Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / elfutils / b08d5a8fb42f4586d756068065186b5af7e48dad / . / src / elflint.c
blob: 03572377d7c2408b937d6a74a12857384e4e14aa [file] [log] [blame]
Ulrich Drepperb08d5a82005-07-26 05:00:05 +0000[diff] [blame^]1/* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001, 2002, 2003, 2004, 2005 Red Hat, Inc.
3 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
4
5 This program is Open Source software; you can redistribute it and/or
6 modify it under the terms of the Open Software License version 1.0 as
7 published by the Open Source Initiative.
8
9 You should have received a copy of the Open Software License along
10 with this program; if not, you may obtain a copy of the Open Software
11 License version 1.0 from http://www.opensource.org/licenses/osl.php or
12 by writing the Open Source Initiative c/o Lawrence Rosen, Esq.,
13 3001 King Ranch Road, Ukiah, CA 95482. */
14
15#ifdef HAVE_CONFIG_H
16# include <config.h>
17#endif
18
19#include <argp.h>
20#include <assert.h>
21#include <byteswap.h>
22#include <endian.h>
23#include <error.h>
24#include <fcntl.h>
25#include <gelf.h>
26#include <inttypes.h>
27#include <libintl.h>
28#include <locale.h>
29#include <stdbool.h>
30#include <stdlib.h>
31#include <string.h>
32#include <unistd.h>
33#include <sys/param.h>
34
35#include <elf-knowledge.h>
36#include <system.h>
37#include "../libebl/libeblP.h"
38
39
40/* Name and version of program. */
41static void print_version (FILE *stream, struct argp_state *state);
42void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;
43
44/* Bug report address. */
45const char *argp_program_bug_address = PACKAGE_BUGREPORT;
46
47#define ARGP_strict 300
48#define ARGP_gnuld 301
49
50/* Definitions of arguments for argp functions. */
51static const struct argp_option options[] =
52{
53
54 { "strict", ARGP_strict, NULL, 0,
55 N_("Be extremely strict, flag level 2 features."), 0 },
56 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
57 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
58 { "gnu-ld", ARGP_gnuld, NULL, 0,
59 N_("Binary has been created with GNU ld and is therefore known to be \
60broken in certain ways"), 0 },
61 { NULL, 0, NULL, 0, NULL, 0 }
62};
63
64/* Short description of program. */
65static const char doc[] = N_("\
66Pedantic checking of ELF files compliance with gABI/psABI spec.");
67
68/* Strings for arguments in help texts. */
69static const char args_doc[] = N_("FILE...");
70
71/* Prototype for option handler. */
72static error_t parse_opt (int key, char *arg, struct argp_state *state);
73
74/* Data structure to communicate with argp functions. */
75static struct argp argp =
76{
77 options, parse_opt, args_doc, doc, NULL, NULL, NULL
78};
79
80
81/* Declarations of local functions. */
82static void process_file (int fd, Elf *elf, const char *prefix,
83 const char *suffix, const char *fname, size_t size,
84 bool only_one);
85static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
86 const char *fname, size_t size, bool only_one);
87
88/* Report an error. */
89#define ERROR(str, args...) \
90 do { \
91 printf (str, ##args); \
92 ++error_count; \
93 } while (0)
94static unsigned int error_count;
95
96/* True if we should perform very strict testing. */
97static bool be_strict;
98
99/* True if no message is to be printed if the run is succesful. */
100static bool be_quiet;
101
102/* True if binary is from strip -f, not a normal ELF file. */
103static bool is_debuginfo;
104
105/* True if binary is assumed to be generated with GNU ld. */
106static bool gnuld;
107
108/* Index of section header string table. */
109static uint32_t shstrndx;
110
111/* Array to count references in section groups. */
112static int *scnref;
113
114
115int
116main (int argc, char *argv[])
117{
118 /* Set locale. */
119 setlocale (LC_ALL, "");
120
121 /* Initialize the message catalog. */
122 textdomain (PACKAGE);
123
124 /* Parse and process arguments. */
125 int remaining;
126 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
127
128 /* Before we start tell the ELF library which version we are using. */
129 elf_version (EV_CURRENT);
130
131 /* Now process all the files given at the command line. */
132 bool only_one = remaining + 1 == argc;
133 do
134 {
135 /* Open the file. */
136 int fd = open (argv[remaining], O_RDONLY);
137 if (fd == -1)
138 {
139 error (0, errno, gettext ("cannot open input file"));
140 continue;
141 }
142
143 /* Create an `Elf' descriptor. */
144 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
145 if (elf == NULL)
146 ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
147 elf_errmsg (-1));
148 else
149 {
150 unsigned int prev_error_count = error_count;
151 struct stat64 st;
152
153 if (fstat64 (fd, &st) != 0)
154 {
155 printf ("cannot stat '%s': %m\n", argv[remaining]);
156 close (fd);
157 continue;
158 }
159
160 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
161 only_one);
162
163 /* Now we can close the descriptor. */
164 if (elf_end (elf) != 0)
165 ERROR (gettext ("error while closing Elf descriptor: %s\n"),
166 elf_errmsg (-1));
167
168 if (prev_error_count == error_count && !be_quiet)
169 puts (gettext ("No errors"));
170 }
171
172 close (fd);
173 }
174 while (++remaining < argc);
175
176 return error_count != 0;
177}
178
179
180/* Handle program arguments. */
181static error_t
182parse_opt (int key, char *arg __attribute__ ((unused)),
183 struct argp_state *state __attribute__ ((unused)))
184{
185 switch (key)
186 {
187 case ARGP_strict:
188 be_strict = true;
189 break;
190
191 case 'q':
192 be_quiet = true;
193 break;
194
195 case 'd':
196 is_debuginfo = true;
197
198 case ARGP_gnuld:
199 gnuld = true;
200 break;
201
202 case ARGP_KEY_NO_ARGS:
203 fputs (gettext ("Missing file name.\n"), stderr);
204 argp_help (&argp, stderr, ARGP_HELP_SEE | ARGP_HELP_EXIT_ERR,
205 program_invocation_short_name);
206 exit (1);
207
208 default:
209 return ARGP_ERR_UNKNOWN;
210 }
211 return 0;
212}
213
214
215/* Print the version information. */
216static void
217print_version (FILE *stream, struct argp_state *state __attribute__ ((unused)))
218{
219 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, VERSION);
220 fprintf (stream, gettext ("\
221Copyright (C) %s Red Hat, Inc.\n\
222This is free software; see the source for copying conditions. There is NO\n\
223warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
224"), "2005");
225 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
226}
227
228
229/* Process one file. */
230static void
231process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
232 const char *fname, size_t size, bool only_one)
233{
234 /* We can handle two types of files: ELF files and archives. */
235 Elf_Kind kind = elf_kind (elf);
236
237 switch (kind)
238 {
239 case ELF_K_ELF:
240 /* Yes! It's an ELF file. */
241 process_elf_file (elf, prefix, suffix, fname, size, only_one);
242 break;
243
244 case ELF_K_AR:
245 {
246 Elf *subelf;
247 Elf_Cmd cmd = ELF_C_READ_MMAP;
248 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
249 size_t fname_len = strlen (fname) + 1;
250 char new_prefix[prefix_len + 1 + fname_len];
251 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
252 char *cp = new_prefix;
253
254 /* Create the full name of the file. */
255 if (prefix != NULL)
256 {
257 cp = mempcpy (cp, prefix, prefix_len);
258 *cp++ = '(';
259 strcpy (stpcpy (new_suffix, suffix), ")");
260 }
261 else
262 new_suffix[0] = '\0';
263 memcpy (cp, fname, fname_len);
264
265 /* It's an archive. We process each file in it. */
266 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
267 {
268 kind = elf_kind (subelf);
269
270 /* Call this function recursively. */
271 if (kind == ELF_K_ELF || kind == ELF_K_AR)
272 {
273 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
274 assert (arhdr != NULL);
275
276 process_file (fd, subelf, new_prefix, new_suffix,
277 arhdr->ar_name, arhdr->ar_size, false);
278 }
279
280 /* Get next archive element. */
281 cmd = elf_next (subelf);
282 if (elf_end (subelf) != 0)
283 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
284 elf_errmsg (-1));
285 }
286 }
287 break;
288
289 default:
290 /* We cannot do anything. */
291 ERROR (gettext ("\
292Not an ELF file - it has the wrong magic bytes at the start"));
293 break;
294 }
295}
296
297
298static const char *
299section_name (Ebl *ebl, int idx)
300{
301 GElf_Shdr shdr_mem;
302 GElf_Shdr *shdr;
303
304 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
305
306 return elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
307}
308
309
310static const int valid_e_machine[] =
311 {
312 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
313 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
314 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
315 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
316 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
317 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
318 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
319 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
320 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
321 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
322 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA
323 };
324#define nvalid_e_machine \
325 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
326
327
328/* Number of sections. */
329static unsigned int shnum;
330
331
332static void
333check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
334{
335 char buf[512];
336 size_t cnt;
337
338 /* Check e_ident field. */
339 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
340 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
341 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
342 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
343 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
344 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
345 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
346 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
347
348 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
349 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
350 ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
351 EI_CLASS, ehdr->e_ident[EI_CLASS]);
352
353 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
354 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
355 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
356 EI_DATA, ehdr->e_ident[EI_DATA]);
357
358 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
359 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
360 EI_VERSION, ehdr->e_ident[EI_VERSION]);
361
362 /* We currently don't handle any OS ABIs. */
363 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE)
364 ERROR (gettext ("unsupported OS ABI e_ident[%d] == \"%s\"\n"),
365 EI_OSABI,
366 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
367
368 /* No ABI versions other than zero supported either. */
369 if (ehdr->e_ident[EI_ABIVERSION] != 0)
370 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"),
371 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
372
373 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
374 if (ehdr->e_ident[cnt] != 0)
375 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
376
377 /* Check the e_type field. */
378 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
