Home | History | Annotate | Download | only in libelf
      1 /* Create descriptor for processing file.
      2    Copyright (C) 1998-2010 Red Hat, Inc.
      3    This file is part of Red Hat elfutils.
      4    Written by Ulrich Drepper <drepper (at) redhat.com>, 1998.
      5 
      6    Red Hat elfutils is free software; you can redistribute it and/or modify
      7    it under the terms of the GNU General Public License as published by the
      8    Free Software Foundation; version 2 of the License.
      9 
     10    Red Hat elfutils is distributed in the hope that it will be useful, but
     11    WITHOUT ANY WARRANTY; without even the implied warranty of
     12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     13    General Public License for more details.
     14 
     15    You should have received a copy of the GNU General Public License along
     16    with Red Hat elfutils; if not, write to the Free Software Foundation,
     17    Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA.
     18 
     19    In addition, as a special exception, Red Hat, Inc. gives You the
     20    additional right to link the code of Red Hat elfutils with code licensed
     21    under any Open Source Initiative certified open source license
     22    (http://www.opensource.org/licenses/index.php) which requires the
     23    distribution of source code with any binary distribution and to
     24    distribute linked combinations of the two.  Non-GPL Code permitted under
     25    this exception must only link to the code of Red Hat elfutils through
     26    those well defined interfaces identified in the file named EXCEPTION
     27    found in the source code files (the "Approved Interfaces").  The files
     28    of Non-GPL Code may instantiate templates or use macros or inline
     29    functions from the Approved Interfaces without causing the resulting
     30    work to be covered by the GNU General Public License.  Only Red Hat,
     31    Inc. may make changes or additions to the list of Approved Interfaces.
     32    Red Hat's grant of this exception is conditioned upon your not adding
     33    any new exceptions.  If you wish to add a new Approved Interface or
     34    exception, please contact Red Hat.  You must obey the GNU General Public
     35    License in all respects for all of the Red Hat elfutils code and other
     36    code used in conjunction with Red Hat elfutils except the Non-GPL Code
     37    covered by this exception.  If you modify this file, you may extend this
     38    exception to your version of the file, but you are not obligated to do
     39    so.  If you do not wish to provide this exception without modification,
     40    you must delete this exception statement from your version and license
     41    this file solely under the GPL without exception.
     42 
     43    Red Hat elfutils is an included package of the Open Invention Network.
     44    An included package of the Open Invention Network is a package for which
     45    Open Invention Network licensees cross-license their patents.  No patent
     46    license is granted, either expressly or impliedly, by designation as an
     47    included package.  Should you wish to participate in the Open Invention
     48    Network licensing program, please visit www.openinventionnetwork.com
     49    <http://www.openinventionnetwork.com>.  */
     50 
     51 #ifdef HAVE_CONFIG_H
     52 # include <config.h>
     53 #endif
     54 
     55 #include <assert.h>
     56 #include <ctype.h>
     57 #include <errno.h>
     58 #include <fcntl.h>
     59 #include <stdbool.h>
     60 #include <stddef.h>
     61 #include <string.h>
     62 #include <unistd.h>
     63 #include <sys/mman.h>
     64 #include <sys/param.h>
     65 #include <sys/stat.h>
     66 
     67 #include <system.h>
     68 #include "libelfP.h"
     69 #include "common.h"
     70 
     71 
     72 /* Create descriptor for archive in memory.  */
     73 static inline Elf *
     74 file_read_ar (int fildes, void *map_address, off_t offset, size_t maxsize,
     75 	      Elf_Cmd cmd, Elf *parent)
     76 {
     77   Elf *elf;
     78 
     79   /* Create a descriptor.  */
     80   elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
     81                       ELF_K_AR, 0);
     82   if (elf != NULL)
     83     {
     84       /* We don't read all the symbol tables in advance.  All this will
     85 	 happen on demand.  */
     86       elf->state.ar.offset = offset + SARMAG;
     87 
     88       elf->state.ar.elf_ar_hdr.ar_rawname = elf->state.ar.raw_name;
     89     }
     90 
     91   return elf;
     92 }
     93 
     94 
     95 static size_t
     96 get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset,
     97 	   size_t maxsize)
     98 {
     99   size_t result;
    100   union
    101   {
    102     Elf32_Ehdr *e32;
    103     Elf64_Ehdr *e64;
    104     void *p;
    105   } ehdr;
    106   union
    107   {
    108     Elf32_Ehdr e32;
    109     Elf64_Ehdr e64;
    110   } ehdr_mem;
    111   bool is32 = e_ident[EI_CLASS] == ELFCLASS32;
    112 
    113   /* Make the ELF header available.  */
    114   if (e_ident[EI_DATA] == MY_ELFDATA
    115       && (ALLOW_UNALIGNED
    116 	  || (((size_t) e_ident
    117 	       & ((is32 ? __alignof__ (Elf32_Ehdr) : __alignof__ (Elf64_Ehdr))
    118 		  - 1)) == 0)))
    119     ehdr.p = e_ident;
    120   else
    121     {
    122       /* We already read the ELF header.  We have to copy the header
    123 	 since we possibly modify the data here and the caller
    124 	 expects the memory it passes in to be preserved.  */
    125       ehdr.p = &ehdr_mem;
    126 
    127       if (is32)
    128 	{
    129 	  if (ALLOW_UNALIGNED)
    130 	    {
    131 	      ehdr_mem.e32.e_shnum = ((Elf32_Ehdr *) e_ident)->e_shnum;
