[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] /srv/bzr/emacs/trunk r112469: * unexelf.c: Fix some 32-bit
From: |
Paul Eggert |
Subject: |
[Emacs-diffs] /srv/bzr/emacs/trunk r112469: * unexelf.c: Fix some 32-bit integer problems, notably when debugging. |
Date: |
Sun, 05 May 2013 21:52:00 -0700 |
User-agent: |
Bazaar (2.6b2) |
------------------------------------------------------------
revno: 112469
author: Paul Eggert <address@hidden>
committer: Paul Eggert <address@hidden>
branch nick: trunk
timestamp: Sun 2013-05-05 21:52:00 -0700
message:
* unexelf.c: Fix some 32-bit integer problems, notably when debugging.
Include <limits.h>, <stdbool.h>, <intprops.h>, <verify.h>.
Verify that ElfW (Half) fits in int.
(fatal): Use same signature as lisp.h.
(UNEXELF_DEBUG): New macro, replacing DEBUG, so that people can
configure and build with -DUNEXELF_DEBUG without worrying about
other modules that use DEBUG.
(DEBUG_LOG) [UNEXELF_DEBUG]: New macro. All debug code that prints
possibly-wide integers now uses it instead of plain fprintf.
(entry_address): New function, which avoids problems with 32-bit
overflow on 64-bit hosts.
(OLD_SECTION_H, NEW_SECTION_H, NEW_PROGRAM_H): Use it.
(round_up): Don't assume the remainder fits in int.
(find_section): Use bool for boolean. Simplify debug code.
(unexec): Don't assume file sizes fit in int or size_t.
Omit unnecessary trailing newline in 'fatal' format.
Use strerror rather than outputting decimal error number.
Remove unused code when emacs is not defined;
this file relies on Emacs now.
Don't assume e_phnum and e_shnum are positive.
modified:
src/ChangeLog
src/unexelf.c
=== modified file 'src/ChangeLog'
--- a/src/ChangeLog 2013-05-06 04:31:16 +0000
+++ b/src/ChangeLog 2013-05-06 04:52:00 +0000
@@ -1,5 +1,26 @@
2013-05-06 Paul Eggert <address@hidden>
+ * unexelf.c: Fix some 32-bit integer problems, notably when debugging.
+ Include <limits.h>, <stdbool.h>, <intprops.h>, <verify.h>.
+ Verify that ElfW (Half) fits in int.
+ (fatal): Use same signature as lisp.h.
+ (UNEXELF_DEBUG): New macro, replacing DEBUG, so that people can
+ configure and build with -DUNEXELF_DEBUG without worrying about
+ other modules that use DEBUG.
+ (DEBUG_LOG) [UNEXELF_DEBUG]: New macro. All debug code that prints
+ possibly-wide integers now uses it instead of plain fprintf.
+ (entry_address): New function, which avoids problems with 32-bit
+ overflow on 64-bit hosts.
+ (OLD_SECTION_H, NEW_SECTION_H, NEW_PROGRAM_H): Use it.
+ (round_up): Don't assume the remainder fits in int.
+ (find_section): Use bool for boolean. Simplify debug code.
+ (unexec): Don't assume file sizes fit in int or size_t.
+ Omit unnecessary trailing newline in 'fatal' format.
+ Use strerror rather than outputting decimal error number.
+ Remove unused code when emacs is not defined;
+ this file relies on Emacs now.
+ Don't assume e_phnum and e_shnum are positive.
+
* regex.c: Fix problems when DEBUG is defined.
