Home | History | Annotate | Download | only in src
      1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
      2    Copyright (C) 2001-2012 Red Hat, Inc.
      3    This file is part of Red Hat elfutils.
      4    Written by Ulrich Drepper <drepper (at) redhat.com>, 2001.
      5 
      6    Red Hat elfutils is free software; you can redistribute it and/or modify
      7    it under the terms of the GNU General Public License as published by the
      8    Free Software Foundation; version 2 of the License.
      9 
     10    Red Hat elfutils is distributed in the hope that it will be useful, but
     11    WITHOUT ANY WARRANTY; without even the implied warranty of
     12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     13    General Public License for more details.
     14 
     15    You should have received a copy of the GNU General Public License along
     16    with Red Hat elfutils; if not, write to the Free Software Foundation,
     17    Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA.
     18 
     19    Red Hat elfutils is an included package of the Open Invention Network.
     20    An included package of the Open Invention Network is a package for which
     21    Open Invention Network licensees cross-license their patents.  No patent
     22    license is granted, either expressly or impliedly, by designation as an
     23    included package.  Should you wish to participate in the Open Invention
     24    Network licensing program, please visit www.openinventionnetwork.com
     25    <http://www.openinventionnetwork.com>.  */
     26 
     27 #ifdef HAVE_CONFIG_H
     28 # include <config.h>
     29 #endif
     30 
     31 #include <argp.h>
     32 #include <assert.h>
     33 #include <byteswap.h>
     34 #include <endian.h>
     35 #include <error.h>
     36 #include <fcntl.h>
     37 #include <gelf.h>
     38 #include <inttypes.h>
     39 #include <libintl.h>
     40 #include <locale.h>
     41 #include <stdbool.h>
     42 #include <stdlib.h>
     43 #include <string.h>
     44 #include <unistd.h>
     45 #include <sys/stat.h>
     46 #include <sys/param.h>
     47 
     48 #include <elf-knowledge.h>
     49 #include <system.h>
     50 #include "../libelf/libelfP.h"
     51 #include "../libelf/common.h"
     52 #include "../libebl/libeblP.h"
     53 #include "../libdw/libdwP.h"
     54 #include "../libdwfl/libdwflP.h"
     55 #include "../libdw/memory-access.h"
     56 
     57 
     58 /* Name and version of program.  */
     59 static void print_version (FILE *stream, struct argp_state *state);
     60 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
     61 
     62 /* Bug report address.  */
     63 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
     64 
     65 #define ARGP_strict	300
     66 #define ARGP_gnuld	301
     67 
     68 /* Definitions of arguments for argp functions.  */
     69 static const struct argp_option options[] =
     70 {
     71   { "strict", ARGP_strict, NULL, 0,
     72     N_("Be extremely strict, flag level 2 features."), 0 },
     73   { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
     74   { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
     75   { "gnu-ld", ARGP_gnuld, NULL, 0,
     76     N_("Binary has been created with GNU ld and is therefore known to be \
     77 broken in certain ways"), 0 },
     78   { NULL, 0, NULL, 0, NULL, 0 }
     79 };
     80 
     81 /* Short description of program.  */
     82 static const char doc[] = N_("\
     83 Pedantic checking of ELF files compliance with gABI/psABI spec.");
     84 
     85 /* Strings for arguments in help texts.  */
     86 static const char args_doc[] = N_("FILE...");
     87 
     88 /* Prototype for option handler.  */
     89 static error_t parse_opt (int key, char *arg, struct argp_state *state);
     90 
     91 /* Data structure to communicate with argp functions.  */
     92 static struct argp argp =
     93 {
     94   options, parse_opt, args_doc, doc, NULL, NULL, NULL
     95 };
     96 
     97 
     98 /* Declarations of local functions.  */
     99 static void process_file (int fd, Elf *elf, const char *prefix,
    100 			  const char *suffix, const char *fname, size_t size,
    101 			  bool only_one);
    102 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
    103 			      const char *fname, size_t size, bool only_one);
    104 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
    105 				GElf_Shdr *shdr, int idx);
    106 
    107 
    108 /* Report an error.  */
    109 #define ERROR(str, args...) \
    110   do {									      \
    111     printf (str, ##args);						      \
    112     ++error_count;							      \
    113   } while (0)
    114 static unsigned int error_count;
    115 
    116 /* True if we should perform very strict testing.  */
    117 static bool be_strict;
    118 
    119 /* True if no message is to be printed if the run is succesful.  */
    120 static bool be_quiet;
    121 
    122 /* True if binary is from strip -f, not a normal ELF file.  */
    123 static bool is_debuginfo;
    124 
    125 /* True if binary is assumed to be generated with GNU ld.  */
    126 static bool gnuld;
    127 
    128 /* Index of section header string table.  */
    129 static uint32_t shstrndx;
    130 
    131 /* Array to count references in section groups.  */
    132 static int *scnref;
    133 
    134 
    135 int
    136 main (int argc, char *argv[])
