1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2015, 2017, 2018 Red Hat, Inc.
3 Copyright (C) 2023 Mark J. Wielaard <[email protected]>
4 This file is part of elfutils.
5 Written by Ulrich Drepper <[email protected]>, 2001.
6
7 This file is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 elfutils is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>. */
19
20 #ifdef HAVE_CONFIG_H
21 # include <config.h>
22 #endif
23
24 #include <argp.h>
25 #include <assert.h>
26 #include <byteswap.h>
27 #include <endian.h>
28 #include <fcntl.h>
29 #include <gelf.h>
30 #include <inttypes.h>
31 #include <locale.h>
32 #include <stdbool.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <unistd.h>
36 #include <sys/stat.h>
37
38 #include <elf-knowledge.h>
39 #include <libeu.h>
40 #include <system.h>
41 #include <printversion.h>
42 #include "../libelf/libelfP.h"
43 #include "../libelf/common.h"
44 #include "../libebl/libeblP.h"
45 #include "../libdw/libdwP.h"
46 #include "../libdwfl/libdwflP.h"
47 #include "../libdw/memory-access.h"
48
49
50 /* Name and version of program. */
51 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
52
53 /* Bug report address. */
54 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
55
56 #define ARGP_strict 300
57 #define ARGP_gnuld 301
58
59 /* Definitions of arguments for argp functions. */
60 static const struct argp_option options[] =
61 {
62 { "strict", ARGP_strict, NULL, 0,
63 N_("Be extremely strict, flag level 2 features."), 0 },
64 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
65 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
66 { "gnu-ld", ARGP_gnuld, NULL, 0,
67 N_("Binary has been created with GNU ld and is therefore known to be \
68 broken in certain ways"), 0 },
69 { NULL, 0, NULL, 0, NULL, 0 }
70 };
71
72 /* Short description of program. */
73 static const char doc[] = N_("\
74 Pedantic checking of ELF files compliance with gABI/psABI spec.");
75
76 /* Strings for arguments in help texts. */
77 static const char args_doc[] = N_("FILE...");
78
79 /* Prototype for option handler. */
80 static error_t parse_opt (int key, char *arg, struct argp_state *state);
81
82 /* Data structure to communicate with argp functions. */
83 static struct argp argp =
84 {
85 options, parse_opt, args_doc, doc, NULL, NULL, NULL
86 };
87
88
89 /* Declarations of local functions. */
90 static void process_file (int fd, Elf *elf, const char *prefix,
91 const char *suffix, const char *fname, size_t size,
92 bool only_one);
93 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
94 const char *fname, size_t size, bool only_one);
95 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
96 GElf_Shdr *shdr, int idx);
97
98
99 /* Report an error. */
100 #define ERROR(str, args...) \
101 do { \
102 printf (str, ##args); \
103 ++error_count; \
104 } while (0)
105 static unsigned int error_count;
106
107 /* True if we should perform very strict testing. */
108 static bool be_strict;
109
110 /* True if no message is to be printed if the run is successful. */
111 static bool be_quiet;
112
113 /* True if binary is from strip -f, not a normal ELF file. */
114 static bool is_debuginfo;
115
116 /* True if binary is assumed to be generated with GNU ld. */
117 static bool gnuld;
118
119 /* Index of section header string table. */
120 static uint32_t shstrndx;
121
122 /* Array to count references in section groups. */
123 static int *scnref;
124
125 /* Numbers of sections and program headers. */
126 static unsigned int shnum;
127 static unsigned int phnum;
128
129
130 int
main(int argc,char * argv[])131 main (int argc, char *argv[])
132 {
133 /* Set locale. */
134 setlocale (LC_ALL, "");
135
136 /* Initialize the message catalog. */
137 textdomain (PACKAGE_TARNAME);
138
139 /* Parse and process arguments. */
140 int remaining;
141 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
142
143 /* Before we start tell the ELF library which version we are using. */
144 elf_version (EV_CURRENT);
145
146 /* Now process all the files given at the command line. */
147 bool only_one = remaining + 1 == argc;
148 do
149 {
150 /* Open the file. */
151 int fd = open (argv[remaining], O_RDONLY);
152 if (fd == -1)
153 {
154 error (0, errno, _("cannot open input file '%s'"), argv[remaining]);
155 continue;
156 }
157
158 /* Create an `Elf' descriptor. */
159 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
160 if (elf == NULL)
161 ERROR (_("cannot generate Elf descriptor for '%s': %s\n"),
162 argv[remaining], elf_errmsg (-1));
163 else
164 {
165 unsigned int prev_error_count = error_count;
166 struct stat st;
167
168 if (fstat (fd, &st) != 0)
169 {
170 printf ("cannot stat '%s': %m\n", argv[remaining]);
171 close (fd);
172 continue;
173 }
174
175 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
176 only_one);
177
178 /* Now we can close the descriptor. */
179 if (elf_end (elf) != 0)
180 ERROR (_("error while closing Elf descriptor: %s\n"),
181 elf_errmsg (-1));
182
183 if (prev_error_count == error_count && !be_quiet)
184 puts (_("No errors"));
185 }
186
187 close (fd);
188 }
189 while (++remaining < argc);
190
191 return error_count != 0;
192 }
193
194
195 /* Handle program arguments. */
196 static error_t
parse_opt(int key,char * arg,struct argp_state * state)197 parse_opt (int key, char *arg __attribute__ ((unused)),
198 struct argp_state *state __attribute__ ((unused)))
199 {
200 switch (key)
201 {
202 case ARGP_strict:
203 be_strict = true;
204 break;
205
206 case 'q':
207 be_quiet = true;
208 break;
209
210 case 'd':
211 is_debuginfo = true;
212 break;
213
214 case ARGP_gnuld:
215 gnuld = true;
216 break;
217
218 case ARGP_KEY_NO_ARGS:
219 fputs (_("Missing file name.\n"), stderr);
220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
221 exit (EXIT_FAILURE);
222
223 default:
224 return ARGP_ERR_UNKNOWN;
225 }
226 return 0;
227 }
228
229
230 /* Process one file. */
231 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)232 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
233 const char *fname, size_t size, bool only_one)
234 {
235 /* We can handle two types of files: ELF files and archives. */
236 Elf_Kind kind = elf_kind (elf);
237
238 switch (kind)
239 {
240 case ELF_K_ELF:
241 /* Yes! It's an ELF file. */
242 process_elf_file (elf, prefix, suffix, fname, size, only_one);
243 break;
244
245 case ELF_K_AR:
246 {
247 Elf *subelf;
248 Elf_Cmd cmd = ELF_C_READ_MMAP;
249 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
250 size_t fname_len = strlen (fname) + 1;
251 char new_prefix[prefix_len + 1 + fname_len];
252 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
253 char *cp = new_prefix;
254
255 /* Create the full name of the file. */
256 if (prefix != NULL)
257 {
258 cp = mempcpy (cp, prefix, prefix_len);
259 *cp++ = '(';
260 strcpy (stpcpy (new_suffix, suffix), ")");
261 }
262 else
263 new_suffix[0] = '\0';
264 memcpy (cp, fname, fname_len);
265
266 /* It's an archive. We process each file in it. */
267 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
268 {
269 kind = elf_kind (subelf);
270
271 /* Call this function recursively. */
272 if (kind == ELF_K_ELF || kind == ELF_K_AR)
273 {
274 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
275 assert (arhdr != NULL);
276
277 process_file (fd, subelf, new_prefix, new_suffix,
278 arhdr->ar_name, arhdr->ar_size, false);
279 }
280
281 /* Get next archive element. */
282 cmd = elf_next (subelf);
283 if (elf_end (subelf) != 0)
284 ERROR (_(" error while freeing sub-ELF descriptor: %s\n"),
285 elf_errmsg (-1));
286 }
287 }
288 break;
289
290 default:
291 /* We cannot do anything. */
292 ERROR (_("\
293 Not an ELF file - it has the wrong magic bytes at the start\n"));
294 break;
295 }
296 }
297
298
299 static const char *
section_name(Ebl * ebl,int idx)300 section_name (Ebl *ebl, int idx)
301 {
302 GElf_Shdr shdr_mem;
303 GElf_Shdr *shdr;
304 const char *ret;
305
306 if ((unsigned int) idx > shnum)
307 return "<invalid>";
308
309 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
310 if (shdr == NULL)
311 return "<invalid>";
312
313 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
314 if (ret == NULL)
315 return "<invalid>";
316 return ret;
317 }
318
319
320 static const int valid_e_machine[] =
321 {
322 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
323 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
324 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
325 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
326 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
327 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
328 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
329 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
330 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
331 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
332 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA,
333 EM_TILEGX, EM_TILEPRO, EM_AARCH64, EM_BPF, EM_RISCV, EM_CSKY, EM_LOONGARCH,
334 EM_ARCV2
335 };
336 #define nvalid_e_machine \
337 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
338
339
340 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)341 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
342 {
343 char buf[512];
344 size_t cnt;
345
346 /* Check e_ident field. */
347 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
348 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
349 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
350 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
351 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
352 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
353 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
354 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
355
356 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
357 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
358 ERROR (_("e_ident[%d] == %d is no known class\n"),
359 EI_CLASS, ehdr->e_ident[EI_CLASS]);
360
361 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
362 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
363 ERROR (_("e_ident[%d] == %d is no known data encoding\n"),
364 EI_DATA, ehdr->e_ident[EI_DATA]);
365
366 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
367 ERROR (_("unknown ELF header version number e_ident[%d] == %d\n"),
368 EI_VERSION, ehdr->e_ident[EI_VERSION]);
369
370 /* We currently don't handle any OS ABIs other than Linux and the
371 kFreeBSD variant of Debian. */
372 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
373 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX
374 && ehdr->e_ident[EI_OSABI] != ELFOSABI_FREEBSD)
375 ERROR (_("unsupported OS ABI e_ident[%d] == '%s'\n"),
376 EI_OSABI,
377 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
378
379 /* No ABI versions other than zero are supported either. */
380 if (ehdr->e_ident[EI_ABIVERSION] != 0)
381 ERROR (_("unsupported ABI version e_ident[%d] == %d\n"),
382 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
383
384 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
385 if (ehdr->e_ident[cnt] != 0)
386 ERROR (_("e_ident[%zu] is not zero\n"), cnt);
387
388 /* Check the e_type field. */
389 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
390 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
391 ERROR (_("unknown object file type %d\n"), ehdr->e_type);
392
393 /* Check the e_machine field. */
394 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
395 if (valid_e_machine[cnt] == ehdr->e_machine)
396 break;
397 if (cnt == nvalid_e_machine)
398 ERROR (_("unknown machine type %d\n"), ehdr->e_machine);
399
400 /* Check the e_version field. */
401 if (ehdr->e_version != EV_CURRENT)
402 ERROR (_("unknown object file version\n"));
403
404 /* Check the e_phoff and e_phnum fields. */
405 if (ehdr->e_phoff == 0)
406 {
407 if (ehdr->e_phnum != 0)
408 ERROR (_("invalid program header offset\n"));
409 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
410 ERROR (_("\
411 executables and DSOs cannot have zero program header offset\n"));
412 }
413 else if (ehdr->e_phnum == 0)
414 ERROR (_("invalid number of program header entries\n"));
415
416 /* Check the e_shoff field. */
417 shnum = ehdr->e_shnum;
418 shstrndx = ehdr->e_shstrndx;
419 if (ehdr->e_shoff == 0)
420 {
421 if (ehdr->e_shnum != 0)
422 ERROR (_("invalid section header table offset\n"));
423 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
424 && ehdr->e_type != ET_CORE)
425 ERROR (_("section header table must be present\n"));
426 }
427 else
428 {
429 if (ehdr->e_shnum == 0)
430 {
431 /* Get the header of the zeroth section. The sh_size field
432 might contain the section number. */
433 GElf_Shdr shdr_mem;
434 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
435 if (shdr != NULL)
436 {
437 /* The error will be reported later. */
438 if (shdr->sh_size == 0)
439 ERROR (_("\
440 invalid number of section header table entries\n"));
441 else
442 shnum = shdr->sh_size;
443 }
444 }
445
446 if (ehdr->e_shstrndx == SHN_XINDEX)
447 {
448 /* Get the header of the zeroth section. The sh_size field
449 might contain the section number. */
450 GElf_Shdr shdr_mem;
451 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
452 if (shdr != NULL && shdr->sh_link < shnum)
453 shstrndx = shdr->sh_link;
454 }
455 else if (shstrndx >= shnum)
456 ERROR (_("invalid section header index\n"));
457 }
458
459 /* Check the shdrs actually exist. And uncompress them before
460 further checking. Indexes between sections reference the
461 uncompressed data. */
462 unsigned int scnt;
463 Elf_Scn *scn = NULL;
464 for (scnt = 1; scnt < shnum; ++scnt)
465 {
466 scn = elf_nextscn (ebl->elf, scn);
467 if (scn == NULL)
468 break;
469 /* If the section wasn't compressed this does nothing, but
470 returns an error. We don't care. */
471 if (elf_compress (scn, 0, 0) < 0) { ; }
472 }
473 if (scnt < shnum)
474 ERROR (_("Can only check %u headers, shnum was %u\n"), scnt, shnum);
475 shnum = scnt;
476
477 phnum = ehdr->e_phnum;
478 if (ehdr->e_phnum == PN_XNUM)
479 {
480 /* Get the header of the zeroth section. The sh_info field
481 might contain the phnum count. */
482 GElf_Shdr shdr_mem;
483 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
484 if (shdr != NULL)
485 {
486 /* The error will be reported later. */
487 if (shdr->sh_info < PN_XNUM)
488 ERROR (_("\
489 invalid number of program header table entries\n"));
490 else
491 phnum = shdr->sh_info;
492 }
493 }
494
495 /* Check the phdrs actually exist. */
496 unsigned int pcnt;
497 for (pcnt = 0; pcnt < phnum; ++pcnt)
498 {
499 GElf_Phdr phdr_mem;
500 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
501 if (phdr == NULL)
502 break;
503 }
504 if (pcnt < phnum)
505 ERROR (_("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
506 phnum = pcnt;
507
508 /* Check the e_flags field. */
509 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
510 ERROR (_("invalid machine flags: %s\n"),
511 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
512
513 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
514 if (gelf_getclass (ebl->elf) == ELFCLASS32)
515 {
516 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
517 ERROR (_("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
518
519 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
520 ERROR (_("invalid program header size: %hd\n"),
521 ehdr->e_phentsize);
522 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
523 ERROR (_("invalid program header position or size\n"));
524
525 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
526 ERROR (_("invalid section header size: %hd\n"),
527 ehdr->e_shentsize);
528 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
529 ERROR (_("invalid section header position or size\n"));
530 }
531 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
532 {
533 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
534 ERROR (_("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
535
536 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
537 ERROR (_("invalid program header size: %hd\n"),
538 ehdr->e_phentsize);
539 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
540 ERROR (_("invalid program header position or size\n"));
541
542 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
543 ERROR (_("invalid section header size: %hd\n"),
544 ehdr->e_shentsize);
545 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
546 ERROR (_("invalid section header position or size\n"));
547 }
548 }
549
550
551 /* Check that there is a section group section with index < IDX which
552 contains section IDX and that there is exactly one. */
553 static void
check_scn_group(Ebl * ebl,int idx)554 check_scn_group (Ebl *ebl, int idx)
555 {
556 if (scnref[idx] == 0)
557 {
558 /* No reference so far. Search following sections, maybe the
559 order is wrong. */
560 size_t cnt;
561
562 for (cnt = idx + 1; cnt < shnum; ++cnt)
563 {
564 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
565 GElf_Shdr shdr_mem;
566 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
567 if (shdr == NULL)
568 /* We cannot get the section header so we cannot check it.