379 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
380 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
381
382 /* Check the e_machine field. */
383 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
384 if (valid_e_machine[cnt] == ehdr->e_machine)
385 break;
386 if (cnt == nvalid_e_machine)
387 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
388
389 /* Check the e_version field. */
390 if (ehdr->e_version != EV_CURRENT)
391 ERROR (gettext ("unknown object file version\n"));
392
393 /* Check the e_phoff and e_phnum fields. */
394 if (ehdr->e_phoff == 0)
395 {
396 if (ehdr->e_phnum != 0)
397 ERROR (gettext ("invalid program header offset\n"));
398 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
399 ERROR (gettext ("\
400executables and DSOs cannot have zero program header offset\n"));
401 }
402 else if (ehdr->e_phnum == 0)
403 ERROR (gettext ("invalid number of program header entries\n"));
404
405 /* Check the e_shoff field. */
406 shnum = ehdr->e_shnum;
407 shstrndx = ehdr->e_shstrndx;
408 if (ehdr->e_shoff == 0)
409 {
410 if (ehdr->e_shnum != 0)
411 ERROR (gettext ("invalid section header table offset\n"));
412 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
413 && ehdr->e_type != ET_CORE)
414 ERROR (gettext ("section header table must be present\n"));
415 }
416 else
417 {
418 if (ehdr->e_shnum == 0)
419 {
420 /* Get the header of the zeroth section. The sh_size field
421 might contain the section number. */
422 GElf_Shdr shdr_mem;
423 GElf_Shdr *shdr;
424
425 shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
426 if (shdr != NULL)
427 {
428 /* The error will be reported later. */
429 if (shdr->sh_size == 0)
430 ERROR (gettext ("\
431invalid number of section header table entries\n"));
432 else
433 shnum = shdr->sh_size;
434 }
435 }
436
437 if (ehdr->e_shstrndx == SHN_XINDEX)
438 {
439 /* Get the header of the zeroth section. The sh_size field
440 might contain the section number. */
441 GElf_Shdr shdr_mem;
442 GElf_Shdr *shdr;
443
444 shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
445 if (shdr != NULL)
446 {
447 /* The error will be reported later. */
448 if (shdr->sh_link >= shnum)
449 ERROR (gettext ("invalid section header index\n"));
450 else
451 shstrndx = shdr->sh_link;
452 }
453 }
454 else if (shstrndx >= shnum)
455 ERROR (gettext ("invalid section header index\n"));
456 }
457
458 /* Check the e_flags field. */
459 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
460 ERROR (gettext ("invalid machine flags: %s\n"),
461 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
462
463 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
464 if (gelf_getclass (ebl->elf) == ELFCLASS32)
465 {
466 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
467 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
468
469 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
470 ERROR (gettext ("invalid program header size: %hd\n"),
471 ehdr->e_phentsize);
472 else if (ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize > size)
473 ERROR (gettext ("invalid program header position or size\n"));
474
475 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
476 ERROR (gettext ("invalid section header size: %hd\n"),
477 ehdr->e_shentsize);
478 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
479 ERROR (gettext ("invalid section header position or size\n"));
480 }
481 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
482 {
483 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
484 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
485
486 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
487 ERROR (gettext ("invalid program header size: %hd\n"),
488 ehdr->e_phentsize);
489 else if (ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize > size)
490 ERROR (gettext ("invalid program header position or size\n"));
491
492 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
493 ERROR (gettext ("invalid section header size: %hd\n"),
494 ehdr->e_shentsize);
495 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
496 ERROR (gettext ("invalid section header position or size\n"));
497 }
498}
499
500
501/* Check that there is a section group section with index < IDX which
502 contains section IDX and that there is exactly one. */
503static void
504check_scn_group (Ebl *ebl, int idx)
505{
506 if (scnref[idx] == 0)
507 {
508 /* No reference so far. Search following sections, maybe the
509 order is wrong. */
510 size_t cnt;
511
512 for (cnt = idx + 1; cnt < shnum; ++cnt)
513 {
514 Elf_Scn *scn;
515 GElf_Shdr shdr_mem;
516 GElf_Shdr *shdr;
517 Elf_Data *data;
518 Elf32_Word *grpdata;
519 size_t inner;
520
521 scn = elf_getscn (ebl->elf, cnt);
522 shdr = gelf_getshdr (scn, &shdr_mem);
523 if (shdr == NULL)
524 /* We cannot get the section header so we cannot check it.
525 The error to get the section header will be shown
526 somewhere else. */
527 continue;
528
529 if (shdr->sh_type != SHT_GROUP)
530 continue;
531
532 data = elf_getdata (scn, NULL);
533 if (data == NULL || data->d_size < sizeof (Elf32_Word))
534 /* Cannot check the section. */
535 continue;
536
537 grpdata = (Elf32_Word *) data->d_buf;
538 for (inner = 1; inner < data->d_size / sizeof (Elf32_Word); ++inner)
539 if (grpdata[inner] == (Elf32_Word) idx)
540 goto out;
541 }
542
543 out:
544 if (cnt == shnum)
545 ERROR (gettext ("\
546section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
547 idx, section_name (ebl, idx));
548 else
549 ERROR (gettext ("\
550section [%2d] '%s': section group [%2zu] '%s' does not preceed group member\n"),
551 idx, section_name (ebl, idx),
552 cnt, section_name (ebl, cnt));
553 }
554}
555
556
557static void
558check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, int idx)
559{
560 bool no_xndx_warned = false;
561 int no_pt_tls = 0;
562
563 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
564 GElf_Shdr shdr_mem;
565 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
566 GElf_Shdr strshdr_mem;
567 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
568 &strshdr_mem);
569 if (shdr == NULL || strshdr == NULL)
570 return;
571 Elf_Data *data = elf_getdata (scn, NULL);
572 if (data == NULL)
573 {
574 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
575 idx, section_name (ebl, idx));
576 return;
577 }
578
579 if (strshdr->sh_type != SHT_STRTAB)
580 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
581 shdr->sh_link, section_name (ebl, shdr->sh_link),
582 idx, section_name (ebl, idx));
583
584 /* Search for an extended section index table section. */
585 size_t cnt;
586 GElf_Shdr xndxshdr_mem;
587 GElf_Shdr *xndxshdr = NULL;
588 Elf_Data *xndxdata = NULL;
589 Elf32_Word xndxscnidx = 0;
590 for (cnt = 1; cnt < shnum; ++cnt)
591 if (cnt != (size_t) idx)
592 {
593 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
594 xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
595 xndxdata = elf_getdata (xndxscn, NULL);
596 xndxscnidx = elf_ndxscn (xndxscn);
597
598 if (xndxshdr == NULL || xndxdata == NULL)
599 continue;
600
601 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
602 && xndxshdr->sh_link == (GElf_Word) idx)
603 break;
604 }
605 if (cnt == shnum)
606 {
607 xndxshdr = NULL;
608 xndxdata = NULL;
609 }
610
611 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT))
612 ERROR (gettext ("\
613section [%2zu] '%s': entry size is does not match ElfXX_Sym\n"),
614 cnt, section_name (ebl, cnt));
615
616 /* Test the zeroth entry. */
617 GElf_Sym sym_mem;
618 Elf32_Word xndx;
619 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
620 if (sym == NULL)
621 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
622 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
623 else
624 {
625 if (sym->st_name != 0)
626 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
627 idx, section_name (ebl, idx), "st_name");
628 if (sym->st_value != 0)
629 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
630 idx, section_name (ebl, idx), "st_value");
631 if (sym->st_size != 0)
632 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
633 idx, section_name (ebl, idx), "st_size");
634 if (sym->st_info != 0)
635 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
636 idx, section_name (ebl, idx), "st_info");
637 if (sym->st_other != 0)
638 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
639 idx, section_name (ebl, idx), "st_other");
640 if (sym->st_shndx != 0)
641 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
642 idx, section_name (ebl, idx), "st_shndx");
643 if (xndxdata != NULL && xndx != 0)
644 ERROR (gettext ("\
645section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
646 xndxscnidx, section_name (ebl, xndxscnidx));
647 }
648
649 for (cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
650 {
651 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
652 if (sym == NULL)
653 {
654 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
655 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
656 continue;
657 }
658
659 const char *name = NULL;
660 if (sym->st_name >= strshdr->sh_size)
661 ERROR (gettext ("\
662section [%2d] '%s': symbol %zu: invalid name value\n"),
663 idx, section_name (ebl, idx), cnt);
664 else
665 {
666 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
667 assert (name != NULL);
668 }
669
670 if (sym->st_shndx == SHN_XINDEX)
671 {
672 if (xndxdata == NULL)
673 {
674 ERROR (gettext ("\
675section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
676 idx, section_name (ebl, idx), cnt);
677 no_xndx_warned = true;
678 }
679 else if (xndx < SHN_LORESERVE)
680 ERROR (gettext ("\
681section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
682 xndxscnidx, section_name (ebl, xndxscnidx), cnt,
683 xndx);
684 }
685 else if ((sym->st_shndx >= SHN_LORESERVE
686 // && sym->st_shndx <= SHN_HIRESERVE always true
687 && sym->st_shndx != SHN_ABS
688 && sym->st_shndx != SHN_COMMON)
689 || (sym->st_shndx >= shnum
690 && (sym->st_shndx < SHN_LORESERVE
691 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
692 ERROR (gettext ("\
693section [%2d] '%s': symbol %zu: invalid section index\n"),
694 idx, section_name (ebl, idx), cnt);
695 else
696 xndx = sym->st_shndx;
697
698 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM)
699 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
700 idx, section_name (ebl, idx), cnt);
701
702 if (GELF_ST_BIND (sym->st_info) >= STB_NUM)
703 ERROR (gettext ("\
704section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
705 idx, section_name (ebl, idx), cnt);
706
707 if (xndx == SHN_COMMON)
708 {
709 /* Common symbols can only appear in relocatable files. */
710 if (ehdr->e_type != ET_REL)
711 ERROR (gettext ("\
712section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
713 idx, section_name (ebl, idx), cnt);
714 if (cnt < shdr->sh_info)
715 ERROR (gettext ("\
716section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
717 idx, section_name (ebl, idx), cnt);
718 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
719 ERROR (gettext ("\
720section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
721 idx, section_name (ebl, idx), cnt);
722 }
723 else if (xndx > 0 && xndx < shnum)
724 {
725 GElf_Shdr destshdr_mem;
726 GElf_Shdr *destshdr;
727
728 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
729 if (destshdr != NULL)
730 {
731 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