    137 {
    138   /* Set locale.  */
    139   setlocale (LC_ALL, "");
    140 
    141   /* Initialize the message catalog.  */
    142   textdomain (PACKAGE_TARNAME);
    143 
    144   /* Parse and process arguments.  */
    145   int remaining;
    146   argp_parse (&argp, argc, argv, 0, &remaining, NULL);
    147 
    148   /* Before we start tell the ELF library which version we are using.  */
    149   elf_version (EV_CURRENT);
    150 
    151   /* Now process all the files given at the command line.  */
    152   bool only_one = remaining + 1 == argc;
    153   do
    154     {
    155       /* Open the file.  */
    156       int fd = open (argv[remaining], O_RDONLY);
    157       if (fd == -1)
    158 	{
    159 	  error (0, errno, gettext ("cannot open input file"));
    160 	  continue;
    161 	}
    162 
    163       /* Create an `Elf' descriptor.  */
    164       Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
    165       if (elf == NULL)
    166 	ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
    167 	       elf_errmsg (-1));
    168       else
    169 	{
    170 	  unsigned int prev_error_count = error_count;
    171 	  struct stat64 st;
    172 
    173 	  if (fstat64 (fd, &st) != 0)
    174 	    {
    175 	      printf ("cannot stat '%s': %m\n", argv[remaining]);
    176 	      close (fd);
    177 	      continue;
    178 	    }
    179 
    180 	  process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
    181 			only_one);
    182 
    183 	  /* Now we can close the descriptor.  */
    184 	  if (elf_end (elf) != 0)
    185 	    ERROR (gettext ("error while closing Elf descriptor: %s\n"),
    186 		   elf_errmsg (-1));
    187 
    188 	  if (prev_error_count == error_count && !be_quiet)
    189 	    puts (gettext ("No errors"));
    190 	}
    191 
    192       close (fd);
    193     }
    194   while (++remaining < argc);
    195 
    196   return error_count != 0;
    197 }
    198 
    199 
    200 /* Handle program arguments.  */
    201 static error_t
    202 parse_opt (int key, char *arg __attribute__ ((unused)),
    203 	   struct argp_state *state __attribute__ ((unused)))
    204 {
    205   switch (key)
    206     {
    207     case ARGP_strict:
    208       be_strict = true;
    209       break;
    210 
    211     case 'q':
    212       be_quiet = true;
    213       break;
    214 
    215     case 'd':
    216       is_debuginfo = true;
    217 
    218     case ARGP_gnuld:
    219       gnuld = true;
    220       break;
    221 
    222     case ARGP_KEY_NO_ARGS:
    223       fputs (gettext ("Missing file name.\n"), stderr);
    224       argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
    225       exit (EXIT_FAILURE);
    226 
    227     default:
    228       return ARGP_ERR_UNKNOWN;
    229     }
    230   return 0;
    231 }
    232 
    233 
    234 /* Print the version information.  */
    235 static void
    236 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused)))
    237 {
    238   fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION);
    239   fprintf (stream, gettext ("\
    240 Copyright (C) %s Red Hat, Inc.\n\
    241 This is free software; see the source for copying conditions.  There is NO\n\
    242 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
    243 "), "2012");
    244   fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
    245 }
    246 
    247 
    248 /* Process one file.  */
    249 static void
    250 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
    251 	      const char *fname, size_t size, bool only_one)
    252 {
    253   /* We can handle two types of files: ELF files and archives.  */
    254   Elf_Kind kind = elf_kind (elf);
    255 
    256   switch (kind)
    257     {
    258     case ELF_K_ELF:
    259       /* Yes!  It's an ELF file.  */
    260       process_elf_file (elf, prefix, suffix, fname, size, only_one);
    261       break;
    262 
    263     case ELF_K_AR:
    264       {
    265 	Elf *subelf;
    266 	Elf_Cmd cmd = ELF_C_READ_MMAP;
    267 	size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
    268 	size_t fname_len = strlen (fname) + 1;
    269 	char new_prefix[prefix_len + 1 + fname_len];
    270 	char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
    271 	char *cp = new_prefix;
    272 
    273 	/* Create the full name of the file.  */
    274 	if (prefix != NULL)
    275 	  {
    276 	    cp = mempcpy (cp, prefix, prefix_len);
    277 	    *cp++ = '(';
    278 	    strcpy (stpcpy (new_suffix, suffix), ")");
    279 	  }
    280 	else
    281 	  new_suffix[0] = '\0';
    282 	memcpy (cp, fname, fname_len);
    283 
    284 	/* It's an archive.  We process each file in it.  */
    285 	while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
    286 	  {
    287 	    kind = elf_kind (subelf);
    288 
    289 	    /* Call this function recursively.  */
    290 	    if (kind == ELF_K_ELF || kind == ELF_K_AR)
    291 	      {
    292 		Elf_Arhdr *arhdr = elf_getarhdr (subelf);
    293 		assert (arhdr != NULL);
    294 
    295 		process_file (fd, subelf, new_prefix, new_suffix,
    296 			      arhdr->ar_name, arhdr->ar_size, false);
    297 	      }
    298 
    299 	    /* Get next archive element.  */
    300 	    cmd = elf_next (subelf);
    301 	    if (elf_end (subelf) != 0)
    302 	      ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
