gdb: Fix CVE-2023-39130

CVE: CVE-2023-39130 (From OE-Core rev: 7b93bb0ba1513a60cf75ebe55b29723831dfb79a) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> 2024-02-05 04:31:10 -0800
committer: Steve Sakoman <steve@sakoman.com> 2024-02-09 03:46:50 -1000
commit: 89c57d3ff1722d7c9f9621d5a5e6461e2afa451d (patch)
tree: 66619ad1c302ba7675ed7ff7206e193dede74cc2
parent: d35f65d419d97b948d1c8ca9a6535afd691120ea (diff)
download: poky-89c57d3ff1722d7c9f9621d5a5e6461e2afa451d.tar.gz
2 files changed, 327 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc
index ad2b3ad4b7..6c9fe60cab 100644
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -16,5 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
           file://0010-gdbserver-ctrl-c-handling.patch \
           file://0011-CVE-2023-39128.patch \
           file://0012-CVE-2023-39129.patch \
+           file://0013-CVE-2023-39130.patch \
           "
 SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"
diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
new file mode 100644
index 0000000000..bfd5b18d7d
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
@@ -0,0 +1,326 @@
+From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Aug 2023 09:58:36 +0930
+Subject: [PATCH] gdb: warn unused result for bfd IO functions
+This fixes the compilation warnings introduced by my bfdio.c patch.
+The removed bfd_seeks in coff_symfile_read date back to 1994, commit
+7f4c859520, prior to which the file used stdio rather than bfd to read
+symbols.  Since it now uses bfd to read the file there should be no
+need to synchronise to bfd's idea of the file position.  I also fixed
+a potential uninitialised memory access.
+Approved-By: Andrew Burgess <aburgess@redhat.com>
+Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80]
+CVE: CVE-2023-39130
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+ gdb/coff-pe-read.c | 114 +++++++++++++++++++++++++++++----------------
+ gdb/coffread.c     |  27 ++---------
+ gdb/dbxread.c      |   7 +--
+ gdb/xcoffread.c    |   5 +-
+ 4 files changed, 85 insertions(+), 68 deletions(-)
+diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c
+--- a/gdb/coff-pe-read.c
+++ b/gdb/coff-pe-read.c
+@@ -291,23 +291,31 @@ read_pe_truncate_name (char *dll_name)
+ 
+ /* Low-level support functions, direct from the ld module pe-dll.c.  */
+ static unsigned int
+-pe_get16 (bfd *abfd, int where)
+pe_get16 (bfd *abfd, int where, bool *fail)
+ {
+   unsigned char b[2];
+ 
+-  bfd_seek (abfd, (file_ptr) where, SEEK_SET);
+-  bfd_bread (b, (bfd_size_type) 2, abfd);
+  if (bfd_seek (abfd, where, SEEK_SET) != 0
+      || bfd_bread (b, 2, abfd) != 2)
+    {
+      *fail = true;
+      return 0;
+    }
+   return b[0] + (b[1] << 8);
+ }
+ 
+ static unsigned int
+-pe_get32 (bfd *abfd, int where)
+pe_get32 (bfd *abfd, int where, bool *fail)
+ {
+   unsigned char b[4];
+ 
+-  bfd_seek (abfd, (file_ptr) where, SEEK_SET);
+-  bfd_bread (b, (bfd_size_type) 4, abfd);
+-  return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
+  if (bfd_seek (abfd, where, SEEK_SET) != 0
+      || bfd_bread (b, 4, abfd) != 4)
+    {
+      *fail = true;
+      return 0;
+    }
+  return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
+ }
+ 
+ static unsigned int
+@@ -323,7 +331,7 @@ pe_as32 (void *ptr)
+ {
+   unsigned char *b = (unsigned char *) ptr;
+ 
+-  return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
+  return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
+ }
+ 
+ /* Read the (non-debug) export symbol table from a portable
+@@ -376,37 +384,50 @@ read_pe_exported_syms (minimal_symbol_re
+             || strcmp (target, "pei-i386") == 0
+             || strcmp (target, "pe-arm-wince-little") == 0
+             || strcmp (target, "pei-arm-wince-little") == 0);
+
+  /* Possibly print a debug message about DLL not having a valid format.  */
