettext ("\ 3691zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n")); 3692 } 3693 3694 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]); 3695 3696 bool dot_interp_section = false; 3697 3698 size_t hash_idx = 0; 3699 size_t gnu_hash_idx = 0; 3700 3701 size_t versym_scnndx = 0; 3702 for (size_t cnt = 1; cnt < shnum; ++cnt) 3703 { 3704 Elf_Scn *scn = elf_getscn (ebl->elf, cnt); 3705 shdr = gelf_getshdr (scn, &shdr_mem); 3706 if (shdr == NULL) 3707 { 3708 ERROR (gettext ("\ 3709cannot get section header for section [%2zu] '%s': %s\n"), 3710 cnt, section_name (ebl, cnt), elf_errmsg (-1)); 3711 continue; 3712 } 3713 3714 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 3715 3716 if (scnname == NULL) 3717 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt); 3718 else 3719 { 3720 /* Check whether it is one of the special sections defined in 3721 the gABI. */ 3722 size_t s; 3723 for (s = 0; s < nspecial_sections; ++s) 3724 if (strncmp (scnname, special_sections[s].name, 3725 special_sections[s].namelen) == 0) 3726 { 3727 char stbuf1[100]; 3728 char stbuf2[100]; 3729 char stbuf3[100]; 3730 3731 GElf_Word good_type = special_sections[s].type; 3732 if (IS_KNOWN_SPECIAL (s, ".plt", false) 3733 && ebl_bss_plt_p (ebl)) 3734 good_type = SHT_NOBITS; 3735 3736 /* In a debuginfo file, any normal section can be SHT_NOBITS. 3737 This is only invalid for DWARF sections and .shstrtab. */ 3738 if (shdr->sh_type != good_type 3739 && (shdr->sh_type != SHT_NOBITS 3740 || !is_debuginfo 3741 || IS_KNOWN_SPECIAL (s, ".debug_str", false) 3742 || IS_KNOWN_SPECIAL (s, ".debug", true) 3743 || IS_KNOWN_SPECIAL (s, ".shstrtab", false))) 3744 ERROR (gettext ("\ 3745section [%2d] '%s' has wrong type: expected %s, is %s\n"), 3746 (int) cnt, scnname, 3747 ebl_section_type_name (ebl, special_sections[s].type, 3748 stbuf1, sizeof (stbuf1)), 3749 ebl_section_type_name (ebl, shdr->sh_type, 3750 stbuf2, sizeof (stbuf2))); 3751 3752 if (special_sections[s].attrflag == exact 3753 || special_sections[s].attrflag == exact_or_gnuld) 3754 { 3755 /* Except for the link order, group bit and 3756 compression flag all the other bits should 3757 match exactly. */ 3758 if ((shdr->sh_flags 3759 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED)) 3760 != special_sections[s].attr 3761 && (special_sections[s].attrflag == exact || !gnuld)) 3762 ERROR (gettext ("\ 3763section [%2zu] '%s' has wrong flags: expected %s, is %s\n"), 3764 cnt, scnname, 3765 section_flags_string (special_sections[s].attr, 3766 stbuf1, sizeof (stbuf1)), 3767 section_flags_string (shdr->sh_flags 3768 & ~SHF_LINK_ORDER, 3769 stbuf2, sizeof (stbuf2))); 3770 } 3771 else if (special_sections[s].attrflag == atleast) 3772 { 3773 if ((shdr->sh_flags & special_sections[s].attr) 3774 != special_sections[s].attr 3775 || ((shdr->sh_flags 3776 & ~(SHF_LINK_ORDER | SHF_GROUP | SHF_COMPRESSED 3777 | special_sections[s].attr 3778 | special_sections[s].attr2)) 3779 != 0)) 3780 ERROR (gettext ("\ 3781section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"), 3782 cnt, scnname, 3783 section_flags_string (special_sections[s].attr, 3784 stbuf1, sizeof (stbuf1)), 3785 section_flags_string (special_sections[s].attr2, 3786 stbuf2, sizeof (stbuf2)), 3787 section_flags_string (shdr->sh_flags 3788 & ~(SHF_LINK_ORDER 3789 | SHF_GROUP), 3790 stbuf3, sizeof (stbuf3))); 3791 } 3792 3793 if (strcmp (scnname, ".interp") == 0) 3794 { 3795 dot_interp_section = true; 3796 3797 if (ehdr->e_type == ET_REL) 3798 ERROR (gettext ("\ 3799section [%2zu] '%s' present in object file\n"), 3800 cnt, scnname); 3801 3802 if ((shdr->sh_flags & SHF_ALLOC) != 0 3803 && !has_loadable_segment) 3804 ERROR (gettext ("\ 3805section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3806 cnt, scnname); 3807 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3808 && has_loadable_segment) 3809 ERROR (gettext ("\ 3810section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3811 cnt, scnname); 3812 } 3813 else 3814 { 3815 if (strcmp (scnname, ".symtab_shndx") == 0 3816 && ehdr->e_type != ET_REL) 3817 ERROR (gettext ("\ 3818section [%2zu] '%s' is extension section index table in non-object file\n"), 3819 cnt, scnname); 3820 3821 /* These sections must have the SHF_ALLOC flag set iff 3822 a loadable segment is available. 