    303 		     elf_errmsg (-1));
    304 	  }
    305       }
    306       break;
    307 
    308     default:
    309       /* We cannot do anything.  */
    310       ERROR (gettext ("\
    311 Not an ELF file - it has the wrong magic bytes at the start\n"));
    312       break;
    313     }
    314 }
    315 
    316 
    317 static const char *
    318 section_name (Ebl *ebl, int idx)
    319 {
    320   GElf_Shdr shdr_mem;
    321   GElf_Shdr *shdr;
    322 
    323   shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
    324 
    325   return elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
    326 }
    327 
    328 
    329 static const int valid_e_machine[] =
    330   {
    331     EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
    332     EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
    333     EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
    334     EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
    335     EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
    336     EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
    337     EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
    338     EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
    339     EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
    340     EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
    341     EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA
    342   };
    343 #define nvalid_e_machine \
    344   (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
    345 
    346 
    347 /* Numbers of sections and program headers.  */
    348 static unsigned int shnum;
    349 static unsigned int phnum;
    350 
    351 
    352 static void
    353 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
    354 {
    355   char buf[512];
    356   size_t cnt;
    357 
    358   /* Check e_ident field.  */
    359   if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
    360     ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
    361   if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
    362     ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
    363   if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
    364     ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
    365   if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
    366     ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
    367 
    368   if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
    369       && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
    370     ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
    371 	   EI_CLASS, ehdr->e_ident[EI_CLASS]);
    372 
    373   if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
    374       && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
    375     ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
    376 	   EI_DATA, ehdr->e_ident[EI_DATA]);
    377 
    378   if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
    379     ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
    380 	   EI_VERSION, ehdr->e_ident[EI_VERSION]);
    381 
    382   /* We currently don't handle any OS ABIs other than Linux.  */
    383   if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
    384       && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX)
    385     ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"),
    386 	   EI_OSABI,
    387 	   ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
    388 
    389   /* No ABI versions other than zero supported either.  */
    390   if (ehdr->e_ident[EI_ABIVERSION] != 0)
    391     ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"),
    392 	   EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
    393 
    394   for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
    395     if (ehdr->e_ident[cnt] != 0)
    396       ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
    397 
    398   /* Check the e_type field.  */
    399   if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
    400       && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
    401     ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
    402 
    403   /* Check the e_machine field.  */
    404   for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
    405     if (valid_e_machine[cnt] == ehdr->e_machine)
    406       break;
    407   if (cnt == nvalid_e_machine)
    408     ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
    409 
    410   /* Check the e_version field.  */
    411   if (ehdr->e_version != EV_CURRENT)
    412     ERROR (gettext ("unknown object file version\n"));
    413 
    414   /* Check the e_phoff and e_phnum fields.  */
    415   if (ehdr->e_phoff == 0)
    416     {
    417       if (ehdr->e_phnum != 0)
    418 	ERROR (gettext ("invalid program header offset\n"));
    419       else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
    420 	ERROR (gettext ("\
    421 executables and DSOs cannot have zero program header offset\n"));
    422     }
    423   else if (ehdr->e_phnum == 0)
    424     ERROR (gettext ("invalid number of program header entries\n"));
    425 
    426   /* Check the e_shoff field.  */
    427   shnum = ehdr->e_shnum;
    428   shstrndx = ehdr->e_shstrndx;
    429   if (ehdr->e_shoff == 0)
    430     {
    431       if (ehdr->e_shnum != 0)
    432 	ERROR (gettext ("invalid section header table offset\n"));