+  auto maybe_print_debug_msg = [&] () -> void {
+    if (debug_coff_pe_read)
+      fprintf_unfiltered (gdb_stdlog, _("%s doesn't appear to be a DLL\n"),
+                                       bfd_get_filename (dll));
+  };
+
+   if (!is_pe32 && !is_pe64)
+-    {
+-      /* This is not a recognized PE format file.  Abort now, because
+-        the code is untested on anything else.  *FIXME* test on
+-        further architectures and loosen or remove this test.  */
+-      return;
+-    }
+    return maybe_print_debug_msg ();
+ 
+   /* Get pe_header, optional header and numbers of export entries.  */
+-  pe_header_offset = pe_get32 (dll, 0x3c);
+  bool fail = false;
+  pe_header_offset = pe_get32 (dll, 0x3c, &fail);
+  if (fail)
+    return maybe_print_debug_msg ();
+   opthdr_ofs = pe_header_offset + 4 + 20;
+   if (is_pe64)
+-    num_entries = pe_get32 (dll, opthdr_ofs + 108);
+    num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail);
+   else
+-    num_entries = pe_get32 (dll, opthdr_ofs + 92);
+    num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail);
+  if (fail)
+    return maybe_print_debug_msg ();
+ 
+   if (num_entries < 1)         /* No exports.  */
+     return;
+   if (is_pe64)
+     {
+-      export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112);
+-      export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116);
+      export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail);
+      export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail);
+     }
+   else
+     {
+-      export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96);
+-      export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100);
+      export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail);
+      export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail);
+     }
+-  nsections = pe_get16 (dll, pe_header_offset + 4 + 2);
+  if (fail)
+    return maybe_print_debug_msg ();
+
+  nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail);
+   secptr = (pe_header_offset + 4 + 20 +
+-           pe_get16 (dll, pe_header_offset + 4 + 16));
+           pe_get16 (dll, pe_header_offset + 4 + 16, &fail));
+  if (fail)
+    return maybe_print_debug_msg ();
+   expptr = 0;
+   export_size = 0;
+ 
+@@ -415,12 +436,13 @@ read_pe_exported_syms (minimal_symbol_re
+     {
+       char sname[8];
+       unsigned long secptr1 = secptr + 40 * i;
+-      unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
+-      unsigned long vsize = pe_get32 (dll, secptr1 + 16);
+-      unsigned long fptr = pe_get32 (dll, secptr1 + 20);
+-
+-      bfd_seek (dll, (file_ptr) secptr1, SEEK_SET);
+-      bfd_bread (sname, (bfd_size_type) sizeof (sname), dll);
+      unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
+      unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail);
+      unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail);
+
+      if (fail
+         || bfd_seek (dll, secptr1, SEEK_SET) != 0
+         || bfd_bread (sname, sizeof (sname), dll) != sizeof (sname))
+ 
+       if ((strcmp (sname, ".edata") == 0)
+          || (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize))
+@@ -461,16 +483,18 @@ read_pe_exported_syms (minimal_symbol_re
+   for (i = 0; i < nsections; i++)
+     {
+       unsigned long secptr1 = secptr + 40 * i;
+-      unsigned long vsize = pe_get32 (dll, secptr1 + 8);
+-      unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
+-      unsigned long characteristics = pe_get32 (dll, secptr1 + 36);
+      unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail);
+      unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
+      unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail);
+       char sec_name[SCNNMLEN + 1];
+       int sectix;
+       unsigned int bfd_section_index;
+       asection *section;