    132 	      ehdr_mem.e32.e_shoff = ((Elf32_Ehdr *) e_ident)->e_shoff;
    133 	    }
    134 	  else
    135 	    memcpy (&ehdr_mem, e_ident, sizeof (Elf32_Ehdr));
    136 
    137 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    138 	    {
    139 	      CONVERT (ehdr_mem.e32.e_shnum);
    140 	      CONVERT (ehdr_mem.e32.e_shoff);
    141 	    }
    142 	}
    143       else
    144 	{
    145 	  if (ALLOW_UNALIGNED)
    146 	    {
    147 	      ehdr_mem.e64.e_shnum = ((Elf64_Ehdr *) e_ident)->e_shnum;
    148 	      ehdr_mem.e64.e_shoff = ((Elf64_Ehdr *) e_ident)->e_shoff;
    149 	    }
    150 	  else
    151 	    memcpy (&ehdr_mem, e_ident, sizeof (Elf64_Ehdr));
    152 
    153 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    154 	    {
    155 	      CONVERT (ehdr_mem.e64.e_shnum);
    156 	      CONVERT (ehdr_mem.e64.e_shoff);
    157 	    }
    158 	}
    159     }
    160 
    161   if (is32)
    162     {
    163       /* Get the number of sections from the ELF header.  */
    164       result = ehdr.e32->e_shnum;
    165 
    166       if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
    167 	{
    168 	  if (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
    169 	    /* Cannot read the first section header.  */
    170 	    return 0;
    171 
    172 	  if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
    173 	      && (ALLOW_UNALIGNED
    174 		  || (((size_t) ((char *) map_address + offset))
    175 		      & (__alignof__ (Elf32_Ehdr) - 1)) == 0))
    176 	    /* We can directly access the memory.  */
    177 	    result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff
    178 				      + offset))->sh_size;
    179 	  else
    180 	    {
    181 	      Elf32_Word size;
    182 
    183 	      if (likely (map_address != NULL))
    184 		/* gcc will optimize the memcpy to a simple memory
    185 		   access while taking care of alignment issues.  */
    186 		memcpy (&size, &((Elf32_Shdr *) ((char *) map_address
    187 						 + ehdr.e32->e_shoff
    188 						 + offset))->sh_size,
    189 			sizeof (Elf32_Word));
    190 	      else
    191 		if (unlikely (pread_retry (fildes, &size, sizeof (Elf32_Word),
    192 					   offset + ehdr.e32->e_shoff
    193 					   + offsetof (Elf32_Shdr, sh_size))
    194 			      != sizeof (Elf32_Word)))
    195 		  return (size_t) -1l;
    196 
    197 	      if (e_ident[EI_DATA] != MY_ELFDATA)
    198 		CONVERT (size);
    199 
    200 	      result = size;
    201 	    }
    202 	}
    203 
    204       /* If the section headers were truncated, pretend none were there.  */
    205       if (ehdr.e32->e_shoff > maxsize
    206 	  || maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr) * result)
    207 	result = 0;
    208     }
    209   else
    210     {
    211       /* Get the number of sections from the ELF header.  */
    212       result = ehdr.e64->e_shnum;
    213 
    214       if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
    215 	{
    216 	  if (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
    217 	    /* Cannot read the first section header.  */
    218 	    return 0;
    219 
    220 	  Elf64_Xword size;
    221 	  if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
    222 	      && (ALLOW_UNALIGNED
    223 		  || (((size_t) ((char *) map_address + offset))
    224 		      & (__alignof__ (Elf64_Ehdr) - 1)) == 0))
    225 	    /* We can directly access the memory.  */
    226 	    size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff
    227 				    + offset))->sh_size;
    228 	  else
    229 	    {
    230 	      if (likely (map_address != NULL))
    231 		/* gcc will optimize the memcpy to a simple memory
    232 		   access while taking care of alignment issues.  */
    233 		memcpy (&size, &((Elf64_Shdr *) ((char *) map_address
    234 						 + ehdr.e64->e_shoff
    235 						 + offset))->sh_size,
    236 			sizeof (Elf64_Xword));
    237 	      else
    238 		if (unlikely (pread_retry (fildes, &size, sizeof (Elf64_Word),
    239 					   offset + ehdr.e64->e_shoff
    240 					   + offsetof (Elf64_Shdr, sh_size))
    241 			      != sizeof (Elf64_Xword)))
    242 		  return (size_t) -1l;
    243 
    244 	      if (e_ident[EI_DATA] != MY_ELFDATA)
    245 		CONVERT (size);
    246 	    }
    247 
    248 	  if (size > ~((GElf_Word) 0))
    249 	    /* Invalid value, it is too large.  */
    250 	    return (size_t) -1l;
    251 
    252 	  result = size;
    253 	}
    254 
    255       /* If the section headers were truncated, pretend none were there.  */
    256       if (ehdr.e64->e_shoff > maxsize
    257 	  || maxsize - ehdr.e64->e_shoff < sizeof (Elf64_Shdr) * result)
    258 	result = 0;
    259     }
    260 
    261   return result;
    262 }
    263 
    264 
    265 /* Create descriptor for ELF file in memory.  */
    266 static Elf *
    267 file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
    268 	       off_t offset, size_t maxsize, Elf_Cmd cmd, Elf *parent)
    269 {
    270   /* Verify the binary is of the class we can handle.  */
    271   if (unlikely ((e_ident[EI_CLASS] != ELFCLASS32
    272 		 && e_ident[EI_CLASS] != ELFCLASS64)
    273 		/* We also can only handle two encodings.  */
    274 		|| (e_ident[EI_DATA] != ELFDATA2LSB
    275 		    && e_ident[EI_DATA] != ELFDATA2MSB)))
    276     {
    277       /* Cannot handle this.  */
    278       __libelf_seterrno (ELF_E_INVALID_FILE);
    279       return NULL;
    280     }
    281 
    282   /* Determine the number of sections.  */
    283   size_t scncnt = get_shnum (map_address, e_ident, fildes, offset, maxsize);
    284   if (scncnt == (size_t) -1l)
    285     /* Could not determine the number of sections.  */
    286     return NULL;
    287 
    288   /* We can now allocate the memory.  Even if there are no section headers,