    433       else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
    434 	       && ehdr->e_type != ET_CORE)
    435 	ERROR (gettext ("section header table must be present\n"));
    436     }
    437   else
    438     {
    439       if (ehdr->e_shnum == 0)
    440 	{
    441 	  /* Get the header of the zeroth section.  The sh_size field
    442 	     might contain the section number.  */
    443 	  GElf_Shdr shdr_mem;
    444 	  GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
    445 	  if (shdr != NULL)
    446 	    {
    447 	      /* The error will be reported later.  */
    448 	      if (shdr->sh_size == 0)
    449 		ERROR (gettext ("\
    450 invalid number of section header table entries\n"));
    451 	      else
    452 		shnum = shdr->sh_size;
    453 	    }
    454 	}
    455 
    456       if (ehdr->e_shstrndx == SHN_XINDEX)
    457 	{
    458 	  /* Get the header of the zeroth section.  The sh_size field
    459 	     might contain the section number.  */
    460 	  GElf_Shdr shdr_mem;
    461 	  GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
    462 	  if (shdr != NULL && shdr->sh_link < shnum)
    463 	    shstrndx = shdr->sh_link;
    464 	}
    465       else if (shstrndx >= shnum)
    466 	ERROR (gettext ("invalid section header index\n"));
    467     }
    468 
    469   phnum = ehdr->e_phnum;
    470   if (ehdr->e_phnum == PN_XNUM)
    471     {
    472       /* Get the header of the zeroth section.  The sh_info field
    473 	 might contain the phnum count.  */
    474       GElf_Shdr shdr_mem;
    475       GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
    476       if (shdr != NULL)
    477 	{
    478 	  /* The error will be reported later.  */
    479 	  if (shdr->sh_info < PN_XNUM)
    480 	    ERROR (gettext ("\
    481 invalid number of program header table entries\n"));
    482 	  else
    483 	    phnum = shdr->sh_info;
    484 	}
    485     }
    486 
    487   /* Check the e_flags field.  */
    488   if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
    489     ERROR (gettext ("invalid machine flags: %s\n"),
    490 	   ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
    491 
    492   /* Check e_ehsize, e_phentsize, and e_shentsize fields.  */
    493   if (gelf_getclass (ebl->elf) == ELFCLASS32)
    494     {
    495       if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
    496 	ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
    497 
    498       if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
    499 	ERROR (gettext ("invalid program header size: %hd\n"),
    500 	       ehdr->e_phentsize);
    501       else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
    502 	ERROR (gettext ("invalid program header position or size\n"));
    503 
    504       if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
    505 	ERROR (gettext ("invalid section header size: %hd\n"),
    506 	       ehdr->e_shentsize);
    507       else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
    508 	ERROR (gettext ("invalid section header position or size\n"));
    509     }
    510   else if (gelf_getclass (ebl->elf) == ELFCLASS64)
    511     {
    512       if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
    513 	ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
    514 
    515       if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
    516 	ERROR (gettext ("invalid program header size: %hd\n"),
    517 	       ehdr->e_phentsize);
    518       else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
    519 	ERROR (gettext ("invalid program header position or size\n"));
    520 
    521       if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
    522 	ERROR (gettext ("invalid section header size: %hd\n"),
    523 	       ehdr->e_shentsize);
    524       else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
    525 	ERROR (gettext ("invalid section header position or size\n"));
    526     }
    527 }
    528 
    529 
    530 /* Check that there is a section group section with index < IDX which
    531    contains section IDX and that there is exactly one.  */
    532 static void
    533 check_scn_group (Ebl *ebl, int idx)
    534 {
    535   if (scnref[idx] == 0)
    536     {
    537       /* No reference so far.  Search following sections, maybe the
    538 	 order is wrong.  */
    539       size_t cnt;
    540 
    541       for (cnt = idx + 1; cnt < shnum; ++cnt)
    542 	{
    543 	  Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
    544 	  GElf_Shdr shdr_mem;
    545 	  GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
    546 	  if (shdr == NULL)
    547 	    /* We cannot get the section header so we cannot check it.
    548 	       The error to get the section header will be shown
    549 	       somewhere else.  */
    550 	    continue;
    551 
    552 	  if (shdr->sh_type != SHT_GROUP)
    553 	    continue;
    554 
    555 	  Elf_Data *data = elf_getdata (scn, NULL);
    556 	  if (data == NULL || data->d_size < sizeof (Elf32_Word))
    557 	    /* Cannot check the section.  */
    558 	    continue;
    559 
    560 	  Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
    561 	  for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
    562 	       ++inner)
    563 	    if (grpdata[inner] == (Elf32_Word) idx)
    564 	      goto out;
    565 	}
    566 
    567     out:
    568       if (cnt == shnum)
    569 	ERROR (gettext ("\
    570 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
    571 	       idx, section_name (ebl, idx));
    572       else
    573 	ERROR (gettext ("\
    574 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
    575 	       idx, section_name (ebl, idx),
    576 	       cnt, section_name (ebl, cnt));
    577     }
    578 }
    579 
    580 
    581 static void
    582 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
    583 {
    584   bool no_xndx_warned = false;
    585   int no_pt_tls = 0;
    586   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
    587   if (data == NULL)
    588     {
    589       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
    590 	     idx, section_name (ebl, idx));
    591       return;
    592     }
    593 
    594   GElf_Shdr strshdr_mem;
    595   GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
    596 				     &strshdr_mem);
    597   if (strshdr == NULL)
    598     return;
    599 
    600   if (strshdr->sh_type != SHT_STRTAB)
    601     {
    602       ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
    603 	     shdr->sh_link, section_name (ebl, shdr->sh_link),
    604 	     idx, section_name (ebl, idx));
    605       strshdr = NULL;
    606     }
    607 
    608   /* Search for an extended section index table section.  */
    609   Elf_Data *xndxdata = NULL;
    610   Elf32_Word xndxscnidx = 0;
    611   bool found_xndx = false;
    612   for (size_t cnt = 1; cnt < shnum; ++cnt)
    613     if (cnt != (size_t) idx)
    614       {
    615 	Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
    616 	GElf_Shdr xndxshdr_mem;
    617 	GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
    618 	if (xndxshdr == NULL)
    619 	  continue;
    620 
    621 	if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
    622 	    && xndxshdr->sh_link == (GElf_Word) idx)
    623 	  {
    624 	    if (found_xndx)
    625 	      ERROR (gettext ("\
    626 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
    627 		     idx, section_name (ebl, idx));
    628 
    629 	    xndxdata = elf_getdata (xndxscn, NULL);
    630 	    xndxscnidx = elf_ndxscn (xndxscn);
    631 	    found_xndx = true;
    632 	  }
    633       }
    634 
    635   if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT))
    636     ERROR (gettext ("\
    637 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
    638 	   idx, section_name (ebl, idx));
    639 
    640   /* Test the zeroth entry.  */
    641   GElf_Sym sym_mem;
    642   Elf32_Word xndx;
    643   GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
    644   if (sym == NULL)
    645       ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
    646 	     idx, section_name (ebl, idx), 0, elf_errmsg (-1));
    647   else
    648     {
    649       if (sym->st_name != 0)
    650 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    651 	       idx, section_name (ebl, idx), "st_name");
    652       if (sym->st_value != 0)
    653 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    654 	       idx, section_name (ebl, idx), "st_value");
    655       if (sym->st_size != 0)
    656 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    657 	       idx, section_name (ebl, idx), "st_size");
    658       if (sym->st_info != 0)
    659 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    660 	       idx, section_name (ebl, idx), "st_info");
    661       if (sym->st_other != 0)
    662 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    663 	       idx, section_name (ebl, idx), "st_other");
    664       if (sym->st_shndx != 0)
    665 	ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
    666 	       idx, section_name (ebl, idx), "st_shndx");
    667       if (xndxdata != NULL && xndx != 0)
    668 	ERROR (gettext ("\
    669 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
    670 	       xndxscnidx, section_name (ebl, xndxscnidx));
    671     }
    672 
    673   for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
    674     {
    675       sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
    676       if (sym == NULL)
    677 	{
    678 	  ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
    679 		 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
    680 	  continue;
    681 	}
    682 
    683       const char *name = NULL;
    684       if (strshdr == NULL)
    685 	name = "";
    686       else if (sym->st_name >= strshdr->sh_size)
    687 	ERROR (gettext ("\
    688 section [%2d] '%s': symbol %zu: invalid name value\n"),
    689 	       idx, section_name (ebl, idx), cnt);
    690       else
    691 	{
    692 	  name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
    693 	  assert (name != NULL);
    694 	}
    695 
    696       if (sym->st_shndx == SHN_XINDEX)
    697 	{
    698 	  if (xndxdata == NULL)
    699 	    {
    700 	      if (!no_xndx_warned)
    701 		ERROR (gettext ("\
    702 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
    703 		       idx, section_name (ebl, idx), cnt);
    704 	      no_xndx_warned = true;
    705 	    }
    706 	  else if (xndx < SHN_LORESERVE)
    707 	    ERROR (gettext ("\
    708 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
    709 		   xndxscnidx, section_name (ebl, xndxscnidx), cnt,
    710 		   xndx);
    711 	}
    712       else if ((sym->st_shndx >= SHN_LORESERVE