732 {
733 if ((sym->st_value - destshdr->sh_addr) > destshdr->sh_size)
734 ERROR (gettext ("\
735section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
736 idx, section_name (ebl, idx), cnt);
737 else if ((sym->st_value - destshdr->sh_addr + sym->st_size)
738 > destshdr->sh_size)
739 ERROR (gettext ("\
740section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
741 idx, section_name (ebl, idx), cnt,
742 (int) xndx, section_name (ebl, xndx));
743 }
744 else
745 {
746 if ((destshdr->sh_flags & SHF_TLS) == 0)
747 ERROR (gettext ("\
748section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
749 idx, section_name (ebl, idx), cnt,
750 (int) xndx, section_name (ebl, xndx));
751
752 if (ehdr->e_type == ET_REL)
753 {
754 /* For object files the symbol value must fall
755 into the section. */
756 if (sym->st_value > destshdr->sh_size)
757 ERROR (gettext ("\
758section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
759 idx, section_name (ebl, idx), cnt,
760 (int) xndx, section_name (ebl, xndx));
761 else if (sym->st_value + sym->st_size
762 > destshdr->sh_size)
763 ERROR (gettext ("\
764section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
765 idx, section_name (ebl, idx), cnt,
766 (int) xndx, section_name (ebl, xndx));
767 }
768 else
769 {
770 GElf_Phdr phdr_mem;
771 GElf_Phdr *phdr = NULL;
772 int pcnt;
773
774 for (pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt)
775 {
776 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
777 if (phdr != NULL && phdr->p_type == PT_TLS)
778 break;
779 }
780
781 if (pcnt == ehdr->e_phnum)
782 {
783 if (no_pt_tls++ == 0)
784 ERROR (gettext ("\
785section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
786 idx, section_name (ebl, idx), cnt);
787 }
788 else
789 {
790 if (sym->st_value
791 < destshdr->sh_offset - phdr->p_offset)
792 ERROR (gettext ("\
793section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
794 idx, section_name (ebl, idx), cnt,
795 (int) xndx, section_name (ebl, xndx));
796 else if (sym->st_value
797 > (destshdr->sh_offset - phdr->p_offset
798 + destshdr->sh_size))
799 ERROR (gettext ("\
800section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
801 idx, section_name (ebl, idx), cnt,
802 (int) xndx, section_name (ebl, xndx));
803 else if (sym->st_value + sym->st_size
804 > (destshdr->sh_offset - phdr->p_offset
805 + destshdr->sh_size))
806 ERROR (gettext ("\
807section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
808 idx, section_name (ebl, idx), cnt,
809 (int) xndx, section_name (ebl, xndx));
810 }
811 }
812 }
813 }
814 }
815
816 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
817 {
818 if (cnt >= shdr->sh_info)
819 ERROR (gettext ("\
820section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
821 idx, section_name (ebl, idx), cnt);
822 }
823 else
824 {
825 if (cnt < shdr->sh_info)
826 ERROR (gettext ("\
827section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
828 idx, section_name (ebl, idx), cnt);
829 }
830
831 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
832 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
833 ERROR (gettext ("\
834section [%2d] '%s': symbol %zu: non-local section symbol\n"),
835 idx, section_name (ebl, idx), cnt);
836
837 if (name != NULL)
838 {
839 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
840 {
841 /* Check that address and size match the global offset
842 table. We have to locate the GOT by searching for a
843 section named ".got". */
844 Elf_Scn *gscn = NULL;
845 GElf_Addr addr = 0;
846 GElf_Xword size = 0;
847 bool found = false;
848
849 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
850 {
851 GElf_Shdr gshdr_mem;
852 GElf_Shdr *gshdr = gelf_getshdr (gscn, &gshdr_mem);
853 assert (gshdr != NULL);
854
855 const char *sname = elf_strptr (ebl->elf, ehdr->e_shstrndx,
856 gshdr->sh_name);
857 if (sname != NULL)
858 {
859 if (strcmp (sname, ".got.plt") == 0)
860 {
861 addr = gshdr->sh_addr;
862 size = gshdr->sh_size;
863 found = true;
864 break;
865 }
866 if (strcmp (sname, ".got") == 0)
867 {
868 addr = gshdr->sh_addr;
869 size = gshdr->sh_size;
870 found = true;
871 /* Do not stop looking. There might be a
872 .got.plt section. */
873 }
874 }
875 }
876
877 if (found)
878 {
879 /* Found it. */
880 if (sym->st_value != addr)
881 /* This test is more strict than the psABIs which
882 usually allow the symbol to be in the middle of
883 the .got section, allowing negative offsets. */
884 ERROR (gettext ("\
885section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match .got section address %#" PRIx64 "\n"),
886 idx, section_name (ebl, idx),
887 (uint64_t) sym->st_value, (uint64_t) addr);
888
889 if (!gnuld && sym->st_size != size)
890 ERROR (gettext ("\
891section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match .got section size %" PRIu64 "\n"),
892 idx, section_name (ebl, idx),
893 (uint64_t) sym->st_size, (uint64_t) size);
894 }
895 else
896 ERROR (gettext ("\
897section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
898 idx, section_name (ebl, idx));
899 }
900 else if (strcmp (name, "_DYNAMIC") == 0)
901 {
902 /* Check that address and size match the dynamic
903 section. We locate the dynamic section via the
904 program header entry. */
905 int pcnt;
906
907 for (pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt)
908 {
909 GElf_Phdr phdr_mem;
910 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
911
912 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
913 {
914 if (sym->st_value != phdr->p_vaddr)
915 ERROR (gettext ("\
916section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
917 idx, section_name (ebl, idx),
918 (uint64_t) sym->st_value,
919 (uint64_t) phdr->p_vaddr);
920
921 if (!gnuld && sym->st_size != phdr->p_memsz)
922 ERROR (gettext ("\
923section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
924 idx, section_name (ebl, idx),
925 (uint64_t) sym->st_size,
926 (uint64_t) phdr->p_memsz);
927
928 break;
929 }
930 }
931 }
932 }
933 }
934}
935
936
937static bool
938is_rel_dyn (Ebl *ebl, GElf_Ehdr *ehdr, int idx, GElf_Shdr *shdr, bool rela)
939{
940 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
941 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
942 return false;
943
944 /* Check the section name. Unfortunately necessary. */
945 if (strcmp (section_name (ebl, idx), rela ? ".rela.dyn" : ".rel.dyn"))
946 return false;
947
948 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
949 entry can be present as well. */
950 Elf_Scn *scn = NULL;
951 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
952 {
953 GElf_Shdr rcshdr_mem;
954 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
955 assert (rcshdr != NULL);
956
957 if (rcshdr->sh_type == SHT_DYNAMIC)
958 {
959 /* Found the dynamic section. Look through it. */
960 Elf_Data *d = elf_getdata (scn, NULL);
961 size_t cnt;
962
963 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
964 {
965 GElf_Dyn dyn_mem;
966 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
967 assert (dyn != NULL);
968
969 if (dyn->d_tag == DT_RELCOUNT)
970 {
971 /* Found it. One last check: does the number
972 specified number of relative relocations exceed
973 the total number of relocations? */
974 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
975 ERROR (gettext ("\
976section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
977 idx, section_name (ebl, idx),
978 (int) dyn->d_un.d_val);
979 }
980 }
981
982 break;
983 }
984 }
985
986 return true;
987}
988
989
990static void
991check_rela (Ebl *ebl, GElf_Ehdr *ehdr, int idx)
992{
993 Elf_Scn *scn;
994 GElf_Shdr shdr_mem;
995 GElf_Shdr *shdr;
996 Elf_Data *data;
997 GElf_Shdr destshdr_mem;
998 GElf_Shdr *destshdr = NULL;
999 size_t cnt;
1000 bool reldyn = false;
1001 bool known_broken = gnuld;
1002
1003 scn = elf_getscn (ebl->elf, idx);
1004 shdr = gelf_getshdr (scn, &shdr_mem);
1005 if (shdr == NULL)
1006 return;
1007 data = elf_getdata (scn, NULL);
1008 if (data == NULL)
1009 {
1010 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1011 idx, section_name (ebl, idx));
1012 return;
1013 }
1014
1015 /* Check whether the link to the section we relocate is reasonable. */
1016 if (shdr->sh_info >= shnum)
1017 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1018 idx, section_name (ebl, idx));
1019 else
1020 {
1021 destshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1022 &destshdr_mem);
1023 if (destshdr != NULL)
1024 {
1025 if(destshdr->sh_type != SHT_PROGBITS
1026 && destshdr->sh_type != SHT_NOBITS)
1027 {
1028 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1029 if (!reldyn)
1030 ERROR (gettext ("\
1031section [%2d] '%s': invalid destination section type\n"),
1032 idx, section_name (ebl, idx));
1033 else
1034 {
1035 /* There is no standard, but we require that .rela.dyn
1036 sections have a sh_info value of zero. */
1037 if (shdr->sh_info != 0)
1038 ERROR (gettext ("\
1039section [%2d] '%s': sh_info should be zero\n"),
1040 idx, section_name (ebl, idx));
1041 }
1042 }
1043
1044 if ((destshdr->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0)
1045 ERROR (gettext ("\
1046section [%2d] '%s': no relocations for merge-able sections possible\n"),
1047 idx, section_name (ebl, idx));
1048 }
1049 }
1050
1051 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT))
1052 ERROR (gettext ("\
1053section [%2d] '%s': section entry size does not match ElfXX_Rela\n"),
1054 idx, section_name (ebl, idx));
1055
1056 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1057 GElf_Shdr symshdr_mem;
1058 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1059 Elf_Data *symdata = elf_getdata (symscn, NULL);
1060
1061 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1062 {
1063 GElf_Rela rela_mem;
1064 GElf_Rela *rela;
1065
1066 rela = gelf_getrela (data, cnt, &rela_mem);
1067 if (rela == NULL)
1068 {
1069 ERROR (gettext ("\
1070section [%2d] '%s': cannot get relocation %zu: %s\n"),
1071 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1072 continue;
1073 }
1074
1075 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (rela->r_info)))
1076 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1077 idx, section_name (ebl, idx), cnt);
1078 else if (!ebl_reloc_valid_use (ebl, GELF_R_TYPE (rela->r_info)))
1079 ERROR (gettext ("\
1080section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1081 idx, section_name (ebl, idx), cnt);
1082
1083 if (symshdr != NULL
1084 && ((GELF_R_SYM (rela->r_info) + 1)
1085 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1086 > symshdr->sh_size))
1087 ERROR (gettext ("\
1088section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1089 idx, section_name (ebl, idx), cnt);
1090
1091 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (rela->r_info)))
1092 {
1093 const char *name;
1094 char buf[64];
1095 GElf_Sym sym_mem;
1096 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (rela->r_info),
1097 &sym_mem);
1098 if (sym != NULL
1099 /* Get the name for the symbol. */
1100 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1101 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1102 ERROR (gettext ("\
1103section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1104 idx, section_name (ebl, idx), cnt,
1105 ebl_reloc_type_name (ebl, GELF_R_SYM (rela->r_info),
1106 buf, sizeof (buf)));
1107 }
1108
1109 if (reldyn)
1110 {
1111 // XXX TODO Check .rel.dyn section addresses.