3823 3824 .relxxx 3825 .strtab 3826 .symtab 3827 .symtab_shndx 3828 3829 Check that if there is a reference from the 3830 loaded section these sections also have the 3831 ALLOC flag set. */ 3832#if 0 3833 // XXX TODO 3834 if ((shdr->sh_flags & SHF_ALLOC) != 0 3835 && !has_loadable_segment) 3836 ERROR (gettext ("\ 3837section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3838 cnt, scnname); 3839 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3840 && has_loadable_segment) 3841 ERROR (gettext ("\ 3842section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3843 cnt, scnname); 3844#endif 3845 } 3846 3847 break; 3848 } 3849 3850 /* Remember a few special sections for later. */ 3851 if (strcmp (scnname, ".eh_frame_hdr") == 0) 3852 eh_frame_hdr_scnndx = cnt; 3853 else if (strcmp (scnname, ".eh_frame") == 0) 3854 eh_frame_scnndx = cnt; 3855 else if (strcmp (scnname, ".gcc_except_table") == 0) 3856 gcc_except_table_scnndx = cnt; 3857 } 3858 3859 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize) 3860 ERROR (gettext ("\ 3861section [%2zu] '%s': size not multiple of entry size\n"), 3862 cnt, section_name (ebl, cnt)); 3863 3864 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL) 3865 ERROR (gettext ("cannot get section header\n")); 3866 3867 if (shdr->sh_type >= SHT_NUM 3868 && shdr->sh_type != SHT_GNU_ATTRIBUTES 3869 && shdr->sh_type != SHT_GNU_LIBLIST 3870 && shdr->sh_type != SHT_CHECKSUM 3871 && shdr->sh_type != SHT_GNU_verdef 3872 && shdr->sh_type != SHT_GNU_verneed 3873 && shdr->sh_type != SHT_GNU_versym 3874 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL) 3875 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"), 3876 cnt, section_name (ebl, cnt), 3877 (int) shdr->sh_type); 3878 3879#define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \ 3880 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \ 3881 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS \ 3882 | SHF_COMPRESSED) 3883 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS) 3884 { 3885 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS; 3886 if (sh_flags & SHF_MASKPROC) 3887 { 3888 if (!ebl_machine_section_flag_check (ebl, 3889 sh_flags & SHF_MASKPROC)) 3890 ERROR (gettext ("section [%2zu] '%s'" 3891 " contains invalid processor-specific flag(s)" 3892 " %#" PRIx64 "\n"), 3893 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC); 3894 sh_flags &= ~(GElf_Xword) SHF_MASKPROC; 3895 } 3896 if (sh_flags != 0) 3897 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)" 3898 " %#" PRIx64 "\n"), 3899 cnt, section_name (ebl, cnt), sh_flags); 3900 } 3901 if (shdr->sh_flags & SHF_TLS) 3902 { 3903 // XXX Correct? 3904 if (shdr->sh_addr != 0 && !gnuld) 3905 ERROR (gettext ("\ 3906section [%2zu] '%s': thread-local data sections address not zero\n"), 3907 cnt, section_name (ebl, cnt)); 3908 3909 // XXX TODO more tests!? 3910 } 3911 3912 if (shdr->sh_flags & SHF_COMPRESSED) 3913 { 3914 if (shdr->sh_flags & SHF_ALLOC) 3915 ERROR (gettext ("\ 3916section [%2zu] '%s': allocated section cannot be compressed\n"), 3917 cnt, section_name (ebl, cnt)); 3918 3919 if (shdr->sh_type == SHT_NOBITS) 3920 ERROR (gettext ("\ 3921section [%2zu] '%s': nobits section cannot be compressed\n"), 3922 cnt, section_name (ebl, cnt)); 3923 3924 GElf_Chdr chdr; 3925 if (gelf_getchdr (scn, &chdr) == NULL) 3926 ERROR (gettext ("\ 3927section [%2zu] '%s': compressed section with no compression header: %s\n"), 3928 cnt, section_name (ebl, cnt), elf_errmsg (-1)); 3929 } 3930 3931 if (shdr->sh_link >= shnum) 3932 ERROR (gettext ("\ 3933section [%2zu] '%s': invalid section reference in link value\n"), 3934 cnt, section_name (ebl, cnt)); 3935 3936 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum) 3937 ERROR (gettext ("\ 3938section [%2zu] '%s': invalid section reference in info value\n"), 3939 cnt, section_name (ebl, cnt)); 3940 3941 if ((shdr->sh_flags & SHF_MERGE) == 0 3942 && (shdr->sh_flags & SHF_STRINGS) != 0 3943 && be_strict) 3944 ERROR (gettext ("\ 3945section [%2zu] '%s': strings flag set without merge flag\n"), 3946 cnt, section_name (ebl, cnt)); 3947 3948 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0) 3949 ERROR (gettext ("\ 3950section [%2zu] '%s': merge flag set but entry size is zero\n"), 3951 cnt, section_name (ebl, cnt)); 3952 3953 if (shdr->sh_flags & SHF_GROUP) 3954 check_scn_group (ebl, cnt); 3955 3956 if (shdr->sh_flags & SHF_EXECINSTR) 3957 { 3958 switch (shdr->sh_type) 3959 { 3960 case SHT_PROGBITS: 3961 break; 3962 3963 case SHT_NOBITS: 3964 if (is_debuginfo) 3965 break; 3966 default: 3967 ERROR (gettext ("\ 3968section [%2zu] '%s' has unexpected type %d for an executable section\n"), 3969 cnt, section_name (ebl, cnt), shdr->sh_type); 3970 break; 3971 } 3972 3973 if (shdr->sh_flags & SHF_WRITE) 3974 { 3975 if (is_debuginfo && shdr->sh_type != SHT_NOBITS) 3976 ERROR (gettext ("\ 3977section [%2zu] '%s' must be of type NOBITS in debuginfo files\n"), 3978 cnt, section_name (ebl, cnt)); 3979 3980 if (!is_debuginfo 3981 && !ebl_check_special_section (ebl, cnt, shdr, 3982 section_name (ebl, cnt))) 3983 ERROR (gettext ("\ 3984section [%2zu] '%s' is both executable and writable\n"), 3985 cnt, section_name (ebl, cnt)); 3986 } 3987 } 3988 3989 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0 3990 && !is_debuginfo) 3991 { 3992 /* Make sure the section is contained in a loaded segment 3993 and that the initialization part matches NOBITS sections. */ 3994 unsigned int pcnt; 3995 GElf_Phdr phdr_mem; 3996 GElf_Phdr *phdr; 3997 3998 for (pcnt = 0; pcnt < phnum; ++pcnt) 3999 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL 4000 && ((phdr->p_type == PT_LOAD 4001 && (shdr->sh_flags & SHF_TLS) == 0) 4002 || (phdr->p_type == PT_TLS 4003 && (shdr->sh_flags & SHF_TLS) != 0)) 4004 && phdr->p_offset <= shdr->sh_offset 4005 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz 4006 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz 4007 || shdr->sh_size == 0)) 4008 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz 4009 && shdr->sh_type == SHT_NOBITS))) 4010 { 4011 /* Found the segment. */ 4012 if (phdr->p_offset + phdr->p_memsz 4013 < shdr->sh_offset + shdr->sh_size) 4014 ERROR (gettext ("\ 4015section [%2zu] '%s' not fully contained in segment of program header entry %d\n"), 4016 cnt, section_name (ebl, cnt), pcnt); 4017 4018 if (shdr->sh_type == SHT_NOBITS) 4019 { 4020 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz 4021 && !is_debuginfo) 4022 { 4023 if (!gnuld) 4024 ERROR (gettext ("\ 4025section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"), 4026 cnt, section_name (ebl, cnt), pcnt); 4027 else 4028 { 4029 /* This is truly horrible. GNU ld might put a 4030 NOBITS section in the middle of a PT_LOAD 4031 segment, assuming the next gap in the file 4032 actually consists of zero bits... 4033 So it really is like a PROGBITS section 4034 where the data is all zeros. Check those 4035 zero bytes are really there. */ 4036 bool bad; 4037 Elf_Data *databits; 4038 databits = elf_getdata_rawchunk (ebl->elf, 4039 shdr->sh_offset, 4040 shdr->sh_size, 4041 ELF_T_BYTE); 4042 bad = (databits == NULL 4043 || databits->d_size != shdr->sh_size); 4044 for (size_t idx = 0; 4045 idx < databits->d_size && ! bad; 4046 idx++) 4047 bad = ((char *) databits->d_buf)[idx] != 0; 4048 4049 if (bad) 4050 ERROR (gettext ("\ 