(extract_number, extract_number_and_incr): Define regardless of
whether DEBUG is defined; that's simpler and makes the code less
=== modified file 'src/unexelf.c'
--- a/src/unexelf.c 2013-01-01 09:11:05 +0000
+++ b/src/unexelf.c 2013-05-06 04:52:00 +0000
@@ -388,16 +388,19 @@
#include <config.h>
#include <unexec.h>
-extern void fatal (const char *msgid, ...);
+extern _Noreturn void fatal (const char *, ...) ATTRIBUTE_FORMAT_PRINTF (1, 2);
-#include <sys/types.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <memory.h>
+#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <sys/stat.h>
-#include <memory.h>
-#include <errno.h>
+#include <sys/types.h>
#include <unistd.h>
-#include <fcntl.h>
+
#if !defined (__NetBSD__) && !defined (__OpenBSD__)
#include <elf.h>
#endif /* not __NetBSD__ and not __OpenBSD__ */
@@ -519,6 +522,17 @@
# define ElfW(type) ElfExpandBitsW (ELFSIZE, type)
#endif
+/* The code often converts ElfW (Half) values like e_shentsize to int;
+ check that this doesn't lose information. */
+#include <intprops.h>
+#include <verify.h>
+verify ((! TYPE_SIGNED (ElfW (Half)) || INT_MIN <= TYPE_MINIMUM (ElfW (Half)))
+ && TYPE_MAXIMUM (ElfW (Half)) <= INT_MAX);
+
+#ifdef UNEXELF_DEBUG
+# define DEBUG_LOG(expr) fprintf (stderr, #expr " 0x%jx\n", (uintmax_t) (expr))
+#endif
+
/* Get the address of a particular section or program header entry,
* accounting for the size of the entries.
*/
@@ -546,17 +560,25 @@
Apr 23, 1996
*/
+static void *
+entry_address (void *section_h, int idx, int num, int entsize)
+{
+ char *h = section_h;
+ ptrdiff_t n = idx;
+ return h + entsize * n;
+}
+
#define OLD_SECTION_H(n) \
- (*(ElfW (Shdr) *) ((byte *) old_section_h + old_file_h->e_shentsize *
(n)))
+ (*(ElfW (Shdr) *) entry_address (old_section_h, n, old_file_h->e_shnum, \
+ old_file_h->e_shentsize))
#define NEW_SECTION_H(n) \
- (*(ElfW (Shdr) *) ((byte *) new_section_h + new_file_h->e_shentsize *
(n)))
+ (*(ElfW (Shdr) *) entry_address (new_section_h, n, new_file_h->e_shnum, \
+ new_file_h->e_shentsize))
#define NEW_PROGRAM_H(n) \
- (*(ElfW (Phdr) *) ((byte *) new_program_h + new_file_h->e_phentsize *
(n)))
+ (*(ElfW (Phdr) *) entry_address (new_program_h, n, new_file_h->e_phnum, \
+ new_file_h->e_phentsize))
-#define PATCH_INDEX(n) \
- do { \
- if ((int) (n) >= old_bss_index) \
- (n)++; } while (0)
+#define PATCH_INDEX(n) ((n) += old_bss_index <= (n))
typedef unsigned char byte;
/* Round X up to a multiple of Y. */
@@ -564,7 +586,7 @@
static ElfW (Addr)
round_up (ElfW (Addr) x, ElfW (Addr) y)
{
- int rem = x % y;
+ ElfW (Addr) rem = x % y;
if (rem == 0)
return x;
return x - rem + y;
@@ -575,33 +597,28 @@
about the file we are looking in.