    289      we allocate space for a zeroth section in case we need it later.  */
    290   const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
    291 			 ? 1 : 0);
    292   Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
    293 			   ELF_K_ELF, scnmax * sizeof (Elf_Scn));
    294   if (elf == NULL)
    295     /* Not enough memory.  */
    296     return NULL;
    297 
    298   assert ((unsigned int) scncnt == scncnt);
    299   assert (offsetof (struct Elf, state.elf32.scns)
    300 	  == offsetof (struct Elf, state.elf64.scns));
    301   elf->state.elf32.scns.cnt = scncnt;
    302   elf->state.elf32.scns.max = scnmax;
    303 
    304   /* Some more or less arbitrary value.  */
    305   elf->state.elf.scnincr = 10;
    306 
    307   /* Make the class easily available.  */
    308   elf->class = e_ident[EI_CLASS];
    309 
    310   if (e_ident[EI_CLASS] == ELFCLASS32)
    311     {
    312       /* This pointer might not be directly usable if the alignment is
    313 	 not sufficient for the architecture.  */
    314       Elf32_Ehdr *ehdr = (Elf32_Ehdr *) ((char *) map_address + offset);
    315 
    316       /* This is a 32-bit binary.  */
    317       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    318 	  && (ALLOW_UNALIGNED
    319 	      || ((((uintptr_t) ehdr) & (__alignof__ (Elf32_Ehdr) - 1)) == 0
    320 		  && ((uintptr_t) ((char *) ehdr + ehdr->e_shoff)
    321 		      & (__alignof__ (Elf32_Shdr) - 1)) == 0
    322 		  && ((uintptr_t) ((char *) ehdr + ehdr->e_phoff)
    323 		      & (__alignof__ (Elf32_Phdr) - 1)) == 0)))
    324 	{
    325 	  /* We can use the mmapped memory.  */
    326 	  elf->state.elf32.ehdr = ehdr;
    327 	  elf->state.elf32.shdr
    328 	    = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
    329 
    330 	  /* Don't precache the phdr pointer here.
    331 	     elf32_getphdr will validate it against the size when asked.  */
    332 
    333 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    334 	    {
    335 	      elf->state.elf32.scns.data[cnt].index = cnt;
    336 	      elf->state.elf32.scns.data[cnt].elf = elf;
    337 	      elf->state.elf32.scns.data[cnt].shdr.e32 =
    338 		&elf->state.elf32.shdr[cnt];
    339 	      if (likely (elf->state.elf32.shdr[cnt].sh_offset < maxsize)
    340 		  && likely (maxsize - elf->state.elf32.shdr[cnt].sh_offset
    341 			     <= elf->state.elf32.shdr[cnt].sh_size))
    342 		elf->state.elf32.scns.data[cnt].rawdata_base =
    343 		  elf->state.elf32.scns.data[cnt].data_base =
    344 		  ((char *) map_address + offset
    345 		   + elf->state.elf32.shdr[cnt].sh_offset);
    346 	      elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
    347 
    348 	      /* If this is a section with an extended index add a
    349 		 reference in the section which uses the extended
    350 		 index.  */
    351 	      if (elf->state.elf32.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
    352 		  && elf->state.elf32.shdr[cnt].sh_link < scncnt)
    353 		elf->state.elf32.scns.data[elf->state.elf32.shdr[cnt].sh_link].shndx_index
    354 		  = cnt;
    355 
    356 	      /* Set the own shndx_index field in case it has not yet
    357 		 been set.  */
    358 	      if (elf->state.elf32.scns.data[cnt].shndx_index == 0)
    359 		elf->state.elf32.scns.data[cnt].shndx_index = -1;
    360 	    }
    361 	}
    362       else
    363 	{
    364 	  /* Copy the ELF header.  */
    365 	  elf->state.elf32.ehdr = memcpy (&elf->state.elf32.ehdr_mem, e_ident,
    366 					  sizeof (Elf32_Ehdr));
    367 
    368 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    369 	    {
    370 	      CONVERT (elf->state.elf32.ehdr_mem.e_type);
    371 	      CONVERT (elf->state.elf32.ehdr_mem.e_machine);
    372 	      CONVERT (elf->state.elf32.ehdr_mem.e_version);
    373 	      CONVERT (elf->state.elf32.ehdr_mem.e_entry);
    374 	      CONVERT (elf->state.elf32.ehdr_mem.e_phoff);
    375 	      CONVERT (elf->state.elf32.ehdr_mem.e_shoff);
    376 	      CONVERT (elf->state.elf32.ehdr_mem.e_flags);
    377 	      CONVERT (elf->state.elf32.ehdr_mem.e_ehsize);
    378 	      CONVERT (elf->state.elf32.ehdr_mem.e_phentsize);
    379 	      CONVERT (elf->state.elf32.ehdr_mem.e_phnum);
    380 	      CONVERT (elf->state.elf32.ehdr_mem.e_shentsize);
    381 	      CONVERT (elf->state.elf32.ehdr_mem.e_shnum);
    382 	      CONVERT (elf->state.elf32.ehdr_mem.e_shstrndx);
    383 	    }
    384 
    385 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    386 	    {
    387 	      elf->state.elf32.scns.data[cnt].index = cnt;
    388 	      elf->state.elf32.scns.data[cnt].elf = elf;
    389 	      elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
    390 	    }
    391 	}
    392 
    393       /* So far only one block with sections.  */
    394       elf->state.elf32.scns_last = &elf->state.elf32.scns;
    395     }
    396   else
    397     {
    398       /* This pointer might not be directly usable if the alignment is
    399 	 not sufficient for the architecture.  */
    400       Elf64_Ehdr *ehdr = (Elf64_Ehdr *) ((char *) map_address + offset);
    401 
    402       /* This is a 64-bit binary.  */
    403       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    404 	  && (ALLOW_UNALIGNED
    405 	      || ((((uintptr_t) ehdr) & (__alignof__ (Elf64_Ehdr) - 1)) == 0
    406 		  && ((uintptr_t) ((char *) ehdr + ehdr->e_shoff)
    407 		      & (__alignof__ (Elf64_Shdr) - 1)) == 0
    408 		  && ((uintptr_t) ((char *) ehdr + ehdr->e_phoff)
    409 		      & (__alignof__ (Elf64_Phdr) - 1)) == 0)))
    410 	{
    411 	  /* We can use the mmapped memory.  */
    412 	  elf->state.elf64.ehdr = ehdr;
    413 	  elf->state.elf64.shdr
    414 	    = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
    415 
    416 	  /* Don't precache the phdr pointer here.
