From patchwork Thu Apr 18 00:53:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 88640 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9960D384AB7E for ; Thu, 18 Apr 2024 00:54:24 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) by sourceware.org (Postfix) with ESMTPS id 24AB2385840F for ; Thu, 18 Apr 2024 00:53:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 24AB2385840F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 24AB2385840F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713401622; cv=none; b=dsmO2hW3g/eqEy3TZiWtYS5crEpqpkuUFG0C0ohO42bypu9+P8NHZ3LW93rl8qLU07mSGEe8+EwnbcwUqFTNGR6nblNTealI86/0MwjT+eRTtzKcjxgios5xLDrbihq/K/Yq1zqFwjAxR+q7wHJ7vaOOalw4iDKP2xYE/NWVBDE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713401622; c=relaxed/simple; bh=KjNRPuadZSqPUYYEFLjnK7bwqnHSoLnl9x+jDY5+QcI=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=spX8L+w8EgOi1SHdXgQtR8MxkGIUZkjPsOiZyD+N8Y+NrxEe/W5n5qaSY5zaZ5sbblEliXwkykU7QmcuagDQJ8edahoQ0oqnBWuaEZpgHK5l7Uo6t7QlYr9AOmwlsqTN1AcEPrcunbqlz9sk3HQ5HRkHRtdU4q/Mo63rDRnfbxo= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62b.google.com with SMTP id d9443c01a7336-1e3f17c64daso2659965ad.3 for ; Wed, 17 Apr 2024 17:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713401620; x=1714006420; darn=sourceware.org; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=xi73tLxPuJ6ehzWdUIcJTUDoQLBHnJRt67ZXJ1URWpw=; b=E5B1UqtQjFZ2F25o6P+k2oJBxOBYcZhsebR+vDIsiRzUvQ9EWQ67NKZ8YjT3ITrtqC DhgfOWA0NwEYN0du5pAhqnp4/JhEK/H+qYpRis/hNRvLSNH6ed907fBgTmPrm3cPij8A O691vgGOE6dyRTmnNF5U6uitD1QE11lxRb/RBhhPaVfiuzd+aXQ0VkdMVxEjcxPog2Cg mJ/mgCecxZJoihVyrypGAur6ZLY3P5DQGkf3GHIl7qnfa/clKhA49eV2qgZolK1qChJB kOBzWCEt0lLFJuocFRWNSa5X3gdl0Ek3YFnRewwStGZ2QL2o1fPsZhPAPYTvNnq5AoLo HXew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713401620; x=1714006420; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xi73tLxPuJ6ehzWdUIcJTUDoQLBHnJRt67ZXJ1URWpw=; b=Fhtf5MF5kRDmAgHFLsYPaCn5akunU7jGpRYRwNXiKQ4/DHcE32Iodqa3oyFpMtaGuz CWmG6BW9obsEkVIgsEInFpyQRvVpMhPRFcgINklc7UYSgSanvASGNqvK14S7Md5KlG03 chTDltl7MlfZLac2bGgHkk8nHsvx4x/Y0qaPhYCMoG7CIt4gvKR8+n96Q7/nGSm/PdD8 UghSUVrZUWvBNegkzDIiFslCM51KuH5BKaR5s0gD9swzgL7X9I39nIfuuqhvmOLaSQl4 FyX9GCsbtEu8rQi7xeMlk1aqLtwlwI0cO3WgL2K0Ya4hc+P45pgO8p+olhJsJFOPnMQd 6cLw== X-Gm-Message-State: AOJu0YzYs9221aEgufazJQhZ2elbbJZmSxKCfChUJZh7iyt82GRIao+t qpWnZFUCsdtXMlMfxy3z5FC0ruULJoAVwQMbJ6xxebQ8mwkh+i7ny8A53g== X-Google-Smtp-Source: AGHT+IF6j7z15wyevFsaQV3Ra8REEZx0l7e+6jU4zP9irwMCL6dkjV7RlBajzXUTZuUzDGgm+0w/Yg== X-Received: by 2002:a17:903:1247:b0:1e6:68d0:d6c1 with SMTP id u7-20020a170903124700b001e668d0d6c1mr1303684plh.40.1713401619749; Wed, 17 Apr 2024 17:53:39 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:e156:fdda:9910:2a6e]) by smtp.gmail.com with ESMTPSA id h11-20020a170902680b00b001dc05535632sm264168plk.170.2024.04.17.17.53.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 17:53:39 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 30C3211400D0; Thu, 18 Apr 2024 10:23:37 +0930 (ACST) Date: Thu, 18 Apr 2024 10:23:37 +0930 From: Alan Modra To: binutils@sourceware.org Subject: alpha_vms_get_section_contents vs. fuzzed files Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3033.