Message ID | 20231218074103.2583708-1-sanjana.venkatesh@windriver.com |
---|---|
State | New, archived |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [kirkstone] gdb: Fix CVE-2023-39130 | expand |
This patch doesn't seem to take into account your previous fix for CVE-2023-39129 I modified this patch to apply it after your CVE-2023-39129 fix, and there seem to be conflicts: ERROR: gdb-cross-x86_64-11.2-r0 do_patch: Applying patch '0013-CVE-2023-39130.patch' on target directory '/home/steve/builds/poky-contrib-kirkstone/build/tmp/work/x86_64-linux/gdb-cross-x86_64/11.2-r0/gdb-11.2' CmdError('quilt --quiltrc /home/steve/builds/poky-contrib-kirkstone/build/tmp/work/x86_64-linux/gdb-cross-x86_64/11.2-r0/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout: Applying patch 0013-CVE-2023-39130.patch patching file gdb/coff-pe-read.c Hunk #1 FAILED at 254. Hunk #2 succeeded at 323 (offset 37 lines). Hunk #3 succeeded at 376 (offset 41 lines). Hunk #4 FAILED at 387. Hunk #5 FAILED at 433. Hunk #6 FAILED at 481. Hunk #7 FAILED at 639. 5 out of 7 hunks FAILED -- rejects in file gdb/coff-pe-read.c patching file gdb/coffread.c Hunk #1 succeeded at 691 (offset -20 lines). Hunk #2 FAILED at 805. Hunk #3 FAILED at 1306. 2 out of 3 hunks FAILED -- rejects in file gdb/coffread.c patching file gdb/dbxread.c Hunk #1 succeeded at 812 (offset 3 lines). Hunk #2 FAILED at 2156. 1 out of 2 hunks FAILED -- rejects in file gdb/dbxread.c patching file gdb/xcoffread.c Hunk #1 FAILED at 779. 1 out of 1 hunk FAILED -- rejects in file gdb/xcoffread.c Patch 0013-CVE-2023-39130.patch does not apply (enforce with -f) I'm going to remove both patches from my test queue. Please submit a V2 as a patch series including both fixes. Thanks, Steve On Sun, Dec 17, 2023 at 9:41 PM Sanjana.Venkatesh via lists.openembedded.org <Sanjana.Venkatesh=windriver.com@lists.openembedded.org> wrote: > > From: Sanjana <sanjana.venkatesh@windriver.com> > > Issue: LIN1022-4855 > > Signed-off-by: Sanjana <sanjana.venkatesh@windriver.com> > --- > meta/recipes-devtools/gdb/gdb.inc | 1 + > .../gdb/gdb/0013-CVE-2023-39130.patch | 328 ++++++++++++++++++ > 2 files changed, 329 insertions(+) > create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > > diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc > index 099bd2d8f5..62b813d5cb 100644 > --- a/meta/recipes-devtools/gdb/gdb.inc > +++ b/meta/recipes-devtools/gdb/gdb.inc > @@ -15,5 +15,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ > file://0009-Fix-invalid-sigprocmask-call.patch \ > file://0010-gdbserver-ctrl-c-handling.patch \ > file://0011-CVE-2023-39128.patch \ > + file://0013-CVE-2023-39130.patch \ > " > SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" > diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > new file mode 100644 > index 0000000000..9cf6645c58 > --- /dev/null > +++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > @@ -0,0 +1,328 @@ > +From: Alan Modra <amodra@gmail.com> > +Date: Wed, 9 Aug 2023 00:28:36 +0000 (+0930) > +Subject: gdb: warn unused result for bfd IO functions > +X-Git-Tag: gdb-14-branchpoint~669 > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 > + > +gdb: warn unused result for bfd IO functions > + > +This fixes the compilation warnings introduced by my bfdio.c patch. > + > +The removed bfd_seeks in coff_symfile_read date back to 1994, commit > +7f4c859520, prior to which the file used stdio rather than bfd to read > +symbols. Since it now uses bfd to read the file there should be no > +need to synchronise to bfd's idea of the file position. I also fixed > +a potential uninitialised memory access. > + > +Approved-By: Andrew Burgess <aburgess@redhat.com> > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80] > + > +CVE: CVE-2023-39130 > + > +Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com> > + > +--- > + > +diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c > +index b82b43c84cf..0d76ebdbfce 100644 > +--- a/gdb/coff-pe-read.c > ++++ b/gdb/coff-pe-read.c > +@@ -254,23 +254,31 @@ read_pe_truncate_name (char *dll_name) > + > + /* Low-level support functions, direct from the ld module pe-dll.c. */ > + static unsigned int > +-pe_get16 (bfd *abfd, int where) > ++pe_get16 (bfd *abfd, int where, bool *fail) > + { > + unsigned char b[2]; > + > +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); > +- bfd_read (b, (bfd_size_type) 2, abfd); > ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 > ++ || bfd_read (b, 2, abfd) != 2) > ++ { > ++ *fail = true; > ++ return 0; > ++ } > + return b[0] + (b[1] << 8); > + } > + > + static unsigned int > +-pe_get32 (bfd *abfd, int where) > ++pe_get32 (bfd *abfd, int where, bool *fail) > + { > + unsigned char b[4]; > + > +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); > +- bfd_read (b, (bfd_size_type) 4, abfd); > +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); > ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 > ++ || bfd_read (b, 4, abfd) != 4) > ++ { > ++ *fail = true; > ++ return 0; > ++ } > ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); > + } > + > + static unsigned int > +@@ -286,7 +294,7 @@ pe_as32 (void *ptr) > + { > + unsigned char *b = (unsigned char *) ptr; > + > +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); > ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); > + } > + > + /* Read the (non-debug) export symbol table from a portable > +@@ -335,37 +343,50 @@ read_pe_exported_syms (minimal_symbol_reader &reader, > + || strcmp (target, "pei-i386") == 0 > + || strcmp (target, "pe-arm-wince-little") == 0 > + || strcmp (target, "pei-arm-wince-little") == 0); > ++ > ++ /* Possibly print a debug message about DLL not having a valid format. */ > ++ auto maybe_print_debug_msg = [&] () -> void { > ++ if (debug_coff_pe_read) > ++ gdb_printf (gdb_stdlog, _("%s doesn't appear to be a DLL\n"), > ++ bfd_get_filename (dll)); > ++ }; > ++ > + if (!is_pe32 && !is_pe64) > +- { > +- /* This is not a recognized PE format file. Abort now, because > +- the code is untested on anything else. *FIXME* test on > +- further architectures and loosen or remove this test. */ > +- return; > +- } > ++ return maybe_print_debug_msg (); > + > + /* Get pe_header, optional header and numbers of export entries. */ > +- pe_header_offset = pe_get32 (dll, 0x3c); > ++ bool fail = false; > ++ pe_header_offset = pe_get32 (dll, 0x3c, &fail); > ++ if (fail) > ++ return maybe_print_debug_msg (); > + opthdr_ofs = pe_header_offset + 4 + 20; > + if (is_pe64) > +- num_entries = pe_get32 (dll, opthdr_ofs + 108); > ++ num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail); > + else > +- num_entries = pe_get32 (dll, opthdr_ofs + 92); > ++ num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail); > ++ if (fail) > ++ return maybe_print_debug_msg (); > + > + if (num_entries < 1) /* No exports. */ > + return; > + if (is_pe64) > + { > +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112); > +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116); > ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail); > ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail); > + } > + else > + { > +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96); > +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100); > ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail); > ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail); > + } > +- nsections = pe_get16 (dll, pe_header_offset + 4 + 2); > ++ if (fail) > ++ return maybe_print_debug_msg (); > ++ > ++ nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail); > + secptr = (pe_header_offset + 4 + 20 + > +- pe_get16 (dll, pe_header_offset + 4 + 16)); > ++ pe_get16 (dll, pe_header_offset + 4 + 16, &fail)); > ++ if (fail) > ++ return maybe_print_debug_msg (); > + expptr = 0; > + export_size = 0; > + > +@@ -374,12 +395,13 @@ read_pe_exported_syms (minimal_symbol_reader &reader, > + { > + char sname[8]; > + unsigned long secptr1 = secptr + 40 * i; > +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); > +- unsigned long vsize = pe_get32 (dll, secptr1 + 16); > +- unsigned long fptr = pe_get32 (dll, secptr1 + 20); > ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); > ++ unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail); > ++ unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail); > + > +- bfd_seek (dll, (file_ptr) secptr1, SEEK_SET); > +- bfd_read (sname, (bfd_size_type) sizeof (sname), dll); > ++ if (fail > ++ || bfd_seek (dll, secptr1, SEEK_SET) != 0 > ++ || bfd_read (sname, sizeof (sname), dll) != sizeof (sname)) > + > + if ((strcmp (sname, ".edata") == 0) > + || (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize)) > +@@ -420,16 +442,18 @@ read_pe_exported_syms (minimal_symbol_reader &reader, > + for (i = 0; i < nsections; i++) > + { > + unsigned long secptr1 = secptr + 40 * i; > +- unsigned long vsize = pe_get32 (dll, secptr1 + 8); > +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); > +- unsigned long characteristics = pe_get32 (dll, secptr1 + 36); > ++ unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail); > ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); > ++ unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail); > + char sec_name[SCNNMLEN + 1]; > + int sectix; > + unsigned int bfd_section_index; > + asection *section; > + > +- bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET); > +- bfd_read (sec_name, (bfd_size_type) SCNNMLEN, dll); > ++ if (fail > ++ || bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0 > ++ || bfd_read (sec_name, SCNNMLEN, dll) != SCNNMLEN) > ++ return maybe_print_debug_msg (); > + sec_name[SCNNMLEN] = '\0'; > + > + sectix = read_pe_section_index (sec_name); > +@@ -468,8 +492,9 @@ read_pe_exported_syms (minimal_symbol_reader &reader, > + gdb::def_vector<unsigned char> expdata_storage (export_size); > + expdata = expdata_storage.data (); > + > +- bfd_seek (dll, (file_ptr) expptr, SEEK_SET); > +- bfd_read (expdata, (bfd_size_type) export_size, dll); > ++ if (bfd_seek (dll, expptr, SEEK_SET) != 0 > ++ || bfd_read (expdata, export_size, dll) != export_size) > ++ return maybe_print_debug_msg (); > + erva = expdata - export_rva; > + > + nexp = pe_as32 (expdata + 24); > +@@ -626,20 +651,27 @@ pe_text_section_offset (struct bfd *abfd) > + } > + > + /* Get pe_header, optional header and numbers of sections. */ > +- pe_header_offset = pe_get32 (abfd, 0x3c); > +- nsections = pe_get16 (abfd, pe_header_offset + 4 + 2); > ++ bool fail = false; > ++ pe_header_offset = pe_get32 (abfd, 0x3c, &fail); > ++ if (fail) > ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; > ++ nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail); > + secptr = (pe_header_offset + 4 + 20 + > +- pe_get16 (abfd, pe_header_offset + 4 + 16)); > ++ pe_get16 (abfd, pe_header_offset + 4 + 16, &fail)); > ++ if (fail) > ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; > + > + /* Get the rva and size of the export section. */ > + for (i = 0; i < nsections; i++) > + { > + char sname[SCNNMLEN + 1]; > + unsigned long secptr1 = secptr + 40 * i; > +- unsigned long vaddr = pe_get32 (abfd, secptr1 + 12); > ++ unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail); > + > +- bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET); > +- bfd_read (sname, (bfd_size_type) SCNNMLEN, abfd); > ++ if (fail > ++ || bfd_seek (abfd, secptr1, SEEK_SET) != 0 > ++ || bfd_read (sname, SCNNMLEN, abfd) != SCNNMLEN) > ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; > + sname[SCNNMLEN] = '\0'; > + if (strcmp (sname, ".text") == 0) > + return vaddr; > +diff --git a/gdb/coffread.c b/gdb/coffread.c > +index 583db6bceb0..6a995ae2241 100644 > +--- a/gdb/coffread.c > ++++ b/gdb/coffread.c > +@@ -711,8 +711,6 @@ coff_symfile_read (struct objfile *objfile, symfile_add_flags symfile_flags) > + > + /* FIXME: dubious. Why