    417 	     elf64_getphdr will validate it against the size when asked.  */
    418 
    419 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    420 	    {
    421 	      elf->state.elf64.scns.data[cnt].index = cnt;
    422 	      elf->state.elf64.scns.data[cnt].elf = elf;
    423 	      elf->state.elf64.scns.data[cnt].shdr.e64 =
    424 		&elf->state.elf64.shdr[cnt];
    425 	      if (likely (elf->state.elf64.shdr[cnt].sh_offset < maxsize)
    426 		  && likely (maxsize - elf->state.elf64.shdr[cnt].sh_offset
    427 			     <= elf->state.elf64.shdr[cnt].sh_size))
    428 		elf->state.elf64.scns.data[cnt].rawdata_base =
    429 		  elf->state.elf64.scns.data[cnt].data_base =
    430 		  ((char *) map_address + offset
    431 		   + elf->state.elf64.shdr[cnt].sh_offset);
    432 	      elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
    433 
    434 	      /* If this is a section with an extended index add a
    435 		 reference in the section which uses the extended
    436 		 index.  */
    437 	      if (elf->state.elf64.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
    438 		  && elf->state.elf64.shdr[cnt].sh_link < scncnt)
    439 		elf->state.elf64.scns.data[elf->state.elf64.shdr[cnt].sh_link].shndx_index
    440 		  = cnt;
    441 
    442 	      /* Set the own shndx_index field in case it has not yet
    443 		 been set.  */
    444 	      if (elf->state.elf64.scns.data[cnt].shndx_index == 0)
    445 		elf->state.elf64.scns.data[cnt].shndx_index = -1;
    446 	    }
    447 	}
    448       else
    449 	{
    450 	  /* Copy the ELF header.  */
    451 	  elf->state.elf64.ehdr = memcpy (&elf->state.elf64.ehdr_mem, e_ident,
    452 					  sizeof (Elf64_Ehdr));
    453 
    454 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    455 	    {
    456 	      CONVERT (elf->state.elf64.ehdr_mem.e_type);
    457 	      CONVERT (elf->state.elf64.ehdr_mem.e_machine);
    458 	      CONVERT (elf->state.elf64.ehdr_mem.e_version);
    459 	      CONVERT (elf->state.elf64.ehdr_mem.e_entry);
    460 	      CONVERT (elf->state.elf64.ehdr_mem.e_phoff);
    461 	      CONVERT (elf->state.elf64.ehdr_mem.e_shoff);
    462 	      CONVERT (elf->state.elf64.ehdr_mem.e_flags);
    463 	      CONVERT (elf->state.elf64.ehdr_mem.e_ehsize);
    464 	      CONVERT (elf->state.elf64.ehdr_mem.e_phentsize);
    465 	      CONVERT (elf->state.elf64.ehdr_mem.e_phnum);
    466 	      CONVERT (elf->state.elf64.ehdr_mem.e_shentsize);
    467 	      CONVERT (elf->state.elf64.ehdr_mem.e_shnum);
    468 	      CONVERT (elf->state.elf64.ehdr_mem.e_shstrndx);
    469 	    }
    470 
    471 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    472 	    {
    473 	      elf->state.elf64.scns.data[cnt].index = cnt;
    474 	      elf->state.elf64.scns.data[cnt].elf = elf;
    475 	      elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
    476 	    }
    477 	}
    478 
    479       /* So far only one block with sections.  */
    480       elf->state.elf64.scns_last = &elf->state.elf64.scns;
    481     }
    482 
    483   return elf;
    484 }
    485 
    486 
    487 Elf *
    488 internal_function
    489 __libelf_read_mmaped_file (int fildes, void *map_address,  off_t offset,
    490 			   size_t maxsize, Elf_Cmd cmd, Elf *parent)
    491 {
    492   /* We have to find out what kind of file this is.  We handle ELF
    493      files and archives.  To find out what we have we must look at the
    494      header.  The header for an ELF file is EI_NIDENT bytes in size,
    495      the header for an archive file SARMAG bytes long.  */
    496   unsigned char *e_ident = (unsigned char *) map_address + offset;
    497 
    498   /* See what kind of object we have here.  */
    499   Elf_Kind kind = determine_kind (e_ident, maxsize);
    500 
    501   switch (kind)
    502     {
    503     case ELF_K_ELF:
    504       return file_read_elf (fildes, map_address, e_ident, offset, maxsize,
    505 			    cmd, parent);
    506 
    507     case ELF_K_AR:
    508       return file_read_ar (fildes, map_address, offset, maxsize, cmd, parent);
    509 
    510     default:
    511       break;
    512     }
    513 
    514   /* This case is easy.  Since we cannot do anything with this file
    515      create a dummy descriptor.  */
    516   return allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
    517 		       ELF_K_NONE, 0);
    518 }
    519 
    520 
    521 static Elf *
    522 read_unmmaped_file (int fildes, off_t offset, size_t maxsize, Elf_Cmd cmd,
    523 		    Elf *parent)
    524 {
    525   /* We have to find out what kind of file this is.  We handle ELF
    526      files and archives.  To find out what we have we must read the
    527      header.  The identification header for an ELF file is EI_NIDENT
    528      bytes in size, but we read the whole ELF header since we will
    529      need it anyway later.  For archives the header in SARMAG bytes
    530      long.  Read the maximum of these numbers.