If we don't find the section NAME, that is a fatal error
- if NOERROR is 0; we return -1 if NOERROR is nonzero. */
+ if NOERROR is false; return -1 if NOERROR is true. */
static int
find_section (const char *name, const char *section_names, const char
*file_name,
- ElfW (Ehdr) *old_file_h, ElfW (Shdr) *old_section_h, int noerror)
+ ElfW (Ehdr) *old_file_h, ElfW (Shdr) *old_section_h,
+ bool noerror)
{
int idx;
for (idx = 1; idx < old_file_h->e_shnum; idx++)
{
-#ifdef DEBUG
- fprintf (stderr, "Looking for %s - found %s\n", name,
- section_names + OLD_SECTION_H (idx).sh_name);
+ char const *found_name = section_names + OLD_SECTION_H (idx).sh_name;
+#ifdef UNEXELF_DEBUG
+ fprintf (stderr, "Looking for %s - found %s\n", name, found_name);
#endif
- if (!strcmp (section_names + OLD_SECTION_H (idx).sh_name,
- name))
- break;
- }
- if (idx == old_file_h->e_shnum)
- {
- if (noerror)
- return -1;
- else
- fatal ("Can't find %s in %s.\n", name, file_name);
+ if (strcmp (name, found_name) == 0)
+ return idx;
}
- return idx;
+ if (! noerror)
+ fatal ("Can't find %s in %s", name, file_name);
+ return -1;
}
/* ****************************************************************
@@ -616,11 +633,9 @@
void
unexec (const char *new_name, const char *old_name)
{
- int new_file, old_file, new_file_size;
-
-#if defined (emacs) || !defined (DEBUG)
+ int new_file, old_file;
+ off_t new_file_size;
void *new_break;
-#endif
/* Pointers to the base of the image of the two files. */
caddr_t old_base, new_base;
@@ -654,7 +669,7 @@
int old_mdebug_index;
#endif
struct stat stat_buf;
- int old_file_size;
+ off_t old_file_size;
/* Open the old file, allocate a buffer of the right size, and read
in the file contents. */
@@ -662,15 +677,15 @@
old_file = open (old_name, O_RDONLY);
if (old_file < 0)
- fatal ("Can't open %s for reading: errno %d\n", old_name, errno);
+ fatal ("Can't open %s for reading: %s", old_name, strerror (errno));
- if (fstat (old_file, &stat_buf) == -1)
- fatal ("Can't fstat (%s): errno %d\n", old_name, errno);
+ if (fstat (old_file, &stat_buf) != 0)
+ fatal ("Can't fstat (%s): %s", old_name, strerror (errno));
#if MAP_ANON == 0
mmap_fd = open ("/dev/zero", O_RDONLY);
if (mmap_fd < 0)
- fatal ("Can't open /dev/zero for reading: errno %d\n", errno, 0);
+ fatal ("Can't open /dev/zero for reading: %s", strerror (errno));
#endif
/* We cannot use malloc here because that may use sbrk. If it does,
@@ -678,13 +693,15 @@
extra careful to use the correct value of sbrk(0) after
allocating all buffers in the code below, which we aren't. */
old_file_size = stat_buf.st_size;
+ if (! (0 <= old_file_size && old_file_size <= SIZE_MAX))
+ fatal ("File size out of range");
old_base = mmap (NULL, old_file_size, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, mmap_fd, 0);
if (old_base == MAP_FAILED)
- fatal ("Can't allocate buffer for %s\n", old_name, 0);
+ fatal ("Can't allocate buffer for %s: %s", old_name, strerror (errno));
- if (read (old_file, old_base, stat_buf.st_size) != stat_buf.st_size)
- fatal ("Didn't read all of %s: errno %d\n", old_name, errno);
+ if (read (old_file, old_base, old_file_size) != old_file_size)
+ fatal ("Didn't read all of %s: %s", old_name, strerror (errno));
/* Get pointers to headers & section names */
@@ -755,12 +772,8 @@
