1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2014 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 elfutils is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19 #ifdef HAVE_CONFIG_H
20 # include <config.h>
21 #endif
22
23 #include <argp.h>
24 #include <assert.h>
25 #include <byteswap.h>
26 #include <endian.h>
27 #include <error.h>
28 #include <fcntl.h>
29 #include <gelf.h>
30 #include <inttypes.h>
31 #include <libintl.h>
32 #include <locale.h>
33 #include <stdbool.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <unistd.h>
37 #include <sys/stat.h>
38 #include <sys/param.h>
39
40 #include <elf-knowledge.h>
41 #include <system.h>
42 #include "../libelf/libelfP.h"
43 #include "../libelf/common.h"
44 #include "../libebl/libeblP.h"
45 #include "../libdw/libdwP.h"
46 #include "../libdwfl/libdwflP.h"
47 #include "../libdw/memory-access.h"
48
49
50 /* Name and version of program. */
51 static void print_version (FILE *stream, struct argp_state *state);
52 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
53
54 /* Bug report address. */
55 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
56
57 #define ARGP_strict 300
58 #define ARGP_gnuld 301
59
60 /* Definitions of arguments for argp functions. */
61 static const struct argp_option options[] =
62 {
63 { "strict", ARGP_strict, NULL, 0,
64 N_("Be extremely strict, flag level 2 features."), 0 },
65 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
66 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
67 { "gnu-ld", ARGP_gnuld, NULL, 0,
68 N_("Binary has been created with GNU ld and is therefore known to be \
69 broken in certain ways"), 0 },
70 { NULL, 0, NULL, 0, NULL, 0 }
71 };
72
73 /* Short description of program. */
74 static const char doc[] = N_("\
75 Pedantic checking of ELF files compliance with gABI/psABI spec.");
76
77 /* Strings for arguments in help texts. */
78 static const char args_doc[] = N_("FILE...");
79
80 /* Prototype for option handler. */
81 static error_t parse_opt (int key, char *arg, struct argp_state *state);
82
83 /* Data structure to communicate with argp functions. */
84 static struct argp argp =
85 {
86 options, parse_opt, args_doc, doc, NULL, NULL, NULL
87 };
88
89
90 /* Declarations of local functions. */
91 static void process_file (int fd, Elf *elf, const char *prefix,
92 const char *suffix, const char *fname, size_t size,
93 bool only_one);
94 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
95 const char *fname, size_t size, bool only_one);
96 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
97 GElf_Shdr *shdr, int idx);
98
99
100 /* Report an error. */
101 #define ERROR(str, args...) \
102 do { \
103 printf (str, ##args); \
104 ++error_count; \
105 } while (0)
106 static unsigned int error_count;
107
108 /* True if we should perform very strict testing. */
109 static bool be_strict;
110
111 /* True if no message is to be printed if the run is succesful. */
112 static bool be_quiet;
113
114 /* True if binary is from strip -f, not a normal ELF file. */
115 static bool is_debuginfo;
116
117 /* True if binary is assumed to be generated with GNU ld. */
118 static bool gnuld;
119
120 /* Index of section header string table. */
121 static uint32_t shstrndx;
122
123 /* Array to count references in section groups. */
124 static int *scnref;
125
126 /* Numbers of sections and program headers. */
127 static unsigned int shnum;
128 static unsigned int phnum;
129
130
131 int
main(int argc,char * argv[])132 main (int argc, char *argv[])
133 {
134 /* Set locale. */
135 setlocale (LC_ALL, "");
136
137 /* Initialize the message catalog. */
138 textdomain (PACKAGE_TARNAME);
139
140 /* Parse and process arguments. */
141 int remaining;
142 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
143
144 /* Before we start tell the ELF library which version we are using. */
145 elf_version (EV_CURRENT);
146
147 /* Now process all the files given at the command line. */
148 bool only_one = remaining + 1 == argc;
149 do
150 {
151 /* Open the file. */
152 int fd = open (argv[remaining], O_RDONLY);
153 if (fd == -1)
154 {
155 error (0, errno, gettext ("cannot open input file"));
156 continue;
157 }
158
159 /* Create an `Elf' descriptor. */
160 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
161 if (elf == NULL)
162 ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
163 elf_errmsg (-1));
164 else
165 {
166 unsigned int prev_error_count = error_count;
167 struct stat64 st;
168
169 if (fstat64 (fd, &st) != 0)
170 {
171 printf ("cannot stat '%s': %m\n", argv[remaining]);
172 close (fd);
173 continue;
174 }
175
176 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
177 only_one);
178
179 /* Now we can close the descriptor. */
180 if (elf_end (elf) != 0)
181 ERROR (gettext ("error while closing Elf descriptor: %s\n"),
182 elf_errmsg (-1));
183
184 if (prev_error_count == error_count && !be_quiet)
185 puts (gettext ("No errors"));
186 }
187
188 close (fd);
189 }
190 while (++remaining < argc);
191
192 return error_count != 0;
193 }
194
195
196 /* Handle program arguments. */
197 static error_t
parse_opt(int key,char * arg,struct argp_state * state)198 parse_opt (int key, char *arg __attribute__ ((unused)),
199 struct argp_state *state __attribute__ ((unused)))
200 {
201 switch (key)
202 {
203 case ARGP_strict:
204 be_strict = true;
205 break;
206
207 case 'q':
208 be_quiet = true;
209 break;
210
211 case 'd':
212 is_debuginfo = true;
213
214 case ARGP_gnuld:
215 gnuld = true;
216 break;
217
218 case ARGP_KEY_NO_ARGS:
219 fputs (gettext ("Missing file name.\n"), stderr);
220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
221 exit (EXIT_FAILURE);
222
223 default:
224 return ARGP_ERR_UNKNOWN;
225 }
226 return 0;
227 }
228
229
230 /* Print the version information. */
231 static void
print_version(FILE * stream,struct argp_state * state)232 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused)))
233 {
234 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION);
235 fprintf (stream, gettext ("\
236 Copyright (C) %s Red Hat, Inc.\n\
237 This is free software; see the source for copying conditions. There is NO\n\
238 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
239 "), "2012");
240 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
241 }
242
243
244 /* Process one file. */
245 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)246 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
247 const char *fname, size_t size, bool only_one)
248 {
249 /* We can handle two types of files: ELF files and archives. */
250 Elf_Kind kind = elf_kind (elf);
251
252 switch (kind)
253 {
254 case ELF_K_ELF:
255 /* Yes! It's an ELF file. */
256 process_elf_file (elf, prefix, suffix, fname, size, only_one);
257 break;
258
259 case ELF_K_AR:
260 {
261 Elf *subelf;
262 Elf_Cmd cmd = ELF_C_READ_MMAP;
263 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
264 size_t fname_len = strlen (fname) + 1;
265 char new_prefix[prefix_len + 1 + fname_len];
266 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
267 char *cp = new_prefix;
268
269 /* Create the full name of the file. */
270 if (prefix != NULL)
271 {
272 cp = mempcpy (cp, prefix, prefix_len);
273 *cp++ = '(';
274 strcpy (stpcpy (new_suffix, suffix), ")");
275 }
276 else
277 new_suffix[0] = '\0';
278 memcpy (cp, fname, fname_len);
279
280 /* It's an archive. We process each file in it. */
281 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
282 {
283 kind = elf_kind (subelf);
284
285 /* Call this function recursively. */
286 if (kind == ELF_K_ELF || kind == ELF_K_AR)
287 {
288 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
289 assert (arhdr != NULL);
290
291 process_file (fd, subelf, new_prefix, new_suffix,
292 arhdr->ar_name, arhdr->ar_size, false);
293 }
294
295 /* Get next archive element. */
296 cmd = elf_next (subelf);
297 if (elf_end (subelf) != 0)
298 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
299 elf_errmsg (-1));
300 }
301 }
302 break;
303
304 default:
305 /* We cannot do anything. */
306 ERROR (gettext ("\
307 Not an ELF file - it has the wrong magic bytes at the start\n"));
308 break;
309 }
310 }
311
312
313 static const char *
section_name(Ebl * ebl,int idx)314 section_name (Ebl *ebl, int idx)
315 {
316 GElf_Shdr shdr_mem;
317 GElf_Shdr *shdr;
318 const char *ret;
319
320 if ((unsigned int) idx > shnum)
321 return "<invalid>";
322
323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
324 if (shdr == NULL)
325 return "<invalid>";
326
327 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
328 if (ret == NULL)
329 return "<invalid>";
330 return ret;
331 }
332
333
334 static const int valid_e_machine[] =
335 {
336 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
337 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
338 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
339 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
340 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
341 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
342 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
343 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
344 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
345 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
346 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA,
347 EM_TILEGX, EM_TILEPRO, EM_AARCH64
348 };
349 #define nvalid_e_machine \
350 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
351
352
353 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)354 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
355 {
356 char buf[512];
357 size_t cnt;
358
359 /* Check e_ident field. */
360 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
361 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
362 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
363 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
364 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
365 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
366 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
367 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
368
369 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
370 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
371 ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
372 EI_CLASS, ehdr->e_ident[EI_CLASS]);
373
374 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
375 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
376 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
377 EI_DATA, ehdr->e_ident[EI_DATA]);
378
379 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
380 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
381 EI_VERSION, ehdr->e_ident[EI_VERSION]);
382
383 /* We currently don't handle any OS ABIs other than Linux. */
384 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
385 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX)
386 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"),
387 EI_OSABI,
388 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
389
390 /* No ABI versions other than zero supported either. */
391 if (ehdr->e_ident[EI_ABIVERSION] != 0)
392 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"),
393 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
394
395 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
396 if (ehdr->e_ident[cnt] != 0)
397 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
398
399 /* Check the e_type field. */
400 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
401 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
402 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
403
404 /* Check the e_machine field. */
405 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
406 if (valid_e_machine[cnt] == ehdr->e_machine)
407 break;
408 if (cnt == nvalid_e_machine)
409 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
410
411 /* Check the e_version field. */
412 if (ehdr->e_version != EV_CURRENT)
413 ERROR (gettext ("unknown object file version\n"));
414
415 /* Check the e_phoff and e_phnum fields. */
416 if (ehdr->e_phoff == 0)
417 {
418 if (ehdr->e_phnum != 0)
419 ERROR (gettext ("invalid program header offset\n"));
420 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
421 ERROR (gettext ("\
422 executables and DSOs cannot have zero program header offset\n"));
423 }
424 else if (ehdr->e_phnum == 0)
425 ERROR (gettext ("invalid number of program header entries\n"));
426
427 /* Check the e_shoff field. */
428 shnum = ehdr->e_shnum;
429 shstrndx = ehdr->e_shstrndx;
430 if (ehdr->e_shoff == 0)
431 {
432 if (ehdr->e_shnum != 0)
433 ERROR (gettext ("invalid section header table offset\n"));
434 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
435 && ehdr->e_type != ET_CORE)
436 ERROR (gettext ("section header table must be present\n"));
437 }
438 else
439 {
440 if (ehdr->e_shnum == 0)
441 {
442 /* Get the header of the zeroth section. The sh_size field
443 might contain the section number. */
444 GElf_Shdr shdr_mem;
445 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
446 if (shdr != NULL)
447 {
448 /* The error will be reported later. */
449 if (shdr->sh_size == 0)
450 ERROR (gettext ("\
451 invalid number of section header table entries\n"));
452 else
453 shnum = shdr->sh_size;
454 }
455 }
456
457 if (ehdr->e_shstrndx == SHN_XINDEX)
458 {
459 /* Get the header of the zeroth section. The sh_size field
460 might contain the section number. */
461 GElf_Shdr shdr_mem;
462 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
463 if (shdr != NULL && shdr->sh_link < shnum)
464 shstrndx = shdr->sh_link;
465 }
466 else if (shstrndx >= shnum)
467 ERROR (gettext ("invalid section header index\n"));
468 }
469
470 phnum = ehdr->e_phnum;
471 if (ehdr->e_phnum == PN_XNUM)
472 {
473 /* Get the header of the zeroth section. The sh_info field
474 might contain the phnum count. */
475 GElf_Shdr shdr_mem;
476 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
477 if (shdr != NULL)
478 {
479 /* The error will be reported later. */
480 if (shdr->sh_info < PN_XNUM)
481 ERROR (gettext ("\
482 invalid number of program header table entries\n"));
483 else
484 phnum = shdr->sh_info;
485 }
486 }
487
488 /* Check the e_flags field. */
489 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
490 ERROR (gettext ("invalid machine flags: %s\n"),
491 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
492
493 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
494 if (gelf_getclass (ebl->elf) == ELFCLASS32)
495 {
496 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
497 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
498
499 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
500 ERROR (gettext ("invalid program header size: %hd\n"),
501 ehdr->e_phentsize);
502 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
503 ERROR (gettext ("invalid program header position or size\n"));
504
505 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
506 ERROR (gettext ("invalid section header size: %hd\n"),
507 ehdr->e_shentsize);
508 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
509 ERROR (gettext ("invalid section header position or size\n"));
510 }
511 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
512 {
513 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
514 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
515
516 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
517 ERROR (gettext ("invalid program header size: %hd\n"),
518 ehdr->e_phentsize);
519 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
520 ERROR (gettext ("invalid program header position or size\n"));
521
522 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
523 ERROR (gettext ("invalid section header size: %hd\n"),
524 ehdr->e_shentsize);
525 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
526 ERROR (gettext ("invalid section header position or size\n"));
527 }
528 }
529
530
531 /* Check that there is a section group section with index < IDX which
532 contains section IDX and that there is exactly one. */
533 static void
check_scn_group(Ebl * ebl,int idx)534 check_scn_group (Ebl *ebl, int idx)
535 {
536 if (scnref[idx] == 0)
537 {
538 /* No reference so far. Search following sections, maybe the
539 order is wrong. */
540 size_t cnt;
541
542 for (cnt = idx + 1; cnt < shnum; ++cnt)
543 {
544 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
545 GElf_Shdr shdr_mem;
546 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
547 if (shdr == NULL)
548 /* We cannot get the section header so we cannot check it.