    531 
    532      XXX We have to change this for the extended `ar' format some day.
    533 
    534      Use a union to ensure alignment.  We might later access the
    535      memory as a ElfXX_Ehdr.  */
    536   union
    537   {
    538     Elf64_Ehdr ehdr;
    539     unsigned char header[MAX (sizeof (Elf64_Ehdr), SARMAG)];
    540   } mem;
    541 
    542   /* Read the head of the file.  */
    543   ssize_t nread = pread_retry (fildes, mem.header,
    544 			       MIN (MAX (sizeof (Elf64_Ehdr), SARMAG),
    545 				    maxsize),
    546 			       offset);
    547   if (unlikely (nread == -1))
    548     /* We cannot even read the head of the file.  Maybe FILDES is associated
    549        with an unseekable device.  This is nothing we can handle.  */
    550     return NULL;
    551 
    552   /* See what kind of object we have here.  */
    553   Elf_Kind kind = determine_kind (mem.header, nread);
    554 
    555   switch (kind)
    556     {
    557     case ELF_K_AR:
    558       return file_read_ar (fildes, NULL, offset, maxsize, cmd, parent);
    559 
    560     case ELF_K_ELF:
    561       /* Make sure at least the ELF header is contained in the file.  */
    562       if ((size_t) nread >= (mem.header[EI_CLASS] == ELFCLASS32
    563 			     ? sizeof (Elf32_Ehdr) : sizeof (Elf64_Ehdr)))
    564 	return file_read_elf (fildes, NULL, mem.header, offset, maxsize, cmd,
    565 			      parent);
    566       /* FALLTHROUGH */
    567 
    568     default:
    569       break;
    570     }
    571 
    572   /* This case is easy.  Since we cannot do anything with this file
    573      create a dummy descriptor.  */
    574   return allocate_elf (fildes, NULL, offset, maxsize, cmd, parent,
    575 		       ELF_K_NONE, 0);
    576 }
    577 
    578 
    579 /* Open a file for reading.  If possible we will try to mmap() the file.  */
    580 static struct Elf *
    581 read_file (int fildes, off_t offset, size_t maxsize,
    582 	   Elf_Cmd cmd, Elf *parent)
    583 {
    584   void *map_address = NULL;
    585   int use_mmap = (cmd == ELF_C_READ_MMAP || cmd == ELF_C_RDWR_MMAP
    586 		  || cmd == ELF_C_WRITE_MMAP
    587 		  || cmd == ELF_C_READ_MMAP_PRIVATE);
    588 
    589 #if _MUDFLAP
    590   /* Mudflap doesn't grok that our mmap'd data is ok.  */
    591   use_mmap = 0;
    592 #endif
    593 
    594   if (use_mmap)
    595     {
    596       if (parent == NULL)
    597 	{
    598 	  if (maxsize == ~((size_t) 0))
    599 	    {
    600 	      /* We don't know in the moment how large the file is.
    601 		 Determine it now.  */
    602 	      struct stat st;
    603 
    604 	      if (fstat (fildes, &st) == 0
    605 		  && (sizeof (size_t) >= sizeof (st.st_size)
    606 		      || st.st_size <= ~((size_t) 0)))
    607 		maxsize = (size_t) st.st_size;
    608 	    }
    609 
    610 	  /* We try to map the file ourself.  */
    611 	  map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP
    612 					      ? PROT_READ
    613 					      : PROT_READ|PROT_WRITE),
    614 			      cmd == ELF_C_READ_MMAP_PRIVATE
    615 			      || cmd == ELF_C_READ_MMAP
    616 			      ? MAP_PRIVATE : MAP_SHARED,
    617 			      fildes, offset);
    618 
    619 	  if (map_address == MAP_FAILED)
    620 	    map_address = NULL;
    621 	}
    622       else
    623 	{
    624 	  /* The parent is already loaded.  Use it.  */
    625 	  assert (maxsize != ~((size_t) 0));
    626 
    627 	  map_address = parent->map_address;
    628 	}
    629     }
    630 
    631   /* If we have the file in memory optimize the access.  */
    632   if (map_address != NULL)
    633     {
    634       assert (map_address != MAP_FAILED);
    635 
    636       struct Elf *result = __libelf_read_mmaped_file (fildes, map_address,
    637 						      offset, maxsize, cmd,
    638 						      parent);
    639 
    640       /* If something went wrong during the initialization unmap the
    641 	 memory if we mmaped here.  */
    642       if (result == NULL
    643 	  && (parent == NULL
    644 	      || parent->map_address != map_address))
    645 	munmap (map_address, maxsize);
    646       else if (parent == NULL)
    647 	/* Remember that we mmap()ed the memory.  */
    648 	result->flags |= ELF_F_MMAPPED;
    649 
    650       return result;
    651     }
    652 
    653   /* Otherwise we have to do it the hard way.  We read as much as necessary
    654      from the file whenever we need information which is not available.  */
    655   return read_unmmaped_file (fildes, offset, maxsize, cmd, parent);
    656 }
    657 
    658 
    659 /* Find the entry with the long names for the content of this archive.  */
    660 static const char *
    661 read_long_names (Elf *elf)
    662 {
    663   off_t offset = SARMAG;	/* This is the first entry.  */
    664   struct ar_hdr hdrm;
    665   struct ar_hdr *hdr;
    666   char *newp;
    667   size_t len;
    668 
    669   while (1)
    670     {
    671       if (elf->map_address != NULL)
    672 	{
    673 	  if (offset + sizeof (struct ar_hdr) > elf->maximum_size)
    674 	    return NULL;
    675 
    676 	  /* The data is mapped.  */
    677 	  hdr = (struct ar_hdr *) (elf->map_address + offset);
    678 	}
    679       else
    680 	{
    681 	  /* Read the header from the file.  */
    682 	  if (unlikely (pread_retry (elf->fildes, &hdrm, sizeof (hdrm),
    683 				     elf->start_offset + offset)
    684 			!= sizeof (hdrm)))
    685 	    return NULL;
    686 
    687 	  hdr = &hdrm;
    688 	}
    689 
    690       len = atol (hdr->ar_size);
    691 
    692       if (memcmp (hdr->ar_name, "//              ", 16) == 0)
    693 	break;
    694 
    695       offset += sizeof (struct ar_hdr) + ((len + 1) & ~1l);