4051section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d and file contents is non-zero\n"), 4052 cnt, section_name (ebl, cnt), pcnt); 4053 } 4054 } 4055 } 4056 else 4057 { 4058 const GElf_Off end = phdr->p_offset + phdr->p_filesz; 4059 if (shdr->sh_offset > end || 4060 (shdr->sh_offset == end && shdr->sh_size != 0)) 4061 ERROR (gettext ("\ 4062section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"), 4063 cnt, section_name (ebl, cnt), pcnt); 4064 } 4065 4066 if (shdr->sh_type != SHT_NOBITS) 4067 { 4068 if ((shdr->sh_flags & SHF_EXECINSTR) != 0) 4069 { 4070 segment_flags[pcnt] |= PF_X; 4071 if ((phdr->p_flags & PF_X) == 0) 4072 ERROR (gettext ("\ 4073section [%2zu] '%s' is executable in nonexecutable segment %d\n"), 4074 cnt, section_name (ebl, cnt), pcnt); 4075 } 4076 4077 if ((shdr->sh_flags & SHF_WRITE) != 0) 4078 { 4079 segment_flags[pcnt] |= PF_W; 4080 if (0 /* XXX vdso images have this */ 4081 && (phdr->p_flags & PF_W) == 0) 4082 ERROR (gettext ("\ 4083section [%2zu] '%s' is writable in unwritable segment %d\n"), 4084 cnt, section_name (ebl, cnt), pcnt); 4085 } 4086 } 4087 4088 break; 4089 } 4090 4091 if (pcnt == phnum) 4092 ERROR (gettext ("\ 4093section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"), 4094 cnt, section_name (ebl, cnt)); 4095 } 4096 4097 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB) 4098 ERROR (gettext ("\ 4099section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"), 4100 cnt, section_name (ebl, cnt)); 4101 4102 switch (shdr->sh_type) 4103 { 4104 case SHT_DYNSYM: 4105 if (ehdr->e_type == ET_REL) 4106 ERROR (gettext ("\ 4107section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"), 4108 cnt, section_name (ebl, cnt)); 4109 /* FALLTHROUGH */ 4110 case SHT_SYMTAB: 4111 check_symtab (ebl, ehdr, shdr, cnt); 4112 break; 4113 4114 case SHT_RELA: 4115 check_rela (ebl, ehdr, shdr, cnt); 4116 break; 4117 4118 case SHT_REL: 4119 check_rel (ebl, ehdr, shdr, cnt); 4120 break; 4121 4122 case SHT_DYNAMIC: 4123 check_dynamic (ebl, ehdr, shdr, cnt); 4124 break; 4125 4126 case SHT_SYMTAB_SHNDX: 4127 check_symtab_shndx (ebl, ehdr, shdr, cnt); 4128 break; 4129 4130 case SHT_HASH: 4131 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 4132 hash_idx = cnt; 4133 break; 4134 4135 case SHT_GNU_HASH: 4136 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 4137 gnu_hash_idx = cnt; 4138 break; 4139 4140 case SHT_NULL: 4141 check_null (ebl, shdr, cnt); 4142 break; 4143 4144 case SHT_GROUP: 4145 check_group (ebl, ehdr, shdr, cnt); 4146 break; 4147 4148 case SHT_NOTE: 4149 check_note_section (ebl, ehdr, shdr, cnt); 4150 break; 4151 4152 case SHT_GNU_versym: 4153 /* We cannot process this section now since we have no guarantee 4154 that the verneed and verdef sections have already been read. 4155 Just remember the section index. */ 4156 if (versym_scnndx != 0) 4157 ERROR (gettext ("more than one version symbol table present\n")); 4158 versym_scnndx = cnt; 4159 break; 4160 4161 case SHT_GNU_verneed: 4162 check_verneed (ebl, shdr, cnt); 4163 break; 4164 4165 case SHT_GNU_verdef: 4166 check_verdef (ebl, shdr, cnt); 4167 break; 4168 4169 case SHT_GNU_ATTRIBUTES: 4170 check_attributes (ebl, ehdr, shdr, cnt); 4171 break; 4172 4173 default: 4174 /* Nothing. */ 4175 break; 4176 } 4177 } 4178 4179 if (has_interp_segment && !dot_interp_section) 4180 ERROR (gettext ("INTERP program header entry but no .interp section\n")); 4181 4182 if (!is_debuginfo) 4183 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 4184 { 4185 GElf_Phdr phdr_mem; 4186 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 4187 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS)) 4188 { 4189 if ((phdr->p_flags & PF_X) != 0 4190 && (segment_flags[pcnt] & PF_X) == 0) 4191 ERROR (gettext ("\ 4192loadable segment [%u] is executable but contains no executable sections\n"), 4193 pcnt); 4194 4195 if ((phdr->p_flags & PF_W) != 0 4196 && (segment_flags[pcnt] & PF_W) == 0) 4197 ERROR (gettext ("\ 4198loadable segment [%u] is writable but contains no writable sections\n"), 4199 pcnt); 4200 } 4201 } 4202 4203 free (segment_flags); 4204 4205 if (version_namelist != NULL) 4206 { 4207 if (versym_scnndx == 0) 4208 ERROR (gettext ("\ 4209no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n")); 4210 else 4211 check_versym (ebl, versym_scnndx); 4212 4213 /* Check for duplicate index numbers. */ 4214 do 4215 { 4216 struct version_namelist *runp = version_namelist->next; 4217 while (runp != NULL) 4218 { 4219 if (version_namelist->ndx == runp->ndx) 4220 { 4221 ERROR (gettext ("duplicate version index %d\n"), 4222 (int) version_namelist->ndx); 4223 break; 4224 } 4225 runp = runp->next; 4226 } 4227 4228 struct version_namelist *old = version_namelist; 4229 version_namelist = version_namelist->next; 4230 free (old); 4231 } 4232 while (version_namelist != NULL); 4233 } 4234 else if (versym_scnndx != 0) 4235 ERROR (gettext ("\ 4236.gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n")); 4237 4238 if (hash_idx != 0 && gnu_hash_idx != 0) 4239 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx); 4240 4241 free (scnref); 4242} 4243 4244 4245static GElf_Off 4246check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr, 4247 Elf_Data *data, int shndx, int phndx, GElf_Off start) 4248{ 4249 size_t offset = 0; 4250 size_t last_offset = 0; 4251 GElf_Nhdr nhdr; 4252 size_t name_offset; 4253 size_t desc_offset; 4254 while (offset < data->d_size 4255 && (offset = gelf_getnote (data, offset, 4256 &nhdr, &name_offset, &desc_offset)) > 0) 4257 { 4258 last_offset = offset; 4259 4260 /* Make sure it is one of the note types we know about. */ 4261 if (ehdr->e_type == ET_CORE) 4262 switch (nhdr.n_type) 4263 { 4264 case NT_PRSTATUS: 4265 case NT_FPREGSET: 4266 case NT_PRPSINFO: 4267 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */ 4268 case NT_PLATFORM: 4269 case NT_AUXV: 4270 case NT_GWINDOWS: 4271 case NT_ASRS: 4272 case NT_PSTATUS: 4273 case NT_PSINFO: 4274 case NT_PRCRED: 4275 case NT_UTSNAME: 4276 case NT_LWPSTATUS: 4277 case NT_LWPSINFO: 4278 case NT_PRFPXREG: 4279 /* Known type. */ 4280 break; 4281 4282 default: 4283 if (shndx == 0) 4284 ERROR (gettext ("\ 4285phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"), 4286 phndx, (uint32_t) nhdr.n_type, start + offset); 4287 else 4288 ERROR (gettext ("\ 4289section [%2d] '%s': unknown core file note type %" PRIu32 4290 " at offset %zu\n"), 4291 shndx, section_name (ebl, shndx), 4292 (uint32_t) nhdr.n_type, offset); 4293 } 4294 else 4295 switch (nhdr.n_type) 4296 { 4297 case NT_GNU_ABI_TAG: 4298 case NT_GNU_HWCAP: 4299 case NT_GNU_BUILD_ID: 4300 case NT_GNU_GOLD_VERSION: 4301 break; 4302 4303 case 0: 4304 /* Linux vDSOs use a type 0 note for the kernel version word. */ 4305 if (nhdr.n_namesz == sizeof "Linux" 4306 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux")) 4307 break; 4308 4309 default: 4310 if (shndx == 0) 4311 ERROR (gettext ("\ 4312phdr[%d]: unknown object file note type %" PRIu32 " at offset %zu\n"), 4313 phndx, (uint32_t) nhdr.n_type, offset); 4314 else 4315 ERROR (gettext ("\ 4316section [%2d] '%s': unknown object file note type %" PRIu32 4317 " at offset %zu\n"), 4318 shndx, section_name (ebl, shndx), 4319 (uint32_t) nhdr.n_type, offset); 4320 } 4321 } 4322 4323 return last_offset; 4324} 4325 4326 4327static void 4328check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt) 4329{ 4330 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4331 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4332 ERROR (gettext ("\ 4333phdr[%d]: no note entries defined for the type of file\n"), 4334 cnt); 4335 4336 if (is_debuginfo) 4337 /* The p_offset values in a separate debug file are bogus. */ 4338 return; 4339 4340 if (phdr->p_filesz == 0) 4341 return; 4342 4343 GElf_Off notes_size = 0; 4344 Elf_Data *data = elf_getdata_rawchunk (ebl->elf, 4345 phdr->p_offset, phdr->p_filesz, 4346 ELF_T_NHDR); 4347 if (data != NULL && data->d_buf != NULL) 4348 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset); 4349 4350 if (notes_size == 0) 4351 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"), 4352 cnt, elf_errmsg (-1)); 4353 else if (notes_size != phdr->p_filesz) 4354 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"), 4355 cnt, phdr->p_filesz - notes_size); 4356} 4357 4358 4359static void 4360check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 4361{ 4362 if (shdr->sh_size == 0) 4363 return; 4364 4365 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 4366 if (data == NULL || data->d_buf == NULL) 4367 { 4368 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 4369 idx, section_name (ebl, idx)); 4370 return; 4371 } 4372 4373 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4374 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4375 ERROR (gettext ("\ 4376section [%2d] '%s': no note entries defined for the type of file\n"), 4377 idx, section_name (ebl, idx)); 4378 4379 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0); 4380 4381 if (notes_size == 0) 4382 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"), 4383 idx, section_name (ebl, idx)); 4384 else if (notes_size != shdr->sh_size) 4385 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64 4386 " bytes after last note\n"), 4387 idx, section_name (ebl, idx), shdr->sh_size - notes_size); 4388} 4389 4390 4391/* Index of the PT_GNU_EH_FRAME program eader entry. */ 4392static int pt_gnu_eh_frame_pndx; 4393 4394 4395static void 4396check_program_header (Ebl *ebl, GElf_Ehdr *ehdr) 4397{ 4398 if (ehdr->e_phoff == 0) 4399 return; 4400 4401 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 4402 && ehdr->e_type != ET_CORE) 4403 ERROR (gettext ("\ 4404only executables, shared objects, and core files can have program headers\n")); 4405 4406 int num_pt_interp = 0; 4407 int num_pt_tls = 0; 4408 int num_pt_relro = 0; 4409 4410 for (unsigned int cnt = 0; cnt < phnum; ++cnt) 4411 { 4412 GElf_Phdr phdr_mem; 4413 GElf_Phdr *phdr; 4414 4415 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem); 4416 if (phdr == NULL) 4417 { 4418 ERROR (gettext ("cannot get program header entry %d: %s\n"), 4419 cnt, elf_errmsg (-1)); 4420 continue; 4421 } 4422 4423 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME 4424 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO 4425 /* Check for a known machine-specific type. */ 4426 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL) 4427 ERROR (gettext ("\ 4428program header entry %d: unknown program header entry type %#" PRIx64 "\n"), 4429 cnt, (uint64_t) phdr->p_type); 4430 4431 if (phdr->p_type == PT_LOAD) 4432 has_loadable_segment = true; 4433 else if (phdr->p_type == PT_INTERP) 4434 { 4435 if (++num_pt_interp != 1) 4436 { 4437 if (num_pt_interp == 2) 4438 ERROR (gettext ("\ 4439more than one INTERP entry in program header\n")); 4440 } 4441 has_interp_segment = true; 4442 } 4443 else if (phdr->p_type == PT_TLS) 4444 { 4445 if (++num_pt_tls == 2) 4446 ERROR (gettext ("more than one TLS entry in program header\n")); 4447 } 4448 else if (phdr->p_type == PT_NOTE) 4449 check_note (ebl, ehdr, phdr, cnt); 4450 else if (phdr->p_type == PT_DYNAMIC) 4451 { 4452 if (ehdr->e_type == ET_EXEC && ! has_interp_segment) 4453 ERROR (gettext ("\ 4454static executable cannot have dynamic sections\n")); 4455 else 4456 { 4457 /* Check that the .dynamic section, if it exists, has 4458 the same address. */ 4459 Elf_Scn *scn = NULL; 4460 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4461 { 4462 GElf_Shdr shdr_mem; 4463 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 4464 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC) 4465 { 4466 if (phdr->p_offset != shdr->sh_offset) 4467 ERROR (gettext ("\ 4468dynamic