569 The error to get the section header will be shown
570 somewhere else. */
571 continue;
572
573 if (shdr->sh_type != SHT_GROUP)
574 continue;
575
576 Elf_Data *data = elf_getdata (scn, NULL);
577 if (data == NULL || data->d_buf == NULL
578 || data->d_size < sizeof (Elf32_Word))
579 /* Cannot check the section. */
580 continue;
581
582 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
583 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
584 ++inner)
585 if (grpdata[inner] == (Elf32_Word) idx)
586 goto out;
587 }
588
589 out:
590 if (cnt == shnum)
591 ERROR (_("\
592 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
593 idx, section_name (ebl, idx));
594 else
595 ERROR (_("\
596 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
597 idx, section_name (ebl, idx),
598 cnt, section_name (ebl, cnt));
599 }
600 }
601
602
603 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)604 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
605 {
606 bool no_xndx_warned = false;
607 int no_pt_tls = 0;
608 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
609 if (data == NULL)
610 {
611 ERROR (_("section [%2d] '%s': cannot get section data\n"),
612 idx, section_name (ebl, idx));
613 return;
614 }
615
616 GElf_Shdr strshdr_mem;
617 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
618 &strshdr_mem);
619 if (strshdr == NULL)
620 return;
621
622 if (strshdr->sh_type != SHT_STRTAB)
623 {
624 ERROR (_("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
625 shdr->sh_link, section_name (ebl, shdr->sh_link),
626 idx, section_name (ebl, idx));
627 strshdr = NULL;
628 }
629
630 /* Search for an extended section index table section. */
631 Elf_Data *xndxdata = NULL;
632 Elf32_Word xndxscnidx = 0;
633 bool found_xndx = false;
634 for (size_t cnt = 1; cnt < shnum; ++cnt)
635 if (cnt != (size_t) idx)
636 {
637 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
638 GElf_Shdr xndxshdr_mem;
639 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
640 if (xndxshdr == NULL)
641 continue;
642
643 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
644 && xndxshdr->sh_link == (GElf_Word) idx)
645 {
646 if (found_xndx)
647 ERROR (_("\
648 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
649 idx, section_name (ebl, idx));
650
651 xndxdata = elf_getdata (xndxscn, NULL);
652 xndxscnidx = elf_ndxscn (xndxscn);
653 found_xndx = true;
654 }
655 }
656
657 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
658 if (shdr->sh_entsize != sh_entsize)
659 ERROR (_("\
660 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
661 idx, section_name (ebl, idx));
662 else if (shdr->sh_info > shdr->sh_size / sh_entsize)
663 ERROR (_("\
664 section [%2u] '%s': number of local entries in 'st_info' larger than table size\n"),
665 idx, section_name (ebl, idx));
666
667 /* Test the zeroth entry. */
668 GElf_Sym sym_mem;
669 Elf32_Word xndx;
670 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
671 if (sym == NULL)
672 ERROR (_("section [%2d] '%s': cannot get symbol %d: %s\n"),
673 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
674 else
675 {
676 if (sym->st_name != 0)
677 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
678 idx, section_name (ebl, idx), "st_name");
679 if (sym->st_value != 0)
680 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
681 idx, section_name (ebl, idx), "st_value");
682 if (sym->st_size != 0)
683 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
684 idx, section_name (ebl, idx), "st_size");
685 if (sym->st_info != 0)
686 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
687 idx, section_name (ebl, idx), "st_info");
688 if (sym->st_other != 0)
689 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
690 idx, section_name (ebl, idx), "st_other");
691 if (sym->st_shndx != 0)
692 ERROR (_("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
693 idx, section_name (ebl, idx), "st_shndx");
694 if (xndxdata != NULL && xndx != 0)
695 ERROR (_("\
696 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
697 xndxscnidx, section_name (ebl, xndxscnidx));
698 }
699
700 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
701 {
702 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
703 if (sym == NULL)
704 {
705 ERROR (_("section [%2d] '%s': cannot get symbol %zu: %s\n"),
706 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
707 continue;
708 }
709
710 const char *name = "<invalid>";
711 if (strshdr == NULL)
712 name = "";
713 else if (sym->st_name >= strshdr->sh_size)
714 ERROR (_("\
715 section [%2d] '%s': symbol %zu: invalid name value\n"),
716 idx, section_name (ebl, idx), cnt);
717 else
718 {
719 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
720 if (name == NULL)
721 name = "";
722 }
723
724 if (sym->st_shndx == SHN_XINDEX)
725 {
726 if (xndxdata == NULL)
727 {
728 if (!no_xndx_warned)
729 ERROR (_("\
730 section [%2d] '%s': symbol %zu (%s): too large section index but no extended section index section\n"),
731 idx, section_name (ebl, idx), cnt, name);
732 no_xndx_warned = true;
733 }
734 else if (xndx < SHN_LORESERVE)
735 ERROR (_("\
736 section [%2d] '%s': symbol %zu (%s): XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
737 xndxscnidx, section_name (ebl, xndxscnidx), cnt, name,
738 xndx);
739 }
740 else if ((sym->st_shndx >= SHN_LORESERVE
741 // && sym->st_shndx <= SHN_HIRESERVE always true
742 && sym->st_shndx != SHN_ABS
743 && sym->st_shndx != SHN_COMMON)
744 || (sym->st_shndx >= shnum
745 && (sym->st_shndx < SHN_LORESERVE
746 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
747 ERROR (_("\
748 section [%2d] '%s': symbol %zu (%s): invalid section index\n"),
749 idx, section_name (ebl, idx), cnt, name);
750 else
751 xndx = sym->st_shndx;
752
753 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
754 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
755 ERROR (_("section [%2d] '%s': symbol %zu (%s): unknown type\n"),
756 idx, section_name (ebl, idx), cnt, name);
757
758 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
759 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
760 0))
761 ERROR (_("\
762 section [%2d] '%s': symbol %zu (%s): unknown symbol binding\n"),
763 idx, section_name (ebl, idx), cnt, name);
764 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
765 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
766 ERROR (_("\
767 section [%2d] '%s': symbol %zu (%s): unique symbol not of object type\n"),
768 idx, section_name (ebl, idx), cnt, name);
769
770 if (xndx == SHN_COMMON)
771 {
772 /* Common symbols can only appear in relocatable files. */
773 if (ehdr->e_type != ET_REL)
774 ERROR (_("\
775 section [%2d] '%s': symbol %zu (%s): COMMON only allowed in relocatable files\n"),
776 idx, section_name (ebl, idx), cnt, name);
777 if (cnt < shdr->sh_info)
778 ERROR (_("\
779 section [%2d] '%s': symbol %zu (%s): local COMMON symbols are nonsense\n"),
780 idx, section_name (ebl, idx), cnt, name);
781 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
782 ERROR (_("\
783 section [%2d] '%s': symbol %zu (%s): function in COMMON section is nonsense\n"),
784 idx, section_name (ebl, idx), cnt, name);
785 }
786 else if (xndx > 0 && xndx < shnum)
787 {
788 GElf_Shdr destshdr_mem;
789 GElf_Shdr *destshdr;
790
791 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
792 if (destshdr != NULL)
793 {
794 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
795 : destshdr->sh_addr);
796 GElf_Addr st_value;
797 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC
798 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC))
799 st_value = sym->st_value & ebl_func_addr_mask (ebl);
800 else
801 st_value = sym->st_value;
802 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
803 {
804 if (! ebl_check_special_symbol (ebl, sym, name,
805 destshdr))
806 {
807 if (st_value - sh_addr > destshdr->sh_size)
808 {
809 /* GNU ld has severe bugs. When it decides to remove
810 empty sections it leaves symbols referencing them
811 behind. These are symbols in .symtab or .dynsym
812 and for the named symbols have zero size. See
813 sourceware PR13621. */
814 if (!gnuld
815 || (strcmp (section_name (ebl, idx), ".symtab")
816 && strcmp (section_name (ebl, idx),
817 ".dynsym"))
818 || sym->st_size != 0
819 || (strcmp (name, "__preinit_array_start") != 0
820 && strcmp (name, "__preinit_array_end") != 0
821 && strcmp (name, "__init_array_start") != 0
822 && strcmp (name, "__init_array_end") != 0
823 && strcmp (name, "__fini_array_start") != 0
824 && strcmp (name, "__fini_array_end") != 0
825 && strcmp (name, "__bss_start") != 0
826 && strcmp (name, "__bss_start__") != 0
827 && strcmp (name, "__TMC_END__") != 0
828 && strcmp (name, ".TOC.") != 0
829 && strcmp (name, "_edata") != 0
830 && strcmp (name, "__edata") != 0
831 && strcmp (name, "_end") != 0
832 && strcmp (name, "__end") != 0))
833 ERROR (_("\
834 section [%2d] '%s': symbol %zu (%s): st_value out of bounds\n"),
835 idx, section_name (ebl, idx), cnt, name);
836 }
837 else if ((st_value - sh_addr
838 + sym->st_size) > destshdr->sh_size)
839 ERROR (_("\
840 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
841 idx, section_name (ebl, idx), cnt, name,
842 (int) xndx, section_name (ebl, xndx));
843 }
844 }
845 else
846 {
847 if ((destshdr->sh_flags & SHF_TLS) == 0)
848 ERROR (_("\
849 section [%2d] '%s': symbol %zu (%s): referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
850 idx, section_name (ebl, idx), cnt, name,
851 (int) xndx, section_name (ebl, xndx));
852
853 if (ehdr->e_type == ET_REL)
854 {
855 /* For object files the symbol value must fall
856 into the section. */
857 if (st_value > destshdr->sh_size)
858 ERROR (_("\
859 section [%2d] '%s': symbol %zu (%s): st_value out of bounds of referenced section [%2d] '%s'\n"),
860 idx, section_name (ebl, idx), cnt, name,
861 (int) xndx, section_name (ebl, xndx));
862 else if (st_value + sym->st_size
863 > destshdr->sh_size)
864 ERROR (_("\
865 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
866 idx, section_name (ebl, idx), cnt, name,
867 (int) xndx, section_name (ebl, xndx));
868 }
869 else
870 {
871 GElf_Phdr phdr_mem;
872 GElf_Phdr *phdr = NULL;
873 unsigned int pcnt;
874
875 for (pcnt = 0; pcnt < phnum; ++pcnt)
876 {
877 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
878 if (phdr != NULL && phdr->p_type == PT_TLS)
879 break;
880 }
881
882 if (pcnt == phnum)
883 {
884 if (no_pt_tls++ == 0)
885 ERROR (_("\
886 section [%2d] '%s': symbol %zu (%s): TLS symbol but no TLS program header entry\n"),
887 idx, section_name (ebl, idx), cnt, name);
888 }
889 else if (phdr == NULL)
890 {
891 ERROR (_("\
892 section [%2d] '%s': symbol %zu (%s): TLS symbol but couldn't get TLS program header entry\n"),
893 idx, section_name (ebl, idx), cnt, name);
894 }
895 else if (!is_debuginfo)
896 {
897 if (st_value
898 < destshdr->sh_offset - phdr->p_offset)
899 ERROR (_("\
900 section [%2d] '%s': symbol %zu (%s): st_value short of referenced section [%2d] '%s'\n"),
901 idx, section_name (ebl, idx), cnt, name,
902 (int) xndx, section_name (ebl, xndx));
903 else if (st_value
904 > (destshdr->sh_offset - phdr->p_offset
905 + destshdr->sh_size))
906 ERROR (_("\
907 section [%2d] '%s': symbol %zu (%s): st_value out of bounds of referenced section [%2d] '%s'\n"),
908 idx, section_name (ebl, idx), cnt, name,
909 (int) xndx, section_name (ebl, xndx));
910 else if (st_value + sym->st_size
911 > (destshdr->sh_offset - phdr->p_offset
912 + destshdr->sh_size))
913 ERROR (_("\
914 section [%2d] '%s': symbol %zu (%s) does not fit completely in referenced section [%2d] '%s'\n"),
915 idx, section_name (ebl, idx), cnt, name,
916 (int) xndx, section_name (ebl, xndx));
917 }
918 }
919 }
920 }
921 }
922
923 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
924 {
925 if (cnt >= shdr->sh_info)
926 ERROR (_("\
927 section [%2d] '%s': symbol %zu (%s): local symbol outside range described in sh_info\n"),
928 idx, section_name (ebl, idx), cnt, name);
929 }
930 else
931 {
932 if (cnt < shdr->sh_info)
933 ERROR (_("\
934 section [%2d] '%s': symbol %zu (%s): non-local symbol outside range described in sh_info\n"),
935 idx, section_name (ebl, idx), cnt, name);
936 }
937
938 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
939 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
940 ERROR (_("\
941 section [%2d] '%s': symbol %zu (%s): non-local section symbol\n"),
942 idx, section_name (ebl, idx), cnt, name);
943
944 if (name != NULL)
945 {
946 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
947 {
948 /* Check that address and size match the global offset table. */
949
950 GElf_Shdr destshdr_mem;
951 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
952 &destshdr_mem);
953
954 if (destshdr == NULL && xndx == SHN_ABS)
955 {
956 /* In a DSO, we have to find the GOT section by name. */
957 Elf_Scn *gotscn = NULL;
958 Elf_Scn *gscn = NULL;
959 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
960 {
961 destshdr = gelf_getshdr (gscn, &destshdr_mem);
962 assert (destshdr != NULL);
963 const char *sname = elf_strptr (ebl->elf,
964 shstrndx,
965 destshdr->sh_name);
966 if (sname != NULL)
967 {
968 if (strcmp (sname, ".got.plt") == 0)
969 break;
970 if (strcmp (sname, ".got") == 0)
971 /* Do not stop looking.
972 There might be a .got.plt section. */
973 gotscn = gscn;
974 }
975
976 destshdr = NULL;
977 }
978
979 if (destshdr == NULL && gotscn != NULL)
980 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
981 }
982
983 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
984 ? NULL
985 : elf_strptr (ebl->elf, shstrndx,
986 destshdr->sh_name));
987 if (sname == NULL)
988 {
989 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
990 ERROR (_("\
991 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
992 bad section [%2d]\n"),
993 idx, section_name (ebl, idx), xndx);
994 }
995 else if (strcmp (sname, ".got.plt") != 0
996 && strcmp (sname, ".got") != 0)
997 ERROR (_("\
998 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
999 section [%2d] '%s'\n"),
1000 idx, section_name (ebl, idx), xndx, sname);
1001
1002 if (destshdr != NULL)
1003 {
1004 /* Found it. */
1005 if (!ebl_check_special_symbol (ebl, sym, name,
1006 destshdr))
1007 {
1008 if (ehdr->e_type != ET_REL
1009 && sym->st_value != destshdr->sh_addr)
1010 /* This test is more strict than the psABIs which
1011 usually allow the symbol to be in the middle of
1012 the .got section, allowing negative offsets. */
1013 ERROR (_("\
1014 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
1015 idx, section_name (ebl, idx),
1016 (uint64_t) sym->st_value,
1017 sname, (uint64_t) destshdr->sh_addr);
1018
1019 if (!gnuld && sym->st_size != destshdr->sh_size)
1020 ERROR (_("\
1021 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
1022 idx, section_name (ebl, idx),
1023 (uint64_t) sym->st_size,
1024 sname, (uint64_t) destshdr->sh_size);
1025 }
1026 }
1027 else
1028 ERROR (_("\
1029 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
1030 idx, section_name (ebl, idx));
1031 }
1032 else if (strcmp (name, "_DYNAMIC") == 0)
1033 /* Check that address and size match the dynamic section.