+ 
+-      bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET);
+-      bfd_bread (sec_name, (bfd_size_type) SCNNMLEN, dll);
+      if (fail
+         || bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0
+         || bfd_bread (sec_name, SCNNMLEN, dll) != SCNNMLEN)
+       return maybe_print_debug_msg ();
+       sec_name[SCNNMLEN] = '\0';
+ 
+       sectix = read_pe_section_index (sec_name);
+@@ -509,8 +533,9 @@ read_pe_exported_syms (minimal_symbol_re
+   gdb::def_vector<unsigned char> expdata_storage (export_size);
+   expdata = expdata_storage.data ();
+ 
+-  bfd_seek (dll, (file_ptr) expptr, SEEK_SET);
+-  bfd_bread (expdata, (bfd_size_type) export_size, dll);
+  if (bfd_seek (dll, expptr, SEEK_SET) != 0
+      || bfd_bread (expdata, export_size, dll) != export_size)
+    return maybe_print_debug_msg ();
+   erva = expdata - export_rva;
+ 
+   nexp = pe_as32 (expdata + 24);
+@@ -658,20 +683,27 @@ pe_text_section_offset (struct bfd *abfd
+     }
+ 
+   /* Get pe_header, optional header and numbers of sections.  */
+-  pe_header_offset = pe_get32 (abfd, 0x3c);
+-  nsections = pe_get16 (abfd, pe_header_offset + 4 + 2);
+  bool fail = false;
+  pe_header_offset = pe_get32 (abfd, 0x3c, &fail);
+  if (fail)
+    return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
+  nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail);
+   secptr = (pe_header_offset + 4 + 20 +
+-           pe_get16 (abfd, pe_header_offset + 4 + 16));
+           pe_get16 (abfd, pe_header_offset + 4 + 16, &fail));
+  if (fail)
+    return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
+ 
+   /* Get the rva and size of the export section.  */
+   for (i = 0; i < nsections; i++)
+     {
+       char sname[SCNNMLEN + 1];
+       unsigned long secptr1 = secptr + 40 * i;
+-      unsigned long vaddr = pe_get32 (abfd, secptr1 + 12);
+      unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail);
+ 
+-      bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET);
+-      bfd_bread (sname, (bfd_size_type) SCNNMLEN, abfd);
+      if (fail
+         || bfd_seek (abfd, secptr1, SEEK_SET) != 0
+         || bfd_bread (sname, SCNNMLEN, abfd) != SCNNMLEN)
+       return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
+       sname[SCNNMLEN] = '\0';
+       if (strcmp (sname, ".text") == 0)
+        return vaddr;
+diff --git a/gdb/coffread.c b/gdb/coffread.c
+--- a/gdb/coffread.c
+++ b/gdb/coffread.c
+@@ -690,8 +690,6 @@ coff_symfile_read (struct objfile *objfi
+ 
+       /* FIXME: dubious.  Why can't we use something normal like
+         bfd_get_section_contents?  */
+-      bfd_seek (abfd, abfd->where, 0);
+-
+       stabstrsize = bfd_section_size (info->stabstrsect);
+ 
+       coffstab_build_psymtabs (objfile,
+@@ -780,22 +778,6 @@ coff_symtab_read (minimal_symbol_reader
+ 
+   scoped_free_pendings free_pending;
+ 
+-  /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous....
+-     it's hard to know I've really worked around it.  The fix should
+-     be harmless, anyway).  The symptom of the bug is that the first
+-     fread (in read_one_sym), will (in my example) actually get data
+-     from file offset 268, when the fseek was to 264 (and ftell shows
+-     264).  This causes all hell to break loose.  I was unable to
+-     reproduce this on a short test program which operated on the same
+-     file, performing (I think) the same sequence of operations.
+-
+-     It stopped happening when I put in this (former) rewind().
+-
+-     FIXME: Find out if this has been reported to Sun, whether it has
+-     been fixed in a later release, etc.  */
+-
+-  bfd_seek (objfile->obfd, 0, 0);
+-
+   /* Position to read the symbol table.  */
+   val = bfd_seek (objfile->obfd, symtab_offset, 0);
+   if (val < 0)
+@@ -1285,12 +1267,13 @@ init_stringtab (bfd *abfd, file_ptr offs