can't we use something normal like > + bfd_get_section_contents? */ > +- bfd_seek (abfd, abfd->where, 0); > +- > + stabstrsize = bfd_section_size (info->stabstrsect); > + > + coffstab_build_psymtabs (objfile, > +@@ -807,22 +805,6 @@ coff_symtab_read (minimal_symbol_reader &reader, > + > + scoped_free_pendings free_pending; > + > +- /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous.... > +- it's hard to know I've really worked around it. The fix should > +- be harmless, anyway). The symptom of the bug is that the first > +- fread (in read_one_sym), will (in my example) actually get data > +- from file offset 268, when the fseek was to 264 (and ftell shows > +- 264). This causes all hell to break loose. I was unable to > +- reproduce this on a short test program which operated on the same > +- file, performing (I think) the same sequence of operations. > +- > +- It stopped happening when I put in this (former) rewind(). > +- > +- FIXME: Find out if this has been reported to Sun, whether it has > +- been fixed in a later release, etc. */ > +- > +- bfd_seek (objfile->obfd.get (), 0, 0); > +- > + /* Position to read the symbol table. */ > + val = bfd_seek (objfile->obfd.get (), symtab_offset, 0); > + if (val < 0) > +@@ -1308,12 +1290,13 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr<char> *stora > + if (bfd_seek (abfd, offset, 0) < 0) > + return -1; > + > +- val = bfd_read ((char *) lengthbuf, sizeof lengthbuf, abfd); > +- length = bfd_h_get_32 (symfile_bfd, lengthbuf); > +- > ++ val = bfd_read (lengthbuf, sizeof lengthbuf, abfd); > + /* If no string table is needed, then the file may end immediately > + after the symbols. Just return with `stringtab' set to null. */ > +- if (val != sizeof lengthbuf || length < sizeof lengthbuf) > ++ if (val != sizeof lengthbuf) > ++ return 0; > ++ length = bfd_h_get_32 (symfile_bfd, lengthbuf); > ++ if (length < sizeof lengthbuf) > + return 0; > + > + storage->reset ((char *) xmalloc (length)); > +diff --git a/gdb/dbxread.c b/gdb/dbxread.c > +index 75bbd510155..ddc61d9d539 100644 > +--- a/gdb/dbxread.c > ++++ b/gdb/dbxread.c > +@@ -809,7 +809,8 @@ stabs_seek (int sym_offset) > + symbuf_left -= sym_offset; > + } > + else > +- bfd_seek (symfile_bfd, sym_offset, SEEK_CUR); > ++ if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0) > ++ perror_with_name (bfd_get_filename (symfile_bfd)); > + } > + > + #define INTERNALIZE_SYMBOL(intern, extern, abfd) \ > +@@ -2155,8 +2156,8 @@ dbx_expand_psymtab (legacy_psymtab *pst, struct objfile *objfile) > + symbol_size = SYMBOL_SIZE (pst); > + > + /* Read in this file's symbols. */ > +- bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET); > +- read_ofile_symtab (objfile, pst); > ++ if (bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET) == 0) > ++ read_ofile_symtab (objfile, pst); > + } > + > + pst->readin = true; > +diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c > +index 8ce4b28d133..63eb538ca05 100644 > +--- a/gdb/xcoffread.c > ++++ b/gdb/xcoffread.c > +@@ -779,8 +779,9 @@ enter_line_range (struct subfile *subfile, unsigned beginoffset, > + > + while (curoffset <= limit_offset) > + { > +- bfd_seek (abfd, curoffset, SEEK_SET); > +- bfd_read (ext_lnno, linesz, abfd); > ++ if (bfd_seek (abfd, curoffset, SEEK_SET) != 0 > ++ || bfd_read (ext_lnno, linesz, abfd) != linesz) > ++ return; > + bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno); > + > + /* Find the address this line represents. */ > -- > 2.42.