    696     }
    697 
    698   /* Due to the stupid format of the long name table entry (which are not
    699      NUL terminted) we have to provide an appropriate representation anyhow.
    700      Therefore we always make a copy which has the appropriate form.  */
    701   newp = (char *) malloc (len);
    702   if (newp != NULL)
    703     {
    704       char *runp;
    705 
    706       if (elf->map_address != NULL)
    707 	/* Simply copy it over.  */
    708 	elf->state.ar.long_names = (char *) memcpy (newp,
    709 						    elf->map_address + offset
    710 						    + sizeof (struct ar_hdr),
    711 						    len);
    712       else
    713 	{
    714 	  if (unlikely ((size_t) pread_retry (elf->fildes, newp, len,
    715 					      elf->start_offset + offset
    716 					      + sizeof (struct ar_hdr))
    717 			!= len))
    718 	    {
    719 	      /* We were not able to read all data.  */
    720 	      free (newp);
    721 	      elf->state.ar.long_names = NULL;
    722 	      return NULL;
    723 	    }
    724 	  elf->state.ar.long_names = newp;
    725 	}
    726 
    727       elf->state.ar.long_names_len = len;
    728 
    729       /* Now NUL-terminate the strings.  */
    730       runp = newp;
    731       while (1)
    732         {
    733 	  runp = (char *) memchr (runp, '/', newp + len - runp);
    734 	  if (runp == NULL)
    735 	    /* This was the last entry.  */
    736 	    break;
    737 
    738 	  /* NUL-terminate the string.  */
    739 	  *runp = '\0';
    740 
    741 	  /* Skip the NUL byte and the \012.  */
    742 	  runp += 2;
    743 
    744 	  /* A sanity check.  Somebody might have generated invalid
    745 	     archive.  */
    746 	  if (runp >= newp + len)
    747 	    break;
    748 	}
    749     }
    750 
    751   return newp;
    752 }
    753 
    754 
    755 /* Read the next archive header.  */
    756 int
    757 internal_function
    758 __libelf_next_arhdr_wrlock (elf)
    759      Elf *elf;
    760 {
    761   struct ar_hdr *ar_hdr;
    762   Elf_Arhdr *elf_ar_hdr;
    763 
    764   if (elf->map_address != NULL)
    765     {
    766       /* See whether this entry is in the file.  */
    767       if (unlikely (elf->state.ar.offset + sizeof (struct ar_hdr)
    768 		    > elf->start_offset + elf->maximum_size))
    769 	{
    770 	  /* This record is not anymore in the file.  */
    771 	  __libelf_seterrno (ELF_E_RANGE);
    772 	  return -1;
    773 	}
    774       ar_hdr = (struct ar_hdr *) (elf->map_address + elf->state.ar.offset);
    775     }
    776   else
    777     {
    778       ar_hdr = &elf->state.ar.ar_hdr;
    779 
    780       if (unlikely (pread_retry (elf->fildes, ar_hdr, sizeof (struct ar_hdr),
    781 				 elf->state.ar.offset)
    782 		    != sizeof (struct ar_hdr)))
    783 	{
    784 	  /* Something went wrong while reading the file.  */
    785 	  __libelf_seterrno (ELF_E_RANGE);
    786 	  return -1;
    787 	}
    788     }
    789 
    790   /* One little consistency check.  */
    791   if (unlikely (memcmp (ar_hdr->ar_fmag, ARFMAG, 2) != 0))
    792     {
    793       /* This is no valid archive.  */
    794       __libelf_seterrno (ELF_E_ARCHIVE_FMAG);
    795       return -1;
    796     }
    797 
    798   /* Copy the raw name over to a NUL terminated buffer.  */
    799   *((char *) __mempcpy (elf->state.ar.raw_name, ar_hdr->ar_name, 16)) = '\0';
    800 
    801   elf_ar_hdr = &elf->state.ar.elf_ar_hdr;
    802 
    803   /* Now convert the `struct ar_hdr' into `Elf_Arhdr'.