    713 		// && sym->st_shndx <= SHN_HIRESERVE    always true
    714 		&& sym->st_shndx != SHN_ABS
    715 		&& sym->st_shndx != SHN_COMMON)
    716 	       || (sym->st_shndx >= shnum
    717 		   && (sym->st_shndx < SHN_LORESERVE
    718 		       /* || sym->st_shndx > SHN_HIRESERVE  always false */)))
    719 	ERROR (gettext ("\
    720 section [%2d] '%s': symbol %zu: invalid section index\n"),
    721 	       idx, section_name (ebl, idx), cnt);
    722       else
    723 	xndx = sym->st_shndx;
    724 
    725       if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
    726 	  && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
    727 	ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
    728 	       idx, section_name (ebl, idx), cnt);
    729 
    730       if (GELF_ST_BIND (sym->st_info) >= STB_NUM
    731 	  && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
    732 				       0))
    733 	ERROR (gettext ("\
    734 section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
    735 	       idx, section_name (ebl, idx), cnt);
    736       if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
    737 	  && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
    738 	ERROR (gettext ("\
    739 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"),
    740 	       idx, section_name (ebl, idx), cnt);
    741 
    742       if (xndx == SHN_COMMON)
    743 	{
    744 	  /* Common symbols can only appear in relocatable files.  */
    745 	  if (ehdr->e_type != ET_REL)
    746 	    ERROR (gettext ("\
    747 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
    748 		   idx, section_name (ebl, idx), cnt);
    749 	  if (cnt < shdr->sh_info)
    750 	    ERROR (gettext ("\
    751 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
    752 		   idx, section_name (ebl, idx), cnt);
    753 	  if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
    754 	    ERROR (gettext ("\
    755 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
    756 		   idx, section_name (ebl, idx), cnt);
    757 	}
    758       else if (xndx > 0 && xndx < shnum)
    759 	{
    760 	  GElf_Shdr destshdr_mem;
    761 	  GElf_Shdr *destshdr;
    762 
    763 	  destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
    764 	  if (destshdr != NULL)
    765 	    {
    766 	      GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
    767 				   : destshdr->sh_addr);
    768 	      if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
    769 		{
    770 		  if (! ebl_check_special_symbol (ebl, ehdr, sym, name,
    771 						  destshdr))
    772 		    {
    773 		      if (sym->st_value - sh_addr > destshdr->sh_size)
    774 			{
    775 			  /* GNU ld has severe bugs.  When it decides to remove
    776 			     empty sections it leaves symbols referencing them
    777 			     behind.  These are symbols in .symtab.  */
    778 			  if (!gnuld
    779 			      || strcmp (section_name (ebl, idx), ".symtab")
    780 			      || (strcmp (name, "__preinit_array_start") != 0
    781 				  && strcmp (name, "__preinit_array_end") != 0
    782 				  && strcmp (name, "__init_array_start") != 0
    783 				  && strcmp (name, "__init_array_end") != 0
    784 				  && strcmp (name, "__fini_array_start") != 0
    785 				  && strcmp (name, "__fini_array_end") != 0))
    786 			    ERROR (gettext ("\
    787 section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
    788 				   idx, section_name (ebl, idx), cnt);
    789 			}
    790 		      else if ((sym->st_value - sh_addr
    791 				+ sym->st_size) > destshdr->sh_size)
    792 			ERROR (gettext ("\
    793 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
    794 			       idx, section_name (ebl, idx), cnt,
    795 			       (int) xndx, section_name (ebl, xndx));
    796 		    }
    797 		}
    798 	      else
    799 		{
    800 		  if ((destshdr->sh_flags & SHF_TLS) == 0)
    801 		    ERROR (gettext ("\
    802 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
    803 			   idx, section_name (ebl, idx), cnt,
    804 			   (int) xndx, section_name (ebl, xndx));
    805 
    806 		  if (ehdr->e_type == ET_REL)
    807 		    {
    808 		      /* For object files the symbol value must fall
    809 			 into the section.  */
    810 		      if (sym->st_value > destshdr->sh_size)
    811 			ERROR (gettext ("\
    812 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
    813 			       idx, section_name (ebl, idx), cnt,
    814 			       (int) xndx, section_name (ebl, xndx));
    815 		      else if (sym->st_value + sym->st_size
    816 			       > destshdr->sh_size)
    817 			ERROR (gettext ("\
    818 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
    819 			       idx, section_name (ebl, idx), cnt,
    820 			       (int) xndx, section_name (ebl, xndx));
    821 		    }
    822 		  else
    823 		    {
    824 		      GElf_Phdr phdr_mem;
    825 		      GElf_Phdr *phdr = NULL;
    826 		      unsigned int pcnt;
    827 
    828 		      for (pcnt = 0; pcnt < phnum; ++pcnt)
    829 			{
    830 			  phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
    831 			  if (phdr != NULL && phdr->p_type == PT_TLS)
    832 			    break;
    833 			}
    834 
    835 		      if (pcnt == phnum)
    836 			{
    837 			  if (no_pt_tls++ == 0)
    838 			    ERROR (gettext ("\
    839 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
    840 				   idx, section_name (ebl, idx), cnt);