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#192608): https://lists.openembedded.org/g/openembedded-core/message/192608 > Mute This Topic: https://lists.openembedded.org/mt/103238950/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc index 099bd2d8f5..62b813d5cb 100644 --- a/meta/recipes-devtools/gdb/gdb.inc +++ b/meta/recipes-devtools/gdb/gdb.inc @@ -15,5 +15,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0009-Fix-invalid-sigprocmask-call.patch \ file://0010-gdbserver-ctrl-c-handling.patch \ file://0011-CVE-2023-39128.patch \ + file://0013-CVE-2023-39130.patch \ " SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch new file mode 100644 index 0000000000..9cf6645c58 --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch @@ -0,0 +1,328 @@ +From: Alan Modra <amodra@gmail.com> +Date: Wed, 9 Aug 2023 00:28:36 +0000 (+0930) +Subject: gdb: warn unused result for bfd IO functions +X-Git-Tag: gdb-14-branchpoint~669 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 + +gdb: warn unused result for bfd IO functions + +This fixes the compilation warnings introduced by my bfdio.c patch. + +The removed bfd_seeks in coff_symfile_read date back to 1994, commit +7f4c859520, prior to which the file used stdio rather than bfd to read +symbols. Since it now uses bfd to read the file there should be no +need to synchronise to bfd's idea of the file position. I also fixed +a potential uninitialised memory access. + +Approved-By: Andrew Burgess <aburgess@redhat.com> + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80] + +CVE: CVE-2023-39130 + +Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com> + +--- + +diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c +index b82b43c84cf..0d76ebdbfce 100644 +--- a/gdb/coff-pe-read.c ++++ b/gdb/coff-pe-read.c +@@ -254,23 +254,31 @@ read_pe_truncate_name (char *dll_name) + + /* Low-level support functions, direct from the ld module pe-dll.c. */ + static unsigned int +-pe_get16 (bfd *abfd, int where) ++pe_get16 (bfd *abfd, int where, bool *fail) + { + unsigned char b[2]; + +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); +- bfd_read (b, (bfd_size_type) 2, abfd); ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 ++ || bfd_read (b, 2, abfd) != 2) ++ { ++ *fail = true; ++ return 0; ++ } + return b[0] + (b[1] << 8); + } + + static unsigned int +-pe_get32 (bfd *abfd, int where) ++pe_get32 (bfd *abfd, int where, bool *fail) + { + unsigned char b[4]; + +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); +- bfd_read (b, (bfd_size_type) 4, abfd); +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 ++ || bfd_read (b, 4, abfd) != 4) ++ { ++ *fail = true; ++ return 0; ++ } ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); + } + + static unsigned int +@@ -286,7 +294,7 @@ pe_as32 (void *ptr) + { + unsigned char *b = (unsigned char *) ptr; + +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); + } + + /* Read the (non-debug) export symbol table from a portable +@@ -335,37 +343,50 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + || strcmp (target, "pei-i386") == 0 + || strcmp (target, "pe-arm-wince-little") == 0 + || strcmp (target, "pei-arm-wince-little") == 0); ++ ++ /* Possibly print a debug message about DLL not having a valid format. */ ++ auto maybe_print_debug_msg = [&] () -> void { ++ if (debug_coff_pe_read) ++ gdb_printf (gdb_stdlog, _("%s doesn't appear to be a DLL\n"), ++ bfd_get_filename (dll)); ++ }; ++ + if (!is_pe32 && !is_pe64) +- { +- /* This is not a recognized PE format file. Abort now, because +- the code is untested on anything else. *FIXME* test on +- further architectures and loosen or remove this test. */ +- return; +- } ++ return maybe_print_debug_msg (); + + /* Get pe_header, optional header and numbers of export entries. */ +- pe_header_offset = pe_get32 (dll, 0x3c); ++ bool fail = false; ++ pe_header_offset = pe_get32 (dll, 0x3c, &fail); ++ if (fail) ++ return maybe_print_debug_msg (); + opthdr_ofs = pe_header_offset + 4 + 20; + if (is_pe64) +- num_entries = pe_get32 (dll, opthdr_ofs + 108); ++ num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail); + else +- num_entries = pe_get32 (dll, opthdr_ofs + 92); ++ num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail); ++ if (fail) ++ return maybe_print_debug_msg (); + + if (num_entries < 1) /* No exports. */ + return; + if (is_pe64) + { +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112); +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116); ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail); ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail); + } + else + { +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96); +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100); ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail); ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail); + } +- nsections = pe_get16 (dll, pe_header_offset + 4 + 2); ++ if (fail) ++ return maybe_print_debug_msg (); ++ ++ nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail); + secptr = (pe_header_offset + 4 + 20 + +- pe_get16 (dll, pe_header_offset + 4 + 16)); ++ pe_get16 (dll, pe_header_offset + 4 + 16, &fail)); ++ if (fail) ++ return maybe_print_debug_msg (); + expptr = 0; + export_size = 0; + +@@ -374,12 +395,13 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + { + char sname[8]; + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); +- unsigned long vsize = pe_get32 (dll, secptr1 + 16); +- unsigned long fptr = pe_get32 (dll, secptr1 + 20); ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); ++ unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail); ++ unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail); + +- bfd_seek (dll, (file_ptr) secptr1, SEEK_SET); +- bfd_read (sname, (bfd_size_type) sizeof (sname), dll); ++ if (fail ++ || bfd_seek (dll, secptr1, SEEK_SET) != 0 ++ || bfd_read (sname, sizeof (sname), dll) != sizeof (sname)) + + if ((strcmp (sname, ".edata") == 0) + || (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize)) +@@ -420,16 +442,18 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + for (i = 0; i < nsections; i++) + { + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vsize = pe_get32 (dll, secptr1 + 8); +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); +- unsigned long characteristics = pe_get32 (dll, secptr1 + 36); ++ unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail); ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); ++ unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail); + char sec_name[SCNNMLEN + 1]; + int sectix; + unsigned int bfd_section_index; + asection *section; + +- bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET); +- bfd_read (sec_name, (bfd_size_type) SCNNMLEN, dll); ++ if (fail ++ || bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0 ++ || bfd_read (sec_name, SCNNMLEN, dll) != SCNNMLEN) ++ return maybe_print_debug_msg (); + sec_name[SCNNMLEN] = '\0'; + + sectix = read_pe_section_index (sec_name); +@@ -468,8 +492,9 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + gdb::def_vector<unsigned char> expdata_storage (export_size); + expdata = expdata_storage.data (); + +- bfd_seek (dll, (file_ptr) expptr, SEEK_SET); +- bfd_read (expdata, (bfd_size_type) export_size, dll); ++ if (bfd_seek (dll, expptr, SEEK_SET) != 0 ++ || bfd_read (expdata, export_size, dll) != export_size) ++ return maybe_print_debug_msg (); + erva = expdata - export_rva; + + nexp = pe_as32 (expdata + 24); +@@ -626,20 +651,27 @@ pe_text_section_offset (struct bfd *abfd) + } + + /* Get pe_header, optional header and numbers of sections. */ +- pe_header_offset = pe_get32 (abfd, 0x3c); +- nsections = pe_get16 (abfd, pe_header_offset + 4 + 2); ++ bool fail = false; ++ pe_header_offset = pe_get32 (abfd, 0x3c, &fail); ++ if (fail) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; ++ nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail); + secptr = (pe_header_offset + 4 + 20 + +- pe_get16 (abfd, pe_header_offset + 4 + 16)); ++ pe_get16 (abfd, pe_header_offset + 4 + 16, &fail)); ++ if (fail) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; + + /* Get the rva and size of the export section. */ + for (i = 0; i < nsections; i++) + { + char sname[SCNNMLEN + 1]; + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vaddr = pe_get32 (abfd, secptr1 + 12); ++ unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail); + +- bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET); +- bfd_read (sname, (bfd_size_type) SCNNMLEN, abfd); ++ if (fail ++ || bfd_seek (abfd, secptr1, SEEK_SET) != 0 ++ || bfd_read (sname, SCNNMLEN, abfd) != SCNNMLEN) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; + sname[SCNNMLEN] = '\0'; + if (strcmp (sname, ".text") == 0) + return vaddr; +diff --git a/gdb/coffread.c b/gdb/coffread.c +index 583db6bceb0..6a995ae2241 100644 +--- a/gdb/coffread.c ++++ b/gdb/coffread.c +@@ -711,8 +711,6 @@ coff_symfile_read (struct objfile *objfile, symfile_add_flags symfile_flags) + + /* FIXME: dubious. Why can't we use something normal like + bfd_get_section_contents? */ +- bfd_seek (abfd, abfd->where, 0); +- + stabstrsize = bfd_section_size (info->stabstrsect); + + coffstab_build_psymtabs (objfile, +@@ -807,22 +805,6 @@ coff_symtab_read (minimal_symbol_reader &reader, + + scoped_free_pendings free_pending; + +- /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous.... +- it's hard to know I've really worked around it. The fix should +- be harmless, anyway). The symptom of the bug is that the first +- fread (in read_one_sym), will (in my example) actually get data +- from file offset 268, when the fseek was to 264 (and ftell shows +- 264). This causes all hell to break loose. I was unable to +- reproduce this on a short test program which operated on the same +- file, performing (I think) the same sequence of operations. +- +- It stopped happening when I put in this (former) rewind(). +- +- FIXME: Find out if this has been reported to Sun, whether it has +- been fixed in a later release, etc. */ +- +- bfd_seek (objfile->obfd.get (), 0, 0); +- + /* Position to read the symbol table. */ + val = bfd_seek (objfile->obfd.get (), symtab_offset, 0); + if (val < 0) +@@ -1308,12 +1290,13 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr<char> *stora + if (bfd_seek (abfd, offset, 0) < 0) + return -1; + +- val = bfd_read ((char *) lengthbuf, sizeof lengthbuf, abfd); +- length = bfd_h_get_32 (symfile_bfd, lengthbuf); +- ++ val = bfd_read (lengthbuf, sizeof lengthbuf, abfd); + /* If no string table is needed, then the file may end immediately + after the symbols. Just return with `stringtab' set to null. */ +- if (val != sizeof lengthbuf || length < sizeof lengthbuf) ++ if (val != sizeof lengthbuf) ++ return 0; ++ length = bfd_h_get_32 (symfile_bfd, lengthbuf); ++ if (length < sizeof lengthbuf) + return 0; + + storage->reset ((char *) xmalloc (length)); +diff --git a/gdb/dbxread.c b/gdb/dbxread.c +index 75bbd510155..ddc61d9d539 100644 +--- a/gdb/dbxread.c ++++ b/gdb/dbxread.c +@@ -809,7 +809,8 @@ stabs_seek (int sym_offset) + symbuf_left -= sym_offset; + } + else +- bfd_seek (symfile_bfd, sym_offset, SEEK_CUR); ++ if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0) ++ perror_with_name (bfd_get_filename (symfile_bfd)); + } + + #define INTERNALIZE_SYMBOL(intern, extern, abfd) \ +@@ -2155,8 +2156,8 @@ dbx_expand_psymtab (legacy_psymtab *pst, struct objfile *objfile) + symbol_size = SYMBOL_SIZE (pst); + + /* Read in this file's symbols. */ +- bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET); +- read_ofile_symtab (objfile, pst); ++ if (bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET) == 0) ++ read_ofile_symtab (objfile, pst); + } + + pst->readin = true; +diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c +index 8ce4b28d133..63eb538ca05 100644 +--- a/gdb/xcoffread.c ++++ b/gdb/xcoffread.c +@@ -779,8 +779,9 @@ enter_line_range (struct subfile *subfile, unsigned beginoffset, + + while (curoffset <= limit_offset) + { +- bfd_seek (abfd, curoffset, SEEK_SET); +- bfd_read (ext_lnno, linesz, abfd); ++ if (bfd_seek (abfd, curoffset, SEEK_SET) != 0 ++ || bfd_read (ext_lnno, linesz, abfd) != linesz) ++ return; + bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno); + + /* Find the address this line represents. */