1112 }
1113 else if (!known_broken)
1114 {
1115 if (destshdr != NULL
1116 && (rela->r_offset - destshdr->sh_addr) >= destshdr->sh_size)
1117 ERROR (gettext ("\
1118section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1119 idx, section_name (ebl, idx), cnt);
1120 }
1121
1122 if (symdata != NULL
1123 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
1124 {
1125 /* Make sure the referenced symbol is an object or unspecified. */
1126 GElf_Sym sym_mem;
1127 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (rela->r_info),
1128 &sym_mem);
1129 if (sym != NULL
1130 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1131 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1132 {
1133 char buf[64];
1134 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1135 idx, section_name (ebl, idx), cnt,
1136 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1137 buf, sizeof (buf)));
1138 }
1139 }
1140 }
1141}
1142
1143
1144static void
1145check_rel (Ebl *ebl, GElf_Ehdr *ehdr, int idx)
1146{
1147 Elf_Scn *scn;
1148 GElf_Shdr shdr_mem;
1149 GElf_Shdr *shdr;
1150 Elf_Data *data;
1151 GElf_Shdr destshdr_mem;
1152 GElf_Shdr *destshdr = NULL;
1153 size_t cnt;
1154 bool reldyn = false;
1155 bool known_broken = gnuld;
1156
1157 scn = elf_getscn (ebl->elf, idx);
1158 shdr = gelf_getshdr (scn, &shdr_mem);
1159 if (shdr == NULL)
1160 return;
1161 data = elf_getdata (scn, NULL);
1162 if (data == NULL)
1163 {
1164 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1165 idx, section_name (ebl, idx));
1166 return;
1167 }
1168
1169 /* Check whether the link to the section we relocate is reasonable. */
1170 if (shdr->sh_info >= shnum)
1171 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1172 idx, section_name (ebl, idx));
1173 else
1174 {
1175 destshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1176 &destshdr_mem);
1177 if (destshdr != NULL)
1178 {
1179 if (destshdr->sh_type != SHT_PROGBITS
1180 && destshdr->sh_type != SHT_NOBITS)
1181 {
1182 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, false);
1183 if (!reldyn)
1184 ERROR (gettext ("\
1185section [%2d] '%s': invalid destination section type\n"),
1186 idx, section_name (ebl, idx));
1187 else
1188 {
1189 /* There is no standard, but we require that .rela.dyn
1190 sections have a sh_info value of zero. */
1191 if (shdr->sh_info != 0)
1192 ERROR (gettext ("\
1193section [%2d] '%s': sh_info should be zero\n"),
1194 idx, section_name (ebl, idx));
1195 }
1196 }
1197
1198 if ((destshdr->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0)
1199 ERROR (gettext ("\
1200section [%2d] '%s': no relocations for merge-able sections possible\n"),
1201 idx, section_name (ebl, idx));
1202 }
1203 }
1204
1205 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT))
1206 ERROR (gettext ("\
1207section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1208 idx, section_name (ebl, idx));
1209
1210 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1211 GElf_Shdr symshdr_mem;
1212 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1213 Elf_Data *symdata = elf_getdata (symscn, NULL);
1214
1215 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1216 {
1217 GElf_Rel rel_mem;
1218 GElf_Rel *rel;
1219
1220 rel = gelf_getrel (data, cnt, &rel_mem);
1221 if (rel == NULL)
1222 {
1223 ERROR (gettext ("\
1224section [%2d] '%s': cannot get relocation %zu: %s\n"),
1225 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1226 continue;
1227 }
1228
1229 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (rel->r_info)))
1230 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1231 idx, section_name (ebl, idx), cnt);
1232 else if (!ebl_reloc_valid_use (ebl, GELF_R_TYPE (rel->r_info)))
1233 ERROR (gettext ("\
1234section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1235 idx, section_name (ebl, idx), cnt);
1236
1237 if (symshdr != NULL
1238 && ((GELF_R_SYM (rel->r_info) + 1)
1239 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1240 > symshdr->sh_size))
1241 ERROR (gettext ("\
1242section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1243 idx, section_name (ebl, idx), cnt);
1244
1245 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (rel->r_info)))
1246 {
1247 const char *name;
1248 char buf[64];
1249 GElf_Sym sym_mem;
1250 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (rel->r_info),
1251 &sym_mem);
1252 if (sym != NULL
1253 /* Get the name for the symbol. */
1254 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1255 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1256 ERROR (gettext ("\
1257section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1258 idx, section_name (ebl, idx), cnt,
1259 ebl_reloc_type_name (ebl, GELF_R_SYM (rel->r_info),
1260 buf, sizeof (buf)));
1261 }
1262
1263 if (reldyn)
1264 {
1265 // XXX TODO Check .rel.dyn section addresses.
1266 }
1267 else if (!known_broken)
1268 {
1269 if (destshdr != NULL
1270 && GELF_R_TYPE (rel->r_info) != 0
1271 && (rel->r_offset - destshdr->sh_addr) >= destshdr->sh_size)
1272 ERROR (gettext ("\
1273section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1274 idx, section_name (ebl, idx), cnt);
1275 }
1276
1277 if (symdata != NULL
1278 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
1279 {
1280 /* Make sure the referenced symbol is an object or unspecified. */
1281 GElf_Sym sym_mem;
1282 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (rel->r_info),
1283 &sym_mem);
1284 if (sym != NULL
1285 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1286 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1287 {
1288 char buf[64];
1289 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1290 idx, section_name (ebl, idx), cnt,
1291 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1292 buf, sizeof (buf)));
1293 }
1294 }
1295 }
1296}
1297
1298
1299/* Number of dynamic sections. */
1300static int ndynamic;
1301
1302
1303static void
1304check_dynamic (Ebl *ebl, int idx)
1305{
1306 Elf_Scn *scn;
1307 GElf_Shdr shdr_mem;
1308 GElf_Shdr *shdr;
1309 Elf_Data *data;
1310 GElf_Shdr strshdr_mem;
1311 GElf_Shdr *strshdr;
1312 size_t cnt;
1313 static const bool dependencies[DT_NUM][DT_NUM] =
1314 {
1315 [DT_NEEDED] = { [DT_STRTAB] = true },
1316 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1317 [DT_HASH] = { [DT_SYMTAB] = true },
1318 [DT_STRTAB] = { [DT_STRSZ] = true },
1319 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_HASH] = true,
1320 [DT_SYMENT] = true },
1321 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1322 [DT_RELASZ] = { [DT_RELA] = true },
1323 [DT_RELAENT] = { [DT_RELA] = true },
1324 [DT_STRSZ] = { [DT_STRTAB] = true },
1325 [DT_SYMENT] = { [DT_SYMTAB] = true },
1326 [DT_SONAME] = { [DT_STRTAB] = true },
1327 [DT_RPATH] = { [DT_STRTAB] = true },
1328 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1329 [DT_RELSZ] = { [DT_REL] = true },
1330 [DT_RELENT] = { [DT_REL] = true },
1331 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1332 [DT_RUNPATH] = { [DT_STRTAB] = true },
1333 [DT_PLTREL] = { [DT_JMPREL] = true },
1334 [DT_PLTRELSZ] = { [DT_JMPREL] = true }
1335 };
1336 bool has_dt[DT_NUM];
1337 static const bool level2[DT_NUM] =
1338 {
1339 [DT_RPATH] = true,
1340 [DT_SYMBOLIC] = true,
1341 [DT_TEXTREL] = true,
1342 [DT_BIND_NOW] = true
1343 };
1344 static const bool mandatory[DT_NUM] =
1345 {
1346 [DT_NULL] = true,
1347 [DT_HASH] = true,
1348 [DT_STRTAB] = true,
1349 [DT_SYMTAB] = true,
1350 [DT_STRSZ] = true,
1351 [DT_SYMENT] = true
1352 };
1353 GElf_Addr reladdr = 0;
1354 GElf_Word relsz = 0;
1355 GElf_Addr pltreladdr = 0;
1356 GElf_Word pltrelsz = 0;
1357
1358 memset (has_dt, '\0', sizeof (has_dt));
1359
1360 if (++ndynamic == 2)
1361 ERROR (gettext ("more than one dynamic section present\n"));
1362
1363 scn = elf_getscn (ebl->elf, idx);
1364 shdr = gelf_getshdr (scn, &shdr_mem);
1365 if (shdr == NULL)
1366 return;
1367 data = elf_getdata (scn, NULL);
1368 if (data == NULL)
1369 {
1370 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1371 idx, section_name (ebl, idx));
1372 return;
1373 }
1374
1375 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1376 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1377 ERROR (gettext ("\
1378section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1379 shdr->sh_link, section_name (ebl, shdr->sh_link),
1380 idx, section_name (ebl, idx));
1381
1382 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT))
1383 ERROR (gettext ("\
1384section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1385 idx, section_name (ebl, idx));
1386
1387 if (shdr->sh_info != 0)
1388 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1389 idx, section_name (ebl, idx));
1390
1391 bool non_null_warned = false;
1392 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1393 {