1034 We locate the dynamic section via the program header
1035 entry. */
1036 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
1037 {
1038 GElf_Phdr phdr_mem;
1039 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
1040
1041 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
1042 {
1043 if (sym->st_value != phdr->p_vaddr)
1044 ERROR (_("\
1045 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
1046 idx, section_name (ebl, idx),
1047 (uint64_t) sym->st_value,
1048 (uint64_t) phdr->p_vaddr);
1049
1050 if (!gnuld && sym->st_size != phdr->p_memsz)
1051 ERROR (_("\
1052 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1053 idx, section_name (ebl, idx),
1054 (uint64_t) sym->st_size,
1055 (uint64_t) phdr->p_memsz);
1056
1057 break;
1058 }
1059 }
1060 }
1061
1062 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1063 && shdr->sh_type == SHT_DYNSYM)
1064 ERROR (_("\
1065 section [%2d] '%s': symbol %zu (%s): symbol in dynamic symbol table with non-default visibility\n"),
1066 idx, section_name (ebl, idx), cnt, name);
1067 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1068 ERROR (_("\
1069 section [%2d] '%s': symbol %zu (%s): unknown bit set in st_other\n"),
1070 idx, section_name (ebl, idx), cnt, name);
1071
1072 }
1073 }
1074
1075
1076 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1077 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1078 bool is_rela)
1079 {
1080 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1081 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1082 return false;
1083
1084 /* Check the section name. Unfortunately necessary. */
1085 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1086 return false;
1087
1088 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1089 entry can be present as well. */
1090 Elf_Scn *scn = NULL;
1091 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1092 {
1093 GElf_Shdr rcshdr_mem;
1094 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1095
1096 if (rcshdr == NULL)
1097 break;
1098
1099 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize != 0)
1100 {
1101 /* Found the dynamic section. Look through it. */
1102 Elf_Data *d = elf_getdata (scn, NULL);
1103 size_t cnt;
1104
1105 if (d == NULL)
1106 ERROR (_("\
1107 section [%2d] '%s': cannot get section data.\n"),
1108 idx, section_name (ebl, idx));
1109
1110 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1111 {
1112 GElf_Dyn dyn_mem;
1113 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1114
1115 if (dyn == NULL)
1116 break;
1117
1118 if (dyn->d_tag == DT_RELCOUNT)
1119 {
1120 /* Found it. Does the type match. */
1121 if (is_rela)
1122 ERROR (_("\
1123 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1124 idx, section_name (ebl, idx));
1125 else
1126 {
1127 /* Does the number specified number of relative
1128 relocations exceed the total number of
1129 relocations? */
1130 if (shdr->sh_entsize != 0
1131 && dyn->d_un.d_val > (shdr->sh_size
1132 / shdr->sh_entsize))
1133 ERROR (_("\
1134 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1135 idx, section_name (ebl, idx),
1136 (int) dyn->d_un.d_val);
1137
1138 /* Make sure the specified number of relocations are
1139 relative. */
1140 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1141 idx), NULL);
1142 if (reldata != NULL && shdr->sh_entsize != 0)
1143 for (size_t inner = 0;
1144 inner < shdr->sh_size / shdr->sh_entsize;
1145 ++inner)
1146 {
1147 GElf_Rel rel_mem;
1148 GElf_Rel *rel = gelf_getrel (reldata, inner,
1149 &rel_mem);
1150 if (rel == NULL)
1151 /* The problem will be reported elsewhere. */
1152 break;
1153
1154 if (ebl_relative_reloc_p (ebl,
1155 GELF_R_TYPE (rel->r_info)))
1156 {
1157 if (inner >= dyn->d_un.d_val)
1158 ERROR (_("\
1159 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1160 idx, section_name (ebl, idx),
1161 (int) dyn->d_un.d_val);
1162 }
1163 else if (inner < dyn->d_un.d_val)
1164 ERROR (_("\
1165 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1166 idx, section_name (ebl, idx),
1167 inner, (int) dyn->d_un.d_val);
1168 }
1169 }
1170 }
1171
1172 if (dyn->d_tag == DT_RELACOUNT)
1173 {
1174 /* Found it. Does the type match. */
1175 if (!is_rela)
1176 ERROR (_("\
1177 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1178 idx, section_name (ebl, idx));
1179 else
1180 {
1181 /* Does the number specified number of relative
1182 relocations exceed the total number of
1183 relocations? */
1184 if (shdr->sh_entsize != 0
1185 && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1186 ERROR (_("\
1187 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1188 idx, section_name (ebl, idx),
1189 (int) dyn->d_un.d_val);
1190
1191 /* Make sure the specified number of relocations are
1192 relative. */
1193 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1194 idx), NULL);
1195 if (reldata != NULL && shdr->sh_entsize != 0)
1196 for (size_t inner = 0;
1197 inner < shdr->sh_size / shdr->sh_entsize;
1198 ++inner)
1199 {
1200 GElf_Rela rela_mem;
1201 GElf_Rela *rela = gelf_getrela (reldata, inner,
1202 &rela_mem);
1203 if (rela == NULL)
1204 /* The problem will be reported elsewhere. */
1205 break;
1206
1207 if (ebl_relative_reloc_p (ebl,
1208 GELF_R_TYPE (rela->r_info)))
1209 {
1210 if (inner >= dyn->d_un.d_val)
1211 ERROR (_("\
1212 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1213 idx, section_name (ebl, idx),
1214 (int) dyn->d_un.d_val);
1215 }
1216 else if (inner < dyn->d_un.d_val)
1217 ERROR (_("\
1218 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1219 idx, section_name (ebl, idx),
1220 inner, (int) dyn->d_un.d_val);
1221 }
1222 }
1223 }
1224 }
1225
1226 break;
1227 }
1228 }
1229
1230 return true;
1231 }
1232
1233
1234 struct loaded_segment
1235 {
1236 GElf_Addr from;
1237 GElf_Addr to;
1238 bool read_only;
1239 struct loaded_segment *next;
1240 };
1241
1242
1243 /* Check whether binary has text relocation flag set. */
1244 static bool textrel;
1245
1246 /* Keep track of whether text relocation flag is needed. */
1247 static bool needed_textrel;
1248
1249
1250 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1251 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1252 int idx, int reltype, GElf_Shdr **destshdrp,
1253 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1254 {
1255 bool reldyn = false;
1256
1257 /* Check whether the link to the section we relocate is reasonable. */
1258 if (shdr->sh_info >= shnum)
1259 ERROR (_("section [%2d] '%s': invalid destination section index\n"),
1260 idx, section_name (ebl, idx));
1261 else if (shdr->sh_info != 0)
1262 {
1263 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1264 destshdr_memp);
1265 if (*destshdrp != NULL)
1266 {
1267 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type))
1268 {
1269 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1270 if (!reldyn)
1271 ERROR (_("\
1272 section [%2d] '%s': invalid destination section type\n"),
1273 idx, section_name (ebl, idx));
1274 else
1275 {
1276 /* There is no standard, but we require that .rel{,a}.dyn
1277 sections have a sh_info value of zero. */
1278 if (shdr->sh_info != 0)
1279 ERROR (_("\
1280 section [%2d] '%s': sh_info should be zero\n"),
1281 idx, section_name (ebl, idx));
1282 }
1283 }
1284
1285 if ((((*destshdrp)->sh_flags & SHF_MERGE) != 0)
1286 && ((*destshdrp)->sh_flags & SHF_STRINGS) != 0)
1287 ERROR (_("\
1288 section [%2d] '%s': no relocations for merge-able string sections possible\n"),
1289 idx, section_name (ebl, idx));
1290 }
1291 }
1292
1293 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1294 if (shdr->sh_entsize != sh_entsize)
1295 {
1296 if (reltype == ELF_T_RELA)
1297 ERROR ("\
1298 section [%2d] '%s': section entry size does not match ElfXX_Rela\n",
1299 idx, section_name (ebl, idx));
1300 else if (reltype == ELF_T_REL)
1301 ERROR ("\
1302 section [%2d] '%s': section entry size does not match ElfXX_Rel\n",
1303 idx, section_name (ebl, idx));
1304 else
1305 ERROR ("\
1306 section [%2d] '%s': section entry size does not match ElfXX_Relr\n",
1307 idx, section_name (ebl, idx));
1308 }
1309
1310 /* In preparation of checking whether relocations are text
1311 relocations or not we need to determine whether the file is
1312 flagged to have text relocation and we need to determine a) what
1313 the loaded segments are and b) which are read-only. This will
1314 also allow us to determine whether the same reloc section is
1315 modifying loaded and not loaded segments. */
1316 for (unsigned int i = 0; i < phnum; ++i)
1317 {
1318 GElf_Phdr phdr_mem;
1319 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1320 if (phdr == NULL)
1321 continue;
1322
1323 if (phdr->p_type == PT_LOAD)
1324 {
1325 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1326 newp->from = phdr->p_vaddr;
1327 newp->to = phdr->p_vaddr + phdr->p_memsz;
1328 newp->read_only = (phdr->p_flags & PF_W) == 0;
1329 newp->next = *loadedp;
1330 *loadedp = newp;
1331 }
1332 else if (phdr->p_type == PT_DYNAMIC)
1333 {
1334 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1335 GElf_Shdr dynshdr_mem;
1336 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1337 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1338 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1339 && dyndata != NULL && dynshdr->sh_entsize != 0)
1340 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1341 {
1342 GElf_Dyn dyn_mem;
1343 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1344 if (dyn != NULL
1345 && (dyn->d_tag == DT_TEXTREL
1346 || (dyn->d_tag == DT_FLAGS
1347 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1348 {
1349 textrel = true;
1350 break;
1351 }
1352 }
1353 }
1354 }
1355
1356 /* A quick test which can be easily done here (although it is a bit
1357 out of place): the text relocation flag makes only sense if there
1358 is a segment which is not writable. */
1359 if (textrel)
1360 {
1361 struct loaded_segment *seg = *loadedp;
1362 while (seg != NULL && !seg->read_only)
1363 seg = seg->next;
1364 if (seg == NULL)
1365 ERROR (_("\
1366 text relocation flag set but there is no read-only segment\n"));
1367 }
1368
1369 return reldyn;
1370 }
1371
1372
1373 enum load_state
1374 {
1375 state_undecided,
1376 state_loaded,
1377 state_unloaded,
1378 state_error
1379 };
1380
1381
1382 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1383 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1384 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1385 GElf_Addr r_offset, GElf_Xword r_info,
1386 const GElf_Shdr *destshdr, bool reldyn,
1387 struct loaded_segment *loaded, enum load_state *statep)
1388 {
1389 bool known_broken = gnuld;
1390
1391 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1392 ERROR (_("section [%2d] '%s': relocation %zu: invalid type\n"),
1393 idx, section_name (ebl, idx), cnt);
1394 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1395 /* The executable/DSO can contain relocation sections with
1396 all the relocations the linker has applied. Those sections
1397 are marked non-loaded, though. */
1398 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1399 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1400 ERROR (_("\
1401 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1402 idx, section_name (ebl, idx), cnt);
1403
1404 if (symshdr != NULL
1405 && ((GELF_R_SYM (r_info) + 1)
1406 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1407 > symshdr->sh_size))
1408 ERROR (_("\
1409 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1410 idx, section_name (ebl, idx), cnt);
1411
1412 /* No more tests if this is a no-op relocation. */
1413 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1414 return;
1415
1416 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1417 {
1418 const char *name;
1419 char buf[64];
1420 GElf_Sym sym_mem;
1421 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1422 if (sym != NULL
1423 /* Get the name for the symbol. */
1424 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1425 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1426 ERROR (_("\
1427 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1428 idx, section_name (ebl, idx), cnt,
1429 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1430 buf, sizeof (buf)));
1431 }
1432
1433 if (reldyn)
1434 {
1435 // XXX TODO Check .rel.dyn section addresses.
1436 }
1437 else if (!known_broken)
1438 {
1439 if (destshdr != NULL
1440 && GELF_R_TYPE (r_info) != 0
1441 && (r_offset - (ehdr->e_type == ET_REL ? 0
1442 : destshdr->sh_addr)) >= destshdr->sh_size)
1443 ERROR (_("\
1444 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1445 idx, section_name (ebl, idx), cnt);
1446 }
1447
1448 GElf_Sym sym_mem;
1449 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1450
1451 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1452 /* Make sure the referenced symbol is an object or unspecified. */
1453 && sym != NULL
1454 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1455 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1456 {
1457 char buf[64];
1458 ERROR (_("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1459 idx, section_name (ebl, idx), cnt,
1460 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1461 buf, sizeof (buf)));
1462 }
1463
1464 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1465 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1466 {
1467 bool in_loaded_seg = false;
1468 while (loaded != NULL)
1469 {
1470 if (r_offset < loaded->to
1471 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1472 {
1473 /* The symbol is in this segment. */
1474 if (loaded->read_only)
1475 {
1476 if (textrel)
1477 needed_textrel = true;
1478 else
1479 ERROR (_("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1480 idx, section_name (ebl, idx), cnt);
1481 }
1482
1483 in_loaded_seg = true;
1484 }
1485
1486 loaded = loaded->next;
1487 }
1488
1489 if (*statep == state_undecided)
1490 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1491 else if ((*statep == state_unloaded && in_loaded_seg)
1492 || (*statep == state_loaded && !in_loaded_seg))
1493 {
1494 ERROR (_("\
1495 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1496 idx, section_name (ebl, idx));
1497 *statep = state_error;
1498 }
1499 }
1500 }
1501
1502
1503 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1504 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1505 {
1506 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1507 if (data == NULL)
1508 {
1509 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1510 idx, section_name (ebl, idx));
1511 return;
1512 }
1513
1514 /* Check the fields of the section header. */
1515 GElf_Shdr destshdr_mem;
1516 GElf_Shdr *destshdr = NULL;
1517 struct loaded_segment *loaded = NULL;
1518 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1519 &destshdr_mem, &loaded);
1520
1521 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1522 GElf_Shdr symshdr_mem;
1523 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1524 Elf_Data *symdata = elf_getdata (symscn, NULL);
1525 enum load_state state = state_undecided;
1526
1527 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1528 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1529 {
1530 GElf_Rela rela_mem;
1531 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1532 if (rela == NULL)
1533 {
1534 ERROR (_("\
1535 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1536 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1537 continue;
1538 }
1539
1540 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1541 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1542 &state);
1543 }
1544
1545 while (loaded != NULL)
1546 {
1547 struct loaded_segment *old = loaded;
1548 loaded = loaded->next;
1549 free (old);
1550 }
1551 }
1552
1553
1554 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1555 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1556 {
1557 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1558 if (data == NULL)
1559 {
1560 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1561 idx, section_name (ebl, idx));
1562 return;
1563 }
1564
1565 /* Check the fields of the section header. */
1566 GElf_Shdr destshdr_mem;
1567 GElf_Shdr *destshdr = NULL;
1568 struct loaded_segment *loaded = NULL;
1569 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1570 &destshdr_mem, &loaded);
1571
1572 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1573 GElf_Shdr symshdr_mem;
1574 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1575 Elf_Data *symdata = elf_getdata (symscn, NULL);
1576 enum load_state state = state_undecided;
1577
1578 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1579 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1580 {
1581 GElf_Rel rel_mem;
1582 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1583 if (rel == NULL)
1584 {
1585 ERROR (_("\
1586 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1587 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1588 continue;
1589 }
1590
1591 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1592 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1593 &state);
1594 }
1595
1596 while (loaded != NULL)
1597 {
1598 struct loaded_segment *old = loaded;
1599 loaded = loaded->next;
1600 free (old);
1601 }
1602 }
1603
1604 static void
check_relr(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1605 check_relr (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1606 {
1607 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1608 if (data == NULL)
1609 {
1610 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1611 idx, section_name (ebl, idx));
1612 return;
1613 }
1614
1615 /* Check the fields of the section header. */
1616 GElf_Shdr destshdr_mem;
1617 GElf_Shdr *destshdr = NULL;
1618 struct loaded_segment *loaded = NULL;
1619 check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELR, &destshdr,
1620 &destshdr_mem, &loaded);
1621
1622 /* Just throw them away. */
1623 while (loaded != NULL)
1624 {
1625 struct loaded_segment *old = loaded;
1626 loaded = loaded->next;
1627 free (old);
1628 }
1629 }
1630
1631 /* Number of dynamic sections. */
1632 static int ndynamic;
1633
1634
1635 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1636 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1637 {
1638 Elf_Data *data;
1639 GElf_Shdr strshdr_mem;
1640 GElf_Shdr *strshdr;
1641 size_t cnt;
1642 static const bool dependencies[DT_NUM][DT_NUM] =
1643 {
1644 [DT_NEEDED] = { [DT_STRTAB] = true },
1645 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1646 [DT_HASH] = { [DT_SYMTAB] = true },
1647 [DT_STRTAB] = { [DT_STRSZ] = true },
1648 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1649 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1650 [DT_RELASZ] = { [DT_RELA] = true },
1651 [DT_RELAENT] = { [DT_RELA] = true },
1652 [DT_STRSZ] = { [DT_STRTAB] = true },
1653 [DT_SYMENT] = { [DT_SYMTAB] = true },
1654 [DT_SONAME] = { [DT_STRTAB] = true },
1655 [DT_RPATH] = { [DT_STRTAB] = true },
1656 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1657 [DT_RELSZ] = { [DT_REL] = true },
1658 [DT_RELENT] = { [DT_REL] = true },
1659 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1660 [DT_RUNPATH] = { [DT_STRTAB] = true },
1661 [DT_PLTREL] = { [DT_JMPREL] = true },
1662 };
1663 bool has_dt[DT_NUM];
1664 bool has_val_dt[DT_VALNUM];
1665 bool has_addr_dt[DT_ADDRNUM];
1666 static const bool level2[DT_NUM] =
1667 {
1668 [DT_RPATH] = true,
1669 [DT_SYMBOLIC] = true,
1670 [DT_TEXTREL] = true,
1671 [DT_BIND_NOW] = true
1672 };
1673 static const bool mandatory[DT_NUM] =
1674 {
1675 [DT_NULL] = true,
1676 [DT_STRTAB] = true,
1677 [DT_SYMTAB] = true,
1678 [DT_STRSZ] = true,
1679 [DT_SYMENT] = true
1680 };
1681
1682 memset (has_dt, '\0', sizeof (has_dt));
1683 memset (has_val_dt, '\0', sizeof (has_val_dt));
1684 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1685
1686 if (++ndynamic == 2)
1687 ERROR (_("more than one dynamic section present\n"));
1688
1689 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1690 if (data == NULL)
1691 {
1692 ERROR (_("section [%2d] '%s': cannot get section data\n"),
1693 idx, section_name (ebl, idx));
1694 return;
1695 }
1696
1697 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1698 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1699 ERROR (_("\
1700 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1701 shdr->sh_link, section_name (ebl, shdr->sh_link),
1702 idx, section_name (ebl, idx));
1703 else if (strshdr == NULL)
1704 {
1705 ERROR (_("\
1706 section [%2d]: referenced as string table for section [%2d] '%s' but section link value is invalid\n"),
1707 shdr->sh_link, idx, section_name (ebl, idx));
1708 return;
1709 }
1710
1711 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1712 if (shdr->sh_entsize != sh_entsize)
1713 ERROR (_("\
1714 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1715 idx, section_name (ebl, idx));
1716
1717 if (shdr->sh_info != 0)
1718 ERROR (_("section [%2d] '%s': sh_info not zero\n"),
1719 idx, section_name (ebl, idx));
1720
1721 bool non_null_warned = false;
1722 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1723 {
1724 GElf_Dyn dyn_mem;
1725 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1726 if (dyn == NULL)
1727 {
1728 ERROR (_("\
1729 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1730 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1731 continue;
1732 }
1733
1734 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1735 {
1736 ERROR (_("\
1737 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1738 idx, section_name (ebl, idx));
1739 non_null_warned = true;
1740 }
1741
1742 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1743 ERROR (_("section [%2d] '%s': entry %zu: unknown tag\n"),
1744 idx, section_name (ebl, idx), cnt);
1745
1746 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1747 {
1748 if (has_dt[dyn->d_tag]
1749 && dyn->d_tag != DT_NEEDED
1750 && dyn->d_tag != DT_NULL
1751 && dyn->d_tag != DT_POSFLAG_1)
1752 {
1753 char buf[50];
1754 ERROR (_("\
1755 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1756 idx, section_name (ebl, idx), cnt,