section reference in program header has wrong offset\n")); 4469 if (phdr->p_memsz != shdr->sh_size) 4470 ERROR (gettext ("\ 4471dynamic section size mismatch in program and section header\n")); 4472 break; 4473 } 4474 } 4475 } 4476 } 4477 else if (phdr->p_type == PT_GNU_RELRO) 4478 { 4479 if (++num_pt_relro == 2) 4480 ERROR (gettext ("\ 4481more than one GNU_RELRO entry in program header\n")); 4482 else 4483 { 4484 /* Check that the region is in a writable segment. */ 4485 unsigned int inner; 4486 for (inner = 0; inner < phnum; ++inner) 4487 { 4488 GElf_Phdr phdr2_mem; 4489 GElf_Phdr *phdr2; 4490 4491 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4492 if (phdr2 == NULL) 4493 continue; 4494 4495 if (phdr2->p_type == PT_LOAD 4496 && phdr->p_vaddr >= phdr2->p_vaddr 4497 && (phdr->p_vaddr + phdr->p_memsz 4498 <= phdr2->p_vaddr + phdr2->p_memsz)) 4499 { 4500 if ((phdr2->p_flags & PF_W) == 0) 4501 ERROR (gettext ("\ 4502loadable segment GNU_RELRO applies to is not writable\n")); 4503 /* Unless fully covered, relro flags could be a 4504 subset of the phdrs2 flags. For example the load 4505 segment could also have PF_X set. */ 4506 if (phdr->p_vaddr == phdr2->p_vaddr 4507 && (phdr->p_vaddr + phdr->p_memsz 4508 == phdr2->p_vaddr + phdr2->p_memsz)) 4509 { 4510 if ((phdr2->p_flags & ~PF_W) 4511 != (phdr->p_flags & ~PF_W)) 4512 ERROR (gettext ("\ 4513loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"), 4514 cnt, inner); 4515 } 4516 else 4517 { 4518 if ((phdr->p_flags & ~phdr2->p_flags) != 0) 4519 ERROR (gettext ("\ 4520GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"), 4521 inner, cnt); 4522 } 4523 break; 4524 } 4525 } 4526 4527 if (inner >= phnum) 4528 ERROR (gettext ("\ 4529%s segment not contained in a loaded segment\n"), "GNU_RELRO"); 4530 } 4531 } 4532 else if (phdr->p_type == PT_PHDR) 4533 { 4534 /* Check that the region is in a writable segment. */ 4535 unsigned int inner; 4536 for (inner = 0; inner < phnum; ++inner) 4537 { 4538 GElf_Phdr phdr2_mem; 4539 GElf_Phdr *phdr2; 4540 4541 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4542 if (phdr2 != NULL 4543 && phdr2->p_type == PT_LOAD 4544 && phdr->p_vaddr >= phdr2->p_vaddr 4545 && (phdr->p_vaddr + phdr->p_memsz 4546 <= phdr2->p_vaddr + phdr2->p_memsz)) 4547 break; 4548 } 4549 4550 if (inner >= phnum) 4551 ERROR (gettext ("\ 4552%s segment not contained in a loaded segment\n"), "PHDR"); 4553 4554 /* Check that offset in segment corresponds to offset in ELF 4555 header. */ 4556 if (phdr->p_offset != ehdr->e_phoff) 4557 ERROR (gettext ("\ 4558program header offset in ELF header and PHDR entry do not match")); 4559 } 4560 else if (phdr->p_type == PT_GNU_EH_FRAME) 4561 { 4562 /* If there is an .eh_frame_hdr section it must be 4563 referenced by this program header entry. */ 4564 Elf_Scn *scn = NULL; 4565 GElf_Shdr shdr_mem; 4566 GElf_Shdr *shdr = NULL; 4567 bool any = false; 4568 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4569 { 4570 any = true; 4571 shdr = gelf_getshdr (scn, &shdr_mem); 4572 if (shdr != NULL 4573 && shdr->sh_type == (is_debuginfo 4574 ? SHT_NOBITS : SHT_PROGBITS) 4575 && elf_strptr (ebl->elf, shstrndx, shdr->sh_name) != NULL 4576 && ! strcmp (".eh_frame_hdr", 4577 elf_strptr (ebl->elf, shstrndx, shdr->sh_name))) 4578 { 4579 if (! is_debuginfo) 4580 { 4581 if (phdr->p_offset != shdr->sh_offset) 4582 ERROR (gettext ("\ 4583call frame search table reference in program header has wrong offset\n")); 4584 if (phdr->p_memsz != shdr->sh_size) 4585 ERROR (gettext ("\ 4586call frame search table size mismatch in program and section header\n")); 4587 } 4588 break; 4589 } 4590 } 4591 4592 if (scn == NULL) 4593 { 4594 /* If there is no section header table we don't 4595 complain. But if there is one there should be an 4596 entry for .eh_frame_hdr. */ 4597 if (any) 4598 ERROR (gettext ("\ 4599PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n")); 