old_data_index = find_section (".data", old_section_names,
old_name, old_file_h, old_section_h, 0);
-#if defined (emacs) || !defined (DEBUG)
new_break = sbrk (0);
new_bss_addr = (ElfW (Addr)) new_break;
-#else
- new_bss_addr = old_bss_addr + old_bss_size + 0x1234;
-#endif
new_data2_addr = old_bss_addr;
new_data2_size = new_bss_addr - old_bss_addr;
new_data2_offset = OLD_SECTION_H (old_data_index).sh_offset
@@ -771,38 +784,38 @@
section) was unaligned. */
new_data2_incr = new_data2_size + (new_data2_offset - old_bss_offset);
-#ifdef DEBUG
+#ifdef UNEXELF_DEBUG
fprintf (stderr, "old_bss_index %d\n", old_bss_index);
- fprintf (stderr, "old_bss_addr %x\n", old_bss_addr);
- fprintf (stderr, "old_bss_size %x\n", old_bss_size);
- fprintf (stderr, "old_bss_offset %x\n", old_bss_offset);
- fprintf (stderr, "new_bss_addr %x\n", new_bss_addr);
- fprintf (stderr, "new_data2_addr %x\n", new_data2_addr);
- fprintf (stderr, "new_data2_size %x\n", new_data2_size);
- fprintf (stderr, "new_data2_offset %x\n", new_data2_offset);
- fprintf (stderr, "new_data2_incr %x\n", new_data2_incr);
+ DEBUG_LOG (old_bss_addr);
+ DEBUG_LOG (old_bss_size);
+ DEBUG_LOG (old_bss_offset);
+ DEBUG_LOG (new_bss_addr);
+ DEBUG_LOG (new_data2_addr);
+ DEBUG_LOG (new_data2_size);
+ DEBUG_LOG (new_data2_offset);
+ DEBUG_LOG (new_data2_incr);
#endif
- if ((uintptr_t) new_bss_addr < (uintptr_t) old_bss_addr + old_bss_size)
- fatal (".bss shrank when undumping???\n", 0, 0);
+ if (new_bss_addr < old_bss_addr + old_bss_size)
+ fatal (".bss shrank when undumping");
/* Set the output file to the right size. Allocate a buffer to hold
the image of the new file. Set pointers to various interesting
- objects. stat_buf still has old_file data. */
+ objects. */
new_file = open (new_name, O_RDWR | O_CREAT, 0666);
if (new_file < 0)
- fatal ("Can't creat (%s): errno %d\n", new_name, errno);
+ fatal ("Can't creat (%s): %s", new_name, strerror (errno));
- new_file_size = stat_buf.st_size + old_file_h->e_shentsize + new_data2_incr;
+ new_file_size = old_file_size + old_file_h->e_shentsize + new_data2_incr;
if (ftruncate (new_file, new_file_size))
- fatal ("Can't ftruncate (%s): errno %d\n", new_name, errno);
+ fatal ("Can't ftruncate (%s): %s", new_name, strerror (errno));
new_base = mmap (NULL, new_file_size, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, mmap_fd, 0);
if (new_base == MAP_FAILED)
- fatal ("Can't allocate buffer for %s\n", old_name, 0);
+ fatal ("Can't allocate buffer for %s: %s", old_name, strerror (errno));
new_file_h = (ElfW (Ehdr) *) new_base;
new_program_h = (ElfW (Phdr) *) ((byte *) new_base + old_file_h->e_phoff);
@@ -825,10 +838,10 @@
new_file_h->e_shoff += new_data2_incr;
new_file_h->e_shnum += 1;
-#ifdef DEBUG
- fprintf (stderr, "Old section offset %x\n", old_file_h->e_shoff);
+#ifdef UNEXELF_DEBUG
+ DEBUG_LOG (old_file_h->e_shoff);
fprintf (stderr, "Old section count %d\n", old_file_h->e_shnum);
- fprintf (stderr, "New section offset %x\n", new_file_h->e_shoff);
+ DEBUG_LOG (new_file_h->e_shoff);
fprintf (stderr, "New section count %d\n", new_file_h->e_shnum);
#endif
@@ -839,7 +852,7 @@
to adjust the offset and address of any segment that is above
data2, just in case we decide to allow this later. */
- for (n = new_file_h->e_phnum - 1; n >= 0; n--)