1757 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1758 buf, sizeof (buf)));
1759 }
1760
1761 if (be_strict && level2[dyn->d_tag])
1762 {
1763 char buf[50];
1764 ERROR (_("\
1765 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1766 idx, section_name (ebl, idx), cnt,
1767 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1768 buf, sizeof (buf)));
1769 }
1770
1771 has_dt[dyn->d_tag] = true;
1772 }
1773 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_VALRNGHI
1774 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1775 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1776 else if (dyn->d_tag >= 0 && dyn->d_tag <= DT_ADDRRNGHI
1777 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1778 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1779
1780 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1781 && dyn->d_un.d_val != DT_RELA)
1782 ERROR (_("\
1783 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1784 idx, section_name (ebl, idx), cnt);
1785
1786 /* Check that addresses for entries are in loaded segments. */
1787 switch (dyn->d_tag)
1788 {
1789 size_t n;
1790 case DT_STRTAB:
1791 /* We require the referenced section is the same as the one
1792 specified in sh_link. */
1793 if (strshdr->sh_addr != dyn->d_un.d_val)
1794 {
1795 ERROR (_("\
1796 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1797 idx, section_name (ebl, idx), cnt,
1798 shdr->sh_link, section_name (ebl, shdr->sh_link));
1799 break;
1800 }
1801 goto check_addr;
1802
1803 default:
1804 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1805 /* Value is no pointer. */
1806 break;
1807 FALLTHROUGH;
1808
1809 case DT_AUXILIARY:
1810 case DT_FILTER:
1811 case DT_FINI:
1812 case DT_FINI_ARRAY:
1813 case DT_HASH:
1814 case DT_INIT:
1815 case DT_INIT_ARRAY:
1816 case DT_JMPREL:
1817 case DT_PLTGOT:
1818 case DT_REL:
1819 case DT_RELA:
1820 case DT_RELR:
1821 case DT_SYMBOLIC:
1822 case DT_SYMTAB:
1823 case DT_VERDEF:
1824 case DT_VERNEED:
1825 case DT_VERSYM:
1826 check_addr:
1827 for (n = 0; n < phnum; ++n)
1828 {
1829 GElf_Phdr phdr_mem;
1830 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1831 if (phdr != NULL && phdr->p_type == PT_LOAD
1832 && phdr->p_vaddr <= dyn->d_un.d_ptr
1833 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1834 break;
1835 }
1836 if (unlikely (n >= phnum))
1837 {
1838 char buf[50];
1839 ERROR (_("\
1840 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1841 idx, section_name (ebl, idx), cnt,
1842 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1843 sizeof (buf)));
1844 }
1845 break;
1846
1847 case DT_NEEDED:
1848 case DT_RPATH:
1849 case DT_RUNPATH:
1850 case DT_SONAME:
1851 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1852 {
1853 char buf[50];
1854 ERROR (_("\
1855 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1856 idx, section_name (ebl, idx), cnt,
1857 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1858 sizeof (buf)),
1859 shdr->sh_link, section_name (ebl, shdr->sh_link));
1860 }
1861 break;
1862 }
1863 }
1864
1865 for (cnt = 1; cnt < DT_NUM; ++cnt)
1866 if (has_dt[cnt])
1867 {
1868 for (int inner = 0; inner < DT_NUM; ++inner)
1869 if (dependencies[cnt][inner] && ! has_dt[inner])
1870 {
1871 char buf1[50];
1872 char buf2[50];
1873
1874 ERROR (_("\
1875 section [%2d] '%s': contains %s entry but not %s\n"),
1876 idx, section_name (ebl, idx),
1877 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1878 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1879 }
1880 }
1881 else
1882 {
1883 if (mandatory[cnt])
1884 {
1885 char buf[50];
1886 ERROR (_("\
1887 section [%2d] '%s': mandatory tag %s not present\n"),
1888 idx, section_name (ebl, idx),
1889 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1890 }
1891 }
1892
1893 /* Make sure we have an hash table. */
1894 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1895 ERROR (_("\
1896 section [%2d] '%s': no hash section present\n"),
1897 idx, section_name (ebl, idx));
1898
1899 /* The GNU-style hash table also needs a symbol table. */
1900 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1901 && !has_dt[DT_SYMTAB])
1902 ERROR (_("\
1903 section [%2d] '%s': contains %s entry but not %s\n"),
1904 idx, section_name (ebl, idx),
1905 "DT_GNU_HASH", "DT_SYMTAB");
1906
1907 /* Check the rel/rela tags. At least one group must be available. */
1908 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1909 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1910 ERROR (_("\
1911 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1912 idx, section_name (ebl, idx),
1913 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1914
1915 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1916 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1917 ERROR (_("\
1918 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1919 idx, section_name (ebl, idx),
1920 "DT_REL", "DT_RELSZ", "DT_RELENT");
1921
1922 /* Check that all prelink sections are present if any of them is. */
1923 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1924 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1925 {
1926 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1927 ERROR (_("\
1928 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1929 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1930 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1931 ERROR (_("\
1932 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1933 idx, section_name (ebl, idx), "DT_CHECKSUM");
1934
1935 /* Only DSOs can be marked like this. */
1936 if (ehdr->e_type != ET_DYN)
1937 ERROR (_("\
1938 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1939 idx, section_name (ebl, idx));
1940 }
1941
1942 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1943 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1944 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1945 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1946 {
1947 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1948 ERROR (_("\
1949 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1950 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1951 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1952 ERROR (_("\
1953 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1954 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1955 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1956 ERROR (_("\
1957 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1958 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1959 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1960 ERROR (_("\
1961 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1962 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1963 }
1964 }
1965
1966
1967 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1968 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1969 {
1970 if (ehdr->e_type != ET_REL)
1971 {
1972 ERROR (_("\
1973 section [%2d] '%s': only relocatable files can have extended section index\n"),
1974 idx, section_name (ebl, idx));
1975 return;
1976 }
1977
1978 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1979 GElf_Shdr symshdr_mem;
1980 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1981 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1982 ERROR (_("\
1983 section [%2d] '%s': extended section index section not for symbol table\n"),
1984 idx, section_name (ebl, idx));
1985 else if (symshdr == NULL)
1986 ERROR (_("\
1987 section [%2d] '%s': sh_link extended section index [%2d] is invalid\n"),
1988 idx, section_name (ebl, idx), shdr->sh_link);
1989 Elf_Data *symdata = elf_getdata (symscn, NULL);
1990 if (symdata == NULL)
1991 ERROR (_("cannot get data for symbol section\n"));
1992
1993 if (shdr->sh_entsize != sizeof (Elf32_Word))
1994 ERROR (_("\
1995 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1996 idx, section_name (ebl, idx));
1997
1998 if (symshdr != NULL
1999 && shdr->sh_entsize != 0
2000 && symshdr->sh_entsize != 0
2001 && (shdr->sh_size / shdr->sh_entsize
2002 < symshdr->sh_size / symshdr->sh_entsize))
2003 ERROR (_("\
2004 section [%2d] '%s': extended index table too small for symbol table\n"),
2005 idx, section_name (ebl, idx));
2006
2007 if (shdr->sh_info != 0)
2008 ERROR (_("section [%2d] '%s': sh_info not zero\n"),
2009 idx, section_name (ebl, idx));
2010
2011 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
2012 {
2013 GElf_Shdr rshdr_mem;
2014 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
2015 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
2016 && rshdr->sh_link == shdr->sh_link)
2017 {
2018 ERROR (_("\
2019 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
2020 idx, section_name (ebl, idx),
2021 cnt, section_name (ebl, cnt));
2022 break;
2023 }
2024 }
2025
2026 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2027 if (data == NULL || data->d_buf == NULL)
2028 {
2029 ERROR (_("section [%2d] '%s': cannot get section data\n"),
2030 idx, section_name (ebl, idx));
2031 return;
2032 }
2033
2034 if (data->d_size < sizeof (Elf32_Word)
2035 || *((Elf32_Word *) data->d_buf) != 0)
2036 ERROR (_("symbol 0 should have zero extended section index\n"));
2037
2038 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
2039 {
2040 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
2041
2042 if (xndx != 0)
2043 {
2044 GElf_Sym sym_data;
2045 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
2046 if (sym == NULL)
2047 {
2048 ERROR (_("cannot get data for symbol %zu\n"), cnt);
2049 continue;
2050 }
2051
2052 if (sym->st_shndx != SHN_XINDEX)
2053 ERROR (_("\
2054 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
2055 (uint32_t) xndx);
2056 }
2057 }
2058 }
2059
2060
2061 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2062 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2063 GElf_Shdr *symshdr)
2064 {
2065 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
2066 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
2067
2068 if (shdr->sh_size < (2ULL + nbucket + nchain) * sizeof (Elf32_Word))
2069 {
2070 ERROR (_("\
2071 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2072 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2073 (long int) ((2 + nbucket + nchain) * sizeof (Elf32_Word)));
2074 return;
2075 }
2076
2077 size_t maxidx = nchain;
2078
2079 if (symshdr != NULL && symshdr->sh_entsize != 0)
2080 {
2081 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2082
2083 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2084 ERROR (_("section [%2d] '%s': chain array too large\n"),
2085 idx, section_name (ebl, idx));
2086
2087 maxidx = symsize;
2088 }
2089
2090 Elf32_Word *buf = (Elf32_Word *) data->d_buf;
2091 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
2092 size_t cnt;
2093 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2094 {
2095 if (buf + cnt >= end)
2096 break;
2097 else if (buf[cnt] >= maxidx)
2098 ERROR (_("\
2099 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2100 idx, section_name (ebl, idx), cnt - 2);
2101 }
2102
2103 for (; cnt < 2 + nbucket + nchain; ++cnt)
2104 {
2105 if (buf + cnt >= end)
2106 break;
2107 else if (buf[cnt] >= maxidx)
2108 ERROR (_("\
2109 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
2110 idx, section_name (ebl, idx), cnt - 2 - nbucket);
2111 }
2112 }
2113
2114
2115 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2116 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2117 GElf_Shdr *symshdr)
2118 {
2119 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
2120 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
2121
2122 uint64_t maxwords = shdr->sh_size / sizeof (Elf64_Xword);
2123 if (maxwords < 2
2124 || maxwords - 2 < nbucket
2125 || maxwords - 2 - nbucket < nchain)
2126 {
2127 ERROR (_("\
2128 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2129 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2130 (long int) ((2 + nbucket + nchain) * sizeof (Elf64_Xword)));
2131 return;
2132 }
2133
2134 size_t maxidx = nchain;
2135
2136 if (symshdr != NULL && symshdr->sh_entsize != 0)
2137 {
2138 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2139
2140 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2141 ERROR (_("section [%2d] '%s': chain array too large\n"),
2142 idx, section_name (ebl, idx));
2143
2144 maxidx = symsize;
2145 }
2146
2147 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
2148 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
2149 size_t cnt;
2150 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2151 {
2152 if (buf + cnt >= end)
2153 break;
2154 else if (buf[cnt] >= maxidx)
2155 ERROR (_("\
2156 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2157 idx, section_name (ebl, idx), cnt - 2);
2158 }
2159
2160 for (; cnt < 2 + nbucket + nchain; ++cnt)
2161 {
2162 if (buf + cnt >= end)
2163 break;
2164 else if (buf[cnt] >= maxidx)
2165 ERROR (_("\
2166 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2167 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
2168 }
2169 }
2170
2171
2172 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2173 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2174 GElf_Shdr *symshdr)
2175 {
2176 if (data->d_size < 4 * sizeof (Elf32_Word))
2177 {
2178 ERROR (_("\
2179 section [%2d] '%s': not enough data\n"),
2180 idx, section_name (ebl, idx));
2181 return;
2182 }
2183
2184 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2185 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2186 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2187
2188 if (bitmask_words == 0 || !powerof2 (bitmask_words))
2189 {
2190 ERROR (_("\
2191 section [%2d] '%s': bitmask size zero or not power of 2: %u\n"),
2192 idx, section_name (ebl, idx), bitmask_words);
2193 return;
2194 }
2195
2196 size_t bitmask_idxmask = bitmask_words - 1;
2197 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2198 bitmask_words *= 2;
2199 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2200
2201 /* Is there still room for the sym chain?
2202 Use uint64_t calculation to prevent 32bit overflow. */
2203 uint64_t used_buf = (4ULL + bitmask_words + nbuckets) * sizeof (Elf32_Word);
2204 if (used_buf > data->d_size)
2205 {
2206 ERROR (_("\
2207 section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
2208 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2209 (long int) used_buf);
2210 return;
2211 }
2212
2213 if (shift > 31)
2214 {
2215 ERROR (_("\
2216 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2217 idx, section_name (ebl, idx), shift);
2218 return;
2219 }
2220
2221 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2222 + nbuckets);
2223
2224 if (symshdr != NULL && symshdr->sh_entsize != 0)
2225 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2226
2227 /* We need the symbol section data. */
2228 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2229
2230 union
2231 {
2232 Elf32_Word *p32;
2233 Elf64_Xword *p64;
2234 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2235 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2236
2237 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2238
2239 size_t cnt;
2240 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2241 {
2242 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2243
2244 if (symidx == 0)
2245 continue;
2246
2247 if (symidx < symbias)
2248 {
2249 ERROR (_("\
2250 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2251 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2252 continue;
2253 }
2254
2255 while (symidx - symbias < maxidx)
2256 {
2257 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2258 + bitmask_words
2259 + nbuckets
2260 + symidx
2261 - symbias];
2262
2263 if (symdata != NULL)
2264 {
2265 /* Check that the referenced symbol is not undefined. */
2266 GElf_Sym sym_mem;
2267 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2268 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2269 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2270 ERROR (_("\
2271 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2272 idx, section_name (ebl, idx), symidx,
2273 cnt - (4 + bitmask_words));
2274
2275 const char *symname = (sym != NULL
2276 ? elf_strptr (ebl->elf, symshdr->sh_link,
2277 sym->st_name)
2278 : NULL);
2279 if (symname != NULL)
2280 {
2281 Elf32_Word hval = elf_gnu_hash (symname);
2282 if ((hval & ~1u) != (chainhash & ~1u))
2283 ERROR (_("\
2284 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2285 idx, section_name (ebl, idx), symidx,
2286 cnt - (4 + bitmask_words));
2287
2288 /* Set the bits in the bitmask. */
2289 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2290 if (maskidx >= bitmask_words)
2291 {
2292 ERROR (_("\
2293 section [%2d] '%s': mask index for symbol %u in chain for bucket %zu wrong\n"),
2294 idx, section_name (ebl, idx), symidx,
2295 cnt - (4 + bitmask_words));
2296 return;
2297 }
2298 if (classbits == 32)
2299 {
2300 collected.p32[maskidx]
2301 |= UINT32_C (1) << (hval & (classbits - 1));
2302 collected.p32[maskidx]
2303 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2304 }
2305 else
2306 {
2307 collected.p64[maskidx]
2308 |= UINT64_C (1) << (hval & (classbits - 1));
2309 collected.p64[maskidx]
2310 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2311 }
2312 }
2313 }
2314
2315 if ((chainhash & 1) != 0)
2316 break;
2317
2318 ++symidx;
2319 }
2320
2321 if (symidx - symbias >= maxidx)
2322 ERROR (_("\
2323 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2324 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2325 else if (symshdr != NULL && symshdr->sh_entsize != 0
2326 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2327 ERROR (_("\
2328 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2329 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2330 }
2331
2332 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2333 ERROR (_("\
2334 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2335 idx, section_name (ebl, idx));
2336
2337 free (collected.p32);
2338 }
2339
2340
2341 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2342 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2343 {
2344 if (ehdr->e_type == ET_REL)
2345 {
2346 ERROR (_("\
2347 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2348 idx, section_name (ebl, idx));
2349 return;
2350 }
2351
2352 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2353 if (data == NULL || data->d_buf == NULL)
2354 {
2355 ERROR (_("section [%2d] '%s': cannot get section data\n"),
2356 idx, section_name (ebl, idx));
2357 return;
2358 }
2359
2360 GElf_Shdr symshdr_mem;
2361 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2362 &symshdr_mem);
2363 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2364 ERROR (_("\
2365 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2366 idx, section_name (ebl, idx));
2367 else if (symshdr == NULL)
2368 ERROR (_("\
2369 section [%2d] '%s': invalid sh_link symbol table section index [%2d]\n"),
2370 idx, section_name (ebl, idx), shdr->sh_link);
2371
2372 size_t expect_entsize = (tag == SHT_GNU_HASH
2373 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2374 ? sizeof (Elf32_Word) : 0)
2375 : (size_t) ebl_sysvhash_entrysize (ebl));
2376
2377 if (shdr->sh_entsize != expect_entsize)
2378 ERROR (_("\
2379 section [%2d] '%s': hash table entry size incorrect\n"),
2380 idx, section_name (ebl, idx));
2381
2382 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2383 ERROR (_("section [%2d] '%s': not marked to be allocated\n"),
2384 idx, section_name (ebl, idx));
2385
2386 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (expect_entsize ?: 4))
2387 {
2388 ERROR (_("\
2389 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2390 idx, section_name (ebl, idx));
2391 return;
2392 }
2393
2394 switch (tag)
2395 {
2396 case SHT_HASH:
2397 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2398 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2399 else
2400 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2401 break;
2402
2403 case SHT_GNU_HASH:
2404 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2405 break;
2406
2407 default:
2408 assert (! "should not happen");
2409 }
2410 }
2411
2412
2413 /* Compare content of both hash tables, it must be identical. */
2414 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2415 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2416 size_t gnu_hash_idx)
2417 {
2418 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2419 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2420 GElf_Shdr hash_shdr_mem;
2421 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2422 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2423 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2424 GElf_Shdr gnu_hash_shdr_mem;
2425 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2426
2427 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2428 || hash_data == NULL || hash_data->d_buf == NULL
2429 || gnu_hash_data == NULL || gnu_hash_data->d_buf == NULL)
2430 /* None of these pointers should be NULL since we used the
2431 sections already. We are careful nonetheless. */
2432 return;
2433
2434 /* The link must point to the same symbol table. */
2435 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2436 {
2437 ERROR (_("\
2438 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2439 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2440 gnu_hash_idx,
2441 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2442 return;
2443 }
2444
2445 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2446 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2447 GElf_Shdr sym_shdr_mem;
2448 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2449
2450 if (sym_data == NULL || sym_data->d_buf == NULL
2451 || sym_shdr == NULL || sym_shdr->sh_entsize == 0)
2452 return;
2453
2454 const char *hash_name;
2455 const char *gnu_hash_name;
2456 hash_name = elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name);
2457 gnu_hash_name = elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name);
2458
2459 if (gnu_hash_data->d_size < 4 * sizeof (Elf32_Word))