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces+patchwork=sourceware.org@sourceware.org This patch is in response to an oss-fuzz report regarding use-of-uninitialized-value in bfd_is_section_compressed_info from section contents provided by alpha_vms_get_section_contents. That hole is covered by using bfd_zalloc rather than bfd_alloc. The rest of the patch is mostly a tidy. In a function returning section contents, I tend to prefer a test on the section properties over a test on file properties. That's why I've changed the file flags test to one on section filepos and flags before calling _bfd_generic_get_section_contents. Also, fuzzed objects can easily have sections with file backing in relocatable objects, or sections without file backing in images. Possible confusion is avoided by testing each section. Note that we are always going to run into out-of-memory with fuzzed alpha-vms object files due to sections with contents via ETIR records. eg. ETIR__C_STO_IMMR stores a number of bytes repeatedly, with a 32-bit repeat count. So section contents can be very large from a relatively small file. I'm inclined to think that an out-of-memory error is fine for such files. * vms-alpha.c (alpha_vms_get_section_contents): Handle sections with non-zero filepos or without SEC_HAS_CONTENTS via _bfd_generic_get_section_contents. Zero memory allocated for sections filled by ETIR records. diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 6b896d0f4ee..8b5e3c21ac6 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -9834,13 +9834,16 @@ alpha_vms_get_section_contents (bfd *abfd, asection *section, void *buf, file_ptr offset, bfd_size_type count) { - asection *sec; - - /* Image are easy. */ - if (bfd_get_file_flags (abfd) & (EXEC_P | DYNAMIC)) + /* Handle image sections. */ + if (section->filepos != 0 + || (section->flags & SEC_HAS_CONTENTS) == 0) return _bfd_generic_get_section_contents (abfd, section, buf, offset, count); + /* A section with a zero filepos implies the section has no direct + file backing. Its contents must be calculated by processing ETIR + records. */ + /* Safety check. */ if (offset + count < count || offset + count > section->size) @@ -9849,33 +9852,32 @@ alpha_vms_get_section_contents (bfd *abfd, asection *section, return false; } - /* If the section is already in memory, just copy it. */ - if (section->flags & SEC_IN_MEMORY) - { - BFD_ASSERT (section->contents != NULL); - memcpy (buf, section->contents + offset, count); - return true; - } if (section->size == 0) return true; - /* Alloc in memory and read ETIRs. */ - for (sec = abfd->sections; sec; sec = sec->next) + /* If we haven't yet read ETIR/EDBG/ETBT records, do so. */ + if ((section->flags & SEC_IN_MEMORY) == 0) { - BFD_ASSERT (sec->contents == NULL); - - if (sec->size != 0 && (sec->flags & SEC_HAS_CONTENTS)) + /* Alloc memory and read ETIRs. */ + for (asection *sec = abfd->sections; sec; sec = sec->next) { - sec->contents = bfd_alloc (abfd, sec->size); - if (sec->contents == NULL) - return false; + if (sec->size != 0 + && sec->filepos == 0 + && (sec->flags & SEC_HAS_CONTENTS) != 0) + { + BFD_ASSERT (sec->contents == NULL); + + sec->contents = bfd_zalloc (abfd, sec->size); + sec->flags |= SEC_IN_MEMORY; + if (sec->contents == NULL) + return false; + } } + if (!alpha_vms_read_sections_content (abfd, NULL)) + return false; } - if (!alpha_vms_read_sections_content (abfd, NULL)) - return false; - for (sec = abfd->sections; sec; sec = sec->next) - if (sec->contents) - sec->flags |= SEC_IN_MEMORY; + + BFD_ASSERT (section->contents != NULL); memcpy (buf, section->contents + offset, count); return true; }