commit 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Tue May 30 06:34:05 2017 -0700

    Add bfd_get_file_size to get archive element size
    
    We can't use stat() to get archive element size.  Add bfd_get_file_size
    to get size for both normal files and archive elements.
    
    bfd/
    
    	PR binutils/21519
    	* bfdio.c (bfd_get_file_size): New function.
    	* bfd-in2.h: Regenerated.
    
    binutils/
    
    	PR binutils/21519
    	* objdump.c (dump_relocs_in_section): Replace get_file_size
    	with bfd_get_file_size to get archive element size.
    	* testsuite/binutils-all/objdump.exp (test_objdump_f): New
    	proc.
    	(test_objdump_h): Likewise.
    	(test_objdump_t): Likewise.
    	(test_objdump_r): Likewise.
    	(test_objdump_s): Likewise.
    	Add objdump tests on archive.

Upstream-Status: Backport

CVE: CVE-2017-9955
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/bfd-in2.h
===================================================================
--- git.orig/bfd/bfd-in2.h	2017-09-21 20:09:13.475032861 +0530
+++ git/bfd/bfd-in2.h	2017-09-21 20:09:16.375051269 +0530
@@ -1208,6 +1208,8 @@
 
 file_ptr bfd_get_size (bfd *abfd);
 
+file_ptr bfd_get_file_size (bfd *abfd);
+
 void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
     int prot, int flags, file_ptr offset,
     void **map_addr, bfd_size_type *map_len);
Index: git/bfd/bfdio.c
===================================================================
--- git.orig/bfd/bfdio.c	2017-09-21 20:08:55.774919453 +0530
+++ git/bfd/bfdio.c	2017-09-21 20:09:16.375051269 +0530
@@ -434,6 +434,29 @@
   return buf.st_size;
 }
 
+/*
+FUNCTION
+	bfd_get_file_size
+
+SYNOPSIS
+	file_ptr bfd_get_file_size (bfd *abfd);
+
+DESCRIPTION
+	Return the file size (as read from file system) for the file
+	associated with BFD @var{abfd}.  It supports both normal files
+	and archive elements.
+
+*/
+
+file_ptr
+bfd_get_file_size (bfd *abfd)
+{
+  if (abfd->my_archive != NULL
+      && !bfd_is_thin_archive (abfd->my_archive))
+    return arelt_size (abfd);
+
+  return bfd_get_size (abfd);
+}
 
 /*
 FUNCTION
Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c	2017-09-21 20:09:16.319050914 +0530
+++ git/binutils/objdump.c	2017-09-21 20:09:16.375051269 +0530
@@ -3240,7 +3240,7 @@
     }
 
   if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
-      && relsize > get_file_size (bfd_get_filename (abfd)))
+      && relsize > bfd_get_file_size (abfd))
     {
       printf (" (too many: 0x%x)\n", section->reloc_count);
       bfd_set_error (bfd_error_file_truncated);
Index: git/binutils/testsuite/binutils-all/objdump.exp
===================================================================
--- git.orig/binutils/testsuite/binutils-all/objdump.exp	2017-09-21 20:08:55.982920797 +0530
+++ git/binutils/testsuite/binutils-all/objdump.exp	2017-09-21 20:09:16.375051269 +0530
@@ -64,96 +64,168 @@
 if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest.o]} then {
     return
 }
+if {![binutils_assemble $srcdir/$subdir/bintest.s tmpdir/bintest2.o]} then {
+    return
+}
 if [is_remote host] {
     set testfile [remote_download host tmpdir/bintest.o]
+    set testfile2 [remote_download host tmpdir/bintest2.o]
 } else {
     set testfile tmpdir/bintest.o
+    set testfile2 tmpdir/bintest2.o
+}
+
+if { ![istarget "alpha-*-*"] || [is_elf_format] } then {
+    remote_file host file delete tmpdir/bintest.a
+    set got [binutils_run $AR "rc tmpdir/bintest.a $testfile2"]
+    if ![string match "" $got] then {
+	fail "bintest.a"
+	remote_file host delete tmpdir/bintest.a
+    } else {
+	if [is_remote host] {
+	    set testarchive [remote_download host tmpdir/bintest.a]
+	} else {
+	    set testarchive tmpdir/bintest.a
+	}
+    }
+    remote_file host delete tmpdir/bintest2.o
 }
 