+ for (n = new_file_h->e_phnum; --n >= 0; )
{
/* Compute maximum of all requirements for alignment of section. */
ElfW (Word) alignment = (NEW_PROGRAM_H (n)).p_align;
@@ -857,7 +870,7 @@
> (old_sbss_index == -1
? old_bss_addr
: round_up (old_bss_addr, alignment)))
- fatal ("Program segment above .bss in %s\n", old_name, 0);
+ fatal ("Program segment above .bss in %s", old_name);
if (NEW_PROGRAM_H (n).p_type == PT_LOAD
&& (round_up ((NEW_PROGRAM_H (n)).p_vaddr
@@ -867,7 +880,7 @@
break;
}
if (n < 0)
- fatal ("Couldn't find segment next to .bss in %s\n", old_name, 0);
+ fatal ("Couldn't find segment next to .bss in %s", old_name);
/* Make sure that the size includes any padding before the old .bss
section. */
@@ -875,7 +888,7 @@
NEW_PROGRAM_H (n).p_memsz = NEW_PROGRAM_H (n).p_filesz;
#if 0 /* Maybe allow section after data2 - does this ever happen? */
- for (n = new_file_h->e_phnum - 1; n >= 0; n--)
+ for (n = new_file_h->e_phnum; --n >= 0; )
{
if (NEW_PROGRAM_H (n).p_vaddr
&& NEW_PROGRAM_H (n).p_vaddr >= new_data2_addr)
@@ -894,7 +907,7 @@
/* Walk through all section headers, insert the new data2 section right
before the new bss section. */
- for (n = 1, nn = 1; n < (int) old_file_h->e_shnum; n++, nn++)
+ for (n = 1, nn = 1; n < old_file_h->e_shnum; n++, nn++)
{
caddr_t src;
/* If it is (s)bss section, insert the new data2 section before it. */
@@ -1173,7 +1186,7 @@
}
/* Update the symbol values of _edata and _end. */
- for (n = new_file_h->e_shnum - 1; n; n--)
+ for (n = new_file_h->e_shnum; 0 < --n; )
{
byte *symnames;
ElfW (Sym) *symp, *symendp;
@@ -1233,7 +1246,7 @@
/* This loop seeks out relocation sections for the data section, so
that it can undo relocations performed by the runtime linker. */
- for (n = new_file_h->e_shnum - 1; n; n--)
+ for (n = new_file_h->e_shnum; 0 < --n; )
{
ElfW (Shdr) section = NEW_SECTION_H (n);
@@ -1293,8 +1306,8 @@
/* Write out new_file, and free the buffers. */
if (write (new_file, new_base, new_file_size) != new_file_size)
- fatal ("Didn't write %d bytes to %s: errno %d\n",
- new_file_size, new_name, errno);
+ fatal ("Didn't write %lu bytes to %s: %s",
+ (unsigned long) new_file_size, new_name, strerror (errno));
munmap (old_base, old_file_size);
munmap (new_base, new_file_size);
@@ -1304,18 +1317,18 @@
close (mmap_fd);
#endif
- if (close (old_file))
- fatal ("Can't close (%s): errno %d\n", old_name, errno);
-
- if (close (new_file))
- fatal ("Can't close (%s): errno %d\n", new_name, errno);
-
- if (stat (new_name, &stat_buf) == -1)
- fatal ("Can't stat (%s): errno %d\n", new_name, errno);
+ if (close (old_file) != 0)
+ fatal ("Can't close (%s): %s", old_name, strerror (errno));
+
+ if (close (new_file) != 0)
+ fatal ("Can't close (%s): %s", new_name, strerror (errno));
+
+ if (stat (new_name, &stat_buf) != 0)
+ fatal ("Can't stat (%s): %s", new_name, strerror (errno));
n = umask (777);
umask (n);
stat_buf.st_mode |= 0111 & ~n;
- if (chmod (new_name, stat_buf.st_mode) == -1)
- fatal ("Can't chmod (%s): errno %d\n", new_name, errno);
+ if (chmod (new_name, stat_buf.st_mode) != 0)
+ fatal ("Can't chmod (%s): %s", new_name, strerror (errno));
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] /srv/bzr/emacs/trunk r112469: * unexelf.c: Fix some 32-bit integer problems, notably when debugging.,
Paul Eggert <=