1394 GElf_Dyn dyn_mem;
1395 GElf_Dyn *dyn;
1396
1397 dyn = gelf_getdyn (data, cnt, &dyn_mem);
1398 if (dyn == NULL)
1399 {
1400 ERROR (gettext ("\
1401section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1402 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1403 continue;
1404 }
1405
1406 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1407 {
1408 ERROR (gettext ("\
1409section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1410 idx, section_name (ebl, idx));
1411 non_null_warned = true;
1412 }
1413
1414 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1415 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
1416 idx, section_name (ebl, idx), cnt);
1417
1418 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1419 {
1420 if (has_dt[dyn->d_tag]
1421 && dyn->d_tag != DT_NEEDED
1422 && dyn->d_tag != DT_NULL
1423 && dyn->d_tag != DT_POSFLAG_1)
1424 {
1425 char buf[50];
1426 ERROR (gettext ("\
1427section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1428 idx, section_name (ebl, idx), cnt,
1429 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1430 buf, sizeof (buf)));
1431 }
1432
1433 if (be_strict && level2[dyn->d_tag])
1434 {
1435 char buf[50];
1436 ERROR (gettext ("\
1437section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1438 idx, section_name (ebl, idx), cnt,
1439 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1440 buf, sizeof (buf)));
1441 }
1442
1443 has_dt[dyn->d_tag] = true;
1444 }
1445
1446 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1447 && dyn->d_un.d_val != DT_RELA)
1448 ERROR (gettext ("\
1449section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1450 idx, section_name (ebl, idx), cnt);
1451
1452 if (dyn->d_tag == DT_REL)
1453 reladdr = dyn->d_un.d_ptr;
1454 if (dyn->d_tag == DT_RELSZ)
1455 relsz = dyn->d_un.d_val;
1456 if (dyn->d_tag == DT_JMPREL)
1457 pltreladdr = dyn->d_un.d_ptr;
1458 if (dyn->d_tag == DT_PLTRELSZ)
1459 pltrelsz = dyn->d_un.d_val;
1460 }
1461
1462 for (cnt = 1; cnt < DT_NUM; ++cnt)
1463 if (has_dt[cnt])
1464 {
1465 int inner;
1466
1467 for (inner = 0; inner < DT_NUM; ++inner)
1468 if (dependencies[cnt][inner] && ! has_dt[inner])
1469 {
1470 char buf1[50];
1471 char buf2[50];
1472
1473 ERROR (gettext ("\
1474section [%2d] '%s': contains %s entry but not %s\n"),
1475 idx, section_name (ebl, idx),
1476 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1477 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1478 }
1479 }
1480 else
1481 {
1482 if (mandatory[cnt])
1483 {
1484 char buf[50];
1485 ERROR (gettext ("\
1486section [%2d] '%s': mandatory tag %s not present\n"),
1487 idx, section_name (ebl, idx),
1488 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1489 }
1490 }
1491
1492 /* Check the rel/rela tags. At least one group must be available. */
1493 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1494 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1495 ERROR (gettext ("\
1496section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1497 idx, section_name (ebl, idx),
1498 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1499
1500 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1501 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1502 ERROR (gettext ("\
1503section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1504 idx, section_name (ebl, idx),
1505 "DT_REL", "DT_RELSZ", "DT_RELENT");
1506}
1507
1508
1509static void
1510check_symtab_shndx (Ebl *ebl, int idx)
1511{
1512 Elf_Scn *scn;
1513 GElf_Shdr shdr_mem;
1514 GElf_Shdr *shdr;
1515 GElf_Shdr symshdr_mem;
1516 GElf_Shdr *symshdr;
1517 Elf_Scn *symscn;
1518 size_t cnt;
1519 Elf_Data *data;
1520 Elf_Data *symdata;
1521
1522 scn = elf_getscn (ebl->elf, idx);
1523 shdr = gelf_getshdr (scn, &shdr_mem);
1524 if (shdr == NULL)
1525 return;
1526
1527 symscn = elf_getscn (ebl->elf, shdr->sh_link);
1528 symshdr = gelf_getshdr (symscn, &symshdr_mem);
1529 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1530 ERROR (gettext ("\
1531section [%2d] '%s': extended section index section not for symbol table\n"),
1532 idx, section_name (ebl, idx));
1533 symdata = elf_getdata (symscn, NULL);
1534 if (symdata == NULL)
1535 ERROR (gettext ("cannot get data for symbol section\n"));
1536
1537 if (shdr->sh_entsize != sizeof (Elf32_Word))
1538 ERROR (gettext ("\
1539section [%2d] '%s': entry size does not match Elf32_Word\n"),
1540 idx, section_name (ebl, idx));
1541
1542 if (symshdr != NULL
1543 && (shdr->sh_size / shdr->sh_entsize
1544 < symshdr->sh_size / symshdr->sh_entsize))
1545 ERROR (gettext ("\
1546section [%2d] '%s': extended index table too small for symbol table\n"),
1547 idx, section_name (ebl, idx));
1548
1549 if (shdr->sh_info != 0)
1550 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1551 idx, section_name (ebl, idx));
1552
1553 for (cnt = idx + 1; cnt < shnum; ++cnt)
1554 {
1555 GElf_Shdr rshdr_mem;
1556 GElf_Shdr *rshdr;
1557
1558 rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1559 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1560 && rshdr->sh_link == shdr->sh_link)
1561 {
1562 ERROR (gettext ("\
1563section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1564 idx, section_name (ebl, idx),
1565 cnt, section_name (ebl, cnt));
1566 break;
1567 }
1568 }
1569
1570 data = elf_getdata (scn, NULL);
1571
1572 if (*((Elf32_Word *) data->d_buf) != 0)
1573 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1574
1575 for (cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
1576 {
1577 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
1578
1579 if (xndx != 0)
1580 {
1581 GElf_Sym sym_data;
1582 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
1583 if (sym == NULL)
1584 {
1585 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
1586 continue;
1587 }
1588
1589 if (sym->st_shndx != SHN_XINDEX)
1590 ERROR (gettext ("\
1591extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
1592 (uint32_t) xndx);
1593 }
1594 }
1595}
1596
1597
1598static void
1599check_hash (Ebl *ebl, int idx)
1600{
1601 Elf_Scn *scn;
1602 GElf_Shdr shdr_mem;
1603 GElf_Shdr *shdr;
1604 Elf_Data *data;
1605 Elf32_Word nbucket;
1606 Elf32_Word nchain;
1607 GElf_Shdr symshdr_mem;
1608 GElf_Shdr *symshdr;
1609
1610 scn = elf_getscn (ebl->elf, idx);
1611 shdr = gelf_getshdr (scn, &shdr_mem);
1612 if (shdr == NULL)
1613 return;
1614 data = elf_getdata (scn, NULL);
1615 if (data == NULL)
1616 {
1617 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1618 idx, section_name (ebl, idx));
1619 return;
1620 }
1621
1622 symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &symshdr_mem);
1623 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
1624 ERROR (gettext ("\
1625section [%2d] '%s': hash table not for dynamic symbol table\n"),
1626 idx, section_name (ebl, idx));
1627
1628 if (shdr->sh_entsize != sizeof (Elf32_Word))
1629 ERROR (gettext ("\
1630section [%2d] '%s': entry size does not match Elf32_Word\n"),
1631 idx, section_name (ebl, idx));
1632
1633 if ((shdr->sh_flags & SHF_ALLOC) == 0)
1634 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
1635 idx, section_name (ebl, idx));
1636
1637 if (shdr->sh_size < 2 * shdr->sh_entsize)
1638 {
1639 ERROR (gettext ("\
1640section [%2d] '%s': hash table has not even room for nbucket and nchain\n"),
1641 idx, section_name (ebl, idx));
1642 return;
1643 }
1644
1645 nbucket = ((Elf32_Word *) data->d_buf)[0];
1646 nchain = ((Elf32_Word *) data->d_buf)[1];
1647
1648 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
1649 ERROR (gettext ("\
1650section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
1651 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1652 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
1653
1654 if (symshdr != NULL)
1655 {
1656 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1657 size_t cnt;
1658
1659 if (nchain < symshdr->sh_size / symshdr->sh_entsize)
1660 ERROR (gettext ("section [%2d] '%s': chain array not large enough\n"),
1661 idx, section_name (ebl, idx));
1662
1663 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1664 if (((Elf32_Word *) data->d_buf)[cnt] >= symsize)
1665 ERROR (gettext ("\
1666section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1667 idx, section_name (ebl, idx), cnt - 2);
1668
1669 for (; cnt < 2 + nbucket + nchain; ++cnt)
1670 if (((Elf32_Word *) data->d_buf)[cnt] >= symsize)
1671 ERROR (gettext ("\
1672section [%2d] '%s': hash chain reference %zu out of bounds\n"),
1673 idx, section_name (ebl, idx), cnt - 2 - nbucket);
1674 }
1675}
1676
1677
1678static void
1679check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
1680{
1681#define TEST(name, extra) \
1682 if (extra && shdr->sh_##name != 0) \
1683 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
1684 idx, section_name (ebl, idx), #name)
1685