549 The error to get the section header will be shown
550 somewhere else. */
551 continue;
552
553 if (shdr->sh_type != SHT_GROUP)
554 continue;
555
556 Elf_Data *data = elf_getdata (scn, NULL);
557 if (data == NULL || data->d_size < sizeof (Elf32_Word))
558 /* Cannot check the section. */
559 continue;
560
561 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
562 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
563 ++inner)
564 if (grpdata[inner] == (Elf32_Word) idx)
565 goto out;
566 }
567
568 out:
569 if (cnt == shnum)
570 ERROR (gettext ("\
571 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
572 idx, section_name (ebl, idx));
573 else
574 ERROR (gettext ("\
575 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
576 idx, section_name (ebl, idx),
577 cnt, section_name (ebl, cnt));
578 }
579 }
580
581
582 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)583 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
584 {
585 bool no_xndx_warned = false;
586 int no_pt_tls = 0;
587 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
588 if (data == NULL)
589 {
590 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
591 idx, section_name (ebl, idx));
592 return;
593 }
594
595 GElf_Shdr strshdr_mem;
596 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
597 &strshdr_mem);
598 if (strshdr == NULL)
599 return;
600
601 if (strshdr->sh_type != SHT_STRTAB)
602 {
603 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
604 shdr->sh_link, section_name (ebl, shdr->sh_link),
605 idx, section_name (ebl, idx));
606 strshdr = NULL;
607 }
608
609 /* Search for an extended section index table section. */
610 Elf_Data *xndxdata = NULL;
611 Elf32_Word xndxscnidx = 0;
612 bool found_xndx = false;
613 for (size_t cnt = 1; cnt < shnum; ++cnt)
614 if (cnt != (size_t) idx)
615 {
616 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
617 GElf_Shdr xndxshdr_mem;
618 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
619 if (xndxshdr == NULL)
620 continue;
621
622 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
623 && xndxshdr->sh_link == (GElf_Word) idx)
624 {
625 if (found_xndx)
626 ERROR (gettext ("\
627 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
628 idx, section_name (ebl, idx));
629
630 xndxdata = elf_getdata (xndxscn, NULL);
631 xndxscnidx = elf_ndxscn (xndxscn);
632 found_xndx = true;
633 }
634 }
635
636 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
637 if (shdr->sh_entsize != sh_entsize)
638 ERROR (gettext ("\
639 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
640 idx, section_name (ebl, idx));
641
642 /* Test the zeroth entry. */
643 GElf_Sym sym_mem;
644 Elf32_Word xndx;
645 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
646 if (sym == NULL)
647 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
648 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
649 else
650 {
651 if (sym->st_name != 0)
652 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
653 idx, section_name (ebl, idx), "st_name");
654 if (sym->st_value != 0)
655 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
656 idx, section_name (ebl, idx), "st_value");
657 if (sym->st_size != 0)
658 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
659 idx, section_name (ebl, idx), "st_size");
660 if (sym->st_info != 0)
661 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
662 idx, section_name (ebl, idx), "st_info");
663 if (sym->st_other != 0)
664 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
665 idx, section_name (ebl, idx), "st_other");
666 if (sym->st_shndx != 0)
667 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
668 idx, section_name (ebl, idx), "st_shndx");
669 if (xndxdata != NULL && xndx != 0)
670 ERROR (gettext ("\
671 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
672 xndxscnidx, section_name (ebl, xndxscnidx));
673 }
674
675 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
676 {
677 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
678 if (sym == NULL)
679 {
680 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
681 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
682 continue;
683 }
684
685 const char *name = NULL;
686 if (strshdr == NULL)
687 name = "";
688 else if (sym->st_name >= strshdr->sh_size)
689 ERROR (gettext ("\
690 section [%2d] '%s': symbol %zu: invalid name value\n"),
691 idx, section_name (ebl, idx), cnt);
692 else
693 {
694 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
695 assert (name != NULL
696 || strshdr->sh_type != SHT_STRTAB);
697 }
698
699 if (sym->st_shndx == SHN_XINDEX)
700 {
701 if (xndxdata == NULL)
702 {
703 if (!no_xndx_warned)
704 ERROR (gettext ("\
705 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
706 idx, section_name (ebl, idx), cnt);
707 no_xndx_warned = true;
708 }
709 else if (xndx < SHN_LORESERVE)
710 ERROR (gettext ("\
711 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
712 xndxscnidx, section_name (ebl, xndxscnidx), cnt,
713 xndx);
714 }
715 else if ((sym->st_shndx >= SHN_LORESERVE
716 // && sym->st_shndx <= SHN_HIRESERVE always true
717 && sym->st_shndx != SHN_ABS
718 && sym->st_shndx != SHN_COMMON)
719 || (sym->st_shndx >= shnum
720 && (sym->st_shndx < SHN_LORESERVE
721 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
722 ERROR (gettext ("\
723 section [%2d] '%s': symbol %zu: invalid section index\n"),
724 idx, section_name (ebl, idx), cnt);
725 else
726 xndx = sym->st_shndx;
727
728 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
729 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
730 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
731 idx, section_name (ebl, idx), cnt);
732
733 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
734 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
735 0))
736 ERROR (gettext ("\
737 section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
738 idx, section_name (ebl, idx), cnt);
739 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
740 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
741 ERROR (gettext ("\
742 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"),
743 idx, section_name (ebl, idx), cnt);
744
745 if (xndx == SHN_COMMON)
746 {
747 /* Common symbols can only appear in relocatable files. */
748 if (ehdr->e_type != ET_REL)
749 ERROR (gettext ("\
750 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
751 idx, section_name (ebl, idx), cnt);
752 if (cnt < shdr->sh_info)
753 ERROR (gettext ("\
754 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
755 idx, section_name (ebl, idx), cnt);
756 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
757 ERROR (gettext ("\
758 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
759 idx, section_name (ebl, idx), cnt);
760 }
761 else if (xndx > 0 && xndx < shnum)
762 {
763 GElf_Shdr destshdr_mem;
764 GElf_Shdr *destshdr;
765
766 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
767 if (destshdr != NULL)
768 {
769 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
770 : destshdr->sh_addr);
771 GElf_Addr st_value;
772 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC
773 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC))
774 st_value = sym->st_value & ebl_func_addr_mask (ebl);
775 else
776 st_value = sym->st_value;
777 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
778 {
779 if (! ebl_check_special_symbol (ebl, ehdr, sym, name,
780 destshdr))
781 {
782 if (st_value - sh_addr > destshdr->sh_size)
783 {
784 /* GNU ld has severe bugs. When it decides to remove
785 empty sections it leaves symbols referencing them
786 behind. These are symbols in .symtab or .dynsym
787 and for the named symbols have zero size. See
788 sourceware PR13621. */
789 if (!gnuld
790 || (strcmp (section_name (ebl, idx), ".symtab")
791 && strcmp (section_name (ebl, idx),
792 ".dynsym"))
793 || sym->st_size != 0
794 || (strcmp (name, "__preinit_array_start") != 0
795 && strcmp (name, "__preinit_array_end") != 0
796 && strcmp (name, "__init_array_start") != 0
797 && strcmp (name, "__init_array_end") != 0
798 && strcmp (name, "__fini_array_start") != 0
799 && strcmp (name, "__fini_array_end") != 0
800 && strcmp (name, "__bss_start") != 0
801 && strcmp (name, "__bss_start__") != 0
802 && strcmp (name, "__TMC_END__") != 0
803 && strcmp (name, ".TOC.") != 0))
804 ERROR (gettext ("\
805 section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
806 idx, section_name (ebl, idx), cnt);
807 }
808 else if ((st_value - sh_addr
809 + sym->st_size) > destshdr->sh_size)
810 ERROR (gettext ("\
811 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
812 idx, section_name (ebl, idx), cnt,
813 (int) xndx, section_name (ebl, xndx));
814 }
815 }
816 else
817 {
818 if ((destshdr->sh_flags & SHF_TLS) == 0)
819 ERROR (gettext ("\
820 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
821 idx, section_name (ebl, idx), cnt,
822 (int) xndx, section_name (ebl, xndx));
823
824 if (ehdr->e_type == ET_REL)
825 {
826 /* For object files the symbol value must fall
827 into the section. */
828 if (st_value > destshdr->sh_size)
829 ERROR (gettext ("\
830 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
831 idx, section_name (ebl, idx), cnt,
832 (int) xndx, section_name (ebl, xndx));
833 else if (st_value + sym->st_size
834 > destshdr->sh_size)
835 ERROR (gettext ("\
836 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
837 idx, section_name (ebl, idx), cnt,
838 (int) xndx, section_name (ebl, xndx));
839 }
840 else
841 {
842 GElf_Phdr phdr_mem;
843 GElf_Phdr *phdr = NULL;
844 unsigned int pcnt;
845
846 for (pcnt = 0; pcnt < phnum; ++pcnt)
847 {
848 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
849 if (phdr != NULL && phdr->p_type == PT_TLS)
850 break;
851 }
852
853 if (pcnt == phnum)
854 {
855 if (no_pt_tls++ == 0)
856 ERROR (gettext ("\
857 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
858 idx, section_name (ebl, idx), cnt);
859 }
860 else
861 {
862 if (st_value
863 < destshdr->sh_offset - phdr->p_offset)
864 ERROR (gettext ("\
865 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
866 idx, section_name (ebl, idx), cnt,
867 (int) xndx, section_name (ebl, xndx));
868 else if (st_value
869 > (destshdr->sh_offset - phdr->p_offset
870 + destshdr->sh_size))
871 ERROR (gettext ("\
872 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
873 idx, section_name (ebl, idx), cnt,
874 (int) xndx, section_name (ebl, xndx));
875 else if (st_value + sym->st_size
876 > (destshdr->sh_offset - phdr->p_offset
877 + destshdr->sh_size))
878 ERROR (gettext ("\
879 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
880 idx, section_name (ebl, idx), cnt,
881 (int) xndx, section_name (ebl, xndx));
882 }
883 }
884 }
885 }
886 }
887
888 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
889 {
890 if (cnt >= shdr->sh_info)
891 ERROR (gettext ("\
892 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
893 idx, section_name (ebl, idx), cnt);
894 }
895 else
896 {
897 if (cnt < shdr->sh_info)
898 ERROR (gettext ("\
899 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
900 idx, section_name (ebl, idx), cnt);
901 }
902
903 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
904 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
905 ERROR (gettext ("\
906 section [%2d] '%s': symbol %zu: non-local section symbol\n"),
907 idx, section_name (ebl, idx), cnt);
908
909 if (name != NULL)
910 {
911 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
912 {
913 /* Check that address and size match the global offset table. */
914
915 GElf_Shdr destshdr_mem;
916 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
917 &destshdr_mem);
918
919 if (destshdr == NULL && xndx == SHN_ABS)
920 {
921 /* In a DSO, we have to find the GOT section by name. */
922 Elf_Scn *gotscn = NULL;
923 Elf_Scn *gscn = NULL;
924 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
925 {
926 destshdr = gelf_getshdr (gscn, &destshdr_mem);
927 assert (destshdr != NULL);
928 const char *sname = elf_strptr (ebl->elf,
929 ehdr->e_shstrndx,
930 destshdr->sh_name);
931 if (sname != NULL)
932 {
933 if (strcmp (sname, ".got.plt") == 0)
934 break;
935 if (strcmp (sname, ".got") == 0)
936 /* Do not stop looking.
937 There might be a .got.plt section. */
938 gotscn = gscn;
939 }
940
941 destshdr = NULL;
942 }
943
944 if (destshdr == NULL && gotscn != NULL)
945 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
946 }
947
948 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
949 ? NULL
950 : elf_strptr (ebl->elf, ehdr->e_shstrndx,
951 destshdr->sh_name));
952 if (sname == NULL)
953 {
954 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
955 ERROR (gettext ("\
956 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
957 bad section [%2d]\n"),
958 idx, section_name (ebl, idx), xndx);
959 }
960 else if (strcmp (sname, ".got.plt") != 0
961 && strcmp (sname, ".got") != 0)
962 ERROR (gettext ("\
963 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
964 section [%2d] '%s'\n"),
965 idx, section_name (ebl, idx), xndx, sname);
966
967 if (destshdr != NULL)
968 {
969 /* Found it. */
970 if (!ebl_check_special_symbol (ebl, ehdr, sym, name,
971 destshdr))
972 {
973 if (ehdr->e_type != ET_REL
974 && sym->st_value != destshdr->sh_addr)
975 /* This test is more strict than the psABIs which
976 usually allow the symbol to be in the middle of
977 the .got section, allowing negative offsets. */
978 ERROR (gettext ("\
979 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
980 idx, section_name (ebl, idx),
981 (uint64_t) sym->st_value,
982 sname, (uint64_t) destshdr->sh_addr);
983
984 if (!gnuld && sym->st_size != destshdr->sh_size)
985 ERROR (gettext ("\
986 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
987 idx, section_name (ebl, idx),
988 (uint64_t) sym->st_size,
989 sname, (uint64_t) destshdr->sh_size);
990 }
991 }
992 else
993 ERROR (gettext ("\
994 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
995 idx, section_name (ebl, idx));
996 }
997 else if (strcmp (name, "_DYNAMIC") == 0)
998 /* Check that address and size match the dynamic section.