    804      Determine whether this is a special entry.  */
    805   if (ar_hdr->ar_name[0] == '/')
    806     {
    807       if (ar_hdr->ar_name[1] == ' '
    808 	  && memcmp (ar_hdr->ar_name, "/               ", 16) == 0)
    809 	/* This is the index.  */
    810 	elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/", 2);
    811       else if (ar_hdr->ar_name[1] == '/'
    812 	       && memcmp (ar_hdr->ar_name, "//              ", 16) == 0)
    813 	/* This is the array with the long names.  */
    814 	elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "//", 3);
    815       else if (likely  (isdigit (ar_hdr->ar_name[1])))
    816 	{
    817 	  size_t offset;
    818 
    819 	  /* This is a long name.  First we have to read the long name
    820 	     table, if this hasn't happened already.  */
    821 	  if (unlikely (elf->state.ar.long_names == NULL
    822 			&& read_long_names (elf) == NULL))
    823 	    {
    824 	      /* No long name table although it is reference.  The archive is
    825 		 broken.  */
    826 	      __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    827 	      return -1;
    828 	    }
    829 
    830 	  offset = atol (ar_hdr->ar_name + 1);
    831 	  if (unlikely (offset >= elf->state.ar.long_names_len))
    832 	    {
    833 	      /* The index in the long name table is larger than the table.  */
    834 	      __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    835 	      return -1;
    836 	    }
    837 	  elf_ar_hdr->ar_name = elf->state.ar.long_names + offset;
    838 	}
    839       else
    840 	{
    841 	  /* This is none of the known special entries.  */
    842 	  __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    843 	  return -1;
    844 	}
    845     }
    846   else
    847     {
    848       char *endp;
    849 
    850       /* It is a normal entry.  Copy over the name.  */
    851       endp = (char *) memccpy (elf->state.ar.ar_name, ar_hdr->ar_name,
    852 			       '/', 16);
    853       if (endp != NULL)
    854 	endp[-1] = '\0';
    855       else
    856 	{
    857 	  /* In the old BSD style of archive, there is no / terminator.
    858 	     Instead, there is space padding at the end of the name.  */
    859 	  size_t i = 15;
    860 	  do
    861 	    elf->state.ar.ar_name[i] = '\0';
    862 	  while (i > 0 && elf->state.ar.ar_name[--i] == ' ');
    863 	}
    864 
    865       elf_ar_hdr->ar_name = elf->state.ar.ar_name;
    866     }
    867 
    868   if (unlikely (ar_hdr->ar_size[0] == ' '))
    869     /* Something is really wrong.  We cannot live without a size for
    870        the member since it will not be possible to find the next
    871        archive member.  */
    872     {
    873       __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    874       return -1;
    875     }
    876 
    877   /* Since there are no specialized functions to convert ASCII to
    878      time_t, uid_t, gid_t, mode_t, and off_t we use either atol or
    879      atoll depending on the size of the types.  We are also prepared
    880      for the case where the whole field in the `struct ar_hdr' is
    881      filled in which case we cannot simply use atol/l but instead have
    882      to create a temporary copy.  */
    883 
    884 #define INT_FIELD(FIELD)						      \
    885   do									      \
    886     {									      \
    887       char buf[sizeof (ar_hdr->FIELD) + 1];				      \
    888       const char *string = ar_hdr->FIELD;				      \
    889       if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ')		      \
    890 	{								      \
    891 	  *((char *) __mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD)))  \
    892 	    = '\0';							      \
    893 	  string = buf;							      \
    894 	}								      \
    895       if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int))		      \
    896 	elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atol (string);     \
    897       else								      \
    898 	elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atoll (string);    \
    899     }									      \
    900   while (0)
    901 
    902   INT_FIELD (ar_date);
    903   INT_FIELD (ar_uid);
    904   INT_FIELD (ar_gid);
    905   INT_FIELD (ar_mode);
    906   INT_FIELD (ar_size);
    907 
    908   return 0;
    909 }
    910 
    911 
    912 /* We were asked to return a clone of an existing descriptor.  This
    913    function must be called with the lock on the parent descriptor
    914    being held. */
    915 static Elf *
    916 dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
    917 {
    918   struct Elf *result;
    919 
    920   if (fildes == -1)
    921     /* Allow the user to pass -1 as the file descriptor for the new file.  */
    922     fildes = ref->fildes;
    923   /* The file descriptor better should be the same.  If it was disconnected
    924      already (using `elf_cntl') we do not test it.  */
    925   else if (unlikely (ref->fildes != -1 && fildes != ref->fildes))
    926     {
    927       __libelf_seterrno (ELF_E_FD_MISMATCH);
    928       return NULL;
    929     }
    930 
    931   /* The mode must allow reading.  I.e., a descriptor creating with a
    932      command different then ELF_C_READ, ELF_C_WRITE and ELF_C_RDWR is
    933      not allowed.  */
    934   if (unlikely (ref->cmd != ELF_C_READ && ref->cmd != ELF_C_READ_MMAP
    935 		&& ref->cmd != ELF_C_WRITE && ref->cmd != ELF_C_WRITE_MMAP
    936 		&& ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
    937 		&& ref->cmd != ELF_C_READ_MMAP_PRIVATE))
    938     {
    939       __libelf_seterrno (ELF_E_INVALID_OP);
    940       return NULL;
    941     }
    942 
    943   /* Now it is time to distinguish between reading normal files and
    944      archives.  Normal files can easily be handled be incrementing the
    945      reference counter and return the same descriptor.  */
    946   if (ref->kind != ELF_K_AR)
    947     {
    948       ++ref->ref_count;
    949       return ref;
    950     }
    951 
    952   /* This is an archive.  We must create a descriptor for the archive
    953      member the internal pointer of the archive file desriptor is
    954      pointing to.  First read the header of the next member if this
    955      has not happened already.  */
    956   if (ref->state.ar.elf_ar_hdr.ar_name == NULL
    957       && __libelf_next_arhdr_wrlock (ref) != 0)
    958     /* Something went wrong.  Maybe there is no member left.  */
    959     return NULL;
    960 
    961   /* We have all the information we need about the next archive member.