2460 {
2461 ERROR (_("\
2462 hash section [%2zu] '%s' does not contain enough data\n"),
2463 gnu_hash_idx, gnu_hash_name);
2464 return;
2465 }
2466
2467 uint32_t nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2468 char *used = alloca (nentries);
2469 memset (used, '\0', nentries);
2470
2471 /* First go over the GNU_HASH table and mark the entries as used. */
2472 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2473 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2474 Elf32_Word gnu_symbias = gnu_hasharr[1];
2475 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2476 const Elf32_Word *gnu_bucket = (gnu_hasharr
2477 + (4 + gnu_hasharr[2] * bitmap_factor));
2478 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0];
2479
2480 if (gnu_hasharr[2] == 0)
2481 {
2482 ERROR (_("\
2483 hash section [%2zu] '%s' has zero bit mask words\n"),
2484 gnu_hash_idx, gnu_hash_name);
2485 return;
2486 }
2487
2488 uint64_t used_buf = ((4ULL + gnu_hasharr[2] * bitmap_factor + gnu_nbucket)
2489 * sizeof (Elf32_Word));
2490 uint32_t max_nsyms = (gnu_hash_data->d_size - used_buf) / sizeof (Elf32_Word);
2491 if (used_buf > gnu_hash_data->d_size)
2492 {
2493 ERROR (_("\
2494 hash section [%2zu] '%s' uses too much data\n"),
2495 gnu_hash_idx, gnu_hash_name);
2496 return;
2497 }
2498
2499 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2500 {
2501 if (gnu_bucket[cnt] != STN_UNDEF)
2502 {
2503 Elf32_Word symidx = gnu_bucket[cnt] - gnu_symbias;
2504 do
2505 {
2506 if (symidx >= max_nsyms || symidx + gnu_symbias >= nentries)
2507 {
2508 ERROR (_("\
2509 hash section [%2zu] '%s' invalid symbol index %" PRIu32 " (max_nsyms: %" PRIu32 ", nentries: %" PRIu32 "\n"),
2510 gnu_hash_idx, gnu_hash_name, symidx, max_nsyms, nentries);
2511 return;
2512 }
2513 used[symidx + gnu_symbias] |= 1;
2514 }
2515 while ((gnu_chain[symidx++] & 1u) == 0);
2516 }
2517 }
2518
2519 /* Now go over the old hash table and check that we cover the same
2520 entries. */
2521 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2522 {
2523 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2524 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2525 {
2526 ERROR (_("\
2527 hash section [%2zu] '%s' does not contain enough data\n"),
2528 hash_idx, hash_name);
2529 return;
2530 }
2531
2532 Elf32_Word nbucket = hasharr[0];
2533 Elf32_Word nchain = hasharr[1];
2534 uint64_t hash_used = (2ULL + nchain + nbucket) * sizeof (Elf32_Word);
2535 if (hash_used > hash_data->d_size)
2536 {
2537 ERROR (_("\
2538 hash section [%2zu] '%s' uses too much data\n"),
2539 hash_idx, hash_name);
2540 return;
2541 }
2542
2543 const Elf32_Word *bucket = &hasharr[2];
2544 const Elf32_Word *chain = &hasharr[2 + nbucket];
2545
2546 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2547 {
2548 Elf32_Word symidx = bucket[cnt];
2549 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2550 {
2551 used[symidx] |= 2;
2552 symidx = chain[symidx];
2553 }
2554 }
2555 }
2556 else if (hash_shdr->sh_entsize == sizeof (Elf64_Xword))
2557 {
2558 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2559 if (hash_data->d_size < 2 * sizeof (Elf32_Word))
2560 {
2561 ERROR (_("\
2562 hash section [%2zu] '%s' does not contain enough data\n"),
2563 hash_idx, hash_name);
2564 return;
2565 }
2566
2567 Elf64_Xword nbucket = hasharr[0];
2568 Elf64_Xword nchain = hasharr[1];
2569 uint64_t maxwords = hash_data->d_size / sizeof (Elf64_Xword);
2570 if (maxwords < 2
2571 || maxwords - 2 < nbucket
2572 || maxwords - 2 - nbucket < nchain)
2573 {
2574 ERROR (_("\
2575 hash section [%2zu] '%s' uses too much data\n"),
2576 hash_idx, hash_name);
2577 return;
2578 }
2579
2580 const Elf64_Xword *bucket = &hasharr[2];
2581 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2582
2583 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2584 {
2585 Elf64_Xword symidx = bucket[cnt];
2586 while (symidx != STN_UNDEF && symidx < nentries && symidx < nchain)
2587 {
2588 used[symidx] |= 2;
2589 symidx = chain[symidx];
2590 }
2591 }
2592 }
2593 else
2594 {
2595 ERROR (_("\
2596 hash section [%2zu] '%s' invalid sh_entsize\n"),
2597 hash_idx, hash_name);
2598 return;
2599 }
2600
2601 /* Now see which entries are not set in one or both hash tables
2602 (unless the symbol is undefined in which case it can be omitted
2603 in the new table format). */
2604 if ((used[0] & 1) != 0)
2605 ERROR (_("section [%2zu] '%s': reference to symbol index 0\n"),
2606 gnu_hash_idx,
2607 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2608 if ((used[0] & 2) != 0)
2609 ERROR (_("section [%2zu] '%s': reference to symbol index 0\n"),
2610 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2611
2612 for (uint32_t cnt = 1; cnt < nentries; ++cnt)
2613 if (used[cnt] != 0 && used[cnt] != 3)
2614 {
2615 if (used[cnt] == 1)
2616 ERROR (_("\
2617 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2618 cnt, gnu_hash_idx,
2619 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2620 hash_idx,
2621 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2622 else
2623 {
2624 GElf_Sym sym_mem;
2625 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2626
2627 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2628 ERROR (_("\
2629 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2630 cnt, hash_idx,
2631 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2632 gnu_hash_idx,
2633 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2634 }
2635 }
2636 }
2637
2638
2639 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2640 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2641 {
2642 #define TEST(name, extra) \
2643 if (extra && shdr->sh_##name != 0) \
2644 ERROR (_("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2645 idx, section_name (ebl, idx), #name)
2646
2647 TEST (name, 1);
2648 TEST (flags, 1);
2649 TEST (addr, 1);
2650 TEST (offset, 1);
2651 TEST (size, idx != 0);
2652 TEST (link, idx != 0);
2653 TEST (info, 1);
2654 TEST (addralign, 1);
2655 TEST (entsize, 1);
2656 }
2657
2658
2659 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2660 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2661 {
2662 if (ehdr->e_type != ET_REL)
2663 {
2664 ERROR (_("\
2665 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2666 idx, section_name (ebl, idx));
2667 return;
2668 }
2669
2670 /* Check that sh_link is an index of a symbol table. */
2671 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2672 GElf_Shdr symshdr_mem;
2673 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2674 if (symshdr == NULL)
2675 ERROR (_("section [%2d] '%s': cannot get symbol table: %s\n"),
2676 idx, section_name (ebl, idx), elf_errmsg (-1));
2677 else
2678 {
2679 if (symshdr->sh_type != SHT_SYMTAB)
2680 ERROR (_("\
2681 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2682 idx, section_name (ebl, idx));
2683
2684 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2685 1, EV_CURRENT))
2686 ERROR (_("\
2687 section [%2d] '%s': invalid symbol index in sh_info\n"),
2688 idx, section_name (ebl, idx));
2689
2690 if (shdr->sh_flags != 0)
2691 ERROR (_("section [%2d] '%s': sh_flags not zero\n"),
2692 idx, section_name (ebl, idx));
2693
2694 GElf_Sym sym_data;
2695 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2696 &sym_data);
2697 if (sym == NULL)
2698 ERROR (_("\
2699 section [%2d] '%s': cannot get symbol for signature\n"),
2700 idx, section_name (ebl, idx));
2701 else if (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name) == NULL)
2702 ERROR (_("\
2703 section [%2d] '%s': cannot get symbol name for signature\n"),
2704 idx, section_name (ebl, idx));
2705 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2706 "") == 0)
2707 ERROR (_("\
2708 section [%2d] '%s': signature symbol cannot be empty string\n"),
2709 idx, section_name (ebl, idx));
2710
2711 if (be_strict
2712 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2713 ERROR (_("section [%2d] '%s': sh_flags not set correctly\n"),
2714 idx, section_name (ebl, idx));
2715 }
2716
2717 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2718 if (data == NULL || data->d_buf == NULL)
2719 ERROR (_("section [%2d] '%s': cannot get data: %s\n"),
2720 idx, section_name (ebl, idx), elf_errmsg (-1));
2721 else
2722 {
2723 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2724 size_t cnt;
2725 Elf32_Word val;
2726
2727 if (data->d_size % elsize != 0)
2728 ERROR (_("\
2729 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2730 idx, section_name (ebl, idx));
2731
2732 if (data->d_size < elsize)
2733 {
2734 ERROR (_("\
2735 section [%2d] '%s': section group without flags word\n"),
2736 idx, section_name (ebl, idx));
2737 return;
2738 }
2739 else if (be_strict)
2740 {
2741 if (data->d_size < 2 * elsize)
2742 ERROR (_("\
2743 section [%2d] '%s': section group without member\n"),
2744 idx, section_name (ebl, idx));
2745 else if (data->d_size < 3 * elsize)
2746 ERROR (_("\
2747 section [%2d] '%s': section group with only one member\n"),
2748 idx, section_name (ebl, idx));
2749 }
2750
2751 #if ALLOW_UNALIGNED
2752 val = *((Elf32_Word *) data->d_buf);
2753 #else
2754 memcpy (&val, data->d_buf, elsize);
2755 #endif
2756 if ((val & ~GRP_COMDAT) != 0)
2757 ERROR (_("section [%2d] '%s': unknown section group flags\n"),
2758 idx, section_name (ebl, idx));
2759
2760 for (cnt = elsize; cnt + elsize <= data->d_size; cnt += elsize)
2761 {
2762 #if ALLOW_UNALIGNED
2763 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2764 #else
2765 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2766 #endif
2767
2768 if (val > shnum)
2769 ERROR (_("\
2770 section [%2d] '%s': section index %zu out of range\n"),
2771 idx, section_name (ebl, idx), cnt / elsize);
2772 else
2773 {
2774 GElf_Shdr refshdr_mem;
2775 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2776 &refshdr_mem);
2777 if (refshdr == NULL)
2778 ERROR (_("\
2779 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2780 idx, section_name (ebl, idx), cnt / elsize,
2781 elf_errmsg (-1));
2782 else
2783 {
2784 if (refshdr->sh_type == SHT_GROUP)
2785 ERROR (_("\
2786 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2787 idx, section_name (ebl, idx),
2788 val, section_name (ebl, val));
2789
2790 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2791 ERROR (_("\
2792 section [%2d] '%s': element %zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2793 idx, section_name (ebl, idx), cnt / elsize,
2794 val, section_name (ebl, val));
2795 }
2796
2797 if (val < shnum && ++scnref[val] == 2)
2798 ERROR (_("\
2799 section [%2d] '%s' is contained in more than one section group\n"),
2800 val, section_name (ebl, val));
2801 }
2802 }
2803 }
2804 }
2805
2806
2807 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2808 section_flags_string (GElf_Word flags, char *buf, size_t len)
2809 {
2810 if (flags == 0)
2811 return "none";
2812
2813 static const struct
2814 {
2815 GElf_Word flag;
2816 const char *name;
2817 } known_flags[] =
2818 {
2819 #define NEWFLAG(name) { SHF_##name, #name }
2820 NEWFLAG (WRITE),
2821 NEWFLAG (ALLOC),
2822 NEWFLAG (EXECINSTR),
2823 NEWFLAG (MERGE),
2824 NEWFLAG (STRINGS),
2825 NEWFLAG (INFO_LINK),
2826 NEWFLAG (LINK_ORDER),
2827 NEWFLAG (OS_NONCONFORMING),
2828 NEWFLAG (GROUP),
2829 NEWFLAG (TLS),
2830 NEWFLAG (COMPRESSED),
2831 NEWFLAG (GNU_RETAIN),
2832 NEWFLAG (ORDERED),
2833 NEWFLAG (EXCLUDE)
2834 };
2835 #undef NEWFLAG
2836 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2837
2838 char *cp = buf;
2839
2840 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2841 if (flags & known_flags[cnt].flag)
2842 {
2843 if (cp != buf && len > 1)
2844 {
2845 *cp++ = '|';
2846 --len;
2847 }
2848
2849 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2850 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2851 len -= ncopy;
2852
2853 flags ^= known_flags[cnt].flag;
2854 }
2855
2856 if (flags != 0 || cp == buf)
2857 {
2858 int r = snprintf (cp, len - 1, "%s%" PRIx64,
2859 (cp == buf) ? "" : "|", (uint64_t) flags);
2860 if (r > 0)
2861 cp += r;
2862 }
2863 *cp = '\0';
2864
2865 return buf;
2866 }
2867
2868
2869 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2870 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2871 {
2872 /* First find the relocation section for the symbol table. */
2873 Elf_Scn *scn = NULL;
2874 GElf_Shdr shdr_mem;
2875 GElf_Shdr *shdr = NULL;
2876 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2877 {
2878 shdr = gelf_getshdr (scn, &shdr_mem);
2879 if (shdr != NULL
2880 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2881 && shdr->sh_link == symscnndx)
2882 /* Found the section. */
2883 break;
2884 }
2885
2886 if (scn == NULL)
2887 return 0;
2888
2889 Elf_Data *data = elf_getdata (scn, NULL);
2890 if (data == NULL || shdr->sh_entsize == 0)
2891 return 0;
2892
2893 if (shdr->sh_type == SHT_REL)
2894 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2895 {
2896 GElf_Rel rel_mem;
2897 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2898 if (rel == NULL)
2899 continue;
2900
2901 if (GELF_R_SYM (rel->r_info) == symndx
2902 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2903 return 1;
2904 }
2905 else
2906 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2907 {
2908 GElf_Rela rela_mem;
2909 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2910 if (rela == NULL)
2911 continue;
2912
2913 if (GELF_R_SYM (rela->r_info) == symndx
2914 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2915 return 1;
2916 }
2917
2918 return 0;
2919 }
2920
2921
2922 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2923 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2924 {
2925 GElf_Shdr shdr_mem;
2926 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2927 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2928 }
2929
2930
2931 static struct version_namelist
2932 {
2933 const char *objname;
2934 const char *name;
2935 GElf_Versym ndx;
2936 enum { ver_def, ver_need } type;
2937 struct version_namelist *next;
2938 } *version_namelist;
2939
2940
2941 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2942 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2943 {
2944 /* Check that there are no duplications. */
2945 struct version_namelist *nlp = version_namelist;
2946 while (nlp != NULL)
2947 {
2948 if (((nlp->objname == NULL && objname == NULL)
2949 || (nlp->objname != NULL && objname != NULL
2950 && strcmp (nlp->objname, objname) == 0))
2951 && strcmp (nlp->name, name) == 0)
2952 return nlp->type == ver_def ? 1 : -1;
2953 nlp = nlp->next;
2954 }
2955
2956 nlp = xmalloc (sizeof (*nlp));
2957 nlp->objname = objname;
2958 nlp->name = name;
2959 nlp->ndx = ndx;
2960 nlp->type = type;
2961 nlp->next = version_namelist;
2962 version_namelist = nlp;
2963
2964 return 0;
2965 }
2966
2967
2968 static void
check_versym(Ebl * ebl,int idx)2969 check_versym (Ebl *ebl, int idx)
2970 {
2971 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2972 GElf_Shdr shdr_mem;
2973 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2974 if (shdr == NULL)
2975 /* The error has already been reported. */
2976 return;
2977
2978 Elf_Data *data = elf_getdata (scn, NULL);
2979 if (data == NULL)
2980 {
2981 ERROR (_("section [%2d] '%s': cannot get section data\n"),
2982 idx, section_name (ebl, idx));
2983 return;
2984 }
2985
2986 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2987 GElf_Shdr symshdr_mem;
2988 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2989 if (symshdr == NULL)
2990 /* The error has already been reported. */
2991 return;
2992
2993 if (symshdr->sh_type != SHT_DYNSYM)
2994 {
2995 ERROR (_("\
2996 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2997 idx, section_name (ebl, idx),
2998 shdr->sh_link, section_name (ebl, shdr->sh_link));
2999 return;
3000 }
3001
3002 /* The number of elements in the version symbol table must be the
3003 same as the number of symbols. */
3004 if (shdr->sh_entsize != 0 && symshdr->sh_entsize != 0
3005 && (shdr->sh_size / shdr->sh_entsize
3006 != symshdr->sh_size / symshdr->sh_entsize))
3007 ERROR (_("\
3008 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
3009 idx, section_name (ebl, idx),
3010 shdr->sh_link, section_name (ebl, shdr->sh_link));
3011
3012 Elf_Data *symdata = elf_getdata (symscn, NULL);
3013 if (symdata == NULL || shdr->sh_entsize == 0)
3014 /* The error has already been reported. */
3015 return;
3016
3017 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
3018 {
3019 GElf_Versym versym_mem;
3020 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
3021 if (versym == NULL)
3022 {
3023 ERROR (_("\
3024 section [%2d] '%s': symbol %d: cannot read version data\n"),
3025 idx, section_name (ebl, idx), cnt);
3026 break;
3027 }
3028
3029 GElf_Sym sym_mem;
3030 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
3031 if (sym == NULL)
3032 /* Already reported elsewhere. */
3033 continue;
3034
3035 if (*versym == VER_NDX_GLOBAL)
3036 {
3037 /* Global symbol. Make sure it is not defined as local. */
3038 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
3039 ERROR (_("\
3040 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
3041 idx, section_name (ebl, idx), cnt);
3042 }
3043 else if (*versym != VER_NDX_LOCAL)
3044 {
3045 /* Versioned symbol. Make sure it is not defined as local. */
3046 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
3047 ERROR (_("\
3048 section [%2d] '%s': symbol %d: local symbol with version\n"),
3049 idx, section_name (ebl, idx), cnt);
3050
3051 /* Look through the list of defined versions and locate the
3052 index we need for this symbol. */
3053 struct version_namelist *runp = version_namelist;
3054 while (runp != NULL)
3055 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
3056 break;
3057 else
3058 runp = runp->next;
3059
3060 if (runp == NULL)
3061 ERROR (_("\
3062 section [%2d] '%s': symbol %d: invalid version index %d\n"),
3063 idx, section_name (ebl, idx), cnt, (int) *versym);
3064 else if (sym->st_shndx == SHN_UNDEF
3065 && runp->type == ver_def)
3066 ERROR (_("\
3067 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
3068 idx, section_name (ebl, idx), cnt, (int) *versym);
3069 else if (sym->st_shndx != SHN_UNDEF
3070 && runp->type == ver_need)
3071 {
3072 /* Unless this symbol has a copy relocation associated
3073 this must not happen. */
3074 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
3075 && !in_nobits_scn (ebl, sym->st_shndx))
3076 ERROR (_("\
3077 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
3078 idx, section_name (ebl, idx), cnt, (int) *versym);
3079 }
3080 }
3081 }
3082 }
3083
3084
3085 static int
unknown_dependency_p(Elf * elf,const char * fname)3086 unknown_dependency_p (Elf *elf, const char *fname)
3087 {
3088 GElf_Phdr phdr_mem;
3089 GElf_Phdr *phdr = NULL;
3090
3091 unsigned int i;
3092 for (i = 0; i < phnum; ++i)
3093 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
3094 && phdr->p_type == PT_DYNAMIC)
3095 break;
3096
3097 if (i == phnum)
3098 return 1;
3099 assert (phdr != NULL);
3100 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
3101 GElf_Shdr shdr_mem;
3102 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
3103 Elf_Data *data = elf_getdata (scn, NULL);
3104 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC
3105 && data != NULL && shdr->sh_entsize != 0)
3106 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
3107 {
3108 GElf_Dyn dyn_mem;
3109 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
3110 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
3111 {
3112 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
3113 if (str != NULL && strcmp (str, fname) == 0)
3114 /* Found it. */
3115 return 0;
3116 }
3117 }
3118
3119 return 1;
3120 }
3121
3122
3123 static unsigned int nverneed;
3124
3125 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)3126 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
3127 {
3128 if (++nverneed == 2)
3129 ERROR (_("more than one version reference section present\n"));
3130
3131 GElf_Shdr strshdr_mem;
3132 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3133 &strshdr_mem);
3134 if (strshdr == NULL)
3135 return;
3136 if (strshdr->sh_type != SHT_STRTAB)
3137 ERROR (_("\
3138 section [%2d] '%s': sh_link does not link to string table\n"),
3139 idx, section_name (ebl, idx));
3140
3141 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3142 if (data == NULL)
3143 {
3144 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3145 idx, section_name (ebl, idx));
3146 return;
3147 }
3148 unsigned int offset = 0;
3149 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3150 {
3151 cnt--;
3152
3153 /* Get the data at the next offset. */
3154 GElf_Verneed needmem;
3155 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
3156 if (need == NULL)
3157 break;
3158
3159 unsigned int auxoffset = offset + need->vn_aux;
3160
3161 if (need->vn_version != EV_CURRENT)
3162 ERROR (_("\
3163 section [%2d] '%s': entry %d has wrong version %d\n"),
3164 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
3165
3166 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
3167 1, EV_CURRENT))
3168 {
3169 ERROR (_("\
3170 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3171 idx, section_name (ebl, idx), cnt);
3172 break;
3173 }
3174
3175 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
3176 need->vn_file);
3177 if (libname == NULL)
3178 {
3179 ERROR (_("\
3180 section [%2d] '%s': entry %d has invalid file reference\n"),
3181 idx, section_name (ebl, idx), cnt);
3182 goto next_need;
3183 }
3184
3185 /* Check that there is a DT_NEEDED entry for the referenced library. */
3186 if (unknown_dependency_p (ebl->elf, libname))
3187 ERROR (_("\
3188 section [%2d] '%s': entry %d references unknown dependency\n"),
3189 idx, section_name (ebl, idx), cnt);
3190
3191 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
3192 {
3193 GElf_Vernaux auxmem;
3194 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
3195 if (aux == NULL)
3196 break;
3197
3198 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
3199 ERROR (_("\
3200 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