+   if (bfd_seek (abfd, offset, 0) < 0)
+     return -1;
+ 
+-  val = bfd_bread ((char *) lengthbuf, sizeof lengthbuf, abfd);
+-  length = bfd_h_get_32 (symfile_bfd, lengthbuf);
+-
+  val = bfd_bread (lengthbuf, sizeof lengthbuf, abfd);
+   /* If no string table is needed, then the file may end immediately
+      after the symbols.  Just return with `stringtab' set to null.  */
+-  if (val != sizeof lengthbuf || length < sizeof lengthbuf)
+  if (val != sizeof lengthbuf)
+    return 0;
+  length = bfd_h_get_32 (symfile_bfd, lengthbuf);
+  if (length < sizeof lengthbuf)
+     return 0;
+ 
+   storage->reset ((char *) xmalloc (length));
+diff --git a/gdb/dbxread.c b/gdb/dbxread.c
+--- a/gdb/dbxread.c
+++ b/gdb/dbxread.c
+@@ -812,7 +812,8 @@ stabs_seek (int sym_offset)
+       symbuf_left -= sym_offset;
+     }
+   else
+-    bfd_seek (symfile_bfd, sym_offset, SEEK_CUR);
+    if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0)
+      perror_with_name (bfd_get_filename (symfile_bfd));
+ }
+ 
+ #define INTERNALIZE_SYMBOL(intern, extern, abfd)                       \
+@@ -2095,8 +2096,8 @@ dbx_expand_psymtab (legacy_psymtab *pst,
+       symbol_size = SYMBOL_SIZE (pst);
+ 
+       /* Read in this file's symbols.  */
+-      bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET);
+-      read_ofile_symtab (objfile, pst);
+      if (bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET) == 0)
+       read_ofile_symtab (objfile, pst);
+     }
+ 
+   pst->readin = true;
+diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c
+--- a/gdb/xcoffread.c
+++ b/gdb/xcoffread.c
+@@ -865,8 +865,9 @@ enter_line_range (struct subfile *subfil
+ 
+   while (curoffset <= limit_offset)
+     {
+-      bfd_seek (abfd, curoffset, SEEK_SET);
+-      bfd_bread (ext_lnno, linesz, abfd);
+      if (bfd_seek (abfd, curoffset, SEEK_SET) != 0
+         || bfd_bread (ext_lnno, linesz, abfd) != linesz)
+       return;
+       bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno);
+ 
+       /* Find the address this line represents.  */
+-- 
+2.39.3
author	Deepthi Hemraj <Deepthi.Hemraj@windriver.com>	2024-02-05 04:31:10 -0800
committer	Steve Sakoman <steve@sakoman.com>	2024-02-09 03:46:50 -1000
commit	89c57d3ff1722d7c9f9621d5a5e6461e2afa451d (patch)
tree	66619ad1c302ba7675ed7ff7206e193dede74cc2
parent	d35f65d419d97b948d1c8ca9a6535afd691120ea (diff)
download	poky-89c57d3ff1722d7c9f9621d5a5e6461e2afa451d.tar.gz

diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc index ad2b3ad4b7..6c9fe60cab 100644 --- a/meta/recipes-devtools/gdb/gdb.inc +++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -16,5 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
16	file://0010-gdbserver-ctrl-c-handling.patch \	16	file://0010-gdbserver-ctrl-c-handling.patch \
17	file://0011-CVE-2023-39128.patch \	17	file://0011-CVE-2023-39128.patch \
18	file://0012-CVE-2023-39129.patch \	18	file://0012-CVE-2023-39129.patch \
		19	file://0013-CVE-2023-39130.patch \
19	"	20	"
20	SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"	21	SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"


diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch new file mode 100644 index 0000000000..bfd5b18d7d --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
@@ -0,0 +1,326 @@
		1	From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Wed, 9 Aug 2023 09:58:36 +0930
		4	Subject: [PATCH] gdb: warn unused result for bfd IO functions
		5
		6	This fixes the compilation warnings introduced by my bfdio.c patch.
		7
		8	The removed bfd_seeks in coff_symfile_read date back to 1994, commit
		9	7f4c859520, prior to which the file used stdio rather than bfd to read
		10	symbols. Since it now uses bfd to read the file there should be no
		11	need to synchronise to bfd's idea of the file position. I also fixed
		12	a potential uninitialised memory access.