4600 } 4601 else 4602 { 4603 /* The section must be allocated and not be writable and 4604 executable. */ 4605 if ((phdr->p_flags & PF_R) == 0) 4606 ERROR (gettext ("\ 4607call frame search table must be allocated\n")); 4608 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0) 4609 ERROR (gettext ("\ 4610section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr"); 4611 4612 if ((phdr->p_flags & PF_W) != 0) 4613 ERROR (gettext ("\ 4614call frame search table must not be writable\n")); 4615 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0) 4616 ERROR (gettext ("\ 4617section [%2zu] '%s' must not be writable\n"), 4618 elf_ndxscn (scn), ".eh_frame_hdr"); 4619 4620 if ((phdr->p_flags & PF_X) != 0) 4621 ERROR (gettext ("\ 4622call frame search table must not be executable\n")); 4623 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0) 4624 ERROR (gettext ("\ 4625section [%2zu] '%s' must not be executable\n"), 4626 elf_ndxscn (scn), ".eh_frame_hdr"); 4627 } 4628 4629 /* Remember which entry this is. */ 4630 pt_gnu_eh_frame_pndx = cnt; 4631 } 4632 4633 if (phdr->p_filesz > phdr->p_memsz 4634 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE)) 4635 ERROR (gettext ("\ 4636program header entry %d: file size greater than memory size\n"), 4637 cnt); 4638 4639 if (phdr->p_align > 1) 4640 { 4641 if (!powerof2 (phdr->p_align)) 4642 ERROR (gettext ("\ 4643program header entry %d: alignment not a power of 2\n"), cnt); 4644 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0) 4645 ERROR (gettext ("\ 4646program header entry %d: file offset and virtual address not module of alignment\n"), cnt); 4647 } 4648 } 4649} 4650 4651 4652static void 4653check_exception_data (Ebl *ebl __attribute__ ((unused)), 4654 GElf_Ehdr *ehdr __attribute__ ((unused))) 4655{ 4656 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 4657 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0) 4658 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have " 4659 "a PT_GNU_EH_FRAME program header entry")); 4660} 4661 4662 4663/* Process one file. */ 4664static void 4665process_elf_file (Elf *elf, const char *prefix, const char *suffix, 4666 const char *fname, size_t size, bool only_one) 4667{ 4668 /* Reset variables. */ 4669 ndynamic = 0; 4670 nverneed = 0; 4671 nverdef = 0; 4672 textrel = false; 4673 needed_textrel = false; 4674 has_loadable_segment = false; 4675 has_interp_segment = false; 4676 4677 GElf_Ehdr ehdr_mem; 4678 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem); 4679 Ebl *ebl; 4680 4681 /* Print the file name. */ 4682 if (!only_one) 4683 { 4684 if (prefix != NULL) 4685 printf ("\n%s(%s)%s:\n", prefix, fname, suffix); 4686 else 4687 printf ("\n%s:\n", fname); 4688 } 4689 4690 if (ehdr == NULL) 4691 { 4692 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1)); 4693 return; 4694 } 4695 4696 ebl = ebl_openbackend (elf); 4697 /* If there is no appropriate backend library we cannot test 4698 architecture and OS specific features. Any encountered extension 4699 is an error. */ 4700 4701 /* Go straight by the gABI, check all the parts in turn. */ 4702 check_elf_header (ebl, ehdr, size); 4703 4704 /* Check the program header. */ 4705 check_program_header (ebl, ehdr); 4706 4707 /* Next the section headers. It is OK if there are no section 4708 headers at all. */ 4709 check_sections (ebl, ehdr); 4710 4711 /* Check the exception handling data, if it exists. */ 4712 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0 4713 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0) 4714 check_exception_data (ebl, ehdr); 4715 4716 /* Report if no relocation section needed the text relocation flag. */ 4717 if (textrel && !needed_textrel) 4718 ERROR (gettext ("text relocation flag set but not needed\n")); 4719 4720 /* Free the resources. */ 4721 ebl_closebackend (ebl); 4722} 4723 4724 4725#include "debugpred.h" 4726