1686 TEST (name, 1);
1687 TEST (flags, 1);
1688 TEST (addr, 1);
1689 TEST (offset, 1);
1690 TEST (size, idx != 0);
1691 TEST (link, idx != 0);
1692 TEST (info, 1);
1693 TEST (addralign, 1);
1694 TEST (entsize, 1);
1695}
1696
1697
1698static void
1699check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1700{
1701 if (ehdr->e_type != ET_REL)
1702 {
1703 ERROR (gettext ("\
1704section [%2d] '%s': section groups only allowed in relocatable object files\n"),
1705 idx, section_name (ebl, idx));
1706 return;
1707 }
1708
1709 /* Check that sh_link is an index of a symbol table. */
1710 GElf_Shdr symshdr_mem;
1711 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1712 &symshdr_mem);
1713 if (symshdr == NULL)
1714 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
1715 idx, section_name (ebl, idx), elf_errmsg (-1));
1716 else
1717 {
1718 if (symshdr->sh_type != SHT_SYMTAB)
1719 ERROR (gettext ("\
1720section [%2d] '%s': section reference in sh_link is no symbol table\n"),
1721 idx, section_name (ebl, idx));
1722
1723 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
1724 1, EV_CURRENT))
1725 ERROR (gettext ("\
1726section [%2d] '%s': invalid symbol index in sh_info\n"),
1727 idx, section_name (ebl, idx));
1728
1729 if (shdr->sh_flags != 0)
1730 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
1731 idx, section_name (ebl, idx));
1732
1733 if (be_strict
1734 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
1735 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
1736 idx, section_name (ebl, idx));
1737 }
1738
1739 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1740 if (data == NULL)
1741 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
1742 idx, section_name (ebl, idx), elf_errmsg (-1));
1743 else
1744 {
1745 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
1746 size_t cnt;
1747 Elf32_Word val;
1748
1749 if (data->d_size % elsize != 0)
1750 ERROR (gettext ("\
1751section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
1752 idx, section_name (ebl, idx));
1753
1754 if (data->d_size < elsize)
1755 ERROR (gettext ("\
1756section [%2d] '%s': section group without flags word\n"),
1757 idx, section_name (ebl, idx));
1758 else if (be_strict)
1759 {
1760 if (data->d_size < 2 * elsize)
1761 ERROR (gettext ("\
1762section [%2d] '%s': section group without member\n"),
1763 idx, section_name (ebl, idx));
1764 else if (data->d_size < 3 * elsize)
1765 ERROR (gettext ("\
1766section [%2d] '%s': section group with only one member\n"),
1767 idx, section_name (ebl, idx));
1768 }
1769
1770#if ALLOW_UNALIGNED
1771 val = *((Elf32_Word *) data->d_buf);
1772#else
1773 memcpy (&val, data->d_buf, elsize);
1774#endif
1775 if ((val & ~GRP_COMDAT) != 0)
1776 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
1777 idx, section_name (ebl, idx));
1778
1779 for (cnt = elsize; cnt < data->d_size; cnt += elsize)
1780 {
1781#if ALLOW_UNALIGNED
1782 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
1783#else
1784 memcpy (&val, (char *) data->d_buf + cnt, elsize);
1785#endif
1786
1787 if (val > shnum)
1788 ERROR (gettext ("\
1789section [%2d] '%s': section index %Zu out of range\n"),
1790 idx, section_name (ebl, idx), cnt / elsize);
1791 else
1792 {
1793 GElf_Shdr refshdr_mem;
1794 GElf_Shdr *refshdr;
1795
1796 refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
1797 &refshdr_mem);
1798 if (refshdr == NULL)
1799 ERROR (gettext ("\
1800section [%2d] '%s': cannot get section header for element %zu: %s\n"),
1801 idx, section_name (ebl, idx), cnt / elsize,
1802 elf_errmsg (-1));
1803 else
1804 {
1805 if (refshdr->sh_type == SHT_GROUP)
1806 ERROR (gettext ("\
1807section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
1808 idx, section_name (ebl, idx),
1809 val, section_name (ebl, val));
1810
1811 if ((refshdr->sh_flags & SHF_GROUP) == 0)
1812 ERROR (gettext ("\
1813section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
1814 idx, section_name (ebl, idx), cnt / elsize,
1815 val, section_name (ebl, val));
1816 }
1817
1818 if (++scnref[val] == 2)
1819 ERROR (gettext ("\
1820section [%2d] '%s' is contained in more than one section group\n"),
1821 val, section_name (ebl, val));
1822 }
1823 }
1824 }
1825}
1826
1827
1828static bool has_loadable_segment;
1829static bool has_interp_segment;
1830
1831static const struct
1832{
1833 const char *name;
1834 size_t namelen;
1835 GElf_Word type;
1836 enum { unused, exact, atleast } attrflag;
1837 GElf_Word attr;
1838 GElf_Word attr2;
1839} special_sections[] =
1840 {
1841 /* See figure 4-14 in the gABI. */
1842 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
1843 { ".comment", 8, SHT_PROGBITS, exact, 0, 0 },
1844 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
1845 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
1846 { ".debug", 7, SHT_PROGBITS, exact, 0, 0 },
1847 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
1848 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
1849 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
1850 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
1851 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
1852 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
1853 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
1854 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
1855 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
1856 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
1857 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
1858 { ".note", 6, SHT_NOTE, exact, 0, 0 },
1859 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
1860 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
1861 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC }, // XXX more tests
1862 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC }, // XXX more tests
1863 { ".rodata", 8, SHT_PROGBITS, exact, SHF_ALLOC, 0 },
1864 { ".rodata1", 9, SHT_PROGBITS, exact, SHF_ALLOC, 0 },
1865 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
1866 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
1867 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
1868 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
1869 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
1870 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
1871 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
1872 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }
1873 };
1874#define nspecial_sections \
1875 (sizeof (special_sections) / sizeof (special_sections[0]))
1876
1877
1878static const char *
1879section_flags_string (GElf_Word flags, char *buf, size_t len)
1880{
1881 static const struct
1882 {
1883 GElf_Word flag;
1884 const char *name;
1885 } known_flags[] =
1886 {
1887#define NEWFLAG(name) { SHF_##name, #name }
1888 NEWFLAG (WRITE),
1889 NEWFLAG (ALLOC),
1890 NEWFLAG (EXECINSTR),
1891 NEWFLAG (MERGE),
1892 NEWFLAG (STRINGS),
1893 NEWFLAG (INFO_LINK),
1894 NEWFLAG (LINK_ORDER),
1895 NEWFLAG (OS_NONCONFORMING),
1896 NEWFLAG (GROUP),
1897 NEWFLAG (TLS)
1898 };
1899#undef NEWFLAG
1900 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
1901
1902 char *cp = buf;
1903 size_t cnt;
1904
1905 for (cnt = 0; cnt < nknown_flags; ++cnt)
1906 if (flags & known_flags[cnt].flag)
1907 {
1908 if (cp != buf && len > 1)
1909 {
1910 *cp++ = '|';
1911 --len;
1912 }
1913
1914 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
1915 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
1916 len -= ncopy;
1917
1918 flags ^= known_flags[cnt].flag;
1919 }
1920
1921 if (flags != 0 || cp == buf)
1922 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
1923
1924 *cp = '\0';
1925
1926 return buf;
1927}
1928
1929
1930static void
1931check_versym (Ebl *ebl, GElf_Shdr *shdr, int idx)
1932{
1933 /* The number of elements in the version symbol table must be the
1934 same as the number of symbols. */
1935 GElf_Shdr symshdr_mem;
1936 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1937 &symshdr_mem);
1938 if (symshdr == NULL)
1939 /* The error has already been reported. */
1940 return;
1941
1942 if (symshdr->sh_type != SHT_DYNSYM)
1943 {
1944 ERROR (gettext ("\
1945section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
1946 idx, section_name (ebl, idx),
1947 shdr->sh_link, section_name (ebl, shdr->sh_link));
1948 return;
1949 }
1950
1951 if (shdr->sh_size / shdr->sh_entsize
1952 != symshdr->sh_size / symshdr->sh_entsize)
1953 ERROR (gettext ("\
1954section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
1955 idx, section_name (ebl, idx),
1956 shdr->sh_link, section_name (ebl, shdr->sh_link));
1957
1958 // XXX TODO A lot more tests
1959 // check value of the fields. local symbols must have zero entries.
1960 // nonlocal symbols refer to valid version. Check that version index
1961 // in bound.