999 We locate the dynamic section via the program header
1000 entry. */
1001 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
1002 {
1003 GElf_Phdr phdr_mem;
1004 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
1005
1006 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
1007 {
1008 if (sym->st_value != phdr->p_vaddr)
1009 ERROR (gettext ("\
1010 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
1011 idx, section_name (ebl, idx),
1012 (uint64_t) sym->st_value,
1013 (uint64_t) phdr->p_vaddr);
1014
1015 if (!gnuld && sym->st_size != phdr->p_memsz)
1016 ERROR (gettext ("\
1017 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1018 idx, section_name (ebl, idx),
1019 (uint64_t) sym->st_size,
1020 (uint64_t) phdr->p_memsz);
1021
1022 break;
1023 }
1024 }
1025 }
1026
1027 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1028 && shdr->sh_type == SHT_DYNSYM)
1029 ERROR (gettext ("\
1030 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"),
1031 idx, section_name (ebl, idx), cnt);
1032 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1033 ERROR (gettext ("\
1034 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"),
1035 idx, section_name (ebl, idx), cnt);
1036
1037 }
1038 }
1039
1040
1041 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1042 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1043 bool is_rela)
1044 {
1045 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1046 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1047 return false;
1048
1049 /* Check the section name. Unfortunately necessary. */
1050 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1051 return false;
1052
1053 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1054 entry can be present as well. */
1055 Elf_Scn *scn = NULL;
1056 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1057 {
1058 GElf_Shdr rcshdr_mem;
1059 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1060
1061 if (rcshdr == NULL)
1062 break;
1063
1064 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize)
1065 {
1066 /* Found the dynamic section. Look through it. */
1067 Elf_Data *d = elf_getdata (scn, NULL);
1068 size_t cnt;
1069
1070 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1071 {
1072 GElf_Dyn dyn_mem;
1073 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1074
1075 if (dyn == NULL)
1076 break;
1077
1078 if (dyn->d_tag == DT_RELCOUNT)
1079 {
1080 /* Found it. Does the type match. */
1081 if (is_rela)
1082 ERROR (gettext ("\
1083 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1084 idx, section_name (ebl, idx));
1085 else
1086 {
1087 /* Does the number specified number of relative
1088 relocations exceed the total number of
1089 relocations? */
1090 if (shdr->sh_entsize != 0
1091 && dyn->d_un.d_val > (shdr->sh_size
1092 / shdr->sh_entsize))
1093 ERROR (gettext ("\
1094 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1095 idx, section_name (ebl, idx),
1096 (int) dyn->d_un.d_val);
1097
1098 /* Make sure the specified number of relocations are
1099 relative. */
1100 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1101 idx), NULL);
1102 if (reldata != NULL)
1103 for (size_t inner = 0;
1104 inner < shdr->sh_size / shdr->sh_entsize;
1105 ++inner)
1106 {
1107 GElf_Rel rel_mem;
1108 GElf_Rel *rel = gelf_getrel (reldata, inner,
1109 &rel_mem);
1110 if (rel == NULL)
1111 /* The problem will be reported elsewhere. */
1112 break;
1113
1114 if (ebl_relative_reloc_p (ebl,
1115 GELF_R_TYPE (rel->r_info)))
1116 {
1117 if (inner >= dyn->d_un.d_val)
1118 ERROR (gettext ("\
1119 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1120 idx, section_name (ebl, idx),
1121 (int) dyn->d_un.d_val);
1122 }
1123 else if (inner < dyn->d_un.d_val)
1124 ERROR (gettext ("\
1125 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1126 idx, section_name (ebl, idx),
1127 inner, (int) dyn->d_un.d_val);
1128 }
1129 }
1130 }
1131
1132 if (dyn->d_tag == DT_RELACOUNT)
1133 {
1134 /* Found it. Does the type match. */
1135 if (!is_rela)
1136 ERROR (gettext ("\
1137 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1138 idx, section_name (ebl, idx));
1139 else
1140 {
1141 /* Does the number specified number of relative
1142 relocations exceed the total number of
1143 relocations? */
1144 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1145 ERROR (gettext ("\
1146 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1147 idx, section_name (ebl, idx),
1148 (int) dyn->d_un.d_val);
1149
1150 /* Make sure the specified number of relocations are
1151 relative. */
1152 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1153 idx), NULL);
1154 if (reldata != NULL)
1155 for (size_t inner = 0;
1156 inner < shdr->sh_size / shdr->sh_entsize;
1157 ++inner)
1158 {
1159 GElf_Rela rela_mem;
1160 GElf_Rela *rela = gelf_getrela (reldata, inner,
1161 &rela_mem);
1162 if (rela == NULL)
1163 /* The problem will be reported elsewhere. */
1164 break;
1165
1166 if (ebl_relative_reloc_p (ebl,
1167 GELF_R_TYPE (rela->r_info)))
1168 {
1169 if (inner >= dyn->d_un.d_val)
1170 ERROR (gettext ("\
1171 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1172 idx, section_name (ebl, idx),
1173 (int) dyn->d_un.d_val);
1174 }
1175 else if (inner < dyn->d_un.d_val)
1176 ERROR (gettext ("\
1177 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1178 idx, section_name (ebl, idx),
1179 inner, (int) dyn->d_un.d_val);
1180 }
1181 }
1182 }
1183 }
1184
1185 break;
1186 }
1187 }
1188
1189 return true;
1190 }
1191
1192
1193 struct loaded_segment
1194 {
1195 GElf_Addr from;
1196 GElf_Addr to;
1197 bool read_only;
1198 struct loaded_segment *next;
1199 };
1200
1201
1202 /* Check whether binary has text relocation flag set. */
1203 static bool textrel;
1204
1205 /* Keep track of whether text relocation flag is needed. */
1206 static bool needed_textrel;
1207
1208
1209 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1210 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1211 int idx, int reltype, GElf_Shdr **destshdrp,
1212 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1213 {
1214 bool reldyn = false;
1215
1216 /* Check whether the link to the section we relocate is reasonable. */
1217 if (shdr->sh_info >= shnum)
1218 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1219 idx, section_name (ebl, idx));
1220 else if (shdr->sh_info != 0)
1221 {
1222 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1223 destshdr_memp);
1224 if (*destshdrp != NULL)
1225 {
1226 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type))
1227 {
1228 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1229 if (!reldyn)
1230 ERROR (gettext ("\
1231 section [%2d] '%s': invalid destination section type\n"),
1232 idx, section_name (ebl, idx));
1233 else
1234 {
1235 /* There is no standard, but we require that .rel{,a}.dyn
1236 sections have a sh_info value of zero. */
1237 if (shdr->sh_info != 0)
1238 ERROR (gettext ("\
1239 section [%2d] '%s': sh_info should be zero\n"),
1240 idx, section_name (ebl, idx));
1241 }
1242 }
1243
1244 if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0)
1245 ERROR (gettext ("\
1246 section [%2d] '%s': no relocations for merge-able sections possible\n"),
1247 idx, section_name (ebl, idx));
1248 }
1249 }
1250
1251 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1252 if (shdr->sh_entsize != sh_entsize)
1253 ERROR (gettext (reltype == ELF_T_RELA ? "\
1254 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1255 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1256 idx, section_name (ebl, idx));
1257
1258 /* In preparation of checking whether relocations are text
1259 relocations or not we need to determine whether the file is
1260 flagged to have text relocation and we need to determine a) what
1261 the loaded segments are and b) which are read-only. This will
1262 also allow us to determine whether the same reloc section is
1263 modifying loaded and not loaded segments. */
1264 for (unsigned int i = 0; i < phnum; ++i)
1265 {
1266 GElf_Phdr phdr_mem;
1267 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1268 if (phdr == NULL)
1269 continue;
1270
1271 if (phdr->p_type == PT_LOAD)
1272 {
1273 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1274 newp->from = phdr->p_vaddr;
1275 newp->to = phdr->p_vaddr + phdr->p_memsz;
1276 newp->read_only = (phdr->p_flags & PF_W) == 0;
1277 newp->next = *loadedp;
1278 *loadedp = newp;
1279 }
1280 else if (phdr->p_type == PT_DYNAMIC)
1281 {
1282 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1283 GElf_Shdr dynshdr_mem;
1284 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1285 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1286 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1287 && dyndata != NULL)
1288 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1289 {
1290 GElf_Dyn dyn_mem;
1291 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1292 if (dyn != NULL
1293 && (dyn->d_tag == DT_TEXTREL
1294 || (dyn->d_tag == DT_FLAGS
1295 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1296 {
1297 textrel = true;
1298 break;
1299 }
1300 }
1301 }
1302 }
1303
1304 /* A quick test which can be easily done here (although it is a bit
1305 out of place): the text relocation flag makes only sense if there
1306 is a segment which is not writable. */
1307 if (textrel)
1308 {
1309 struct loaded_segment *seg = *loadedp;
1310 while (seg != NULL && !seg->read_only)
1311 seg = seg->next;
1312 if (seg == NULL)
1313 ERROR (gettext ("\
1314 text relocation flag set but there is no read-only segment\n"));
1315 }
1316
1317 return reldyn;
1318 }
1319
1320
1321 enum load_state
1322 {
1323 state_undecided,
1324 state_loaded,
1325 state_unloaded,
1326 state_error
1327 };
1328
1329
1330 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1331 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1332 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1333 GElf_Addr r_offset, GElf_Xword r_info,
1334 const GElf_Shdr *destshdr, bool reldyn,
1335 struct loaded_segment *loaded, enum load_state *statep)
1336 {
1337 bool known_broken = gnuld;
1338
1339 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1340 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1341 idx, section_name (ebl, idx), cnt);
1342 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1343 /* The executable/DSO can contain relocation sections with
1344 all the relocations the linker has applied. Those sections
1345 are marked non-loaded, though. */
1346 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1347 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1348 ERROR (gettext ("\
1349 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1350 idx, section_name (ebl, idx), cnt);
1351
1352 if (symshdr != NULL
1353 && ((GELF_R_SYM (r_info) + 1)
1354 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1355 > symshdr->sh_size))
1356 ERROR (gettext ("\
1357 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1358 idx, section_name (ebl, idx), cnt);
1359
1360 /* No more tests if this is a no-op relocation. */
1361 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1362 return;
1363
1364 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1365 {
1366 const char *name;
1367 char buf[64];
1368 GElf_Sym sym_mem;
1369 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1370 if (sym != NULL
1371 /* Get the name for the symbol. */
1372 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1373 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1374 ERROR (gettext ("\
1375 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1376 idx, section_name (ebl, idx), cnt,
1377 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1378 buf, sizeof (buf)));
1379 }
1380
1381 if (reldyn)
1382 {
1383 // XXX TODO Check .rel.dyn section addresses.
1384 }
1385 else if (!known_broken)
1386 {
1387 if (destshdr != NULL
1388 && GELF_R_TYPE (r_info) != 0
1389 && (r_offset - (ehdr->e_type == ET_REL ? 0
1390 : destshdr->sh_addr)) >= destshdr->sh_size)
1391 ERROR (gettext ("\
1392 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1393 idx, section_name (ebl, idx), cnt);
1394 }
1395
1396 GElf_Sym sym_mem;
1397 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1398
1399 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1400 /* Make sure the referenced symbol is an object or unspecified. */
1401 && sym != NULL
1402 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1403 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1404 {
1405 char buf[64];
1406 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1407 idx, section_name (ebl, idx), cnt,
1408 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1409 buf, sizeof (buf)));
1410 }
1411
1412 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1413 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1414 {
1415 bool in_loaded_seg = false;
1416 while (loaded != NULL)
1417 {
1418 if (r_offset < loaded->to
1419 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1420 {
1421 /* The symbol is in this segment. */
1422 if (loaded->read_only)
1423 {
1424 if (textrel)
1425 needed_textrel = true;
1426 else
1427 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1428 idx, section_name (ebl, idx), cnt);
1429 }
1430
1431 in_loaded_seg = true;
1432 }
1433
1434 loaded = loaded->next;
1435 }
1436
1437 if (*statep == state_undecided)
1438 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1439 else if ((*statep == state_unloaded && in_loaded_seg)
1440 || (*statep == state_loaded && !in_loaded_seg))
1441 {
1442 ERROR (gettext ("\
1443 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1444 idx, section_name (ebl, idx));
1445 *statep = state_error;
1446 }
1447 }
1448 }
1449
1450
1451 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1452 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1453 {
1454 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1455 if (data == NULL)
1456 {
1457 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1458 idx, section_name (ebl, idx));
1459 return;
1460 }
1461
1462 /* Check the fields of the section header. */
1463 GElf_Shdr destshdr_mem;
1464 GElf_Shdr *destshdr = NULL;
1465 struct loaded_segment *loaded = NULL;
1466 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1467 &destshdr_mem, &loaded);
1468
1469 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1470 GElf_Shdr symshdr_mem;
1471 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1472 Elf_Data *symdata = elf_getdata (symscn, NULL);
1473 enum load_state state = state_undecided;
1474
1475 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1476 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1477 {
1478 GElf_Rela rela_mem;
1479 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1480 if (rela == NULL)
1481 {
1482 ERROR (gettext ("\
1483 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1484 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1485 continue;
1486 }
1487
1488 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1489 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1490 &state);
1491 }
1492
1493 while (loaded != NULL)
1494 {
1495 struct loaded_segment *old = loaded;
1496 loaded = loaded->next;
1497 free (old);
1498 }
1499 }
1500
1501
1502 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1503 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1504 {
1505 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1506 if (data == NULL)
1507 {
1508 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1509 idx, section_name (ebl, idx));
1510 return;
1511 }
1512
1513 /* Check the fields of the section header. */
1514 GElf_Shdr destshdr_mem;
1515 GElf_Shdr *destshdr = NULL;
1516 struct loaded_segment *loaded = NULL;
1517 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1518 &destshdr_mem, &loaded);
1519
1520 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1521 GElf_Shdr symshdr_mem;
1522 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1523 Elf_Data *symdata = elf_getdata (symscn, NULL);
1524 enum load_state state = state_undecided;
1525
1526 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1527 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1528 {
1529 GElf_Rel rel_mem;
1530 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1531 if (rel == NULL)
1532 {
1533 ERROR (gettext ("\
1534 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1535 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1536 continue;
1537 }
1538
1539 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1540 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1541 &state);
1542 }
1543
1544 while (loaded != NULL)
1545 {
1546 struct loaded_segment *old = loaded;
1547 loaded = loaded->next;
1548 free (old);
1549 }
1550 }
1551
1552
1553 /* Number of dynamic sections. */
1554 static int ndynamic;
1555
1556
1557 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1558 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1559 {
1560 Elf_Data *data;
1561 GElf_Shdr strshdr_mem;
1562 GElf_Shdr *strshdr;
1563 size_t cnt;
1564 static const bool dependencies[DT_NUM][DT_NUM] =
1565 {
1566 [DT_NEEDED] = { [DT_STRTAB] = true },
1567 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1568 [DT_HASH] = { [DT_SYMTAB] = true },
1569 [DT_STRTAB] = { [DT_STRSZ] = true },
1570 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1571 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1572 [DT_RELASZ] = { [DT_RELA] = true },
1573 [DT_RELAENT] = { [DT_RELA] = true },
1574 [DT_STRSZ] = { [DT_STRTAB] = true },
1575 [DT_SYMENT] = { [DT_SYMTAB] = true },
1576 [DT_SONAME] = { [DT_STRTAB] = true },
1577 [DT_RPATH] = { [DT_STRTAB] = true },
1578 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1579 [DT_RELSZ] = { [DT_REL] = true },
1580 [DT_RELENT] = { [DT_REL] = true },
1581 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1582 [DT_RUNPATH] = { [DT_STRTAB] = true },