    962      Now create a descriptor for it.  */
    963   result = read_file (fildes, ref->state.ar.offset + sizeof (struct ar_hdr),
    964 		      ref->state.ar.elf_ar_hdr.ar_size, cmd, ref);
    965 
    966   /* Enlist this new descriptor in the list of children.  */
    967   if (result != NULL)
    968     {
    969       result->next = ref->state.ar.children;
    970       ref->state.ar.children = result;
    971     }
    972 
    973   return result;
    974 }
    975 
    976 
    977 /* Return desriptor for empty file ready for writing.  */
    978 static struct Elf *
    979 write_file (int fd, Elf_Cmd cmd)
    980 {
    981   /* We simply create an empty `Elf' structure.  */
    982 #define NSCNSALLOC	10
    983   Elf *result = allocate_elf (fd, NULL, 0, 0, cmd, NULL, ELF_K_ELF,
    984 			      NSCNSALLOC * sizeof (Elf_Scn));
    985 
    986   if (result != NULL)
    987     {
    988       /* We have to write to the file in any case.  */
    989       result->flags = ELF_F_DIRTY;
    990 
    991       /* Some more or less arbitrary value.  */
    992       result->state.elf.scnincr = NSCNSALLOC;
    993 
    994       /* We have allocated room for some sections.  */
    995       assert (offsetof (struct Elf, state.elf32.scns)
    996 	      == offsetof (struct Elf, state.elf64.scns));
    997       result->state.elf.scns_last = &result->state.elf32.scns;
    998       result->state.elf32.scns.max = NSCNSALLOC;
    999     }
   1000 
   1001   return result;
   1002 }
   1003 
   1004 
   1005 /* Return a descriptor for the file belonging to FILDES.  */
   1006 Elf *
   1007 elf_begin (fildes, cmd, ref)
   1008      int fildes;
   1009      Elf_Cmd cmd;
   1010      Elf *ref;
   1011 {
   1012   Elf *retval;
   1013 
   1014   if (unlikely (! __libelf_version_initialized))
   1015     {
   1016       /* Version wasn't set so far.  */
   1017       __libelf_seterrno (ELF_E_NO_VERSION);
   1018       return NULL;
   1019     }
   1020 
   1021   if (ref != NULL)
   1022     /* Make sure the descriptor is not suddenly going away.  */
   1023     rwlock_rdlock (ref->lock);
   1024   else if (unlikely (fcntl (fildes, F_GETFL) == -1 && errno == EBADF))
   1025     {
   1026       /* We cannot do anything productive without a file descriptor.  */
   1027       __libelf_seterrno (ELF_E_INVALID_FILE);
   1028       return NULL;
   1029     }
   1030 
   1031   Elf *lock_dup_elf ()
   1032   {
   1033     /* We need wrlock to dup an archive.  */
   1034     if (ref->kind == ELF_K_AR)
   1035       {
   1036 	rwlock_unlock (ref->lock);
   1037 	rwlock_wrlock (ref->lock);
   1038       }
   1039 
   1040     /* Duplicate the descriptor.  */
   1041     return dup_elf (fildes, cmd, ref);
   1042   }
   1043 
   1044   switch (cmd)
   1045     {
   1046     case ELF_C_NULL:
   1047       /* We simply return a NULL pointer.  */
   1048       retval = NULL;
   1049       break;
   1050 
   1051     case ELF_C_READ_MMAP_PRIVATE:
   1052       /* If we have a reference it must also be opened this way.  */
   1053       if (unlikely (ref != NULL && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
   1054 	{
   1055 	  __libelf_seterrno (ELF_E_INVALID_CMD);
   1056 	  retval = NULL;
   1057 	  break;
   1058 	}
   1059       /* FALLTHROUGH */
   1060 
   1061     case ELF_C_READ:
   1062     case ELF_C_READ_MMAP:
   1063       if (ref != NULL)
   1064 	retval = lock_dup_elf ();
   1065       else
   1066 	/* Create descriptor for existing file.  */
   1067 	retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
   1068       break;
   1069 
   1070     case ELF_C_RDWR:
   1071     case ELF_C_RDWR_MMAP:
   1072       /* If we have a REF object it must also be opened using this
   1073 	 command.  */
   1074       if (ref != NULL)
   1075 	{
   1076 	  if (unlikely (ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
   1077 			&& ref->cmd != ELF_C_WRITE
   1078 			&& ref->cmd != ELF_C_WRITE_MMAP))
   1079 	    {
   1080 	      /* This is not ok.  REF must also be opened for writing.  */
   1081 	      __libelf_seterrno (ELF_E_INVALID_CMD);
   1082 	      retval = NULL;
   1083 	    }
   1084 	  else
   1085 	    retval = lock_dup_elf ();
   1086 	}
   1087       else
   1088 	/* Create descriptor for existing file.  */
   1089 	retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
   1090       break;
   1091 
   1092     case ELF_C_WRITE:
   1093     case ELF_C_WRITE_MMAP:
   1094       /* We ignore REF and prepare a descriptor to write a new file.  */
   1095       retval = write_file (fildes, cmd);
   1096       break;
   1097 
   1098     default:
   1099       __libelf_seterrno (ELF_E_INVALID_CMD);
   1100       retval = NULL;
   1101       break;
   1102     }
   1103 
   1104   /* Release the lock.  */
   1105   if (ref != NULL)
   1106     rwlock_unlock (ref->lock);
   1107 
   1108   return retval;
   1109 }
   1110 INTDEF(elf_begin)
   1111