 # Test objdump -f
 
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
+proc test_objdump_f { testfile dumpfile } {
+    global OBJDUMP
+    global OBJDUMPFLAGS
+    global cpus_regex
 
-set want "$testfile:\[ 	\]*file format.*architecture:\[ 	\]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
+    set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -f $testfile"]
 
-if ![regexp $want $got] then {
-    fail "objdump -f"
-} else {
-    pass "objdump -f"
+    set want "$dumpfile:\[ 	\]*file format.*architecture:\[ 	\]*${cpus_regex}.*HAS_RELOC.*HAS_SYMS"
+
+    if ![regexp $want $got] then {
+	fail "objdump -f ($testfile, $dumpfile)"
+    } else {
+	pass "objdump -f ($testfile, $dumpfile)"
+    }
+}
+
+test_objdump_f $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+    test_objdump_f $testarchive bintest2.o
 }
 
 # Test objdump -h
 
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
+proc test_objdump_h { testfile dumpfile } {
+    global OBJDUMP
+    global OBJDUMPFLAGS
 
-set want "$testfile:\[ 	\]*file format.*Sections.*\[0-9\]+\[ 	\]+\[^ 	\]*(text|TEXT|P|\\\$CODE\\\$)\[^ 	\]*\[ 	\]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ 	\]+\[^ 	\]*(\\.data|DATA|D_1)\[^ 	\]*\[ 	\]*(\[0-9a-fA-F\]+)"
+    set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -h $testfile"]
 
-if ![regexp $want $got all text_name text_size data_name data_size] then {
-    fail "objdump -h"
-} else {
-    verbose "text name is $text_name size is $text_size"
-    verbose "data name is $data_name size is $data_size"
-    set ets 8
-    set eds 4
-    # The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
-    if [istarget *c4x*-*-*] then {
-        set ets 2
-        set eds 1
-    }
-    # c54x section sizes are in bytes, not octets; adjust accordingly
-    if [istarget *c54x*-*-*] then {
-	set ets 4
-	set eds 2
-    }
-    if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
-	send_log "sizes too small\n"
-	fail "objdump -h"
+    set want "$dumpfile:\[ 	\]*file format.*Sections.*\[0-9\]+\[ 	\]+\[^ 	\]*(text|TEXT|P|\\\$CODE\\\$)\[^ 	\]*\[ 	\]*(\[0-9a-fA-F\]+).*\[0-9\]+\[ 	\]+\[^ 	\]*(\\.data|DATA|D_1)\[^ 	\]*\[ 	\]*(\[0-9a-fA-F\]+)"
+
+    if ![regexp $want $got all text_name text_size data_name data_size] then {
+	fail "objdump -h ($testfile, $dumpfile)"
     } else {
-	pass "objdump -h"
+	verbose "text name is $text_name size is $text_size"
+	verbose "data name is $data_name size is $data_size"
+	set ets 8
+	set eds 4
+	# The [ti]c4x target has the property sizeof(char)=sizeof(long)=1
+	if [istarget *c4x*-*-*] then {
+            set ets 2
+            set eds 1
+	}
+	# c54x section sizes are in bytes, not octets; adjust accordingly
+	if [istarget *c54x*-*-*] then {
+	    set ets 4
+	    set eds 2
+        }
+	if {[expr "0x$text_size"] < $ets || [expr "0x$data_size"] < $eds} then {
+	    send_log "sizes too small\n"
+	    fail "objdump -h ($testfile, $dumpfile)"
+	} else {
+	    pass "objdump -h ($testfile, $dumpfile)"
+	}
     }
 }
 
+test_objdump_h $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+    test_objdump_h $testarchive bintest2.o
+}
+
 # Test objdump -t
 
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
+proc test_objdump_t { testfile} {
+    global OBJDUMP
+    global OBJDUMPFLAGS
+
+    set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -t $testfile"]
+
+    if [info exists vars] then { unset vars }
+    while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
+	set vars($symbol) 1
+	set got $rest
+    }
 
-if [info exists vars] then { unset vars }
-while {[regexp "(\[a-z\]*_symbol)(.*)" $got all symbol rest]} {
-    set vars($symbol) 1
-    set got $rest
+    if {![info exists vars(text_symbol)] \
+	 || ![info exists vars(data_symbol)] \
+	 || ![info exists vars(common_symbol)] \
+	 || ![info exists vars(external_symbol)]} then {
+	fail "objdump -t ($testfile)"
+    } else {
+	pass "objdump -t ($testfile)"
+    }
 }
 