1583 [DT_PLTREL] = { [DT_JMPREL] = true },
1584 };
1585 bool has_dt[DT_NUM];
1586 bool has_val_dt[DT_VALNUM];
1587 bool has_addr_dt[DT_ADDRNUM];
1588 static const bool level2[DT_NUM] =
1589 {
1590 [DT_RPATH] = true,
1591 [DT_SYMBOLIC] = true,
1592 [DT_TEXTREL] = true,
1593 [DT_BIND_NOW] = true
1594 };
1595 static const bool mandatory[DT_NUM] =
1596 {
1597 [DT_NULL] = true,
1598 [DT_STRTAB] = true,
1599 [DT_SYMTAB] = true,
1600 [DT_STRSZ] = true,
1601 [DT_SYMENT] = true
1602 };
1603
1604 memset (has_dt, '\0', sizeof (has_dt));
1605 memset (has_val_dt, '\0', sizeof (has_val_dt));
1606 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1607
1608 if (++ndynamic == 2)
1609 ERROR (gettext ("more than one dynamic section present\n"));
1610
1611 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1612 if (data == NULL)
1613 {
1614 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1615 idx, section_name (ebl, idx));
1616 return;
1617 }
1618
1619 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1620 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1621 ERROR (gettext ("\
1622 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1623 shdr->sh_link, section_name (ebl, shdr->sh_link),
1624 idx, section_name (ebl, idx));
1625
1626 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1627 if (shdr->sh_entsize != sh_entsize)
1628 ERROR (gettext ("\
1629 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1630 idx, section_name (ebl, idx));
1631
1632 if (shdr->sh_info != 0)
1633 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1634 idx, section_name (ebl, idx));
1635
1636 bool non_null_warned = false;
1637 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1638 {
1639 GElf_Dyn dyn_mem;
1640 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1641 if (dyn == NULL)
1642 {
1643 ERROR (gettext ("\
1644 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1645 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1646 continue;
1647 }
1648
1649 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1650 {
1651 ERROR (gettext ("\
1652 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1653 idx, section_name (ebl, idx));
1654 non_null_warned = true;
1655 }
1656
1657 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1658 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
1659 idx, section_name (ebl, idx), cnt);
1660
1661 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1662 {
1663 if (has_dt[dyn->d_tag]
1664 && dyn->d_tag != DT_NEEDED
1665 && dyn->d_tag != DT_NULL
1666 && dyn->d_tag != DT_POSFLAG_1)
1667 {
1668 char buf[50];
1669 ERROR (gettext ("\
1670 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1671 idx, section_name (ebl, idx), cnt,
1672 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1673 buf, sizeof (buf)));
1674 }
1675
1676 if (be_strict && level2[dyn->d_tag])
1677 {
1678 char buf[50];
1679 ERROR (gettext ("\
1680 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1681 idx, section_name (ebl, idx), cnt,
1682 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1683 buf, sizeof (buf)));
1684 }
1685
1686 has_dt[dyn->d_tag] = true;
1687 }
1688 else if (dyn->d_tag <= DT_VALRNGHI
1689 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1690 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1691 else if (dyn->d_tag <= DT_ADDRRNGHI
1692 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1693 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1694
1695 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1696 && dyn->d_un.d_val != DT_RELA)
1697 ERROR (gettext ("\
1698 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1699 idx, section_name (ebl, idx), cnt);
1700
1701 /* Check that addresses for entries are in loaded segments. */
1702 switch (dyn->d_tag)
1703 {
1704 size_t n;
1705 case DT_STRTAB:
1706 /* We require the referenced section is the same as the one
1707 specified in sh_link. */
1708 if (strshdr->sh_addr != dyn->d_un.d_val)
1709 {
1710 ERROR (gettext ("\
1711 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1712 idx, section_name (ebl, idx), cnt,
1713 shdr->sh_link, section_name (ebl, shdr->sh_link));
1714 break;
1715 }
1716 goto check_addr;
1717
1718 default:
1719 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1720 /* Value is no pointer. */
1721 break;
1722 /* FALLTHROUGH */
1723
1724 case DT_AUXILIARY:
1725 case DT_FILTER:
1726 case DT_FINI:
1727 case DT_FINI_ARRAY:
1728 case DT_HASH:
1729 case DT_INIT:
1730 case DT_INIT_ARRAY:
1731 case DT_JMPREL:
1732 case DT_PLTGOT:
1733 case DT_REL:
1734 case DT_RELA:
1735 case DT_SYMBOLIC:
1736 case DT_SYMTAB:
1737 case DT_VERDEF:
1738 case DT_VERNEED:
1739 case DT_VERSYM:
1740 check_addr:
1741 for (n = 0; n < phnum; ++n)
1742 {
1743 GElf_Phdr phdr_mem;
1744 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1745 if (phdr != NULL && phdr->p_type == PT_LOAD
1746 && phdr->p_vaddr <= dyn->d_un.d_ptr
1747 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1748 break;
1749 }
1750 if (unlikely (n >= phnum))
1751 {
1752 char buf[50];
1753 ERROR (gettext ("\
1754 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1755 idx, section_name (ebl, idx), cnt,
1756 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1757 sizeof (buf)));
1758 }
1759 break;
1760
1761 case DT_NEEDED:
1762 case DT_RPATH:
1763 case DT_RUNPATH:
1764 case DT_SONAME:
1765 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1766 {
1767 char buf[50];
1768 ERROR (gettext ("\
1769 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1770 idx, section_name (ebl, idx), cnt,
1771 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1772 sizeof (buf)),
1773 shdr->sh_link, section_name (ebl, shdr->sh_link));
1774 }
1775 break;
1776 }
1777 }
1778
1779 for (cnt = 1; cnt < DT_NUM; ++cnt)
1780 if (has_dt[cnt])
1781 {
1782 for (int inner = 0; inner < DT_NUM; ++inner)
1783 if (dependencies[cnt][inner] && ! has_dt[inner])
1784 {
1785 char buf1[50];
1786 char buf2[50];
1787
1788 ERROR (gettext ("\
1789 section [%2d] '%s': contains %s entry but not %s\n"),
1790 idx, section_name (ebl, idx),
1791 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1792 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1793 }
1794 }
1795 else
1796 {
1797 if (mandatory[cnt])
1798 {
1799 char buf[50];
1800 ERROR (gettext ("\
1801 section [%2d] '%s': mandatory tag %s not present\n"),
1802 idx, section_name (ebl, idx),
1803 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1804 }
1805 }
1806
1807 /* Make sure we have an hash table. */
1808 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1809 ERROR (gettext ("\
1810 section [%2d] '%s': no hash section present\n"),
1811 idx, section_name (ebl, idx));
1812
1813 /* The GNU-style hash table also needs a symbol table. */
1814 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1815 && !has_dt[DT_SYMTAB])
1816 ERROR (gettext ("\
1817 section [%2d] '%s': contains %s entry but not %s\n"),
1818 idx, section_name (ebl, idx),
1819 "DT_GNU_HASH", "DT_SYMTAB");
1820
1821 /* Check the rel/rela tags. At least one group must be available. */
1822 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1823 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1824 ERROR (gettext ("\
1825 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1826 idx, section_name (ebl, idx),
1827 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1828
1829 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1830 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1831 ERROR (gettext ("\
1832 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1833 idx, section_name (ebl, idx),
1834 "DT_REL", "DT_RELSZ", "DT_RELENT");
1835
1836 /* Check that all prelink sections are present if any of them is. */
1837 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1838 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1839 {
1840 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1841 ERROR (gettext ("\
1842 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1843 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1844 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1845 ERROR (gettext ("\
1846 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1847 idx, section_name (ebl, idx), "DT_CHECKSUM");
1848
1849 /* Only DSOs can be marked like this. */
1850 if (ehdr->e_type != ET_DYN)
1851 ERROR (gettext ("\
1852 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1853 idx, section_name (ebl, idx));
1854 }
1855
1856 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1857 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1858 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1859 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1860 {
1861 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1862 ERROR (gettext ("\
1863 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1864 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1865 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1866 ERROR (gettext ("\
1867 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1868 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1869 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1870 ERROR (gettext ("\
1871 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1872 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1873 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1874 ERROR (gettext ("\
1875 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1876 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1877 }
1878 }
1879
1880
1881 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1882 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1883 {
1884 if (ehdr->e_type != ET_REL)
1885 {
1886 ERROR (gettext ("\
1887 section [%2d] '%s': only relocatable files can have extended section index\n"),
1888 idx, section_name (ebl, idx));
1889 return;
1890 }
1891
1892 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1893 GElf_Shdr symshdr_mem;
1894 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1895 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1896 ERROR (gettext ("\
1897 section [%2d] '%s': extended section index section not for symbol table\n"),
1898 idx, section_name (ebl, idx));
1899 Elf_Data *symdata = elf_getdata (symscn, NULL);
1900 if (symdata == NULL)
1901 ERROR (gettext ("cannot get data for symbol section\n"));
1902
1903 if (shdr->sh_entsize != sizeof (Elf32_Word))
1904 ERROR (gettext ("\
1905 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1906 idx, section_name (ebl, idx));
1907
1908 if (symshdr != NULL
1909 && shdr->sh_entsize
1910 && symshdr->sh_entsize
1911 && (shdr->sh_size / shdr->sh_entsize
1912 < symshdr->sh_size / symshdr->sh_entsize))
1913 ERROR (gettext ("\
1914 section [%2d] '%s': extended index table too small for symbol table\n"),
1915 idx, section_name (ebl, idx));
1916
1917 if (shdr->sh_info != 0)
1918 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1919 idx, section_name (ebl, idx));
1920
1921 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
1922 {
1923 GElf_Shdr rshdr_mem;
1924 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1925 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1926 && rshdr->sh_link == shdr->sh_link)
1927 {
1928 ERROR (gettext ("\
1929 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1930 idx, section_name (ebl, idx),
1931 cnt, section_name (ebl, cnt));
1932 break;
1933 }
1934 }
1935
1936 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1937 if (data == NULL)
1938 {
1939 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1940 idx, section_name (ebl, idx));
1941 return;
1942 }
1943
1944 if (*((Elf32_Word *) data->d_buf) != 0)
1945 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1946
1947 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
1948 {
1949 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
1950
1951 if (xndx != 0)
1952 {
1953 GElf_Sym sym_data;
1954 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
1955 if (sym == NULL)
1956 {
1957 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
1958 continue;
1959 }
1960
1961 if (sym->st_shndx != SHN_XINDEX)
1962 ERROR (gettext ("\
1963 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
1964 (uint32_t) xndx);
1965 }
1966 }
1967 }
1968
1969
1970 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1971 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
1972 GElf_Shdr *symshdr)
1973 {
1974 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
1975 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
1976
1977 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
1978 ERROR (gettext ("\
1979 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
1980 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1981 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
1982
1983 size_t maxidx = nchain;
1984
1985 if (symshdr != NULL && symshdr->sh_entsize != 0)
1986 {
1987 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1988
1989 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
1990 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
1991 idx, section_name (ebl, idx));
1992
1993 maxidx = symsize;
1994 }
1995
1996 Elf32_Word *buf = (Elf32_Word *) data->d_buf;
1997 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
1998 size_t cnt;
1999 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2000 {
2001 if (buf + cnt >= end)
2002 break;
2003 else if (buf[cnt] >= maxidx)
2004 ERROR (gettext ("\
2005 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2006 idx, section_name (ebl, idx), cnt - 2);
2007 }
2008
2009 for (; cnt < 2 + nbucket + nchain; ++cnt)
2010 {
2011 if (buf + cnt >= end)
2012 break;
2013 else if (buf[cnt] >= maxidx)
2014 ERROR (gettext ("\
2015 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
2016 idx, section_name (ebl, idx), cnt - 2 - nbucket);
2017 }
2018 }
2019
2020
2021 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2022 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2023 GElf_Shdr *symshdr)
2024 {
2025 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
2026 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
2027
2028 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
2029 ERROR (gettext ("\
2030 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
2031 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2032 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
2033
2034 size_t maxidx = nchain;
2035
2036 if (symshdr != NULL)
2037 {
2038 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
2039
2040 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
2041 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
2042 idx, section_name (ebl, idx));
2043
2044 maxidx = symsize;
2045 }
2046
2047 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
2048 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
2049 size_t cnt;
2050 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2051 {
2052 if (buf + cnt >= end)
2053 break;
2054 else if (buf[cnt] >= maxidx)
2055 ERROR (gettext ("\
2056 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2057 idx, section_name (ebl, idx), cnt - 2);
2058 }
2059
2060 for (; cnt < 2 + nbucket + nchain; ++cnt)
2061 {
2062 if (buf + cnt >= end)
2063 break;
2064 else if (buf[cnt] >= maxidx)
2065 ERROR (gettext ("\
2066 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2067 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
2068 }
2069 }
2070
2071
2072 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2073 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2074 GElf_Shdr *symshdr)
2075 {
2076 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2077 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2078 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2079
2080 if (!powerof2 (bitmask_words))
2081 ERROR (gettext ("\
2082 section [%2d] '%s': bitmask size not power of 2: %u\n"),
2083 idx, section_name (ebl, idx), bitmask_words);
2084
2085 size_t bitmask_idxmask = bitmask_words - 1;
2086 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2087 bitmask_words *= 2;
2088 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2089
2090 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
2091 {
2092 ERROR (gettext ("\
2093 section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
2094 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2095 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
2096 return;
2097 }
2098
2099 if (shift > 31)
2100 ERROR (gettext ("\
2101 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2102 idx, section_name (ebl, idx), shift);
2103
2104 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2105 + nbuckets);
2106
2107 if (symshdr != NULL)
2108 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2109
2110 /* We need the symbol section data. */
2111 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2112
2113 union
2114 {
2115 Elf32_Word *p32;
2116 Elf64_Xword *p64;
2117 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2118 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2119
2120 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2121
2122 size_t cnt;
2123 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2124 {
2125 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2126
2127 if (symidx == 0)
2128 continue;
2129
2130 if (symidx < symbias)
2131 {
2132 ERROR (gettext ("\
2133 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2134 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2135 continue;
2136 }
2137
2138 while (symidx - symbias < maxidx)
2139 {
2140 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2141 + bitmask_words
2142 + nbuckets
2143 + symidx
2144 - symbias];
2145
2146 if (symdata != NULL)
2147 {
2148 /* Check that the referenced symbol is not undefined. */
2149 GElf_Sym sym_mem;
2150 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2151 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2152 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2153 ERROR (gettext ("\