		13
		14	Approved-By: Andrew Burgess <aburgess@redhat.com>
		15
		16	Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80]
		17	CVE: CVE-2023-39130
		18	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
		19	---
		20	gdb/coff-pe-read.c \| 114 +++++++++++++++++++++++++++++----------------
		21	gdb/coffread.c \| 27 ++---------
		22	gdb/dbxread.c \| 7 +--
		23	gdb/xcoffread.c \| 5 +-
		24	4 files changed, 85 insertions(+), 68 deletions(-)
		25
		26	diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c
		27	--- a/gdb/coff-pe-read.c
		28	+++ b/gdb/coff-pe-read.c
		29	@@ -291,23 +291,31 @@ read_pe_truncate_name (char *dll_name)
		30
		31	/* Low-level support functions, direct from the ld module pe-dll.c. */
		32	static unsigned int
		33	-pe_get16 (bfd *abfd, int where)
		34	+pe_get16 (bfd abfd, int where, bool fail)
		35	{
		36	unsigned char b[2];
		37
		38	- bfd_seek (abfd, (file_ptr) where, SEEK_SET);
		39	- bfd_bread (b, (bfd_size_type) 2, abfd);
		40	+ if (bfd_seek (abfd, where, SEEK_SET) != 0
		41	+ \|\| bfd_bread (b, 2, abfd) != 2)
		42	+ {
		43	+ *fail = true;
		44	+ return 0;
		45	+ }
		46	return b[0] + (b[1] << 8);
		47	}
		48
		49	static unsigned int
		50	-pe_get32 (bfd *abfd, int where)
		51	+pe_get32 (bfd abfd, int where, bool fail)
		52	{
		53	unsigned char b[4];
		54
		55	- bfd_seek (abfd, (file_ptr) where, SEEK_SET);
		56	- bfd_bread (b, (bfd_size_type) 4, abfd);
		57	- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
		58	+ if (bfd_seek (abfd, where, SEEK_SET) != 0
		59	+ \|\| bfd_bread (b, 4, abfd) != 4)
		60	+ {
		61	+ *fail = true;
		62	+ return 0;
		63	+ }
		64	+ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
		65	}
		66
		67	static unsigned int
		68	@@ -323,7 +331,7 @@ pe_as32 (void *ptr)
		69	{
		70	unsigned char b = (unsigned char ) ptr;
		71
		72	- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
		73	+ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
		74	}
		75
		76	/* Read the (non-debug) export symbol table from a portable
		77	@@ -376,37 +384,50 @@ read_pe_exported_syms (minimal_symbol_re
		78	\|\| strcmp (target, "pei-i386") == 0
		79	\|\| strcmp (target, "pe-arm-wince-little") == 0
		80	\|\| strcmp (target, "pei-arm-wince-little") == 0);
		81	+
		82	+ /* Possibly print a debug message about DLL not having a valid format. */
		83	+ auto maybe_print_debug_msg = [&] () -> void {
		84	+ if (debug_coff_pe_read)
		85	+ fprintf_unfiltered (gdb_stdlog, _("%s doesn't appear to be a DLL\n"),
		86	+ bfd_get_filename (dll));
		87	+ };
		88	+
		89	if (!is_pe32 && !is_pe64)
		90	- {
		91	- /* This is not a recognized PE format file. Abort now, because
		92	- the code is untested on anything else. FIXME test on
		93	- further architectures and loosen or remove this test. */
		94	- return;
		95	- }
		96	+ return maybe_print_debug_msg ();
		97
		98	/* Get pe_header, optional header and numbers of export entries. */
		99	- pe_header_offset = pe_get32 (dll, 0x3c);
		100	+ bool fail = false;
		101	+ pe_header_offset = pe_get32 (dll, 0x3c, &fail);
		102	+ if (fail)
		103	+ return maybe_print_debug_msg ();
		104	opthdr_ofs = pe_header_offset + 4 + 20;
		105	if (is_pe64)
		106	- num_entries = pe_get32 (dll, opthdr_ofs + 108);
		107	+ num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail);
		108	else
		109	- num_entries = pe_get32 (dll, opthdr_ofs + 92);
		110	+ num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail);
		111	+ if (fail)
		112	+ return maybe_print_debug_msg ();
		113
		114	if (num_entries < 1) /* No exports. */
		115	return;
		116	if (is_pe64)
		117	{
		118	- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112);
		119	- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116);
		120	+ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail);
		121	+ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail);
		122	}
		123	else
		124	{
		125	- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96);
		126	- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100);
		127	+ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail);
		128	+ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail);
		129	}
		130	- nsections = pe_get16 (dll, pe_header_offset + 4 + 2);
		131	+ if (fail)
		132	+ return maybe_print_debug_msg ();
		133	+
		134	+ nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail);
		135	secptr = (pe_header_offset + 4 + 20 +
		136	- pe_get16 (dll, pe_header_offset + 4 + 16));
		137	+ pe_get16 (dll, pe_header_offset + 4 + 16, &fail));
		138	+ if (fail)
		139	+ return maybe_print_debug_msg ();
		140	expptr = 0;
		141	export_size = 0;
		142