1962}
1963
1964
1965static void
1966check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
1967{
1968 GElf_Shdr shdr_mem;
1969 GElf_Shdr *shdr;
1970 size_t cnt;
1971 bool dot_interp_section = false;
1972
1973 if (ehdr->e_shoff == 0)
1974 /* No section header. */
1975 return;
1976
1977 /* Allocate array to count references in section groups. */
1978 scnref = (int *) xcalloc (shnum, sizeof (int));
1979
1980 /* Check the zeroth section first. It must not have any contents
1981 and the section header must contain nonzero value at most in the
1982 sh_size and sh_link fields. */
1983 shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
1984 if (shdr == NULL)
1985 ERROR (gettext ("cannot get section header of zeroth section\n"));
1986 else
1987 {
1988 if (shdr->sh_name != 0)
1989 ERROR (gettext ("zeroth section has nonzero name\n"));
1990 if (shdr->sh_type != 0)
1991 ERROR (gettext ("zeroth section has nonzero type\n"));
1992 if (shdr->sh_flags != 0)
1993 ERROR (gettext ("zeroth section has nonzero flags\n"));
1994 if (shdr->sh_addr != 0)
1995 ERROR (gettext ("zeroth section has nonzero address\n"));
1996 if (shdr->sh_offset != 0)
1997 ERROR (gettext ("zeroth section has nonzero offset\n"));
1998 if (shdr->sh_info != 0)
1999 ERROR (gettext ("zeroth section has nonzero info field\n"));
2000 if (shdr->sh_addralign != 0)
2001 ERROR (gettext ("zeroth section has nonzero align value\n"));
2002 if (shdr->sh_entsize != 0)
2003 ERROR (gettext ("zeroth section has nonzero entry size value\n"));
2004
2005 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
2006 ERROR (gettext ("\
2007zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
2008
2009 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
2010 ERROR (gettext ("\
2011zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
2012 }
2013
2014 for (cnt = 1; cnt < shnum; ++cnt)
2015 {
2016 Elf_Scn *scn;
2017
2018 scn = elf_getscn (ebl->elf, cnt);
2019 shdr = gelf_getshdr (scn, &shdr_mem);
2020 if (shdr == NULL)
2021 {
2022 ERROR (gettext ("\
2023cannot get section header for section [%2zu] '%s': %s\n"),
2024 cnt, section_name (ebl, cnt), elf_errmsg (-1));
2025 continue;
2026 }
2027
2028 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
2029
2030 if (scnname == NULL)
2031 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
2032 else
2033 {
2034 /* Check whether it is one of the special sections defined in
2035 the gABI. */
2036 size_t s;
2037 for (s = 0; s < nspecial_sections; ++s)
2038 if (strncmp (scnname, special_sections[s].name,
2039 special_sections[s].namelen) == 0)
2040 {
2041 char stbuf1[100];
2042 char stbuf2[100];
2043 char stbuf3[100];
2044
2045 if (shdr->sh_type != special_sections[s].type
2046 && !(is_debuginfo && shdr->sh_type == SHT_NOBITS))
2047 ERROR (gettext ("\
2048section [%2d] '%s' has wrong type: expected %s, is %s\n"),
2049 (int) cnt, scnname,
2050 ebl_section_type_name (ebl, special_sections[s].type,
2051 stbuf1, sizeof (stbuf1)),
2052 ebl_section_type_name (ebl, shdr->sh_type,
2053 stbuf2, sizeof (stbuf2)));
2054
2055 if (special_sections[s].attrflag == exact)
2056 {
2057 /* Except for the link order and group bit all the
2058 other bits should match exactly. */
2059 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP))
2060 != special_sections[s].attr)
2061 ERROR (gettext ("\
2062section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
2063 cnt, scnname,
2064 section_flags_string (special_sections[s].attr,
2065 stbuf1, sizeof (stbuf1)),
2066 section_flags_string (shdr->sh_flags
2067 & ~SHF_LINK_ORDER,
2068 stbuf2, sizeof (stbuf2)));
2069 }
2070 else if (special_sections[s].attrflag == atleast)
2071 {
2072 if ((shdr->sh_flags & special_sections[s].attr)
2073 != special_sections[s].attr
2074 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP
2075 | special_sections[s].attr
2076 | special_sections[s].attr2))
2077 != 0))
2078 ERROR (gettext ("\
2079section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
2080 cnt, scnname,
2081 section_flags_string (special_sections[s].attr,
2082 stbuf1, sizeof (stbuf1)),
2083 section_flags_string (special_sections[s].attr2,
2084 stbuf2, sizeof (stbuf2)),
2085 section_flags_string (shdr->sh_flags
2086 & ~(SHF_LINK_ORDER
2087 | SHF_GROUP),
2088 stbuf3, sizeof (stbuf3)));
2089 }
2090
2091 if (strcmp (scnname, ".interp") == 0)
2092 {
2093 dot_interp_section = true;
2094
2095 if (ehdr->e_type == ET_REL)
2096 ERROR (gettext ("\
2097section [%2zu] '%s' present in object file\n"),
2098 cnt, scnname);
2099
2100 if ((shdr->sh_flags & SHF_ALLOC) != 0
2101 && !has_loadable_segment)
2102 ERROR (gettext ("\
2103section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
2104 cnt, scnname);
2105 else if ((shdr->sh_flags & SHF_ALLOC) == 0
2106 && has_loadable_segment)
2107 ERROR (gettext ("\
2108section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
2109 cnt, scnname);
2110 }
2111 else
2112 {
2113 if (strcmp (scnname, ".symtab_shndx") == 0
2114 && ehdr->e_type != ET_REL)
2115 ERROR (gettext ("\
2116section [%2zu] '%s' is extension section index table in non-object file\n"),
2117 cnt, scnname);
2118
2119 /* These sections must have the SHF_ALLOC flag set iff
2120 a loadable segment is available.
2121
2122 .relxxx
2123 .strtab
2124 .symtab
2125 .symtab_shndx
2126
2127 Check that if there is a reference from the
2128 loaded section these sections also have the
2129 ALLOC flag set. */
2130#if 0
2131 // XXX TODO
2132 if ((shdr->sh_flags & SHF_ALLOC) != 0
2133 && !has_loadable_segment)
2134 ERROR (gettext ("\
2135section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
2136 cnt, scnname);
2137 else if ((shdr->sh_flags & SHF_ALLOC) == 0
2138 && has_loadable_segment)
2139 ERROR (gettext ("\
2140section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
2141 cnt, scnname);
2142#endif
2143 }
2144
2145 break;
2146 }
2147 }
2148
2149 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
2150 ERROR (gettext ("\
2151section [%2zu] '%s': size not multiple of entry size\n"),
2152 cnt, section_name (ebl, cnt));
2153
2154 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
2155 ERROR (gettext ("cannot get section header\n"));
2156
2157 if (shdr->sh_type >= SHT_NUM
2158 && shdr->sh_type != SHT_GNU_LIBLIST
2159 && shdr->sh_type != SHT_CHECKSUM
2160 && shdr->sh_type != SHT_GNU_verdef
2161 && shdr->sh_type != SHT_GNU_verneed
2162 && shdr->sh_type != SHT_GNU_versym)
2163 ERROR (gettext ("unsupported section type %d\n"), (int) shdr->sh_type);
2164
2165#define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
2166 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
2167 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS)
2168 if (shdr->sh_flags & ~ALL_SH_FLAGS)
2169 ERROR (gettext ("section [%2zu] '%s' contain unknown flag(s) %d\n"),
2170 cnt, section_name (ebl, cnt),
2171 (int) shdr->sh_flags & ~ALL_SH_FLAGS);
2172 else if (shdr->sh_flags & SHF_TLS)
2173 {
2174 // XXX Correct?
2175 if (shdr->sh_addr != 0 && !gnuld)
2176 ERROR (gettext ("\
2177section [%2zu] '%s': thread-local data sections address not zero\n"),
2178 cnt, section_name (ebl, cnt));
2179
2180 // XXX TODO more tests!?
2181 }
2182
2183 if (shdr->sh_link >= shnum)
2184 ERROR (gettext ("\
2185section [%2zu] '%s': invalid section reference in link value\n"),
2186 cnt, section_name (ebl, cnt));
2187
2188 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
2189 ERROR (gettext ("\
2190section [%2zu] '%s': invalid section reference in info value\n"),
2191 cnt, section_name (ebl, cnt));
2192
2193 if ((shdr->sh_flags & SHF_MERGE) == 0
2194 && (shdr->sh_flags & SHF_STRINGS) != 0
2195 && be_strict)
2196 ERROR (gettext ("\
2197section [%2zu] '%s': strings flag set without merge flag\n"),
2198 cnt, section_name (ebl, cnt));
2199
2200 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
2201 ERROR (gettext ("\
2202section [%2zu] '%s': merge flag set but entry size is zero\n"),
2203 cnt, section_name (ebl, cnt));
2204
2205 if (shdr->sh_flags & SHF_GROUP)
2206 check_scn_group (ebl, cnt);
2207
2208 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0)
2209 {
2210 /* Make sure the section is contained in a loaded segment
2211 and that the initialization part matches NOBITS sections. */
2212 int pcnt;
2213 GElf_Phdr phdr_mem;
2214 GElf_Phdr *phdr;
2215
2216 for (pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt)
2217 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
2218 && ((phdr->p_type == PT_LOAD
2219 && (shdr->sh_flags & SHF_TLS) == 0)
2220 || (phdr->p_type == PT_TLS
2221 && (shdr->sh_flags & SHF_TLS) != 0))
2222 && phdr->p_offset <= shdr->sh_offset
2223 && phdr->p_offset + phdr->p_memsz > shdr->sh_offset)
2224 {
2225 /* Found the segment. */
2226 if (phdr->p_offset + phdr->p_memsz
2227 < shdr->sh_offset + shdr->sh_size)
2228 ERROR (gettext ("\
2229section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
2230 cnt, section_name (ebl, cnt), pcnt);
2231
2232 if (shdr->sh_type == SHT_NOBITS)
2233 {
2234 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
2235 && !is_debuginfo)
2236 ERROR (gettext ("\
2237section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
2238 cnt, section_name (ebl, cnt), pcnt);
2239 }
2240 else
2241 {
2242 if (shdr->sh_offset >= phdr->p_offset + phdr->p_filesz)
2243 ERROR (gettext ("\
2244section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
2245 cnt, section_name (ebl, cnt), pcnt);
2246 }
2247
2248 break;
2249 }
2250
2251 if (pcnt == ehdr->e_phnum)
2252 ERROR (gettext ("\
2253section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
2254 cnt, section_name (ebl, cnt));
2255 }
2256
2257 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
2258 ERROR (gettext ("\
2259section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
2260 cnt, section_name (ebl, cnt));
2261
2262 switch (shdr->sh_type)
2263 {
2264 case SHT_SYMTAB:
2265 case SHT_DYNSYM:
2266 check_symtab (ebl, ehdr, cnt);
2267 break;
2268
2269 case SHT_RELA:
2270 check_rela (ebl, ehdr, cnt);
2271 break;
2272
2273 case SHT_REL:
2274 check_rel (ebl, ehdr, cnt);
2275 break;
2276
2277 case SHT_DYNAMIC:
2278 check_dynamic (ebl, cnt);
2279 break;
2280
2281 case SHT_SYMTAB_SHNDX:
2282 check_symtab_shndx (ebl, cnt);
2283 break;
2284
2285 case SHT_HASH:
2286 check_hash (ebl, cnt);
2287 break;
2288
2289 case SHT_NULL:
2290 check_null (ebl, shdr, cnt);
2291 break;
2292
2293 case SHT_GROUP:
2294 check_group (ebl, ehdr, shdr, cnt);
2295 break;
2296
2297 case SHT_GNU_versym:
2298 check_versym (ebl, shdr, cnt);
2299 break;
2300
2301 default:
2302 /* Nothing. */
2303 break;
2304 }
2305 }
2306
2307 if (has_interp_segment && !dot_interp_section)
2308 ERROR (gettext ("INTERP program header entry but no .interp section\n"));
2309
2310 free (scnref);
2311}
2312
2313
2314static void
2315check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
2316{
2317 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
2318 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
2319 ERROR (gettext ("\
2320phdr[%d]: no note entries defined for the type of file\n"),
2321 cnt);
2322
2323 if (is_debuginfo)
2324 /* The p_offset values in a separate debug file are bogus. */
2325 return;
2326
2327 char *notemem = gelf_rawchunk (ebl->elf, phdr->p_offset, phdr->p_filesz);
2328
2329 /* ELF64 files often use note section entries in the 32-bit format.