2154 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2155 idx, section_name (ebl, idx), symidx,
2156 cnt - (4 + bitmask_words));
2157
2158 const char *symname = elf_strptr (ebl->elf, symshdr->sh_link,
2159 sym->st_name);
2160 if (symname != NULL)
2161 {
2162 Elf32_Word hval = elf_gnu_hash (symname);
2163 if ((hval & ~1u) != (chainhash & ~1u))
2164 ERROR (gettext ("\
2165 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2166 idx, section_name (ebl, idx), symidx,
2167 cnt - (4 + bitmask_words));
2168
2169 /* Set the bits in the bitmask. */
2170 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2171 if (classbits == 32)
2172 {
2173 collected.p32[maskidx]
2174 |= UINT32_C (1) << (hval & (classbits - 1));
2175 collected.p32[maskidx]
2176 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2177 }
2178 else
2179 {
2180 collected.p64[maskidx]
2181 |= UINT64_C (1) << (hval & (classbits - 1));
2182 collected.p64[maskidx]
2183 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2184 }
2185 }
2186 }
2187
2188 if ((chainhash & 1) != 0)
2189 break;
2190
2191 ++symidx;
2192 }
2193
2194 if (symidx - symbias >= maxidx)
2195 ERROR (gettext ("\
2196 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2197 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2198 else if (symshdr != NULL
2199 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2200 ERROR (gettext ("\
2201 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2202 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2203 }
2204
2205 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2206 ERROR (gettext ("\
2207 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2208 idx, section_name (ebl, idx));
2209
2210 free (collected.p32);
2211 }
2212
2213
2214 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2215 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2216 {
2217 if (ehdr->e_type == ET_REL)
2218 {
2219 ERROR (gettext ("\
2220 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2221 idx, section_name (ebl, idx));
2222 return;
2223 }
2224
2225 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2226 if (data == NULL)
2227 {
2228 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2229 idx, section_name (ebl, idx));
2230 return;
2231 }
2232
2233 GElf_Shdr symshdr_mem;
2234 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2235 &symshdr_mem);
2236 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2237 ERROR (gettext ("\
2238 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2239 idx, section_name (ebl, idx));
2240
2241 if (shdr->sh_entsize != (tag == SHT_GNU_HASH
2242 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2243 ? sizeof (Elf32_Word) : 0)
2244 : (size_t) ebl_sysvhash_entrysize (ebl)))
2245 ERROR (gettext ("\
2246 section [%2d] '%s': hash table entry size incorrect\n"),
2247 idx, section_name (ebl, idx));
2248
2249 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2250 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
2251 idx, section_name (ebl, idx));
2252
2253 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
2254 {
2255 ERROR (gettext ("\
2256 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2257 idx, section_name (ebl, idx));
2258 return;
2259 }
2260
2261 switch (tag)
2262 {
2263 case SHT_HASH:
2264 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2265 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2266 else
2267 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2268 break;
2269
2270 case SHT_GNU_HASH:
2271 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2272 break;
2273
2274 default:
2275 assert (! "should not happen");
2276 }
2277 }
2278
2279
2280 /* Compare content of both hash tables, it must be identical. */
2281 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2282 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2283 size_t gnu_hash_idx)
2284 {
2285 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2286 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2287 GElf_Shdr hash_shdr_mem;
2288 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2289 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2290 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2291 GElf_Shdr gnu_hash_shdr_mem;
2292 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2293
2294 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2295 || hash_data == NULL || gnu_hash_data == NULL)
2296 /* None of these pointers should be NULL since we used the
2297 sections already. We are careful nonetheless. */
2298 return;
2299
2300 /* The link must point to the same symbol table. */
2301 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2302 {
2303 ERROR (gettext ("\
2304 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2305 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2306 gnu_hash_idx,
2307 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2308 return;
2309 }
2310
2311 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2312 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2313 GElf_Shdr sym_shdr_mem;
2314 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2315
2316 if (sym_data == NULL || sym_shdr == NULL)
2317 return;
2318
2319 int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2320 char *used = alloca (nentries);
2321 memset (used, '\0', nentries);
2322
2323 /* First go over the GNU_HASH table and mark the entries as used. */
2324 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2325 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2326 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2327 const Elf32_Word *gnu_bucket = (gnu_hasharr
2328 + (4 + gnu_hasharr[2] * bitmap_factor));
2329 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1];
2330
2331 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2332 {
2333 Elf32_Word symidx = gnu_bucket[cnt];
2334 if (symidx != STN_UNDEF)
2335 do
2336 used[symidx] |= 1;
2337 while ((gnu_chain[symidx++] & 1u) == 0);
2338 }
2339
2340 /* Now go over the old hash table and check that we cover the same
2341 entries. */
2342 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2343 {
2344 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2345 Elf32_Word nbucket = hasharr[0];
2346 const Elf32_Word *bucket = &hasharr[2];
2347 const Elf32_Word *chain = &hasharr[2 + nbucket];
2348
2349 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2350 {
2351 Elf32_Word symidx = bucket[cnt];
2352 while (symidx != STN_UNDEF)
2353 {
2354 used[symidx] |= 2;
2355 symidx = chain[symidx];
2356 }
2357 }
2358 }
2359 else
2360 {
2361 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2362 Elf64_Xword nbucket = hasharr[0];
2363 const Elf64_Xword *bucket = &hasharr[2];
2364 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2365
2366 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2367 {
2368 Elf64_Xword symidx = bucket[cnt];
2369 while (symidx != STN_UNDEF)
2370 {
2371 used[symidx] |= 2;
2372 symidx = chain[symidx];
2373 }
2374 }
2375 }
2376
2377 /* Now see which entries are not set in one or both hash tables
2378 (unless the symbol is undefined in which case it can be omitted
2379 in the new table format). */
2380 if ((used[0] & 1) != 0)
2381 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2382 gnu_hash_idx,
2383 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2384 if ((used[0] & 2) != 0)
2385 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2386 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2387
2388 for (int cnt = 1; cnt < nentries; ++cnt)
2389 if (used[cnt] != 0 && used[cnt] != 3)
2390 {
2391 if (used[cnt] == 1)
2392 ERROR (gettext ("\
2393 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2394 cnt, gnu_hash_idx,
2395 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2396 hash_idx,
2397 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2398 else
2399 {
2400 GElf_Sym sym_mem;
2401 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2402
2403 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2404 ERROR (gettext ("\
2405 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2406 cnt, hash_idx,
2407 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2408 gnu_hash_idx,
2409 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2410 }
2411 }
2412 }
2413
2414
2415 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2416 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2417 {
2418 #define TEST(name, extra) \
2419 if (extra && shdr->sh_##name != 0) \
2420 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2421 idx, section_name (ebl, idx), #name)
2422
2423 TEST (name, 1);
2424 TEST (flags, 1);
2425 TEST (addr, 1);
2426 TEST (offset, 1);
2427 TEST (size, idx != 0);
2428 TEST (link, idx != 0);
2429 TEST (info, 1);
2430 TEST (addralign, 1);
2431 TEST (entsize, 1);
2432 }
2433
2434
2435 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2436 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2437 {
2438 if (ehdr->e_type != ET_REL)
2439 {
2440 ERROR (gettext ("\
2441 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2442 idx, section_name (ebl, idx));
2443 return;
2444 }
2445
2446 /* Check that sh_link is an index of a symbol table. */
2447 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2448 GElf_Shdr symshdr_mem;
2449 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2450 if (symshdr == NULL)
2451 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
2452 idx, section_name (ebl, idx), elf_errmsg (-1));
2453 else
2454 {
2455 if (symshdr->sh_type != SHT_SYMTAB)
2456 ERROR (gettext ("\
2457 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2458 idx, section_name (ebl, idx));
2459
2460 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2461 1, EV_CURRENT))
2462 ERROR (gettext ("\
2463 section [%2d] '%s': invalid symbol index in sh_info\n"),
2464 idx, section_name (ebl, idx));
2465
2466 if (shdr->sh_flags != 0)
2467 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
2468 idx, section_name (ebl, idx));
2469
2470 GElf_Sym sym_data;
2471 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2472 &sym_data);
2473 if (sym == NULL)
2474 ERROR (gettext ("\
2475 section [%2d] '%s': cannot get symbol for signature\n"),
2476 idx, section_name (ebl, idx));
2477 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2478 "") == 0)
2479 ERROR (gettext ("\
2480 section [%2d] '%s': signature symbol cannot be empty string\n"),
2481 idx, section_name (ebl, idx));
2482
2483 if (be_strict
2484 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2485 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
2486 idx, section_name (ebl, idx));
2487 }
2488
2489 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2490 if (data == NULL)
2491 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
2492 idx, section_name (ebl, idx), elf_errmsg (-1));
2493 else
2494 {
2495 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2496 size_t cnt;
2497 Elf32_Word val;
2498
2499 if (data->d_size % elsize != 0)
2500 ERROR (gettext ("\
2501 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2502 idx, section_name (ebl, idx));
2503
2504 if (data->d_size < elsize)
2505 ERROR (gettext ("\
2506 section [%2d] '%s': section group without flags word\n"),
2507 idx, section_name (ebl, idx));
2508 else if (be_strict)
2509 {
2510 if (data->d_size < 2 * elsize)
2511 ERROR (gettext ("\
2512 section [%2d] '%s': section group without member\n"),
2513 idx, section_name (ebl, idx));
2514 else if (data->d_size < 3 * elsize)
2515 ERROR (gettext ("\
2516 section [%2d] '%s': section group with only one member\n"),
2517 idx, section_name (ebl, idx));
2518 }
2519
2520 #if ALLOW_UNALIGNED
2521 val = *((Elf32_Word *) data->d_buf);
2522 #else
2523 memcpy (&val, data->d_buf, elsize);
2524 #endif
2525 if ((val & ~GRP_COMDAT) != 0)
2526 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
2527 idx, section_name (ebl, idx));
2528
2529 for (cnt = elsize; cnt < data->d_size; cnt += elsize)
2530 {
2531 #if ALLOW_UNALIGNED
2532 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2533 #else
2534 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2535 #endif
2536
2537 if (val > shnum)
2538 ERROR (gettext ("\
2539 section [%2d] '%s': section index %Zu out of range\n"),
2540 idx, section_name (ebl, idx), cnt / elsize);
2541 else
2542 {
2543 GElf_Shdr refshdr_mem;
2544 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2545 &refshdr_mem);
2546 if (refshdr == NULL)
2547 ERROR (gettext ("\
2548 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2549 idx, section_name (ebl, idx), cnt / elsize,
2550 elf_errmsg (-1));
2551 else
2552 {
2553 if (refshdr->sh_type == SHT_GROUP)
2554 ERROR (gettext ("\
2555 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2556 idx, section_name (ebl, idx),
2557 val, section_name (ebl, val));
2558
2559 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2560 ERROR (gettext ("\
2561 section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2562 idx, section_name (ebl, idx), cnt / elsize,
2563 val, section_name (ebl, val));
2564 }
2565
2566 if (++scnref[val] == 2)
2567 ERROR (gettext ("\
2568 section [%2d] '%s' is contained in more than one section group\n"),
2569 val, section_name (ebl, val));
2570 }
2571 }
2572 }
2573 }
2574
2575
2576 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2577 section_flags_string (GElf_Word flags, char *buf, size_t len)
2578 {
2579 if (flags == 0)
2580 return "none";
2581
2582 static const struct
2583 {
2584 GElf_Word flag;
2585 const char *name;
2586 } known_flags[] =
2587 {
2588 #define NEWFLAG(name) { SHF_##name, #name }
2589 NEWFLAG (WRITE),
2590 NEWFLAG (ALLOC),
2591 NEWFLAG (EXECINSTR),
2592 NEWFLAG (MERGE),
2593 NEWFLAG (STRINGS),
2594 NEWFLAG (INFO_LINK),
2595 NEWFLAG (LINK_ORDER),
2596 NEWFLAG (OS_NONCONFORMING),
2597 NEWFLAG (GROUP),
2598 NEWFLAG (TLS)
2599 };
2600 #undef NEWFLAG
2601 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2602
2603 char *cp = buf;
2604
2605 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2606 if (flags & known_flags[cnt].flag)
2607 {
2608 if (cp != buf && len > 1)
2609 {
2610 *cp++ = '|';
2611 --len;
2612 }
2613
2614 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2615 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2616 len -= ncopy;
2617
2618 flags ^= known_flags[cnt].flag;
2619 }
2620
2621 if (flags != 0 || cp == buf)
2622 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
2623
2624 *cp = '\0';
2625
2626 return buf;
2627 }
2628
2629
2630 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2631 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2632 {
2633 /* First find the relocation section for the symbol table. */
2634 Elf_Scn *scn = NULL;
2635 GElf_Shdr shdr_mem;
2636 GElf_Shdr *shdr = NULL;
2637 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2638 {
2639 shdr = gelf_getshdr (scn, &shdr_mem);
2640 if (shdr != NULL
2641 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2642 && shdr->sh_link == symscnndx)
2643 /* Found the section. */
2644 break;
2645 }
2646
2647 if (scn == NULL)
2648 return 0;
2649
2650 Elf_Data *data = elf_getdata (scn, NULL);
2651 if (data == NULL)
2652 return 0;
2653
2654 if (shdr->sh_type == SHT_REL)
2655 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2656 {
2657 GElf_Rel rel_mem;
2658 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2659 if (rel == NULL)
2660 continue;
2661
2662 if (GELF_R_SYM (rel->r_info) == symndx
2663 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2664 return 1;
2665 }
2666 else
2667 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2668 {
2669 GElf_Rela rela_mem;
2670 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2671 if (rela == NULL)
2672 continue;
2673
2674 if (GELF_R_SYM (rela->r_info) == symndx
2675 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2676 return 1;
2677 }
2678
2679 return 0;
2680 }
2681
2682
2683 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2684 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2685 {
2686 GElf_Shdr shdr_mem;
2687 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2688 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2689 }
2690
2691
2692 static struct version_namelist
2693 {
2694 const char *objname;
2695 const char *name;
2696 GElf_Versym ndx;
2697 enum { ver_def, ver_need } type;
2698 struct version_namelist *next;
2699 } *version_namelist;
2700
2701
2702 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2703 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2704 {
2705 /* Check that there are no duplications. */
2706 struct version_namelist *nlp = version_namelist;
2707 while (nlp != NULL)
2708 {
2709 if (((nlp->objname == NULL && objname == NULL)
2710 || (nlp->objname != NULL && objname != NULL
2711 && strcmp (nlp->objname, objname) == 0))
2712 && strcmp (nlp->name, name) == 0)
2713 return nlp->type == ver_def ? 1 : -1;
2714 nlp = nlp->next;
2715 }
2716
2717 nlp = xmalloc (sizeof (*nlp));
2718 nlp->objname = objname;
2719 nlp->name = name;
2720 nlp->ndx = ndx;
2721 nlp->type = type;
2722 nlp->next = version_namelist;
2723 version_namelist = nlp;
2724
2725 return 0;
2726 }
2727
2728
2729 static void
check_versym(Ebl * ebl,int idx)2730 check_versym (Ebl *ebl, int idx)
2731 {
2732 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2733 GElf_Shdr shdr_mem;
2734 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2735 if (shdr == NULL)
2736 /* The error has already been reported. */
2737 return;
2738
2739 Elf_Data *data = elf_getdata (scn, NULL);
2740 if (data == NULL)
2741 {
2742 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2743 idx, section_name (ebl, idx));
2744 return;
2745 }
2746
2747 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2748 GElf_Shdr symshdr_mem;
2749 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2750 if (symshdr == NULL)