    841 			}
    842 		      else
    843 			{
    844 			  if (sym->st_value
    845 			      < destshdr->sh_offset - phdr->p_offset)
    846 			    ERROR (gettext ("\
    847 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
    848 				   idx, section_name (ebl, idx), cnt,
    849 				   (int) xndx, section_name (ebl, xndx));
    850 			  else if (sym->st_value
    851 				   > (destshdr->sh_offset - phdr->p_offset
    852 				      + destshdr->sh_size))
    853 			    ERROR (gettext ("\
    854 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
    855 				   idx, section_name (ebl, idx), cnt,
    856 				   (int) xndx, section_name (ebl, xndx));
    857 			  else if (sym->st_value + sym->st_size
    858 				   > (destshdr->sh_offset - phdr->p_offset
    859 				      + destshdr->sh_size))
    860 			    ERROR (gettext ("\
    861 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
    862 				   idx, section_name (ebl, idx), cnt,
    863 				   (int) xndx, section_name (ebl, xndx));
    864 			}
    865 		    }
    866 		}
    867 	    }
    868 	}
    869 
    870       if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
    871 	{
    872 	  if (cnt >= shdr->sh_info)
    873 	    ERROR (gettext ("\
    874 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
    875 		   idx, section_name (ebl, idx), cnt);
    876 	}
    877       else
    878 	{
    879 	  if (cnt < shdr->sh_info)
    880 	    ERROR (gettext ("\
    881 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
    882 		   idx, section_name (ebl, idx), cnt);
    883 	}
    884 
    885       if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
    886 	  && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
    887 	ERROR (gettext ("\
    888 section [%2d] '%s': symbol %zu: non-local section symbol\n"),
    889 	       idx, section_name (ebl, idx), cnt);
    890 
    891       if (name != NULL)
    892 	{
    893 	  if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
    894 	    {
    895 	      /* Check that address and size match the global offset table.  */
    896 
    897 	      GElf_Shdr destshdr_mem;
    898 	      GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
    899 						  &destshdr_mem);
    900 
    901 	      if (destshdr == NULL && xndx == SHN_ABS)
    902 		{
    903 		  /* In a DSO, we have to find the GOT section by name.  */
    904 		  Elf_Scn *gotscn = NULL;
    905 		  Elf_Scn *gscn = NULL;
    906 		  while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
    907 		    {
    908 		      destshdr = gelf_getshdr (gscn, &destshdr_mem);
    909 		      assert (destshdr != NULL);
    910 		      const char *sname = elf_strptr (ebl->elf,
    911 						      ehdr->e_shstrndx,
    912 						      destshdr->sh_name);
    913 		      if (sname != NULL)
    914 			{
    915 			  if (strcmp (sname, ".got.plt") == 0)
    916 			    break;
    917 			  if (strcmp (sname, ".got") == 0)
    918 			    /* Do not stop looking.
    919 			       There might be a .got.plt section.  */
    920 			    gotscn = gscn;
    921 			}
    922 
    923 		      destshdr = NULL;
    924 		    }
    925 
    926 		  if (destshdr == NULL && gotscn != NULL)
    927 		    destshdr = gelf_getshdr (gotscn, &destshdr_mem);
    928 		}
    929 
    930 	      const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
    931 				   ? NULL
    932 				   : elf_strptr (ebl->elf, ehdr->e_shstrndx,
    933 						 destshdr->sh_name));
    934 	      if (sname == NULL)
    935 		{
    936 		  if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
    937 		    ERROR (gettext ("\
    938 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
    939 bad section [%2d]\n"),
    940 			   idx, section_name (ebl, idx), xndx);
    941 		}
    942 	      else if (strcmp (sname, ".got.plt") != 0
    943 		       && strcmp (sname, ".got") != 0)
    944 		ERROR (gettext ("\
    945 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
    946 section [%2d] '%s'\n"),
    947 		       idx, section_name (ebl, idx), xndx, sname);
    948 
    949 	      if (destshdr != NULL)
    950 		{
    951 		  /* Found it.  */
    952 		  if (!ebl_check_special_symbol (ebl, ehdr, sym, name,
    953 						 destshdr))
    954 		    {
    955 		      if (ehdr->e_type != ET_REL
    956 			  && sym->st_value != destshdr->sh_addr)
    957 			/* This test is more strict than the psABIs which
    958 			   usually allow the symbol to be in the middle of
    959 			   the .got section, allowing negative offsets.  */
    960 			ERROR (gettext ("\
    961 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
    962 			       idx, section_name (ebl, idx),
    963 			       (uint64_t) sym->st_value,
    964 			       sname, (uint64_t) destshdr->sh_addr);
    965 
    966 		      if (!gnuld && sym->st_size != destshdr->sh_size)
    967 			ERROR (gettext ("\
    968 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
    969 			       idx, section_name (ebl, idx),
    970 			       (uint64_t) sym->st_size,
    971 			       sname, (uint64_t) destshdr->sh_size);
    972 		    }
    973 		}
    974 	      else
    975 		ERROR (gettext ("\
    976 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
    977 		       idx, section_name (ebl, idx));
    978 	    }
    979 	  else if (strcmp (name, "_DYNAMIC") == 0)
    980 	    /* Check that address and size match the dynamic section.