2330 The p_align field is set to 8 in case the 64-bit format is used.
2331 In case the p_align value is 0 or 4 the 32-bit format is
2332 used. */
2333 GElf_Xword align = phdr->p_align == 0 || phdr->p_align == 4 ? 4 : 8;
2334#define ALIGNED_LEN(len) (((len) + align - 1) & ~(align - 1))
2335
2336 GElf_Xword idx = 0;
2337 while (idx < phdr->p_filesz)
2338 {
2339 uint64_t namesz;
2340 uint64_t descsz;
2341 uint64_t type;
2342 uint32_t namesz32;
2343 uint32_t descsz32;
2344
2345 if (align == 4)
2346 {
2347 uint32_t *ptr = (uint32_t *) (notemem + idx);
2348
2349 if ((__BYTE_ORDER == __LITTLE_ENDIAN
2350 && ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
2351 || (__BYTE_ORDER == __BIG_ENDIAN
2352 && ehdr->e_ident[EI_DATA] == ELFDATA2LSB))
2353 {
2354 namesz32 = namesz = bswap_32 (*ptr);
2355 ++ptr;
2356 descsz32 = descsz = bswap_32 (*ptr);
2357 ++ptr;
2358 type = bswap_32 (*ptr);
2359 }
2360 else
2361 {
2362 namesz32 = namesz = *ptr++;
2363 descsz32 = descsz = *ptr++;
2364 type = *ptr;
2365 }
2366 }
2367 else
2368 {
2369 uint64_t *ptr = (uint64_t *) (notemem + idx);
2370 uint32_t *ptr32 = (uint32_t *) (notemem + idx);
2371
2372 if ((__BYTE_ORDER == __LITTLE_ENDIAN
2373 && ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
2374 || (__BYTE_ORDER == __BIG_ENDIAN
2375 && ehdr->e_ident[EI_DATA] == ELFDATA2LSB))
2376 {
2377 namesz = bswap_64 (*ptr);
2378 ++ptr;
2379 descsz = bswap_64 (*ptr);
2380 ++ptr;
2381 type = bswap_64 (*ptr);
2382
2383 namesz32 = bswap_32 (*ptr32);
2384 ++ptr32;
2385 descsz32 = bswap_32 (*ptr32);
2386 }
2387 else
2388 {
2389 namesz = *ptr++;
2390 descsz = *ptr++;
2391 type = *ptr;
2392
2393 namesz32 = *ptr32++;
2394 descsz32 = *ptr32;
2395 }
2396 }
2397
2398 if (idx + 3 * align > phdr->p_filesz
2399 || (idx + 3 * align + ALIGNED_LEN (namesz) + ALIGNED_LEN (descsz)
2400 > phdr->p_filesz))
2401 {
2402 if (ehdr->e_ident[EI_CLASS] == ELFCLASS64
2403 && idx + 3 * 4 <= phdr->p_filesz
2404 && (idx + 3 * 4 + ALIGNED_LEN (namesz32) + ALIGNED_LEN (descsz32)
2405 <= phdr->p_filesz))
2406 ERROR (gettext ("\
2407phdr[%d]: note entries probably in form of a 32-bit ELF file\n"), cnt);
2408 else
2409 ERROR (gettext ("phdr[%d]: extra %zu bytes after last note\n"),
2410 cnt, (size_t) (phdr->p_filesz - idx));
2411 break;
2412 }
2413
2414 /* Make sure it is one of the note types we know about. */
2415 if (ehdr->e_type == ET_CORE)
2416 {
2417 switch (type)
2418 {
2419 case NT_PRSTATUS:
2420 case NT_FPREGSET:
2421 case NT_PRPSINFO:
2422 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
2423 case NT_PLATFORM:
2424 case NT_AUXV:
2425 case NT_GWINDOWS:
2426 case NT_ASRS:
2427 case NT_PSTATUS:
2428 case NT_PSINFO:
2429 case NT_PRCRED:
2430 case NT_UTSNAME:
2431 case NT_LWPSTATUS:
2432 case NT_LWPSINFO:
2433 case NT_PRFPXREG:
2434 /* Known type. */
2435 break;
2436
2437 default:
2438 ERROR (gettext ("\
2439phdr[%d]: unknown core file note type %" PRIu64 " at offset %" PRIu64 "\n"),
2440 cnt, type, idx);
2441 }
2442 }
2443 else
2444 {
2445 if (type != NT_VERSION)
2446 ERROR (gettext ("\
2447phdr[%d]: unknown object file note type %" PRIu64 " at offset %" PRIu64 "\n"),
2448 cnt, type, idx);
2449 }
2450
2451 /* Move to the next entry. */
2452 idx += 3 * align + ALIGNED_LEN (namesz) + ALIGNED_LEN (descsz);
2453
2454 }
2455
2456 gelf_freechunk (ebl->elf, notemem);
2457}
2458
2459
2460static void
2461check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
2462{
2463 if (ehdr->e_phoff == 0)
2464 return;
2465
2466 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
2467 && ehdr->e_type != ET_CORE)
2468 ERROR (gettext ("\
2469only executables, shared objects, and core files can have program headers\n"));
2470
2471 int num_pt_interp = 0;
2472 int num_pt_tls = 0;
2473 int num_pt_relro = 0;
2474
2475 for (int cnt = 0; cnt < ehdr->e_phnum; ++cnt)
2476 {
2477 GElf_Phdr phdr_mem;
2478 GElf_Phdr *phdr;
2479
2480 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
2481 if (phdr == NULL)
2482 {
2483 ERROR (gettext ("cannot get program header entry %d: %s\n"),
2484 cnt, elf_errmsg (-1));
2485 continue;
2486 }
2487
2488 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
2489 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO)
2490 ERROR (gettext ("\
2491program header entry %d: unknown program header entry type\n"),
2492 cnt);
2493
2494 if (phdr->p_type == PT_LOAD)
2495 has_loadable_segment = true;
2496 else if (phdr->p_type == PT_INTERP)
2497 {
2498 if (++num_pt_interp != 1)
2499 {
2500 if (num_pt_interp == 2)
2501 ERROR (gettext ("\
2502more than one INTERP entry in program header\n"));
2503 }
2504 has_interp_segment = true;
2505 }
2506 else if (phdr->p_type == PT_TLS)
2507 {
2508 if (++num_pt_tls == 2)
2509 ERROR (gettext ("more than one TLS entry in program header\n"));
2510 }
2511 else if (phdr->p_type == PT_NOTE)
2512 check_note (ebl, ehdr, phdr, cnt);
2513 else if (phdr->p_type == PT_DYNAMIC
2514 && ehdr->e_type == ET_EXEC && ! has_interp_segment)
2515 ERROR (gettext ("static executable cannot have dynamic sections\n"));
2516 else if (phdr->p_type == PT_GNU_RELRO)
2517 {
2518 if (++num_pt_relro == 2)
2519 ERROR (gettext ("\
2520more than one GNU_RELRO entry in program header\n"));
2521 else
2522 {
2523 /* Check that the region is in a writable segment. */
2524 int inner;
2525 for (inner = 0; inner < ehdr->e_phnum; ++inner)
2526 {
2527 GElf_Phdr phdr2_mem;
2528 GElf_Phdr *phdr2;
2529
2530 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
2531 if (phdr2 == NULL)
2532 continue;
2533
2534 if (phdr2->p_type == PT_LOAD
2535 && phdr->p_vaddr >= phdr2->p_vaddr
2536 && (phdr->p_vaddr + phdr->p_memsz
2537 <= phdr2->p_vaddr + phdr2->p_memsz))
2538 {
2539 if ((phdr2->p_flags & PF_W) == 0)
2540 ERROR (gettext ("\
2541loadable segment GNU_RELRO applies to is not writable\n"));
2542 if ((phdr2->p_flags & PF_X) != 0)
2543 ERROR (gettext ("\
2544loadable segment GNU_RELRO applies to is executable\n"));
2545 break;
2546 }
2547 }
2548
2549 if (inner >= ehdr->e_phnum)
2550 ERROR (gettext ("\
2551GNU_RELRO segment not contained in a loaded segment\n"));
2552 }
2553 }
2554
2555 if (phdr->p_filesz > phdr->p_memsz)
2556 ERROR (gettext ("\
2557program header entry %d: file size greater than memory size\n"),
2558 cnt);
2559
2560 if (phdr->p_align > 1)
2561 {
2562 if (!powerof2 (phdr->p_align))
2563 ERROR (gettext ("\
2564program header entry %d: alignment not a power of 2\n"), cnt);
2565 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
2566 ERROR (gettext ("\
2567program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
2568 }
2569 }
2570}
2571
2572
2573/* Process one file. */
2574static void
2575process_elf_file (Elf *elf, const char *prefix, const char *suffix,
2576 const char *fname, size_t size, bool only_one)
2577{
2578 /* Reset variables. */
2579 ndynamic = 0;
2580
2581 GElf_Ehdr ehdr_mem;
2582 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
2583 Ebl *ebl;
2584
2585 /* Print the file name. */
2586 if (!only_one)
2587 {
2588 if (prefix != NULL)
2589 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
2590 else
2591 printf ("\n%s:\n", fname);
2592 }
2593
2594 if (ehdr == NULL)
2595 {
2596 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
2597 return;
2598 }
2599
2600 ebl = ebl_openbackend (elf);
2601 /* If there is no appropriate backend library we cannot test
2602 architecture and OS specific features. Any encountered extension
2603 is an error. */
2604
2605 /* Go straight by the gABI, check all the parts in turn. */
2606 check_elf_header (ebl, ehdr, size);
2607
2608 /* Check the program header. */
2609 check_program_header (ebl, ehdr);
2610
2611 /* Next the section headers. It is OK if there are no section
2612 headers at all. */
2613 check_sections (ebl, ehdr);
2614
2615 /* Free the resources. */
2616 ebl_closebackend (ebl);
2617}