2751 /* The error has already been reported. */
2752 return;
2753
2754 if (symshdr->sh_type != SHT_DYNSYM)
2755 {
2756 ERROR (gettext ("\
2757 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2758 idx, section_name (ebl, idx),
2759 shdr->sh_link, section_name (ebl, shdr->sh_link));
2760 return;
2761 }
2762
2763 /* The number of elements in the version symbol table must be the
2764 same as the number of symbols. */
2765 if (shdr->sh_entsize && symshdr->sh_entsize
2766 && (shdr->sh_size / shdr->sh_entsize
2767 != symshdr->sh_size / symshdr->sh_entsize))
2768 ERROR (gettext ("\
2769 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
2770 idx, section_name (ebl, idx),
2771 shdr->sh_link, section_name (ebl, shdr->sh_link));
2772
2773 Elf_Data *symdata = elf_getdata (symscn, NULL);
2774 if (symdata == NULL)
2775 /* The error has already been reported. */
2776 return;
2777
2778 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
2779 {
2780 GElf_Versym versym_mem;
2781 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
2782 if (versym == NULL)
2783 {
2784 ERROR (gettext ("\
2785 section [%2d] '%s': symbol %d: cannot read version data\n"),
2786 idx, section_name (ebl, idx), cnt);
2787 break;
2788 }
2789
2790 GElf_Sym sym_mem;
2791 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
2792 if (sym == NULL)
2793 /* Already reported elsewhere. */
2794 continue;
2795
2796 if (*versym == VER_NDX_GLOBAL)
2797 {
2798 /* Global symbol. Make sure it is not defined as local. */
2799 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2800 ERROR (gettext ("\
2801 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
2802 idx, section_name (ebl, idx), cnt);
2803 }
2804 else if (*versym != VER_NDX_LOCAL)
2805 {
2806 /* Versioned symbol. Make sure it is not defined as local. */
2807 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2808 ERROR (gettext ("\
2809 section [%2d] '%s': symbol %d: local symbol with version\n"),
2810 idx, section_name (ebl, idx), cnt);
2811
2812 /* Look through the list of defined versions and locate the
2813 index we need for this symbol. */
2814 struct version_namelist *runp = version_namelist;
2815 while (runp != NULL)
2816 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
2817 break;
2818 else
2819 runp = runp->next;
2820
2821 if (runp == NULL)
2822 ERROR (gettext ("\
2823 section [%2d] '%s': symbol %d: invalid version index %d\n"),
2824 idx, section_name (ebl, idx), cnt, (int) *versym);
2825 else if (sym->st_shndx == SHN_UNDEF
2826 && runp->type == ver_def)
2827 ERROR (gettext ("\
2828 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
2829 idx, section_name (ebl, idx), cnt, (int) *versym);
2830 else if (sym->st_shndx != SHN_UNDEF
2831 && runp->type == ver_need)
2832 {
2833 /* Unless this symbol has a copy relocation associated
2834 this must not happen. */
2835 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
2836 && !in_nobits_scn (ebl, sym->st_shndx))
2837 ERROR (gettext ("\
2838 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
2839 idx, section_name (ebl, idx), cnt, (int) *versym);
2840 }
2841 }
2842 }
2843 }
2844
2845
2846 static int
unknown_dependency_p(Elf * elf,const char * fname)2847 unknown_dependency_p (Elf *elf, const char *fname)
2848 {
2849 GElf_Phdr phdr_mem;
2850 GElf_Phdr *phdr = NULL;
2851
2852 unsigned int i;
2853 for (i = 0; i < phnum; ++i)
2854 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
2855 && phdr->p_type == PT_DYNAMIC)
2856 break;
2857
2858 if (i == phnum)
2859 return 1;
2860 assert (phdr != NULL);
2861 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
2862 GElf_Shdr shdr_mem;
2863 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2864 Elf_Data *data = elf_getdata (scn, NULL);
2865 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL)
2866 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
2867 {
2868 GElf_Dyn dyn_mem;
2869 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
2870 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
2871 {
2872 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
2873 if (str != NULL && strcmp (str, fname) == 0)
2874 /* Found it. */
2875 return 0;
2876 }
2877 }
2878
2879 return 1;
2880 }
2881
2882
2883 static unsigned int nverneed;
2884
2885 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)2886 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
2887 {
2888 if (++nverneed == 2)
2889 ERROR (gettext ("more than one version reference section present\n"));
2890
2891 GElf_Shdr strshdr_mem;
2892 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2893 &strshdr_mem);
2894 if (strshdr == NULL)
2895 return;
2896 if (strshdr->sh_type != SHT_STRTAB)
2897 ERROR (gettext ("\
2898 section [%2d] '%s': sh_link does not link to string table\n"),
2899 idx, section_name (ebl, idx));
2900
2901 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2902 if (data == NULL)
2903 {
2904 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2905 idx, section_name (ebl, idx));
2906 return;
2907 }
2908 unsigned int offset = 0;
2909 for (int cnt = shdr->sh_info; --cnt >= 0; )
2910 {
2911 /* Get the data at the next offset. */
2912 GElf_Verneed needmem;
2913 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
2914 if (need == NULL)
2915 break;
2916
2917 unsigned int auxoffset = offset + need->vn_aux;
2918
2919 if (need->vn_version != EV_CURRENT)
2920 ERROR (gettext ("\
2921 section [%2d] '%s': entry %d has wrong version %d\n"),
2922 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
2923
2924 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
2925 1, EV_CURRENT))
2926 ERROR (gettext ("\
2927 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
2928 idx, section_name (ebl, idx), cnt);
2929
2930 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
2931 need->vn_file);
2932 if (libname == NULL)
2933 {
2934 ERROR (gettext ("\
2935 section [%2d] '%s': entry %d has invalid file reference\n"),
2936 idx, section_name (ebl, idx), cnt);
2937 goto next_need;
2938 }
2939
2940 /* Check that there is a DT_NEEDED entry for the referenced library. */
2941 if (unknown_dependency_p (ebl->elf, libname))
2942 ERROR (gettext ("\
2943 section [%2d] '%s': entry %d references unknown dependency\n"),
2944 idx, section_name (ebl, idx), cnt);
2945
2946 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
2947 {
2948 GElf_Vernaux auxmem;
2949 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
2950 if (aux == NULL)
2951 break;
2952
2953 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
2954 ERROR (gettext ("\
2955 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
2956 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2957
2958 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
2959 aux->vna_name);
2960 if (verstr == NULL)
2961 ERROR (gettext ("\
2962 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
2963 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2964 else
2965 {
2966 GElf_Word hashval = elf_hash (verstr);
2967 if (hashval != aux->vna_hash)
2968 ERROR (gettext ("\
2969 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
2970 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
2971 cnt, (int) hashval, (int) aux->vna_hash);
2972
2973 int res = add_version (libname, verstr, aux->vna_other,
2974 ver_need);
2975 if (unlikely (res !=0))
2976 {
2977 assert (res > 0);
2978 ERROR (gettext ("\
2979 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
2980 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
2981 cnt, verstr);
2982 }
2983 }
2984
2985 if ((aux->vna_next != 0 || cnt2 > 0)
2986 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
2987 EV_CURRENT))
2988 {
2989 ERROR (gettext ("\
2990 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
2991 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2992 break;
2993 }
2994
2995 auxoffset += MAX (aux->vna_next,
2996 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
2997 }
2998
2999 /* Find the next offset. */
3000 next_need:
3001 offset += need->vn_next;
3002
3003 if ((need->vn_next != 0 || cnt > 0)
3004 && offset < auxoffset)
3005 ERROR (gettext ("\
3006 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3007 idx, section_name (ebl, idx), cnt);
3008 }
3009 }
3010
3011
3012 static unsigned int nverdef;
3013
3014 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)3015 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
3016 {
3017 if (++nverdef == 2)
3018 ERROR (gettext ("more than one version definition section present\n"));
3019
3020 GElf_Shdr strshdr_mem;
3021 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
3022 &strshdr_mem);
3023 if (strshdr == NULL)
3024 return;
3025 if (strshdr->sh_type != SHT_STRTAB)
3026 ERROR (gettext ("\
3027 section [%2d] '%s': sh_link does not link to string table\n"),
3028 idx, section_name (ebl, idx));
3029
3030 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
3031 if (data == NULL)
3032 {
3033 no_data:
3034 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3035 idx, section_name (ebl, idx));
3036 return;
3037 }
3038
3039 /* Iterate over all version definition entries. We check that there
3040 is a BASE entry and that each index is unique. To do the later
3041 we collection the information in a list which is later
3042 examined. */
3043 struct namelist
3044 {
3045 const char *name;
3046 struct namelist *next;
3047 } *namelist = NULL;
3048 struct namelist *refnamelist = NULL;
3049
3050 bool has_base = false;
3051 unsigned int offset = 0;
3052 for (int cnt = shdr->sh_info; --cnt >= 0; )
3053 {
3054 /* Get the data at the next offset. */
3055 GElf_Verdef defmem;
3056 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3057 if (def == NULL)
3058 goto no_data;
3059
3060 if ((def->vd_flags & VER_FLG_BASE) != 0)
3061 {
3062 if (has_base)
3063 ERROR (gettext ("\
3064 section [%2d] '%s': more than one BASE definition\n"),
3065 idx, section_name (ebl, idx));
3066 if (def->vd_ndx != VER_NDX_GLOBAL)
3067 ERROR (gettext ("\
3068 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3069 idx, section_name (ebl, idx));
3070 has_base = true;
3071 }
3072 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3073 ERROR (gettext ("\
3074 section [%2d] '%s': entry %d has unknown flag\n"),
3075 idx, section_name (ebl, idx), cnt);
3076
3077 if (def->vd_version != EV_CURRENT)
3078 ERROR (gettext ("\
3079 section [%2d] '%s': entry %d has wrong version %d\n"),
3080 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3081
3082 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3083 1, EV_CURRENT))
3084 ERROR (gettext ("\
3085 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3086 idx, section_name (ebl, idx), cnt);
3087
3088 unsigned int auxoffset = offset + def->vd_aux;
3089 GElf_Verdaux auxmem;
3090 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3091 if (aux == NULL)
3092 goto no_data;
3093
3094 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3095 if (name == NULL)
3096 {
3097 ERROR (gettext ("\
3098 section [%2d] '%s': entry %d has invalid name reference\n"),
3099 idx, section_name (ebl, idx), cnt);
3100 goto next_def;
3101 }
3102 GElf_Word hashval = elf_hash (name);
3103 if (def->vd_hash != hashval)
3104 ERROR (gettext ("\
3105 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3106 idx, section_name (ebl, idx), cnt, (int) hashval,
3107 (int) def->vd_hash);
3108
3109 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3110 if (unlikely (res !=0))
3111 {
3112 assert (res > 0);
3113 ERROR (gettext ("\
3114 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3115 idx, section_name (ebl, idx), cnt, name);
3116 }
3117
3118 struct namelist *newname = alloca (sizeof (*newname));
3119 newname->name = name;
3120 newname->next = namelist;
3121 namelist = newname;
3122
3123 auxoffset += aux->vda_next;
3124 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3125 {
3126 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3127 if (aux == NULL)
3128 goto no_data;
3129
3130 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3131 if (name == NULL)
3132 ERROR (gettext ("\
3133 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3134 idx, section_name (ebl, idx), cnt);
3135 else
3136 {
3137 newname = alloca (sizeof (*newname));
3138 newname->name = name;
3139 newname->next = refnamelist;
3140 refnamelist = newname;
3141 }
3142
3143 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3144 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3145 EV_CURRENT))
3146 {
3147 ERROR (gettext ("\
3148 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3149 idx, section_name (ebl, idx), cnt);
3150 break;
3151 }
3152
3153 auxoffset += MAX (aux->vda_next,
3154 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3155 }
3156
3157 /* Find the next offset. */
3158 next_def:
3159 offset += def->vd_next;
3160
3161 if ((def->vd_next != 0 || cnt > 0)
3162 && offset < auxoffset)
3163 ERROR (gettext ("\
3164 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3165 idx, section_name (ebl, idx), cnt);
3166 }
3167
3168 if (!has_base)
3169 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"),
3170 idx, section_name (ebl, idx));
3171
3172 /* Check whether the referenced names are available. */
3173 while (namelist != NULL)
3174 {
3175 struct version_namelist *runp = version_namelist;
3176 while (runp != NULL)
3177 {
3178 if (runp->type == ver_def
3179 && strcmp (runp->name, namelist->name) == 0)
3180 break;
3181 runp = runp->next;
3182 }
3183
3184 if (runp == NULL)
3185 ERROR (gettext ("\
3186 section [%2d] '%s': unknown parent version '%s'\n"),
3187 idx, section_name (ebl, idx), namelist->name);
3188
3189 namelist = namelist->next;
3190 }
3191 }
3192
3193 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3194 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3195 {
3196 if (shdr->sh_size == 0)
3197 {
3198 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"),
3199 idx, section_name (ebl, idx));
3200 return;
3201 }
3202
3203 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3204 if (data == NULL || data->d_size == 0)
3205 {
3206 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3207 idx, section_name (ebl, idx));
3208 return;
3209 }
3210
3211 inline size_t pos (const unsigned char *p)
3212 {
3213 return p - (const unsigned char *) data->d_buf;
3214 }
3215
3216 const unsigned char *p = data->d_buf;
3217 if (*p++ != 'A')
3218 {
3219 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"),
3220 idx, section_name (ebl, idx));
3221 return;
3222 }
3223
3224 inline size_t left (void)
3225 {
3226 return (const unsigned char *) data->d_buf + data->d_size - p;
3227 }
3228
3229 while (left () >= 4)
3230 {
3231 uint32_t len;
3232 memcpy (&len, p, sizeof len);
3233
3234 if (len == 0)
3235 ERROR (gettext ("\
3236 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3237 idx, section_name (ebl, idx), pos (p));
3238
3239 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3240 CONVERT (len);
3241
3242 if (len > left ())
3243 {
3244 ERROR (gettext ("\
3245 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3246 idx, section_name (ebl, idx), pos (p));
3247 break;
3248 }
3249
3250 const unsigned char *name = p + sizeof len;
3251 p += len;
3252
3253 unsigned const char *q = memchr (name, '\0', len);
3254 if (q == NULL)
3255 {
3256 ERROR (gettext ("\
3257 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3258 idx, section_name (ebl, idx), pos (p));
3259 continue;
3260 }
3261 ++q;
3262
3263 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3264 while (q < p)
3265 {
3266 unsigned const char *chunk = q;
3267
3268 unsigned int subsection_tag;
3269 get_uleb128 (subsection_tag, q, p);
3270
3271 if (q >= p)
3272 {
3273 ERROR (gettext ("\
3274 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3275 idx, section_name (ebl, idx), pos (chunk));
3276 break;
3277 }
3278
3279 uint32_t subsection_len;
3280 if (p - q < (ptrdiff_t) sizeof subsection_len)
3281 {
3282 ERROR (gettext ("\
3283 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3284 idx, section_name (ebl, idx), pos (q));
3285 break;
3286 }
3287
3288 memcpy (&subsection_len, q, sizeof subsection_len);
3289 if (subsection_len == 0)
3290 {
3291 ERROR (gettext ("\
3292 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3293 idx, section_name (ebl, idx), pos (q));
3294
3295 q += sizeof subsection_len;
3296 continue;
3297 }
3298
3299 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3300 CONVERT (subsection_len);
3301
3302 if (p - chunk < (ptrdiff_t) subsection_len)
3303 {
3304 ERROR (gettext ("\
3305 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3306 idx, section_name (ebl, idx), pos (q));
3307 break;
3308 }
3309
3310 const unsigned char *subsection_end = chunk + subsection_len;
3311 chunk = q;
3312 q = subsection_end;
3313
3314 if (subsection_tag != 1) /* Tag_File */
3315 ERROR (gettext ("\
3316 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3317 idx, section_name (ebl, idx), pos (chunk), subsection_tag);
3318 else
3319 {
3320 chunk += sizeof subsection_len;
3321 while (chunk < q)
3322 {
3323 unsigned int tag;
3324 get_uleb128 (tag, chunk, q);
3325
3326 uint64_t value = 0;
3327 const unsigned char *r = chunk;
3328 if (tag == 32 || (tag & 1) == 0)
3329 {
3330 get_uleb128 (value, r, q);
3331 if (r > q)
3332 {
3333 ERROR (gettext ("\
3334 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3335 idx, section_name (ebl, idx), pos (chunk));
3336 break;
3337 }
3338 }
3339 if (tag == 32 || (tag & 1) != 0)
3340 {
3341 r = memchr (r, '\0', q - r);
3342 if (r == NULL)
3343 {
3344 ERROR (gettext ("\
3345 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3346 idx, section_name (ebl, idx), pos (chunk));
3347 break;
3348 }
3349 ++r;
3350 }
3351
3352 const char *tag_name = NULL;
3353 const char *value_name = NULL;
3354 if (!ebl_check_object_attribute (ebl, (const char *) name,
3355 tag, value,
3356 &tag_name, &value_name))