		143	@@ -415,12 +436,13 @@ read_pe_exported_syms (minimal_symbol_re
		144	{
		145	char sname[8];
		146	unsigned long secptr1 = secptr + 40 * i;
		147	- unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
		148	- unsigned long vsize = pe_get32 (dll, secptr1 + 16);
		149	- unsigned long fptr = pe_get32 (dll, secptr1 + 20);
		150	-
		151	- bfd_seek (dll, (file_ptr) secptr1, SEEK_SET);
		152	- bfd_bread (sname, (bfd_size_type) sizeof (sname), dll);
		153	+ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
		154	+ unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail);
		155	+ unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail);
		156	+
		157	+ if (fail
		158	+ \|\| bfd_seek (dll, secptr1, SEEK_SET) != 0
		159	+ \|\| bfd_bread (sname, sizeof (sname), dll) != sizeof (sname))
		160
		161	if ((strcmp (sname, ".edata") == 0)
		162	\|\| (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize))
		163	@@ -461,16 +483,18 @@ read_pe_exported_syms (minimal_symbol_re
		164	for (i = 0; i < nsections; i++)
		165	{
		166	unsigned long secptr1 = secptr + 40 * i;
		167	- unsigned long vsize = pe_get32 (dll, secptr1 + 8);
		168	- unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
		169	- unsigned long characteristics = pe_get32 (dll, secptr1 + 36);
		170	+ unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail);
		171	+ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
		172	+ unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail);
		173	char sec_name[SCNNMLEN + 1];
		174	int sectix;
		175	unsigned int bfd_section_index;
		176	asection *section;
		177
		178	- bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET);
		179	- bfd_bread (sec_name, (bfd_size_type) SCNNMLEN, dll);
		180	+ if (fail
		181	+ \|\| bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0
		182	+ \|\| bfd_bread (sec_name, SCNNMLEN, dll) != SCNNMLEN)
		183	+ return maybe_print_debug_msg ();
		184	sec_name[SCNNMLEN] = '\0';
		185
		186	sectix = read_pe_section_index (sec_name);
		187	@@ -509,8 +533,9 @@ read_pe_exported_syms (minimal_symbol_re
		188	gdb::def_vector<unsigned char> expdata_storage (export_size);
		189	expdata = expdata_storage.data ();
		190
		191	- bfd_seek (dll, (file_ptr) expptr, SEEK_SET);
		192	- bfd_bread (expdata, (bfd_size_type) export_size, dll);
		193	+ if (bfd_seek (dll, expptr, SEEK_SET) != 0
		194	+ \|\| bfd_bread (expdata, export_size, dll) != export_size)
		195	+ return maybe_print_debug_msg ();
		196	erva = expdata - export_rva;
		197
		198	nexp = pe_as32 (expdata + 24);
		199	@@ -658,20 +683,27 @@ pe_text_section_offset (struct bfd *abfd
		200	}
		201
		202	/* Get pe_header, optional header and numbers of sections. */
		203	- pe_header_offset = pe_get32 (abfd, 0x3c);
		204	- nsections = pe_get16 (abfd, pe_header_offset + 4 + 2);
		205	+ bool fail = false;
		206	+ pe_header_offset = pe_get32 (abfd, 0x3c, &fail);
		207	+ if (fail)
		208	+ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
		209	+ nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail);
		210	secptr = (pe_header_offset + 4 + 20 +
		211	- pe_get16 (abfd, pe_header_offset + 4 + 16));
		212	+ pe_get16 (abfd, pe_header_offset + 4 + 16, &fail));
		213	+ if (fail)
		214	+ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
		215
		216	/* Get the rva and size of the export section. */
		217	for (i = 0; i < nsections; i++)
		218	{
		219	char sname[SCNNMLEN + 1];
		220	unsigned long secptr1 = secptr + 40 * i;
		221	- unsigned long vaddr = pe_get32 (abfd, secptr1 + 12);
		222	+ unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail);
		223
		224	- bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET);
		225	- bfd_bread (sname, (bfd_size_type) SCNNMLEN, abfd);
		226	+ if (fail
		227	+ \|\| bfd_seek (abfd, secptr1, SEEK_SET) != 0
		228	+ \|\| bfd_bread (sname, SCNNMLEN, abfd) != SCNNMLEN)
		229	+ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
		230	sname[SCNNMLEN] = '\0';
		231	if (strcmp (sname, ".text") == 0)
		232	return vaddr;
		233	diff --git a/gdb/coffread.c b/gdb/coffread.c
		234	--- a/gdb/coffread.c
		235	+++ b/gdb/coffread.c
		236	@@ -690,8 +690,6 @@ coff_symfile_read (struct objfile *objfi
		237
		238	/* FIXME: dubious. Why can't we use something normal like
		239	bfd_get_section_contents? */
		240	- bfd_seek (abfd, abfd->where, 0);
		241	-
		242	stabstrsize = bfd_section_size (info->stabstrsect);
		243
		244	coffstab_build_psymtabs (objfile,
		245	@@ -780,22 +778,6 @@ coff_symtab_read (minimal_symbol_reader
		246
		247	scoped_free_pendings free_pending;
		248
		249	- /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous....