-if {![info exists vars(text_symbol)] \
-     || ![info exists vars(data_symbol)] \
-     || ![info exists vars(common_symbol)] \
-     || ![info exists vars(external_symbol)]} then {
-    fail "objdump -t"
-} else {
-    pass "objdump -t"
+test_objdump_t $testfile
+if { [ remote_file host exists $testarchive ] } then {
+    test_objdump_t $testarchive
 }
 
 # Test objdump -r
 
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
+proc test_objdump_r { testfile dumpfile } {
+    global OBJDUMP
+    global OBJDUMPFLAGS
 
-set want "$testfile:\[ 	\]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
+    set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -r $testfile"]
 
-if [regexp $want $got] then {
-    pass "objdump -r"
-} else {
-    fail "objdump -r"
+    set want "$dumpfile:\[ 	\]*file format.*RELOCATION RECORDS FOR \\\[\[^\]\]*(text|TEXT|P|\\\$CODE\\\$)\[^\]\]*\\\].*external_symbol"
+
+    if [regexp $want $got] then {
+	pass "objdump -r ($testfile, $dumpfile)"
+    } else {
+	fail "objdump -r ($testfile, $dumpfile)"
+    }
+}
+
+test_objdump_r $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+    test_objdump_r $testarchive bintest2.o
 }
 
 # Test objdump -s
 
-set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
+proc test_objdump_s { testfile dumpfile } {
+    global OBJDUMP
+    global OBJDUMPFLAGS
 
-set want "$testfile:\[ 	\]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ 	\]*\[0-9a-fA-F\]*\[ 	\]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ 	\]*\[0-9a-fA-F\]*\[ 	\]*(00000002|02000000|00000200)"
+    set got [binutils_run $OBJDUMP "$OBJDUMPFLAGS -s $testfile"]
 
-if [regexp $want $got] then {
-    pass "objdump -s"
-} else {
-    fail "objdump -s"
+    set want "$dumpfile:\[ 	\]*file format.*Contents.*(text|TEXT|P|\\\$CODE\\\$)\[^0-9\]*\[ 	\]*\[0-9a-fA-F\]*\[ 	\]*(00000001|01000000|00000100).*Contents.*(data|DATA|D_1)\[^0-9\]*\[ 	\]*\[0-9a-fA-F\]*\[ 	\]*(00000002|02000000|00000200)"
+
+    if [regexp $want $got] then {
+	pass "objdump -s ($testfile, $dumpfile)"
+    } else {
+	fail "objdump -s ($testfile, $dumpfile)"
+    }
+}
+
+test_objdump_s $testfile $testfile
+if { [ remote_file host exists $testarchive ] } then {
+    test_objdump_s $testarchive bintest2.o
 }
 
 # Test objdump -s on a file that contains a compressed .debug section
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-21 20:09:16.207050204 +0530
+++ git/bfd/ChangeLog	2017-09-21 20:13:41.504562787 +0530
@@ -158,6 +158,12 @@
        (bfd_perform_relocation, bfd_install_relocation): Use it.
        (_bfd_final_link_relocate): Likewise.
 
+2017-05-30  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/21519
+       * bfdio.c (bfd_get_file_size): New function.
+       * bfd-in2.h: Regenerated.
+
 2017-04-26  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/21434
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog	2017-09-21 20:09:16.319050914 +0530
+++ git/binutils/ChangeLog	2017-09-21 20:12:42.624252645 +0530
@@ -25,6 +25,19 @@
        section size against file size, but instead use an arbitrary 2Gb
        limit.  Issue a warning message if the section is too big.
 
+2017-05-30  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/21519
+       * objdump.c (dump_relocs_in_section): Replace get_file_size
+       with bfd_get_file_size to get archive element size.
+       * testsuite/binutils-all/objdump.exp (test_objdump_f): New
+       proc.
+       (test_objdump_h): Likewise.
+       (test_objdump_t): Likewise.
+       (test_objdump_r): Likewise.
+       (test_objdump_s): Likewise.
+       Add objdump tests on archive.
+
 2017-05-02  Nick Clifton  <nickc@redhat.com>
 
        PR 21440