3357 ERROR (gettext ("\
3358 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3359 idx, section_name (ebl, idx), pos (chunk), tag);
3360 else if ((tag & 1) == 0 && value_name == NULL)
3361 ERROR (gettext ("\
3362 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3363 idx, section_name (ebl, idx), pos (chunk),
3364 tag_name, value);
3365
3366 chunk = r;
3367 }
3368 }
3369 }
3370 else
3371 ERROR (gettext ("\
3372 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3373 idx, section_name (ebl, idx), pos (p), name);
3374 }
3375
3376 if (left () != 0)
3377 ERROR (gettext ("\
3378 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3379 idx, section_name (ebl, idx), pos (p));
3380 }
3381
3382 static bool has_loadable_segment;
3383 static bool has_interp_segment;
3384
3385 static const struct
3386 {
3387 const char *name;
3388 size_t namelen;
3389 GElf_Word type;
3390 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3391 GElf_Word attr;
3392 GElf_Word attr2;
3393 } special_sections[] =
3394 {
3395 /* See figure 4-14 in the gABI. */
3396 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3397 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3398 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3399 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3400 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3401 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3402 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3403 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3404 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3405 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3406 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3407 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3408 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3409 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3410 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3411 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3412 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3413 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3414 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3415 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3416 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3417 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests
3418 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3419 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3420 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3421 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3422 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3423 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3424 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3425 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3426 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3427 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3428
3429 /* The following are GNU extensions. */
3430 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3431 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3432 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3433 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3434 };
3435 #define nspecial_sections \
3436 (sizeof (special_sections) / sizeof (special_sections[0]))
3437
3438 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3439 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3440 && !memcmp (special_sections[idx].name, string, \
3441 sizeof string - (prefix ? 1 : 0)))
3442
3443
3444 /* Indeces of some sections we need later. */
3445 static size_t eh_frame_hdr_scnndx;
3446 static size_t eh_frame_scnndx;
3447 static size_t gcc_except_table_scnndx;
3448
3449
3450 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3451 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3452 {
3453 if (ehdr->e_shoff == 0)
3454 /* No section header. */
3455 return;
3456
3457 /* Allocate array to count references in section groups. */
3458 scnref = (int *) xcalloc (shnum, sizeof (int));
3459
3460 /* Check the zeroth section first. It must not have any contents
3461 and the section header must contain nonzero value at most in the
3462 sh_size and sh_link fields. */
3463 GElf_Shdr shdr_mem;
3464 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3465 if (shdr == NULL)
3466 ERROR (gettext ("cannot get section header of zeroth section\n"));
3467 else
3468 {
3469 if (shdr->sh_name != 0)
3470 ERROR (gettext ("zeroth section has nonzero name\n"));
3471 if (shdr->sh_type != 0)
3472 ERROR (gettext ("zeroth section has nonzero type\n"));
3473 if (shdr->sh_flags != 0)
3474 ERROR (gettext ("zeroth section has nonzero flags\n"));
3475 if (shdr->sh_addr != 0)
3476 ERROR (gettext ("zeroth section has nonzero address\n"));
3477 if (shdr->sh_offset != 0)
3478 ERROR (gettext ("zeroth section has nonzero offset\n"));
3479 if (shdr->sh_addralign != 0)
3480 ERROR (gettext ("zeroth section has nonzero align value\n"));
3481 if (shdr->sh_entsize != 0)
3482 ERROR (gettext ("zeroth section has nonzero entry size value\n"));
3483
3484 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3485 ERROR (gettext ("\
3486 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3487
3488 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3489 ERROR (gettext ("\
3490 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3491
3492 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3493 ERROR (gettext ("\
3494 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3495 }
3496
3497 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3498
3499 bool dot_interp_section = false;
3500
3501 size_t hash_idx = 0;
3502 size_t gnu_hash_idx = 0;
3503
3504 size_t versym_scnndx = 0;
3505 for (size_t cnt = 1; cnt < shnum; ++cnt)
3506 {
3507 shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem);
3508 if (shdr == NULL)
3509 {
3510 ERROR (gettext ("\
3511 cannot get section header for section [%2zu] '%s': %s\n"),
3512 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3513 continue;
3514 }
3515
3516 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3517
3518 if (scnname == NULL)
3519 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
3520 else
3521 {
3522 /* Check whether it is one of the special sections defined in
3523 the gABI. */
3524 size_t s;
3525 for (s = 0; s < nspecial_sections; ++s)
3526 if (strncmp (scnname, special_sections[s].name,
3527 special_sections[s].namelen) == 0)
3528 {
3529 char stbuf1[100];
3530 char stbuf2[100];
3531 char stbuf3[100];
3532
3533 GElf_Word good_type = special_sections[s].type;
3534 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3535 && ebl_bss_plt_p (ebl))
3536 good_type = SHT_NOBITS;
3537
3538 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3539 This is only invalid for DWARF sections and .shstrtab. */
3540 if (shdr->sh_type != good_type
3541 && (shdr->sh_type != SHT_NOBITS
3542 || !is_debuginfo
3543 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3544 || IS_KNOWN_SPECIAL (s, ".debug", true)
3545 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3546 ERROR (gettext ("\
3547 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3548 (int) cnt, scnname,
3549 ebl_section_type_name (ebl, special_sections[s].type,
3550 stbuf1, sizeof (stbuf1)),
3551 ebl_section_type_name (ebl, shdr->sh_type,
3552 stbuf2, sizeof (stbuf2)));
3553
3554 if (special_sections[s].attrflag == exact
3555 || special_sections[s].attrflag == exact_or_gnuld)
3556 {
3557 /* Except for the link order and group bit all the
3558 other bits should match exactly. */
3559 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP))
3560 != special_sections[s].attr
3561 && (special_sections[s].attrflag == exact || !gnuld))
3562 ERROR (gettext ("\
3563 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3564 cnt, scnname,
3565 section_flags_string (special_sections[s].attr,
3566 stbuf1, sizeof (stbuf1)),
3567 section_flags_string (shdr->sh_flags
3568 & ~SHF_LINK_ORDER,
3569 stbuf2, sizeof (stbuf2)));
3570 }
3571 else if (special_sections[s].attrflag == atleast)
3572 {
3573 if ((shdr->sh_flags & special_sections[s].attr)
3574 != special_sections[s].attr
3575 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP
3576 | special_sections[s].attr
3577 | special_sections[s].attr2))
3578 != 0))
3579 ERROR (gettext ("\
3580 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3581 cnt, scnname,
3582 section_flags_string (special_sections[s].attr,
3583 stbuf1, sizeof (stbuf1)),
3584 section_flags_string (special_sections[s].attr2,
3585 stbuf2, sizeof (stbuf2)),
3586 section_flags_string (shdr->sh_flags
3587 & ~(SHF_LINK_ORDER
3588 | SHF_GROUP),
3589 stbuf3, sizeof (stbuf3)));
3590 }
3591
3592 if (strcmp (scnname, ".interp") == 0)
3593 {
3594 dot_interp_section = true;
3595
3596 if (ehdr->e_type == ET_REL)
3597 ERROR (gettext ("\
3598 section [%2zu] '%s' present in object file\n"),
3599 cnt, scnname);
3600
3601 if ((shdr->sh_flags & SHF_ALLOC) != 0
3602 && !has_loadable_segment)
3603 ERROR (gettext ("\
3604 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3605 cnt, scnname);
3606 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3607 && has_loadable_segment)
3608 ERROR (gettext ("\
3609 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3610 cnt, scnname);
3611 }
3612 else
3613 {
3614 if (strcmp (scnname, ".symtab_shndx") == 0
3615 && ehdr->e_type != ET_REL)
3616 ERROR (gettext ("\
3617 section [%2zu] '%s' is extension section index table in non-object file\n"),
3618 cnt, scnname);
3619
3620 /* These sections must have the SHF_ALLOC flag set iff
3621 a loadable segment is available.
3622
3623 .relxxx
3624 .strtab
3625 .symtab
3626 .symtab_shndx
3627
3628 Check that if there is a reference from the
3629 loaded section these sections also have the
3630 ALLOC flag set. */
3631 #if 0
3632 // XXX TODO
3633 if ((shdr->sh_flags & SHF_ALLOC) != 0
3634 && !has_loadable_segment)
3635 ERROR (gettext ("\
3636 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3637 cnt, scnname);
3638 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3639 && has_loadable_segment)
3640 ERROR (gettext ("\
3641 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3642 cnt, scnname);
3643 #endif
3644 }
3645
3646 break;
3647 }
3648
3649 /* Remember a few special sections for later. */
3650 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3651 eh_frame_hdr_scnndx = cnt;
3652 else if (strcmp (scnname, ".eh_frame") == 0)
3653 eh_frame_scnndx = cnt;
3654 else if (strcmp (scnname, ".gcc_except_table") == 0)
3655 gcc_except_table_scnndx = cnt;
3656 }
3657
3658 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3659 ERROR (gettext ("\
3660 section [%2zu] '%s': size not multiple of entry size\n"),
3661 cnt, section_name (ebl, cnt));
3662
3663 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3664 ERROR (gettext ("cannot get section header\n"));
3665
3666 if (shdr->sh_type >= SHT_NUM
3667 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3668 && shdr->sh_type != SHT_GNU_LIBLIST
3669 && shdr->sh_type != SHT_CHECKSUM
3670 && shdr->sh_type != SHT_GNU_verdef
3671 && shdr->sh_type != SHT_GNU_verneed
3672 && shdr->sh_type != SHT_GNU_versym
3673 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3674 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"),
3675 cnt, section_name (ebl, cnt),
3676 (int) shdr->sh_type);
3677
3678 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3679 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3680 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS)
3681 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3682 {
3683 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3684 if (sh_flags & SHF_MASKPROC)
3685 {
3686 if (!ebl_machine_section_flag_check (ebl,
3687 sh_flags & SHF_MASKPROC))
3688 ERROR (gettext ("section [%2zu] '%s'"
3689 " contains invalid processor-specific flag(s)"
3690 " %#" PRIx64 "\n"),
3691 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3692 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3693 }
3694 if (sh_flags != 0)
3695 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)"
3696 " %#" PRIx64 "\n"),
3697 cnt, section_name (ebl, cnt), sh_flags);
3698 }
3699 if (shdr->sh_flags & SHF_TLS)
3700 {
3701 // XXX Correct?
3702 if (shdr->sh_addr != 0 && !gnuld)
3703 ERROR (gettext ("\
3704 section [%2zu] '%s': thread-local data sections address not zero\n"),
3705 cnt, section_name (ebl, cnt));
3706
3707 // XXX TODO more tests!?
3708 }
3709
3710 if (shdr->sh_link >= shnum)
3711 ERROR (gettext ("\
3712 section [%2zu] '%s': invalid section reference in link value\n"),
3713 cnt, section_name (ebl, cnt));
3714
3715 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
3716 ERROR (gettext ("\
3717 section [%2zu] '%s': invalid section reference in info value\n"),
3718 cnt, section_name (ebl, cnt));
3719
3720 if ((shdr->sh_flags & SHF_MERGE) == 0
3721 && (shdr->sh_flags & SHF_STRINGS) != 0
3722 && be_strict)
3723 ERROR (gettext ("\
3724 section [%2zu] '%s': strings flag set without merge flag\n"),
3725 cnt, section_name (ebl, cnt));
3726
3727 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
3728 ERROR (gettext ("\
3729 section [%2zu] '%s': merge flag set but entry size is zero\n"),
3730 cnt, section_name (ebl, cnt));
3731
3732 if (shdr->sh_flags & SHF_GROUP)
3733 check_scn_group (ebl, cnt);
3734
3735 if (shdr->sh_flags & SHF_EXECINSTR)
3736 {
3737 switch (shdr->sh_type)
3738 {
3739 case SHT_PROGBITS:
3740 break;
3741
3742 case SHT_NOBITS:
3743 if (is_debuginfo)
3744 break;
3745 default:
3746 ERROR (gettext ("\
3747 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
3748 cnt, section_name (ebl, cnt), shdr->sh_type);
3749 break;
3750 }
3751
3752 if ((shdr->sh_flags & SHF_WRITE)
3753 && !ebl_check_special_section (ebl, cnt, shdr,
3754 section_name (ebl, cnt)))
3755 ERROR (gettext ("\
3756 section [%2zu] '%s' is both executable and writable\n"),
3757 cnt, section_name (ebl, cnt));
3758 }
3759
3760 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0)
3761 {
3762 /* Make sure the section is contained in a loaded segment
3763 and that the initialization part matches NOBITS sections. */
3764 unsigned int pcnt;
3765 GElf_Phdr phdr_mem;
3766 GElf_Phdr *phdr;
3767
3768 for (pcnt = 0; pcnt < phnum; ++pcnt)
3769 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
3770 && ((phdr->p_type == PT_LOAD
3771 && (shdr->sh_flags & SHF_TLS) == 0)
3772 || (phdr->p_type == PT_TLS
3773 && (shdr->sh_flags & SHF_TLS) != 0))
3774 && phdr->p_offset <= shdr->sh_offset
3775 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
3776 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
3777 || shdr->sh_size == 0))
3778 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
3779 && shdr->sh_type == SHT_NOBITS)))
3780 {
3781 /* Found the segment. */
3782 if (phdr->p_offset + phdr->p_memsz
3783 < shdr->sh_offset + shdr->sh_size)
3784 ERROR (gettext ("\
3785 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
3786 cnt, section_name (ebl, cnt), pcnt);
3787
3788 if (shdr->sh_type == SHT_NOBITS)
3789 {
3790 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
3791 && !is_debuginfo)
3792 ERROR (gettext ("\
3793 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
3794 cnt, section_name (ebl, cnt), pcnt);
3795 }
3796 else
3797 {
3798 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
3799 if (shdr->sh_offset > end ||
3800 (shdr->sh_offset == end && shdr->sh_size != 0))
3801 ERROR (gettext ("\
3802 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
3803 cnt, section_name (ebl, cnt), pcnt);
3804 }
3805
3806 if (shdr->sh_type != SHT_NOBITS)
3807 {
3808 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
3809 {
3810 segment_flags[pcnt] |= PF_X;
3811 if ((phdr->p_flags & PF_X) == 0)
3812 ERROR (gettext ("\
3813 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
3814 cnt, section_name (ebl, cnt), pcnt);
3815 }
3816
3817 if ((shdr->sh_flags & SHF_WRITE) != 0)
3818 {
3819 segment_flags[pcnt] |= PF_W;
3820 if (0 /* XXX vdso images have this */
3821 && (phdr->p_flags & PF_W) == 0)
3822 ERROR (gettext ("\
3823 section [%2zu] '%s' is writable in unwritable segment %d\n"),
3824 cnt, section_name (ebl, cnt), pcnt);
3825 }
3826 }
3827
3828 break;
3829 }
3830
3831 if (pcnt == phnum)
3832 ERROR (gettext ("\
3833 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
3834 cnt, section_name (ebl, cnt));
3835 }
3836
3837 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
3838 ERROR (gettext ("\
3839 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
3840 cnt, section_name (ebl, cnt));
3841
3842 switch (shdr->sh_type)
3843 {
3844 case SHT_DYNSYM:
3845 if (ehdr->e_type == ET_REL)
3846 ERROR (gettext ("\
3847 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
3848 cnt, section_name (ebl, cnt));
3849 /* FALLTHROUGH */
3850 case SHT_SYMTAB:
3851 check_symtab (ebl, ehdr, shdr, cnt);
3852 break;
3853
3854 case SHT_RELA:
3855 check_rela (ebl, ehdr, shdr, cnt);
3856 break;
3857
3858 case SHT_REL:
3859 check_rel (ebl, ehdr, shdr, cnt);
3860 break;
3861
3862 case SHT_DYNAMIC:
3863 check_dynamic (ebl, ehdr, shdr, cnt);
3864 break;
3865
3866 case SHT_SYMTAB_SHNDX:
3867 check_symtab_shndx (ebl, ehdr, shdr, cnt);
3868 break;
3869
3870 case SHT_HASH:
3871 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
3872 hash_idx = cnt;
3873 break;
3874
3875 case SHT_GNU_HASH:
3876 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
3877 gnu_hash_idx = cnt;
3878 break;
3879
3880 case SHT_NULL:
3881 check_null (ebl, shdr, cnt);
3882 break;
3883
3884 case SHT_GROUP:
3885 check_group (ebl, ehdr, shdr, cnt);
3886 break;
3887
3888 case SHT_NOTE:
3889 check_note_section (ebl, ehdr, shdr, cnt);
3890 break;
3891
3892 case SHT_GNU_versym:
3893 /* We cannot process this section now since we have no guarantee
3894 that the verneed and verdef sections have already been read.