3201 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3202
3203 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
3204 aux->vna_name);
3205 if (verstr == NULL)
3206 {
3207 ERROR (_("\
3208 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
3209 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3210 break;
3211 }
3212 else
3213 {
3214 GElf_Word hashval = elf_hash (verstr);
3215 if (hashval != aux->vna_hash)
3216 ERROR (_("\
3217 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
3218 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3219 cnt, (int) hashval, (int) aux->vna_hash);
3220
3221 int res = add_version (libname, verstr, aux->vna_other,
3222 ver_need);
3223 if (unlikely (res !=0))
3224 {
3225 ERROR (_("\
3226 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
3227 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
3228 cnt, verstr);
3229 }
3230 }
3231
3232 if ((aux->vna_next != 0 || cnt2 > 0)
3233 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
3234 EV_CURRENT))
3235 {
3236 ERROR (_("\
3237 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
3238 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
3239 break;
3240 }
3241
3242 auxoffset += MAX (aux->vna_next,
3243 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
3244 }
3245
3246 /* Find the next offset. */
3247 next_need:
3248 offset += need->vn_next;
3249
3250 if ((need->vn_next != 0 || cnt > 0)
3251 && offset < auxoffset)
3252 {
3253 ERROR (_("\
3254 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3255 idx, section_name (ebl, idx), cnt);
3256 break;
3257 }
3258
3259 if (need->vn_next == 0 && cnt > 0)
3260 {
3261 ERROR (_("\
3262 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3263 idx, section_name (ebl, idx), cnt);
3264 break;
3265 }
3266 }
3267 }
3268
3269
3270 static unsigned int nverdef;
3271
3272 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)3273 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
3274 {
3275 if (++nverdef == 2)
3276 ERROR (_("more than one version definition section present\n"));
3277
3278 GElf_Shdr strshdr_mem;
3279 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3280 &strshdr_mem);
3281 if (strshdr == NULL)
3282 return;
3283 if (strshdr->sh_type != SHT_STRTAB)
3284 ERROR (_("\
3285 section [%2d] '%s': sh_link does not link to string table\n"),
3286 idx, section_name (ebl, idx));
3287
3288 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3289 if (data == NULL)
3290 {
3291 no_data:
3292 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3293 idx, section_name (ebl, idx));
3294 return;
3295 }
3296
3297 /* Iterate over all version definition entries. We check that there
3298 is a BASE entry and that each index is unique. To do the later
3299 we collection the information in a list which is later
3300 examined. */
3301 struct namelist
3302 {
3303 const char *name;
3304 struct namelist *next;
3305 } *namelist = NULL;
3306 struct namelist *refnamelist = NULL;
3307
3308 bool has_base = false;
3309 unsigned int offset = 0;
3310 for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
3311 {
3312 cnt--;
3313
3314 /* Get the data at the next offset. */
3315 GElf_Verdef defmem;
3316 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3317 if (def == NULL)
3318 goto no_data;
3319
3320 if ((def->vd_flags & VER_FLG_BASE) != 0)
3321 {
3322 if (has_base)
3323 ERROR (_("\
3324 section [%2d] '%s': more than one BASE definition\n"),
3325 idx, section_name (ebl, idx));
3326 if (def->vd_ndx != VER_NDX_GLOBAL)
3327 ERROR (_("\
3328 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3329 idx, section_name (ebl, idx));
3330 has_base = true;
3331 }
3332 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3333 ERROR (_("\
3334 section [%2d] '%s': entry %d has unknown flag\n"),
3335 idx, section_name (ebl, idx), cnt);
3336
3337 if (def->vd_version != EV_CURRENT)
3338 ERROR (_("\
3339 section [%2d] '%s': entry %d has wrong version %d\n"),
3340 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3341
3342 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3343 1, EV_CURRENT))
3344 {
3345 ERROR (_("\
3346 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3347 idx, section_name (ebl, idx), cnt);
3348 break;
3349 }
3350
3351 unsigned int auxoffset = offset + def->vd_aux;
3352 GElf_Verdaux auxmem;
3353 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3354 if (aux == NULL)
3355 goto no_data;
3356
3357 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3358 if (name == NULL)
3359 {
3360 ERROR (_("\
3361 section [%2d] '%s': entry %d has invalid name reference\n"),
3362 idx, section_name (ebl, idx), cnt);
3363 goto next_def;
3364 }
3365 GElf_Word hashval = elf_hash (name);
3366 if (def->vd_hash != hashval)
3367 ERROR (_("\
3368 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3369 idx, section_name (ebl, idx), cnt, (int) hashval,
3370 (int) def->vd_hash);
3371
3372 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3373 if (unlikely (res !=0))
3374 {
3375 ERROR (_("\
3376 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3377 idx, section_name (ebl, idx), cnt, name);
3378 }
3379
3380 struct namelist *newname = alloca (sizeof (*newname));
3381 newname->name = name;
3382 newname->next = namelist;
3383 namelist = newname;
3384
3385 auxoffset += aux->vda_next;
3386 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3387 {
3388 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3389 if (aux == NULL)
3390 goto no_data;
3391
3392 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3393 if (name == NULL)
3394 {
3395 ERROR (_("\
3396 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3397 idx, section_name (ebl, idx), cnt);
3398 break;
3399 }
3400 else
3401 {
3402 newname = alloca (sizeof (*newname));
3403 newname->name = name;
3404 newname->next = refnamelist;
3405 refnamelist = newname;
3406 }
3407
3408 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3409 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3410 EV_CURRENT))
3411 {
3412 ERROR (_("\
3413 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3414 idx, section_name (ebl, idx), cnt);
3415 break;
3416 }
3417
3418 auxoffset += MAX (aux->vda_next,
3419 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3420 }
3421
3422 /* Find the next offset. */
3423 next_def:
3424 offset += def->vd_next;
3425
3426 if ((def->vd_next != 0 || cnt > 0)
3427 && offset < auxoffset)
3428 {
3429 ERROR (_("\
3430 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3431 idx, section_name (ebl, idx), cnt);
3432 break;
3433 }
3434
3435 if (def->vd_next == 0 && cnt > 0)
3436 {
3437 ERROR (_("\
3438 section [%2d] '%s': entry %d has zero offset to next entry, but sh_info says there are more entries\n"),
3439 idx, section_name (ebl, idx), cnt);
3440 break;
3441 }
3442 }
3443
3444 if (!has_base)
3445 ERROR (_("section [%2d] '%s': no BASE definition\n"),
3446 idx, section_name (ebl, idx));
3447
3448 /* Check whether the referenced names are available. */
3449 while (namelist != NULL)
3450 {
3451 struct version_namelist *runp = version_namelist;
3452 while (runp != NULL)
3453 {
3454 if (runp->type == ver_def
3455 && strcmp (runp->name, namelist->name) == 0)
3456 break;
3457 runp = runp->next;
3458 }
3459
3460 if (runp == NULL)
3461 ERROR (_("\
3462 section [%2d] '%s': unknown parent version '%s'\n"),
3463 idx, section_name (ebl, idx), namelist->name);
3464
3465 namelist = namelist->next;
3466 }
3467 }
3468
3469 static inline size_t
buffer_pos(Elf_Data * data,const unsigned char * p)3470 buffer_pos (Elf_Data *data, const unsigned char *p)
3471 {
3472 return p - (const unsigned char *) data->d_buf;
3473 }
3474
3475 static inline size_t
buffer_left(Elf_Data * data,const unsigned char * p)3476 buffer_left (Elf_Data *data, const unsigned char *p)
3477 {
3478 return (const unsigned char *) data->d_buf + data->d_size - p;
3479 }
3480
3481 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3482 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3483 {
3484 if (shdr->sh_size == 0)
3485 {
3486 ERROR (_("section [%2d] '%s': empty object attributes section\n"),
3487 idx, section_name (ebl, idx));
3488 return;
3489 }
3490
3491 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3492 if (data == NULL || data->d_size == 0 || data->d_buf == NULL)
3493 {
3494 ERROR (_("section [%2d] '%s': cannot get section data\n"),
3495 idx, section_name (ebl, idx));
3496 return;
3497 }
3498
3499 const unsigned char *p = data->d_buf;
3500 if (*p++ != 'A')
3501 {
3502 ERROR (_("section [%2d] '%s': unrecognized attribute format\n"),
3503 idx, section_name (ebl, idx));
3504 return;
3505 }
3506
3507 while (buffer_left (data, p) >= 4)
3508 {
3509 uint32_t len;
3510 memcpy (&len, p, sizeof len);
3511
3512 if (len == 0)
3513 ERROR (_("\
3514 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3515 idx, section_name (ebl, idx), buffer_pos (data, p));
3516
3517 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3518 CONVERT (len);
3519
3520 if (len > buffer_left (data, p))
3521 {
3522 ERROR (_("\
3523 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3524 idx, section_name (ebl, idx), buffer_pos (data, p));
3525 break;
3526 }
3527
3528 const unsigned char *name = p + sizeof len;
3529 p += len;
3530
3531 unsigned const char *q = memchr (name, '\0', len);
3532 if (q == NULL)
3533 {
3534 ERROR (_("\
3535 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3536 idx, section_name (ebl, idx), buffer_pos (data, p));
3537 break;
3538 }
3539 ++q;
3540
3541 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3542 while (q < p)
3543 {
3544 unsigned const char *chunk = q;
3545
3546 unsigned int subsection_tag;
3547 get_uleb128 (subsection_tag, q, p);
3548
3549 if (q >= p)
3550 {
3551 ERROR (_("\
3552 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3553 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3554 break;
3555 }
3556
3557 uint32_t subsection_len;
3558 if (p - q < (ptrdiff_t) sizeof subsection_len)
3559 {
3560 ERROR (_("\
3561 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3562 idx, section_name (ebl, idx), buffer_pos (data, q));
3563 break;
3564 }
3565
3566 memcpy (&subsection_len, q, sizeof subsection_len);
3567 if (subsection_len == 0)
3568 {
3569 ERROR (_("\
3570 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3571 idx, section_name (ebl, idx), buffer_pos (data, q));
3572
3573 q += sizeof subsection_len;
3574 continue;
3575 }
3576
3577 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3578 CONVERT (subsection_len);
3579
3580 /* Don't overflow, ptrdiff_t might be 32bits, but signed. */
3581 if (p - chunk < (ptrdiff_t) subsection_len
3582 || subsection_len >= (uint32_t) PTRDIFF_MAX)
3583 {
3584 ERROR (_("\
3585 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3586 idx, section_name (ebl, idx), buffer_pos (data, q));
3587 break;
3588 }
3589
3590 const unsigned char *subsection_end = chunk + subsection_len;
3591 chunk = q;
3592 q = subsection_end;
3593
3594 if (subsection_tag != 1) /* Tag_File */
3595 ERROR (_("\
3596 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3597 idx, section_name (ebl, idx), buffer_pos (data, chunk), subsection_tag);
3598 else
3599 {
3600 chunk += sizeof subsection_len;
3601 while (chunk < q)
3602 {
3603 unsigned int tag;
3604 get_uleb128 (tag, chunk, q);
3605
3606 uint64_t value = 0;
3607 const unsigned char *r = chunk;
3608 if (tag == 32 || (tag & 1) == 0)
3609 {
3610 if (r >= q)
3611 goto invalid_uleb;
3612 get_uleb128 (value, r, q);
3613 if (r > q)
3614 {
3615 invalid_uleb:
3616 ERROR (_("\
3617 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3618 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3619 break;
3620 }
3621 }
3622 if (tag == 32 || (tag & 1) != 0)
3623 {
3624 r = memchr (r, '\0', q - r);
3625 if (r == NULL)
3626 {
3627 ERROR (_("\
3628 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3629 idx, section_name (ebl, idx), buffer_pos (data, chunk));
3630 break;
3631 }
3632 ++r;
3633 }
3634
3635 const char *tag_name = NULL;
3636 const char *value_name = NULL;
3637 if (!ebl_check_object_attribute (ebl, (const char *) name,
3638 tag, value,
3639 &tag_name, &value_name))
3640 ERROR (_("\
3641 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3642 idx, section_name (ebl, idx), buffer_pos (data, chunk), tag);
3643 else if ((tag & 1) == 0 && value_name == NULL)
3644 ERROR (_("\
3645 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3646 idx, section_name (ebl, idx), buffer_pos (data, chunk),
3647 tag_name, value);
3648
3649 chunk = r;
3650 }
3651 }
3652 }
3653 else
3654 ERROR (_("\
3655 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3656 idx, section_name (ebl, idx), buffer_pos (data, p), name);
3657 }
3658
3659 if (buffer_left (data, p) != 0)
3660 ERROR (_("\
3661 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3662 idx, section_name (ebl, idx), buffer_pos (data, p));
3663 }
3664
3665 static bool has_loadable_segment;
3666 static bool has_interp_segment;
3667
3668 static const struct
3669 {
3670 const char *name;
3671 size_t namelen;
3672 GElf_Word type;
3673 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3674 GElf_Word attr;
3675 GElf_Word attr2;
3676 } special_sections[] =
3677 {
3678 /* See figure 4-14 in the gABI. */
3679 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3680 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3681 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3682 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3683 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3684 { ".debug_line_str", 16, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3685 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3686 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3687 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3688 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3689 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3690 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3691 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3692 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3693 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3694 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3695 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3696 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3697 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3698 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3699 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3700 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3701 { ".relr", 5, SHT_RELR, atleast, 0, SHF_ALLOC }, // XXX more tests
3702 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3703 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3704 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3705 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3706 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3707 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3708 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3709 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3710 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3711 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3712 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3713
3714 /* The following are GNU extensions. */
3715 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3716 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3717 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3718 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3719 };
3720 #define nspecial_sections \
3721 (sizeof (special_sections) / sizeof (special_sections[0]))
3722
3723 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3724 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3725 && !memcmp (special_sections[idx].name, string, \
3726 sizeof string - (prefix ? 1 : 0)))
3727
3728 /* Extra section flags that might or might not be added to the section
3729 and have to be ignored. */
3730 #define EXTRA_SHFLAGS (SHF_LINK_ORDER \
3731 | SHF_GNU_RETAIN \
3732 | SHF_GROUP \
3733 | SHF_COMPRESSED)
3734
3735
3736 /* Indices of some sections we need later. */
3737 static size_t eh_frame_hdr_scnndx;
3738 static size_t eh_frame_scnndx;
3739 static size_t gcc_except_table_scnndx;
3740
3741
3742 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3743 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3744 {
3745 if (ehdr->e_shoff == 0)
3746 /* No section header. */
3747 return;
3748
3749 /* Allocate array to count references in section groups. */
3750 scnref = xcalloc (shnum, sizeof (int));
3751
3752 /* Check the zeroth section first. It must not have any contents
3753 and the section header must contain nonzero value at most in the
3754 sh_size and sh_link fields. */
3755 GElf_Shdr shdr_mem;
3756 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3757 if (shdr == NULL)
3758 ERROR (_("cannot get section header of zeroth section\n"));
3759 else
3760 {
3761 if (shdr->sh_name != 0)
3762 ERROR (_("zeroth section has nonzero name\n"));
3763 if (shdr->sh_type != 0)
3764 ERROR (_("zeroth section has nonzero type\n"));
3765 if (shdr->sh_flags != 0)
3766 ERROR (_("zeroth section has nonzero flags\n"));
3767 if (shdr->sh_addr != 0)
3768 ERROR (_("zeroth section has nonzero address\n"));
3769 if (shdr->sh_offset != 0)
3770 ERROR (_("zeroth section has nonzero offset\n"));
3771 if (shdr->sh_addralign != 0)
3772 ERROR (_("zeroth section has nonzero align value\n"));
3773 if (shdr->sh_entsize != 0)
3774 ERROR (_("zeroth section has nonzero entry size value\n"));
3775
3776 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3777 ERROR (_("\
3778 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3779
3780 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3781 ERROR (_("\
3782 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3783
3784 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3785 ERROR (_("\
3786 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3787 }
3788
3789 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3790
3791 bool dot_interp_section = false;
3792
3793 size_t hash_idx = 0;
3794 size_t gnu_hash_idx = 0;
3795
3796 size_t versym_scnndx = 0;
3797 for (size_t cnt = 1; cnt < shnum; ++cnt)
3798 {
3799 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
3800 shdr = gelf_getshdr (scn, &shdr_mem);
3801 if (shdr == NULL)
3802 {
3803 ERROR (_("\
3804 cannot get section header for section [%2zu] '%s': %s\n"),
3805 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3806 continue;
3807 }
3808
3809 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3810
3811 if (scnname == NULL)
3812 ERROR (_("section [%2zu]: invalid name\n"), cnt);
3813 else
3814 {
3815 /* Check whether it is one of the special sections defined in
3816 the gABI. */
3817 size_t s;
3818 for (s = 0; s < nspecial_sections; ++s)
3819 if (strncmp (scnname, special_sections[s].name,
3820 special_sections[s].namelen) == 0)
3821 {
3822 char stbuf1[100];
3823 char stbuf2[100];
3824 char stbuf3[100];
3825
3826 GElf_Word good_type = special_sections[s].type;
3827 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3828 && ebl_bss_plt_p (ebl))
3829 good_type = SHT_NOBITS;
3830
3831 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3832 This is only invalid for DWARF sections and .shstrtab. */
3833 if (shdr->sh_type != good_type
3834 && (shdr->sh_type != SHT_NOBITS
3835 || !is_debuginfo
3836 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3837 || IS_KNOWN_SPECIAL (s, ".debug", true)
3838 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3839 ERROR (_("\
3840 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3841 (int) cnt, scnname,
3842 ebl_section_type_name (ebl, special_sections[s].type,
3843 stbuf1, sizeof (stbuf1)),
3844 ebl_section_type_name (ebl, shdr->sh_type,
3845 stbuf2, sizeof (stbuf2)));
3846
3847 if (special_sections[s].attrflag == exact
3848 || special_sections[s].attrflag == exact_or_gnuld)
3849 {
3850 /* Except for the link order, retain, group bit and
3851 compression flag all the other bits should
3852 match exactly. */
3853 if ((shdr->sh_flags & ~EXTRA_SHFLAGS)
3854 != special_sections[s].attr
3855 && (special_sections[s].attrflag == exact || !gnuld))
3856 ERROR (_("\
3857 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3858 cnt, scnname,
3859 section_flags_string (special_sections[s].attr,
3860 stbuf1, sizeof (stbuf1)),
3861 section_flags_string (shdr->sh_flags
3862 & ~EXTRA_SHFLAGS,
3863 stbuf2, sizeof (stbuf2)));
3864 }
3865 else if (special_sections[s].attrflag == atleast)
3866 {
3867 if ((shdr->sh_flags & special_sections[s].attr)
3868 != special_sections[s].attr
3869 || ((shdr->sh_flags
3870 & ~(EXTRA_SHFLAGS
3871 | special_sections[s].attr
3872 | special_sections[s].attr2))
3873 != 0))
3874 ERROR (_("\
3875 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3876 cnt, scnname,
3877 section_flags_string (special_sections[s].attr,
3878 stbuf1, sizeof (stbuf1)),
3879 section_flags_string (special_sections[s].attr2,
3880 stbuf2, sizeof (stbuf2)),
3881 section_flags_string (shdr->sh_flags
3882 & ~EXTRA_SHFLAGS,
3883 stbuf3, sizeof (stbuf3)));
3884 }
3885
3886 if (strcmp (scnname, ".interp") == 0)
3887 {
3888 dot_interp_section = true;
3889
3890 if (ehdr->e_type == ET_REL)
3891 ERROR (_("\
3892 section [%2zu] '%s' present in object file\n"),
3893 cnt, scnname);
3894
3895 if ((shdr->sh_flags & SHF_ALLOC) != 0
3896 && !has_loadable_segment)
3897 ERROR (_("\
3898 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3899 cnt, scnname);
3900 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3901 && has_loadable_segment)
3902 ERROR (_("\
3903 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3904 cnt, scnname);
3905 }
3906 else
3907 {
3908 if (strcmp (scnname, ".symtab_shndx") == 0
3909 && ehdr->e_type != ET_REL)
3910 ERROR (_("\
3911 section [%2zu] '%s' is extension section index table in non-object file\n"),
3912 cnt, scnname);
3913
3914 /* These sections must have the SHF_ALLOC flag set iff
3915 a loadable segment is available.