		250	- it's hard to know I've really worked around it. The fix should
		251	- be harmless, anyway). The symptom of the bug is that the first
		252	- fread (in read_one_sym), will (in my example) actually get data
		253	- from file offset 268, when the fseek was to 264 (and ftell shows
		254	- 264). This causes all hell to break loose. I was unable to
		255	- reproduce this on a short test program which operated on the same
		256	- file, performing (I think) the same sequence of operations.
		257	-
		258	- It stopped happening when I put in this (former) rewind().
		259	-
		260	- FIXME: Find out if this has been reported to Sun, whether it has
		261	- been fixed in a later release, etc. */
		262	-
		263	- bfd_seek (objfile->obfd, 0, 0);
		264	-
		265	/* Position to read the symbol table. */
		266	val = bfd_seek (objfile->obfd, symtab_offset, 0);
		267	if (val < 0)
		268	@@ -1285,12 +1267,13 @@ init_stringtab (bfd *abfd, file_ptr offs
		269	if (bfd_seek (abfd, offset, 0) < 0)
		270	return -1;
		271
		272	- val = bfd_bread ((char *) lengthbuf, sizeof lengthbuf, abfd);
		273	- length = bfd_h_get_32 (symfile_bfd, lengthbuf);
		274	-
		275	+ val = bfd_bread (lengthbuf, sizeof lengthbuf, abfd);
		276	/* If no string table is needed, then the file may end immediately
		277	after the symbols. Just return with `stringtab' set to null. */
		278	- if (val != sizeof lengthbuf \|\| length < sizeof lengthbuf)
		279	+ if (val != sizeof lengthbuf)
		280	+ return 0;
		281	+ length = bfd_h_get_32 (symfile_bfd, lengthbuf);
		282	+ if (length < sizeof lengthbuf)
		283	return 0;
		284
		285	storage->reset ((char *) xmalloc (length));
		286	diff --git a/gdb/dbxread.c b/gdb/dbxread.c
		287	--- a/gdb/dbxread.c
		288	+++ b/gdb/dbxread.c
		289	@@ -812,7 +812,8 @@ stabs_seek (int sym_offset)
		290	symbuf_left -= sym_offset;
		291	}
		292	else
		293	- bfd_seek (symfile_bfd, sym_offset, SEEK_CUR);
		294	+ if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0)
		295	+ perror_with_name (bfd_get_filename (symfile_bfd));
		296	}
		297
		298	#define INTERNALIZE_SYMBOL(intern, extern, abfd) \
		299	@@ -2095,8 +2096,8 @@ dbx_expand_psymtab (legacy_psymtab *pst,
		300	symbol_size = SYMBOL_SIZE (pst);
		301
		302	/* Read in this file's symbols. */
		303	- bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET);
		304	- read_ofile_symtab (objfile, pst);
		305	+ if (bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET) == 0)
		306	+ read_ofile_symtab (objfile, pst);
		307	}
		308
		309	pst->readin = true;
		310	diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c
		311	--- a/gdb/xcoffread.c
		312	+++ b/gdb/xcoffread.c
		313	@@ -865,8 +865,9 @@ enter_line_range (struct subfile *subfil
		314
		315	while (curoffset <= limit_offset)
		316	{
		317	- bfd_seek (abfd, curoffset, SEEK_SET);
		318	- bfd_bread (ext_lnno, linesz, abfd);
		319	+ if (bfd_seek (abfd, curoffset, SEEK_SET) != 0
		320	+ \|\| bfd_bread (ext_lnno, linesz, abfd) != linesz)
		321	+ return;
		322	bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno);
		323
		324	/* Find the address this line represents. */
		325	--
		326	2.39.3