3895 Just remember the section index. */
3896 if (versym_scnndx != 0)
3897 ERROR (gettext ("more than one version symbol table present\n"));
3898 versym_scnndx = cnt;
3899 break;
3900
3901 case SHT_GNU_verneed:
3902 check_verneed (ebl, shdr, cnt);
3903 break;
3904
3905 case SHT_GNU_verdef:
3906 check_verdef (ebl, shdr, cnt);
3907 break;
3908
3909 case SHT_GNU_ATTRIBUTES:
3910 check_attributes (ebl, ehdr, shdr, cnt);
3911 break;
3912
3913 default:
3914 /* Nothing. */
3915 break;
3916 }
3917 }
3918
3919 if (has_interp_segment && !dot_interp_section)
3920 ERROR (gettext ("INTERP program header entry but no .interp section\n"));
3921
3922 if (!is_debuginfo)
3923 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
3924 {
3925 GElf_Phdr phdr_mem;
3926 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
3927 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
3928 {
3929 if ((phdr->p_flags & PF_X) != 0
3930 && (segment_flags[pcnt] & PF_X) == 0)
3931 ERROR (gettext ("\
3932 loadable segment [%u] is executable but contains no executable sections\n"),
3933 pcnt);
3934
3935 if ((phdr->p_flags & PF_W) != 0
3936 && (segment_flags[pcnt] & PF_W) == 0)
3937 ERROR (gettext ("\
3938 loadable segment [%u] is writable but contains no writable sections\n"),
3939 pcnt);
3940 }
3941 }
3942
3943 free (segment_flags);
3944
3945 if (version_namelist != NULL)
3946 {
3947 if (versym_scnndx == 0)
3948 ERROR (gettext ("\
3949 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
3950 else
3951 check_versym (ebl, versym_scnndx);
3952
3953 /* Check for duplicate index numbers. */
3954 do
3955 {
3956 struct version_namelist *runp = version_namelist->next;
3957 while (runp != NULL)
3958 {
3959 if (version_namelist->ndx == runp->ndx)
3960 {
3961 ERROR (gettext ("duplicate version index %d\n"),
3962 (int) version_namelist->ndx);
3963 break;
3964 }
3965 runp = runp->next;
3966 }
3967
3968 struct version_namelist *old = version_namelist;
3969 version_namelist = version_namelist->next;
3970 free (old);
3971 }
3972 while (version_namelist != NULL);
3973 }
3974 else if (versym_scnndx != 0)
3975 ERROR (gettext ("\
3976 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
3977
3978 if (hash_idx != 0 && gnu_hash_idx != 0)
3979 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
3980
3981 free (scnref);
3982 }
3983
3984
3985 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)3986 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
3987 Elf_Data *data, int shndx, int phndx, GElf_Off start)
3988 {
3989 size_t offset = 0;
3990 size_t last_offset = 0;
3991 GElf_Nhdr nhdr;
3992 size_t name_offset;
3993 size_t desc_offset;
3994 while (offset < data->d_size
3995 && (offset = gelf_getnote (data, offset,
3996 &nhdr, &name_offset, &desc_offset)) > 0)
3997 {
3998 last_offset = offset;
3999
4000 /* Make sure it is one of the note types we know about. */
4001 if (ehdr->e_type == ET_CORE)
4002 switch (nhdr.n_type)
4003 {
4004 case NT_PRSTATUS:
4005 case NT_FPREGSET:
4006 case NT_PRPSINFO:
4007 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
4008 case NT_PLATFORM:
4009 case NT_AUXV:
4010 case NT_GWINDOWS:
4011 case NT_ASRS:
4012 case NT_PSTATUS:
4013 case NT_PSINFO:
4014 case NT_PRCRED:
4015 case NT_UTSNAME:
4016 case NT_LWPSTATUS:
4017 case NT_LWPSINFO:
4018 case NT_PRFPXREG:
4019 /* Known type. */
4020 break;
4021
4022 default:
4023 if (shndx == 0)
4024 ERROR (gettext ("\
4025 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
4026 phndx, (uint32_t) nhdr.n_type, start + offset);
4027 else
4028 ERROR (gettext ("\
4029 section [%2d] '%s': unknown core file note type %" PRIu32
4030 " at offset %Zu\n"),
4031 shndx, section_name (ebl, shndx),
4032 (uint32_t) nhdr.n_type, offset);
4033 }
4034 else
4035 switch (nhdr.n_type)
4036 {
4037 case NT_GNU_ABI_TAG:
4038 case NT_GNU_HWCAP:
4039 case NT_GNU_BUILD_ID:
4040 case NT_GNU_GOLD_VERSION:
4041 break;
4042
4043 case 0:
4044 /* Linux vDSOs use a type 0 note for the kernel version word. */
4045 if (nhdr.n_namesz == sizeof "Linux"
4046 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
4047 break;
4048
4049 default:
4050 if (shndx == 0)
4051 ERROR (gettext ("\
4052 phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"),
4053 phndx, (uint32_t) nhdr.n_type, offset);
4054 else
4055 ERROR (gettext ("\
4056 section [%2d] '%s': unknown object file note type %" PRIu32
4057 " at offset %Zu\n"),
4058 shndx, section_name (ebl, shndx),
4059 (uint32_t) nhdr.n_type, offset);
4060 }
4061 }
4062
4063 return last_offset;
4064 }
4065
4066
4067 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4068 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4069 {
4070 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4071 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4072 ERROR (gettext ("\
4073 phdr[%d]: no note entries defined for the type of file\n"),
4074 cnt);
4075
4076 if (is_debuginfo)
4077 /* The p_offset values in a separate debug file are bogus. */
4078 return;
4079
4080 if (phdr->p_filesz == 0)
4081 return;
4082
4083 GElf_Off notes_size = 0;
4084 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4085 phdr->p_offset, phdr->p_filesz,
4086 ELF_T_NHDR);
4087 if (data != NULL)
4088 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4089
4090 if (notes_size == 0)
4091 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"),
4092 cnt, elf_errmsg (-1));
4093 else if (notes_size != phdr->p_filesz)
4094 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4095 cnt, phdr->p_filesz - notes_size);
4096 }
4097
4098
4099 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4100 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4101 {
4102 if (shdr->sh_size == 0)
4103 return;
4104
4105 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4106 if (data == NULL)
4107 {
4108 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
4109 idx, section_name (ebl, idx));
4110 return;
4111 }
4112
4113 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4114 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4115 ERROR (gettext ("\
4116 section [%2d] '%s': no note entries defined for the type of file\n"),
4117 idx, section_name (ebl, idx));
4118
4119 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4120
4121 if (notes_size == 0)
4122 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"),
4123 idx, section_name (ebl, idx));
4124 else if (notes_size != shdr->sh_size)
4125 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64
4126 " bytes after last note\n"),
4127 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4128 }
4129
4130
4131 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4132 static int pt_gnu_eh_frame_pndx;
4133
4134
4135 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4136 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4137 {
4138 if (ehdr->e_phoff == 0)
4139 return;
4140
4141 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4142 && ehdr->e_type != ET_CORE)
4143 ERROR (gettext ("\
4144 only executables, shared objects, and core files can have program headers\n"));
4145
4146 int num_pt_interp = 0;
4147 int num_pt_tls = 0;
4148 int num_pt_relro = 0;
4149
4150 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4151 {
4152 GElf_Phdr phdr_mem;
4153 GElf_Phdr *phdr;
4154
4155 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4156 if (phdr == NULL)
4157 {
4158 ERROR (gettext ("cannot get program header entry %d: %s\n"),
4159 cnt, elf_errmsg (-1));
4160 continue;
4161 }
4162
4163 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4164 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4165 /* Check for a known machine-specific type. */
4166 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4167 ERROR (gettext ("\
4168 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4169 cnt, (uint64_t) phdr->p_type);
4170
4171 if (phdr->p_type == PT_LOAD)
4172 has_loadable_segment = true;
4173 else if (phdr->p_type == PT_INTERP)
4174 {
4175 if (++num_pt_interp != 1)
4176 {
4177 if (num_pt_interp == 2)
4178 ERROR (gettext ("\
4179 more than one INTERP entry in program header\n"));
4180 }
4181 has_interp_segment = true;
4182 }
4183 else if (phdr->p_type == PT_TLS)
4184 {
4185 if (++num_pt_tls == 2)
4186 ERROR (gettext ("more than one TLS entry in program header\n"));
4187 }
4188 else if (phdr->p_type == PT_NOTE)
4189 check_note (ebl, ehdr, phdr, cnt);
4190 else if (phdr->p_type == PT_DYNAMIC)
4191 {
4192 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4193 ERROR (gettext ("\
4194 static executable cannot have dynamic sections\n"));
4195 else
4196 {
4197 /* Check that the .dynamic section, if it exists, has
4198 the same address. */
4199 Elf_Scn *scn = NULL;
4200 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4201 {
4202 GElf_Shdr shdr_mem;
4203 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4204 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4205 {
4206 if (phdr->p_offset != shdr->sh_offset)
4207 ERROR (gettext ("\
4208 dynamic section reference in program header has wrong offset\n"));
4209 if (phdr->p_memsz != shdr->sh_size)
4210 ERROR (gettext ("\
4211 dynamic section size mismatch in program and section header\n"));
4212 break;
4213 }
4214 }
4215 }
4216 }
4217 else if (phdr->p_type == PT_GNU_RELRO)
4218 {
4219 if (++num_pt_relro == 2)
4220 ERROR (gettext ("\
4221 more than one GNU_RELRO entry in program header\n"));
4222 else
4223 {
4224 /* Check that the region is in a writable segment. */
4225 unsigned int inner;
4226 for (inner = 0; inner < phnum; ++inner)
4227 {
4228 GElf_Phdr phdr2_mem;
4229 GElf_Phdr *phdr2;
4230
4231 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4232 if (phdr2 == NULL)
4233 continue;
4234
4235 if (phdr2->p_type == PT_LOAD
4236 && phdr->p_vaddr >= phdr2->p_vaddr
4237 && (phdr->p_vaddr + phdr->p_memsz
4238 <= phdr2->p_vaddr + phdr2->p_memsz))
4239 {
4240 if ((phdr2->p_flags & PF_W) == 0)
4241 ERROR (gettext ("\
4242 loadable segment GNU_RELRO applies to is not writable\n"));
4243 if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W))
4244 ERROR (gettext ("\
4245 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4246 cnt, inner);
4247 break;
4248 }
4249 }
4250
4251 if (inner >= phnum)
4252 ERROR (gettext ("\
4253 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4254 }
4255 }
4256 else if (phdr->p_type == PT_PHDR)
4257 {
4258 /* Check that the region is in a writable segment. */
4259 unsigned int inner;
4260 for (inner = 0; inner < phnum; ++inner)
4261 {
4262 GElf_Phdr phdr2_mem;
4263 GElf_Phdr *phdr2;
4264
4265 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4266 if (phdr2 != NULL
4267 && phdr2->p_type == PT_LOAD
4268 && phdr->p_vaddr >= phdr2->p_vaddr
4269 && (phdr->p_vaddr + phdr->p_memsz
4270 <= phdr2->p_vaddr + phdr2->p_memsz))
4271 break;
4272 }
4273
4274 if (inner >= phnum)
4275 ERROR (gettext ("\
4276 %s segment not contained in a loaded segment\n"), "PHDR");
4277
4278 /* Check that offset in segment corresponds to offset in ELF
4279 header. */
4280 if (phdr->p_offset != ehdr->e_phoff)
4281 ERROR (gettext ("\
4282 program header offset in ELF header and PHDR entry do not match"));
4283 }
4284 else if (phdr->p_type == PT_GNU_EH_FRAME)
4285 {
4286 /* If there is an .eh_frame_hdr section it must be
4287 referenced by this program header entry. */
4288 Elf_Scn *scn = NULL;
4289 GElf_Shdr shdr_mem;
4290 GElf_Shdr *shdr = NULL;
4291 bool any = false;
4292 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4293 {
4294 any = true;
4295 shdr = gelf_getshdr (scn, &shdr_mem);
4296 if (shdr != NULL
4297 && shdr->sh_type == (is_debuginfo
4298 ? SHT_NOBITS : SHT_PROGBITS)
4299 && ! strcmp (".eh_frame_hdr",
4300 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4301 {
4302 if (! is_debuginfo)
4303 {
4304 if (phdr->p_offset != shdr->sh_offset)
4305 ERROR (gettext ("\
4306 call frame search table reference in program header has wrong offset\n"));
4307 if (phdr->p_memsz != shdr->sh_size)
4308 ERROR (gettext ("\
4309 call frame search table size mismatch in program and section header\n"));
4310 }
4311 break;
4312 }
4313 }
4314
4315 if (scn == NULL)
4316 {
4317 /* If there is no section header table we don't
4318 complain. But if there is one there should be an
4319 entry for .eh_frame_hdr. */
4320 if (any)
4321 ERROR (gettext ("\
4322 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4323 }
4324 else
4325 {
4326 /* The section must be allocated and not be writable and
4327 executable. */
4328 if ((phdr->p_flags & PF_R) == 0)
4329 ERROR (gettext ("\
4330 call frame search table must be allocated\n"));
4331 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4332 ERROR (gettext ("\
4333 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4334
4335 if ((phdr->p_flags & PF_W) != 0)
4336 ERROR (gettext ("\
4337 call frame search table must not be writable\n"));
4338 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4339 ERROR (gettext ("\
4340 section [%2zu] '%s' must not be writable\n"),
4341 elf_ndxscn (scn), ".eh_frame_hdr");
4342
4343 if ((phdr->p_flags & PF_X) != 0)
4344 ERROR (gettext ("\
4345 call frame search table must not be executable\n"));
4346 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4347 ERROR (gettext ("\
4348 section [%2zu] '%s' must not be executable\n"),
4349 elf_ndxscn (scn), ".eh_frame_hdr");
4350 }
4351
4352 /* Remember which entry this is. */
4353 pt_gnu_eh_frame_pndx = cnt;
4354 }
4355
4356 if (phdr->p_filesz > phdr->p_memsz
4357 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
4358 ERROR (gettext ("\
4359 program header entry %d: file size greater than memory size\n"),
4360 cnt);
4361
4362 if (phdr->p_align > 1)
4363 {
4364 if (!powerof2 (phdr->p_align))
4365 ERROR (gettext ("\
4366 program header entry %d: alignment not a power of 2\n"), cnt);
4367 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4368 ERROR (gettext ("\
4369 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4370 }
4371 }
4372 }
4373
4374
4375 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4376 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4377 GElf_Ehdr *ehdr __attribute__ ((unused)))
4378 {
4379 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4380 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4381 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have "
4382 "a PT_GNU_EH_FRAME program header entry"));
4383 }
4384
4385
4386 /* Process one file. */
4387 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4388 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4389 const char *fname, size_t size, bool only_one)
4390 {
4391 /* Reset variables. */
4392 ndynamic = 0;
4393 nverneed = 0;
4394 nverdef = 0;
4395 textrel = false;
4396 needed_textrel = false;
4397 has_loadable_segment = false;
4398 has_interp_segment = false;
4399
4400 GElf_Ehdr ehdr_mem;
4401 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4402 Ebl *ebl;
4403
4404 /* Print the file name. */
4405 if (!only_one)
4406 {
4407 if (prefix != NULL)
4408 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4409 else
4410 printf ("\n%s:\n", fname);
4411 }
4412
4413 if (ehdr == NULL)
4414 {
4415 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
4416 return;
4417 }
4418
4419 ebl = ebl_openbackend (elf);
4420 /* If there is no appropriate backend library we cannot test
4421 architecture and OS specific features. Any encountered extension
4422 is an error. */
4423
4424 /* Go straight by the gABI, check all the parts in turn. */
4425 check_elf_header (ebl, ehdr, size);
4426
4427 /* Check the program header. */
4428 check_program_header (ebl, ehdr);
4429
4430 /* Next the section headers. It is OK if there are no section
4431 headers at all. */
4432 check_sections (ebl, ehdr);
4433
4434 /* Check the exception handling data, if it exists. */
4435 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4436 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4437 check_exception_data (ebl, ehdr);
4438
4439 /* Report if no relocation section needed the text relocation flag. */
4440 if (textrel && !needed_textrel)
4441 ERROR (gettext ("text relocation flag set but not needed\n"));
4442
4443 /* Free the resources. */
4444 ebl_closebackend (ebl);
4445 }
4446
4447
4448 #include "debugpred.h"
4449