3916
3917 .relxxx
3918 .strtab
3919 .symtab
3920 .symtab_shndx
3921
3922 Check that if there is a reference from the
3923 loaded section these sections also have the
3924 ALLOC flag set. */
3925 #if 0
3926 // XXX TODO
3927 if ((shdr->sh_flags & SHF_ALLOC) != 0
3928 && !has_loadable_segment)
3929 ERROR (_("\
3930 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3931 cnt, scnname);
3932 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3933 && has_loadable_segment)
3934 ERROR (_("\
3935 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3936 cnt, scnname);
3937 #endif
3938 }
3939
3940 break;
3941 }
3942
3943 /* Remember a few special sections for later. */
3944 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3945 eh_frame_hdr_scnndx = cnt;
3946 else if (strcmp (scnname, ".eh_frame") == 0)
3947 eh_frame_scnndx = cnt;
3948 else if (strcmp (scnname, ".gcc_except_table") == 0)
3949 gcc_except_table_scnndx = cnt;
3950 }
3951
3952 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3953 ERROR (_("\
3954 section [%2zu] '%s': size not multiple of entry size\n"),
3955 cnt, section_name (ebl, cnt));
3956
3957 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3958 ERROR (_("cannot get section header\n"));
3959
3960 if (shdr->sh_type >= SHT_NUM
3961 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3962 && shdr->sh_type != SHT_GNU_LIBLIST
3963 && shdr->sh_type != SHT_CHECKSUM
3964 && shdr->sh_type != SHT_GNU_verdef
3965 && shdr->sh_type != SHT_GNU_verneed
3966 && shdr->sh_type != SHT_GNU_versym
3967 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3968 ERROR (_("section [%2zu] '%s' has unsupported type %d\n"),
3969 cnt, section_name (ebl, cnt),
3970 (int) shdr->sh_type);
3971
3972 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3973 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3974 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS \
3975 | SHF_COMPRESSED | SHF_GNU_RETAIN)
3976 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3977 {
3978 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3979 if (sh_flags & SHF_MASKPROC)
3980 {
3981 /* Strictly speaking SHF_EXCLUDE is a processor specific
3982 section flag, but it is used generically in the GNU
3983 toolchain. */
3984 if (gnuld)
3985 sh_flags &= ~(GElf_Xword) SHF_EXCLUDE;
3986 if (!ebl_machine_section_flag_check (ebl,
3987 sh_flags & SHF_MASKPROC))
3988 ERROR (_("section [%2zu] '%s'"
3989 " contains invalid processor-specific flag(s)"
3990 " %#" PRIx64 "\n"),
3991 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3992 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3993 }
3994 if (sh_flags & SHF_MASKOS)
3995 if (gnuld)
3996 sh_flags &= ~(GElf_Xword) SHF_GNU_RETAIN;
3997 if (sh_flags != 0)
3998 ERROR (_("section [%2zu] '%s' contains unknown flag(s)"
3999 " %#" PRIx64 "\n"),
4000 cnt, section_name (ebl, cnt), sh_flags);
4001 }
4002 if (shdr->sh_flags & SHF_TLS)
4003 {
4004 // XXX Correct?
4005 if (shdr->sh_addr != 0 && !gnuld)
4006 ERROR (_("\
4007 section [%2zu] '%s': thread-local data sections address not zero\n"),
4008 cnt, section_name (ebl, cnt));
4009
4010 // XXX TODO more tests!?
4011 }
4012
4013 if (shdr->sh_flags & SHF_COMPRESSED)
4014 {
4015 if (shdr->sh_flags & SHF_ALLOC)
4016 ERROR (_("\
4017 section [%2zu] '%s': allocated section cannot be compressed\n"),
4018 cnt, section_name (ebl, cnt));
4019
4020 if (shdr->sh_type == SHT_NOBITS)
4021 ERROR (_("\
4022 section [%2zu] '%s': nobits section cannot be compressed\n"),
4023 cnt, section_name (ebl, cnt));
4024
4025 GElf_Chdr chdr;
4026 if (gelf_getchdr (scn, &chdr) == NULL)
4027 ERROR (_("\
4028 section [%2zu] '%s': compressed section with no compression header: %s\n"),
4029 cnt, section_name (ebl, cnt), elf_errmsg (-1));
4030 }
4031
4032 if (shdr->sh_link >= shnum)
4033 ERROR (_("\
4034 section [%2zu] '%s': invalid section reference in link value\n"),
4035 cnt, section_name (ebl, cnt));
4036
4037 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
4038 ERROR (_("\
4039 section [%2zu] '%s': invalid section reference in info value\n"),
4040 cnt, section_name (ebl, cnt));
4041
4042 if ((shdr->sh_flags & SHF_MERGE) == 0
4043 && (shdr->sh_flags & SHF_STRINGS) != 0
4044 && be_strict)
4045 ERROR (_("\
4046 section [%2zu] '%s': strings flag set without merge flag\n"),
4047 cnt, section_name (ebl, cnt));
4048
4049 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
4050 ERROR (_("\
4051 section [%2zu] '%s': merge flag set but entry size is zero\n"),
4052 cnt, section_name (ebl, cnt));
4053
4054 if (shdr->sh_flags & SHF_GROUP)
4055 check_scn_group (ebl, cnt);
4056
4057 if (shdr->sh_flags & SHF_EXECINSTR)
4058 {
4059 switch (shdr->sh_type)
4060 {
4061 case SHT_PROGBITS:
4062 break;
4063
4064 case SHT_NOBITS:
4065 if (is_debuginfo)
4066 break;
4067 FALLTHROUGH;
4068 default:
4069 ERROR (_("\
4070 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
4071 cnt, section_name (ebl, cnt), shdr->sh_type);
4072 break;
4073 }
4074
4075 if (shdr->sh_flags & SHF_WRITE)
4076 {
4077 if (is_debuginfo && shdr->sh_type != SHT_NOBITS)
4078 ERROR (_("\
4079 section [%2zu] '%s' must be of type NOBITS in debuginfo files\n"),
4080 cnt, section_name (ebl, cnt));
4081
4082 if (!is_debuginfo
4083 && !ebl_check_special_section (ebl, cnt, shdr,
4084 section_name (ebl, cnt)))
4085 ERROR (_("\
4086 section [%2zu] '%s' is both executable and writable\n"),
4087 cnt, section_name (ebl, cnt));
4088 }
4089 }
4090
4091 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0
4092 && !is_debuginfo)
4093 {
4094 /* Make sure the section is contained in a loaded segment
4095 and that the initialization part matches NOBITS sections. */
4096 unsigned int pcnt;
4097 GElf_Phdr phdr_mem;
4098 GElf_Phdr *phdr;
4099
4100 for (pcnt = 0; pcnt < phnum; ++pcnt)
4101 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
4102 && ((phdr->p_type == PT_LOAD
4103 && (shdr->sh_flags & SHF_TLS) == 0)
4104 || (phdr->p_type == PT_TLS
4105 && (shdr->sh_flags & SHF_TLS) != 0))
4106 && phdr->p_offset <= shdr->sh_offset
4107 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
4108 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
4109 || shdr->sh_size == 0))
4110 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
4111 && shdr->sh_type == SHT_NOBITS)))
4112 {
4113 /* Found the segment. */
4114 if (phdr->p_offset + phdr->p_memsz
4115 < shdr->sh_offset + shdr->sh_size)
4116 ERROR (_("\
4117 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
4118 cnt, section_name (ebl, cnt), pcnt);
4119
4120 if (shdr->sh_type == SHT_NOBITS)
4121 {
4122 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
4123 && !is_debuginfo)
4124 {
4125 if (!gnuld)
4126 ERROR (_("\
4127 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
4128 cnt, section_name (ebl, cnt), pcnt);
4129 else
4130 {
4131 /* This is truly horrible. GNU ld might put a
4132 NOBITS section in the middle of a PT_LOAD
4133 segment, assuming the next gap in the file
4134 actually consists of zero bits...
4135 So it really is like a PROGBITS section
4136 where the data is all zeros. Check those
4137 zero bytes are really there. */
4138 bool bad;
4139 Elf_Data *databits;
4140 databits = elf_getdata_rawchunk (ebl->elf,
4141 shdr->sh_offset,
4142 shdr->sh_size,
4143 ELF_T_BYTE);
4144 bad = (databits == NULL
4145 || databits->d_size != shdr->sh_size);
4146 for (size_t idx = 0;
4147 ! bad && idx < databits->d_size;
4148 idx++)
4149 bad = ((char *) databits->d_buf)[idx] != 0;
4150
4151 if (bad)
4152 ERROR (_("\
4153 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d and file contents is non-zero\n"),
4154 cnt, section_name (ebl, cnt), pcnt);
4155 }
4156 }
4157 }
4158 else
4159 {
4160 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
4161 if (shdr->sh_offset > end ||
4162 (shdr->sh_offset == end && shdr->sh_size != 0))
4163 ERROR (_("\
4164 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
4165 cnt, section_name (ebl, cnt), pcnt);
4166 }
4167
4168 if (shdr->sh_type != SHT_NOBITS)
4169 {
4170 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
4171 {
4172 segment_flags[pcnt] |= PF_X;
4173 if ((phdr->p_flags & PF_X) == 0)
4174 ERROR (_("\
4175 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
4176 cnt, section_name (ebl, cnt), pcnt);
4177 }
4178
4179 if ((shdr->sh_flags & SHF_WRITE) != 0)
4180 {
4181 segment_flags[pcnt] |= PF_W;
4182 if (0 /* XXX vdso images have this */
4183 && (phdr->p_flags & PF_W) == 0)
4184 ERROR (_("\
4185 section [%2zu] '%s' is writable in unwritable segment %d\n"),
4186 cnt, section_name (ebl, cnt), pcnt);
4187 }
4188 }
4189
4190 break;
4191 }
4192
4193 if (pcnt == phnum)
4194 ERROR (_("\
4195 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
4196 cnt, section_name (ebl, cnt));
4197 }
4198
4199 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
4200 ERROR (_("\
4201 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
4202 cnt, section_name (ebl, cnt));
4203
4204 switch (shdr->sh_type)
4205 {
4206 case SHT_DYNSYM:
4207 if (ehdr->e_type == ET_REL)
4208 ERROR (_("\
4209 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
4210 cnt, section_name (ebl, cnt));
4211 FALLTHROUGH;
4212 case SHT_SYMTAB:
4213 check_symtab (ebl, ehdr, shdr, cnt);
4214 break;
4215
4216 case SHT_RELA:
4217 check_rela (ebl, ehdr, shdr, cnt);
4218 break;
4219
4220 case SHT_REL:
4221 check_rel (ebl, ehdr, shdr, cnt);
4222 break;
4223
4224 case SHT_RELR:
4225 check_relr (ebl, ehdr, shdr, cnt);
4226 break;
4227
4228 case SHT_DYNAMIC:
4229 check_dynamic (ebl, ehdr, shdr, cnt);
4230 break;
4231
4232 case SHT_SYMTAB_SHNDX:
4233 check_symtab_shndx (ebl, ehdr, shdr, cnt);
4234 break;
4235
4236 case SHT_HASH:
4237 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4238 hash_idx = cnt;
4239 break;
4240
4241 case SHT_GNU_HASH:
4242 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
4243 gnu_hash_idx = cnt;
4244 break;
4245
4246 case SHT_NULL:
4247 check_null (ebl, shdr, cnt);
4248 break;
4249
4250 case SHT_GROUP:
4251 check_group (ebl, ehdr, shdr, cnt);
4252 break;
4253
4254 case SHT_NOTE:
4255 check_note_section (ebl, ehdr, shdr, cnt);
4256 break;
4257
4258 case SHT_GNU_versym:
4259 /* We cannot process this section now since we have no guarantee
4260 that the verneed and verdef sections have already been read.
4261 Just remember the section index. */
4262 if (versym_scnndx != 0)
4263 ERROR (_("more than one version symbol table present\n"));
4264 versym_scnndx = cnt;
4265 break;
4266
4267 case SHT_GNU_verneed:
4268 check_verneed (ebl, shdr, cnt);
4269 break;
4270
4271 case SHT_GNU_verdef:
4272 check_verdef (ebl, shdr, cnt);
4273 break;
4274
4275 case SHT_GNU_ATTRIBUTES:
4276 check_attributes (ebl, ehdr, shdr, cnt);
4277 break;
4278
4279 default:
4280 /* Nothing. */
4281 break;
4282 }
4283 }
4284
4285 if (has_interp_segment && !dot_interp_section)
4286 ERROR (_("INTERP program header entry but no .interp section\n"));
4287
4288 if (!is_debuginfo)
4289 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
4290 {
4291 GElf_Phdr phdr_mem;
4292 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
4293 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
4294 {
4295 if ((phdr->p_flags & PF_X) != 0
4296 && (segment_flags[pcnt] & PF_X) == 0)
4297 ERROR (_("\
4298 loadable segment [%u] is executable but contains no executable sections\n"),
4299 pcnt);
4300
4301 if ((phdr->p_flags & PF_W) != 0
4302 && (segment_flags[pcnt] & PF_W) == 0)
4303 ERROR (_("\
4304 loadable segment [%u] is writable but contains no writable sections\n"),
4305 pcnt);
4306 }
4307 }
4308
4309 free (segment_flags);
4310
4311 if (version_namelist != NULL)
4312 {
4313 if (versym_scnndx == 0)
4314 ERROR (_("\
4315 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
4316 else
4317 check_versym (ebl, versym_scnndx);
4318
4319 /* Check for duplicate index numbers. */
4320 do
4321 {
4322 struct version_namelist *runp = version_namelist->next;
4323 while (runp != NULL)
4324 {
4325 if (version_namelist->ndx == runp->ndx)
4326 {
4327 ERROR (_("duplicate version index %d\n"),
4328 (int) version_namelist->ndx);
4329 break;
4330 }
4331 runp = runp->next;
4332 }
4333
4334 struct version_namelist *old = version_namelist;
4335 version_namelist = version_namelist->next;
4336 free (old);
4337 }
4338 while (version_namelist != NULL);
4339 }
4340 else if (versym_scnndx != 0)
4341 ERROR (_("\
4342 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
4343
4344 if (hash_idx != 0 && gnu_hash_idx != 0)
4345 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
4346
4347 free (scnref);
4348 }
4349
4350
4351 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)4352 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
4353 Elf_Data *data, int shndx, int phndx, GElf_Off start)
4354 {
4355 size_t offset = 0;
4356 size_t last_offset = 0;
4357 GElf_Nhdr nhdr;
4358 size_t name_offset;
4359 size_t desc_offset;
4360 while (offset < data->d_size
4361 && (offset = gelf_getnote (data, offset,
4362 &nhdr, &name_offset, &desc_offset)) > 0)
4363 {
4364 last_offset = offset;
4365
4366 /* Make sure it is one of the note types we know about. */
4367 if (ehdr->e_type == ET_CORE)
4368 switch (nhdr.n_type)
4369 {
4370 case NT_PRSTATUS:
4371 case NT_FPREGSET:
4372 case NT_PRPSINFO:
4373 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
4374 case NT_PLATFORM:
4375 case NT_AUXV:
4376 case NT_GWINDOWS:
4377 case NT_ASRS:
4378 case NT_PSTATUS:
4379 case NT_PSINFO:
4380 case NT_PRCRED:
4381 case NT_UTSNAME:
4382 case NT_LWPSTATUS:
4383 case NT_LWPSINFO:
4384 case NT_PRFPXREG:
4385 /* Known type. */
4386 break;
4387
4388 default:
4389 if (shndx == 0)
4390 ERROR (_("\
4391 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
4392 phndx, (uint32_t) nhdr.n_type, start + offset);
4393 else
4394 ERROR (_("\
4395 section [%2d] '%s': unknown core file note type %" PRIu32
4396 " at offset %zu\n"),
4397 shndx, section_name (ebl, shndx),
4398 (uint32_t) nhdr.n_type, offset);
4399 }
4400 else
4401 switch (nhdr.n_type)
4402 {
4403 case NT_GNU_ABI_TAG:
4404 case NT_GNU_HWCAP:
4405 case NT_GNU_BUILD_ID:
4406 case NT_GNU_GOLD_VERSION:
4407 case NT_GNU_PROPERTY_TYPE_0:
4408 if (nhdr.n_namesz == sizeof ELF_NOTE_GNU
4409 && strcmp (data->d_buf + name_offset, ELF_NOTE_GNU) == 0)
4410 break;
4411 else
4412 {
4413 /* NT_VERSION is 1, same as NT_GNU_ABI_TAG. It has no
4414 descriptor and (ab)uses the name as version string. */
4415 if (nhdr.n_descsz == 0 && nhdr.n_type == NT_VERSION)
4416 break;
4417 }
4418 goto unknown_note;
4419
4420 case NT_GNU_BUILD_ATTRIBUTE_OPEN:
4421 case NT_GNU_BUILD_ATTRIBUTE_FUNC:
4422 /* GNU Build Attributes store most data in the owner
4423 name, which must start with the
4424 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX "GA". */
4425 if (nhdr.n_namesz >= sizeof ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX
4426 && strncmp (data->d_buf + name_offset,
4427 ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX,
4428 strlen (ELF_NOTE_GNU_BUILD_ATTRIBUTE_PREFIX)) == 0)
4429 break;
4430 else
4431 goto unknown_note;
4432
4433 case NT_FDO_PACKAGING_METADATA:
4434 if (nhdr.n_namesz == sizeof ELF_NOTE_FDO
4435 && strcmp (data->d_buf + name_offset, ELF_NOTE_FDO) == 0)
4436 break;
4437 else
4438 goto unknown_note;
4439
4440 case 0:
4441 /* Linux vDSOs use a type 0 note for the kernel version word. */
4442 if (nhdr.n_namesz == sizeof "Linux"
4443 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
4444 break;
4445 FALLTHROUGH;
4446 default:
4447 {
4448 unknown_note:
4449 if (shndx == 0)
4450 ERROR (_("\
4451 phdr[%d]: unknown object file note type %" PRIu32 " with owner name '%s' at offset %zu\n"),
4452 phndx, (uint32_t) nhdr.n_type,
4453 (char *) data->d_buf + name_offset, offset);
4454 else
4455 ERROR (_("\
4456 section [%2d] '%s': unknown object file note type %" PRIu32
4457 " with owner name '%s' at offset %zu\n"),
4458 shndx, section_name (ebl, shndx),
4459 (uint32_t) nhdr.n_type,
4460 (char *) data->d_buf + name_offset, offset);
4461 }
4462 }
4463 }
4464
4465 return last_offset;
4466 }
4467
4468
4469 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4470 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4471 {
4472 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4473 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4474 ERROR (_("\
4475 phdr[%d]: no note entries defined for the type of file\n"),
4476 cnt);
4477
4478 if (is_debuginfo)
4479 /* The p_offset values in a separate debug file are bogus. */
4480 return;
4481
4482 if (phdr->p_filesz == 0)
4483 return;
4484
4485 GElf_Off notes_size = 0;
4486 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4487 phdr->p_offset, phdr->p_filesz,
4488 (phdr->p_align == 8
4489 ? ELF_T_NHDR8 : ELF_T_NHDR));
4490 if (data != NULL && data->d_buf != NULL)
4491 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4492
4493 if (notes_size == 0)
4494 ERROR (_("phdr[%d]: cannot get content of note section: %s\n"),
4495 cnt, elf_errmsg (-1));
4496 else if (notes_size != phdr->p_filesz)
4497 ERROR (_("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4498 cnt, phdr->p_filesz - notes_size);
4499 }
4500
4501
4502 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4503 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4504 {
4505 if (shdr->sh_size == 0)
4506 return;
4507
4508 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4509 if (data == NULL || data->d_buf == NULL)
4510 {
4511 ERROR (_("section [%2d] '%s': cannot get section data\n"),
4512 idx, section_name (ebl, idx));
4513 return;
4514 }
4515
4516 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4517 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4518 ERROR (_("\
4519 section [%2d] '%s': no note entries defined for the type of file\n"),
4520 idx, section_name (ebl, idx));
4521
4522 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4523
4524 if (notes_size == 0)
4525 ERROR (_("section [%2d] '%s': cannot get content of note section\n"),
4526 idx, section_name (ebl, idx));
4527 else if (notes_size != shdr->sh_size)
4528 ERROR (_("section [%2d] '%s': extra %" PRIu64
4529 " bytes after last note\n"),
4530 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4531 }
4532
4533
4534 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4535 static int pt_gnu_eh_frame_pndx;
4536
4537
4538 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4539 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4540 {
4541 if (ehdr->e_phoff == 0)
4542 return;
4543
4544 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4545 && ehdr->e_type != ET_CORE)
4546 ERROR (_("\
4547 only executables, shared objects, and core files can have program headers\n"));
4548
4549 int num_pt_interp = 0;
4550 int num_pt_tls = 0;
4551 int num_pt_relro = 0;
4552
4553 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4554 {
4555 GElf_Phdr phdr_mem;
4556 GElf_Phdr *phdr;
4557
4558 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4559 if (phdr == NULL)
4560 {
4561 ERROR (_("cannot get program header entry %d: %s\n"),
4562 cnt, elf_errmsg (-1));
4563 continue;
4564 }
4565
4566 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4567 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4568 && phdr->p_type != PT_GNU_PROPERTY
4569 /* Check for a known machine-specific type. */
4570 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4571 ERROR (_("\
4572 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4573 cnt, (uint64_t) phdr->p_type);
4574
4575 if (phdr->p_type == PT_LOAD)
4576 has_loadable_segment = true;
4577 else if (phdr->p_type == PT_INTERP)
4578 {
4579 if (++num_pt_interp != 1)
4580 {
4581 if (num_pt_interp == 2)
4582 ERROR (_("\
4583 more than one INTERP entry in program header\n"));
4584 }
4585 has_interp_segment = true;
4586 }
4587 else if (phdr->p_type == PT_TLS)
4588 {
4589 if (++num_pt_tls == 2)
4590 ERROR (_("more than one TLS entry in program header\n"));
4591 }
4592 else if (phdr->p_type == PT_NOTE)
4593 check_note (ebl, ehdr, phdr, cnt);
4594 else if (phdr->p_type == PT_DYNAMIC)
4595 {
4596 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4597 ERROR (_("\
4598 static executable cannot have dynamic sections\n"));
4599 else
4600 {
4601 /* Check that the .dynamic section, if it exists, has
4602 the same address. */
4603 Elf_Scn *scn = NULL;
4604 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4605 {
4606 GElf_Shdr shdr_mem;
4607 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4608 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4609 {
4610 if (phdr->p_offset != shdr->sh_offset)
4611 ERROR (_("\
4612 dynamic section reference in program header has wrong offset\n"));
4613 if (phdr->p_memsz != shdr->sh_size)
4614 ERROR (_("\
4615 dynamic section size mismatch in program and section header\n"));
4616 break;
4617 }
4618 }
4619 }
4620 }
4621 else if (phdr->p_type == PT_GNU_RELRO)
4622 {
4623 if (++num_pt_relro == 2)
4624 ERROR (_("\
4625 more than one GNU_RELRO entry in program header\n"));
4626 else
4627 {
4628 /* Check that the region is in a writable segment. */
4629 unsigned int inner;
4630 for (inner = 0; inner < phnum; ++inner)
4631 {
4632 GElf_Phdr phdr2_mem;
4633 GElf_Phdr *phdr2;
4634
4635 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4636 if (phdr2 == NULL)
4637 continue;
4638
4639 if (phdr2->p_type == PT_LOAD
4640 && phdr->p_vaddr >= phdr2->p_vaddr
4641 && (phdr->p_vaddr + phdr->p_memsz
4642 <= phdr2->p_vaddr + phdr2->p_memsz))
4643 {
4644 if ((phdr2->p_flags & PF_W) == 0)
4645 ERROR (_("\
4646 loadable segment GNU_RELRO applies to is not writable\n"));
4647 /* Unless fully covered, relro flags could be a
4648 subset of the phdrs2 flags. For example the load
4649 segment could also have PF_X set. */
4650 if (phdr->p_vaddr == phdr2->p_vaddr
4651 && (phdr->p_vaddr + phdr->p_memsz
4652 == phdr2->p_vaddr + phdr2->p_memsz))
4653 {
4654 if ((phdr2->p_flags & ~PF_W)
4655 != (phdr->p_flags & ~PF_W))
4656 ERROR (_("\
4657 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4658 cnt, inner);
4659 }
4660 else
4661 {
4662 if ((phdr->p_flags & ~phdr2->p_flags) != 0)
4663 ERROR (_("\
4664 GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"),
4665 inner, cnt);
4666 }
4667 break;
4668 }
4669 }
4670
4671 if (inner >= phnum)
4672 ERROR (_("\
4673 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4674 }
4675 }
4676 else if (phdr->p_type == PT_PHDR)
4677 {
4678 /* Check that the region is in a writable segment. */
4679 unsigned int inner;
4680 for (inner = 0; inner < phnum; ++inner)
4681 {
4682 GElf_Phdr phdr2_mem;
4683 GElf_Phdr *phdr2;
4684
4685 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4686 if (phdr2 != NULL
4687 && phdr2->p_type == PT_LOAD
4688 && phdr->p_vaddr >= phdr2->p_vaddr
4689 && (phdr->p_vaddr + phdr->p_memsz
4690 <= phdr2->p_vaddr + phdr2->p_memsz))
4691 break;
4692 }
4693
4694 if (inner >= phnum)
4695 ERROR (_("\
4696 %s segment not contained in a loaded segment\n"), "PHDR");
4697
4698 /* Check that offset in segment corresponds to offset in ELF
4699 header. */
4700 if (phdr->p_offset != ehdr->e_phoff)
4701 ERROR (_("\
4702 program header offset in ELF header and PHDR entry do not match"));
4703 }
4704 else if (phdr->p_type == PT_GNU_EH_FRAME)
4705 {
4706 /* If there is an .eh_frame_hdr section it must be
4707 referenced by this program header entry. */
4708 Elf_Scn *scn = NULL;
4709 GElf_Shdr shdr_mem;
4710 GElf_Shdr *shdr = NULL;
4711 bool any = false;
4712 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4713 {
4714 any = true;
4715 shdr = gelf_getshdr (scn, &shdr_mem);
4716 if (shdr != NULL
4717 && ((is_debuginfo && shdr->sh_type == SHT_NOBITS)
4718 || (! is_debuginfo
4719 && (shdr->sh_type == SHT_PROGBITS
4720 || shdr->sh_type == SHT_X86_64_UNWIND)))
4721 && elf_strptr (ebl->elf, shstrndx, shdr->sh_name) != NULL
4722 && ! strcmp (".eh_frame_hdr",
4723 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4724 {
4725 if (! is_debuginfo)
4726 {
4727 if (phdr->p_offset != shdr->sh_offset)
4728 ERROR (_("\
4729 call frame search table reference in program header has wrong offset\n"));
4730 if (phdr->p_memsz != shdr->sh_size)
4731 ERROR (_("\
4732 call frame search table size mismatch in program and section header\n"));
4733 }
4734 break;
4735 }
4736 }
4737
4738 if (scn == NULL)
4739 {
4740 /* If there is no section header table we don't
4741 complain. But if there is one there should be an
4742 entry for .eh_frame_hdr. */
4743 if (any)
4744 ERROR (_("\
4745 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4746 }
4747 else
4748 {
4749 /* The section must be allocated and not be writable and
4750 executable. */
4751 if ((phdr->p_flags & PF_R) == 0)
4752 ERROR (_("\
4753 call frame search table must be allocated\n"));
4754 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4755 ERROR (_("\
4756 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4757
4758 if ((phdr->p_flags & PF_W) != 0)
4759 ERROR (_("\
4760 call frame search table must not be writable\n"));
4761 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4762 ERROR (_("\
4763 section [%2zu] '%s' must not be writable\n"),
4764 elf_ndxscn (scn), ".eh_frame_hdr");
4765
4766 if ((phdr->p_flags & PF_X) != 0)
4767 ERROR (_("\
4768 call frame search table must not be executable\n"));
4769 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4770 ERROR (_("\
4771 section [%2zu] '%s' must not be executable\n"),
4772 elf_ndxscn (scn), ".eh_frame_hdr");
4773 }
4774
4775 /* Remember which entry this is. */
4776 pt_gnu_eh_frame_pndx = cnt;
4777 }
4778
4779 if (phdr->p_filesz > phdr->p_memsz
4780 && (phdr->p_memsz != 0
4781 || (phdr->p_type != PT_NOTE
4782 && !(ehdr->e_machine == EM_RISCV
4783 && phdr->p_type == PT_RISCV_ATTRIBUTES))))
4784 ERROR (_("\
4785 program header entry %d: file size greater than memory size\n"),
4786 cnt);
4787
4788 if (phdr->p_align > 1)
4789 {
4790 if (!powerof2 (phdr->p_align))
4791 ERROR (_("\
4792 program header entry %d: alignment not a power of 2\n"), cnt);
4793 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4794 ERROR (_("\
4795 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4796 }
4797 }
4798 }
4799
4800
4801 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4802 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4803 GElf_Ehdr *ehdr __attribute__ ((unused)))
4804 {
4805 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4806 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4807 ERROR (_("executable/DSO with .eh_frame_hdr section does not have "
4808 "a PT_GNU_EH_FRAME program header entry"));
4809 }
4810
4811
4812 /* Process one file. */
4813 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4814 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4815 const char *fname, size_t size, bool only_one)
4816 {
4817 /* Reset variables. */
4818 ndynamic = 0;
4819 nverneed = 0;
4820 nverdef = 0;
4821 textrel = false;
4822 needed_textrel = false;
4823 has_loadable_segment = false;
4824 has_interp_segment = false;
4825
4826 GElf_Ehdr ehdr_mem;
4827 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4828 Ebl *ebl;
4829
4830 /* Print the file name. */
4831 if (!only_one)
4832 {
4833 if (prefix != NULL)
4834 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4835 else
4836 printf ("\n%s:\n", fname);
4837 }
4838
4839 if (ehdr == NULL)
4840 {
4841 ERROR (_("cannot read ELF header: %s\n"), elf_errmsg (-1));
4842 return;
4843 }
4844
4845 ebl = ebl_openbackend (elf);
4846 /* If there is no appropriate backend library we cannot test
4847 architecture and OS specific features. Any encountered extension
4848 is an error. Often we'll get a "dummy" ebl, except if something
4849 really bad happen, like a totally corrupted ELF file or out of
4850 memory situation. */
4851 if (ebl == NULL)
4852 {
4853 ERROR (_("cannot create backend for ELF file\n"));
4854 return;
4855 }
4856
4857 /* Go straight by the gABI, check all the parts in turn. */
4858 check_elf_header (ebl, ehdr, size);
4859
4860 /* Check the program header. */
4861 check_program_header (ebl, ehdr);
4862
4863 /* Next the section headers. It is OK if there are no section
4864 headers at all. */
4865 check_sections (ebl, ehdr);
4866
4867 /* Check the exception handling data, if it exists. */
4868 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4869 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4870 check_exception_data (ebl, ehdr);
4871
4872 /* Report if no relocation section needed the text relocation flag. */
4873 if (textrel && !needed_textrel)
4874 ERROR (_("text relocation flag set but not needed\n"));
4875
4876 /* Free the resources. */
4877 ebl_closebackend (ebl);
4878 }
4879
4880
4881 #include "debugpred.h"
4882