    981 	       We locate the dynamic section via the program header
    982 	       entry.  */
    983 	    for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
    984 	      {
    985 		GElf_Phdr phdr_mem;
    986 		GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
    987 
    988 		if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
    989 		  {
    990 		    if (sym->st_value != phdr->p_vaddr)
    991 		      ERROR (gettext ("\
    992 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
    993 			     idx, section_name (ebl, idx),
    994 			     (uint64_t) sym->st_value,
    995 			     (uint64_t) phdr->p_vaddr);
    996 
    997 		    if (!gnuld && sym->st_size != phdr->p_memsz)
    998 		      ERROR (gettext ("\
    999 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
   1000 			     idx, section_name (ebl, idx),
   1001 			     (uint64_t) sym->st_size,
   1002 			     (uint64_t) phdr->p_memsz);
   1003 
   1004 		    break;
   1005 		  }
   1006 	    }
   1007 	}
   1008 
   1009       if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
   1010 	  && shdr->sh_type == SHT_DYNSYM)
   1011 	ERROR (gettext ("\
   1012 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"),
   1013 	       idx, section_name (ebl, idx), cnt);
   1014       if (! ebl_check_st_other_bits (ebl, sym->st_other))
   1015 	ERROR (gettext ("\
   1016 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"),
   1017 	       idx, section_name (ebl, idx), cnt);
   1018 
   1019     }
   1020 }
   1021 
   1022 
   1023 static bool
   1024 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
   1025 	    bool is_rela)
   1026 {
   1027   /* If this is no executable or DSO it cannot be a .rel.dyn section.  */
   1028   if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
   1029     return false;
   1030 
   1031   /* Check the section name.  Unfortunately necessary.  */
   1032   if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
   1033     return false;
   1034 
   1035   /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
   1036      entry can be present as well.  */
   1037   Elf_Scn *scn = NULL;
   1038   while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
   1039     {
   1040       GElf_Shdr rcshdr_mem;
   1041       const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
   1042       assert (rcshdr != NULL);
   1043 
   1044       if (rcshdr->sh_type == SHT_DYNAMIC)
   1045 	{
   1046 	  /* Found the dynamic section.  Look through it.  */
   1047 	  Elf_Data *d = elf_getdata (scn, NULL);
   1048 	  size_t cnt;
   1049 
   1050 	  for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
   1051 	    {
   1052 	      GElf_Dyn dyn_mem;
   1053 	      GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
   1054 	      assert (dyn != NULL);
   1055 
   1056 	      if (dyn->d_tag == DT_RELCOUNT)
   1057 		{
   1058 		  /* Found it.  Does the type match.  */
   1059 		  if (is_rela)
   1060 		    ERROR (gettext ("\
   1061 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
   1062 			   idx, section_name (ebl, idx));
   1063 		  else
   1064 		    {
   1065 		      /* Does the number specified number of relative
   1066 			 relocations exceed the total number of
   1067 			 relocations?  */
   1068 		      if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
   1069 			ERROR (gettext ("\
   1070 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
   1071 			       idx, section_name (ebl, idx),
   1072 			       (int) dyn->d_un.d_val);
   1073 
   1074 		      /* Make sure the specified number of relocations are
   1075 			 relative.  */
   1076 		      Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
   1077 								   idx), NULL);
   1078 		      if (reldata != NULL)
   1079 			for (size_t inner = 0;
   1080 			     inner < shdr->sh_size / shdr->sh_entsize;
   1081 			     ++inner)
   1082 			  {
   1083 			    GElf_Rel rel_mem;
   1084 			    GElf_Rel *rel = gelf_getrel (reldata, inner,
   1085 							 &rel_mem);
   1086 			    if (rel == NULL)
   1087 			      /* The problem will be reported elsewhere.  */
   1088 			      break;
   1089 
   1090 			    if (ebl_relative_reloc_p (ebl,
   1091 						      GELF_R_TYPE (rel->r_info)))
   1092 			      {
   1093 				if (inner >= dyn->d_un.d_val)
   1094 				  ERROR (gettext ("\
   1095 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
   1096 					 idx, section_name (ebl, idx),
   1097 					 (int) dyn->d_un.d_val);
   1098 			      }
   1099 			    else if (inner < dyn->d_un.d_val)
   1100 			      ERROR (gettext ("\
   1101 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
   1102 				     idx, section_name (ebl, idx),
   1103 				     inner, (int) dyn->d_un.d_val);
   1104 			  }
   1105 		    }
   1106 		}
   1107 
   1108 	      if (dyn->d_tag == DT_RELACOUNT)
   1109 		{
   1110 		  /* Found it.  Does the type match.  */
   1111 		  if (!is_rela)
   1112 		    ERROR (gettext ("\
   1113 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
   1114 			   idx, section_name (ebl, idx));
   1115 		  else
   1116 		    {
   1117 		      /* Does the number specified number of relative
   1118 			 relocations exceed the total number of
   1119 			 relocations?  */
   1120 		      if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
   1121 			ERROR (gettext ("\
   1122 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
   1123 			       idx, section_name (ebl, idx),
   1124 			       (int) dyn->d_un.d_val);
   1125 
   1126 		      /* Make sure the specified number of relocations are
   1127 			 relative.  */
   1128 		      Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
   1129 								   idx), NULL);
   1130 		      if (reldata != NULL)
   1131 			for (size_t inner = 0;
   1132 			     inner < shdr->sh_size / shdr->sh_entsize;
   1133 			     ++inner)
   1134 			  {
   1135 			    GElf_Rela rela_mem;
   1136 			    GElf_Rela *rela = gelf_getrela (reldata, inner,
   1137 							    &rela_mem);
   1138 			    if (rela == NULL)
   1139 			      /* The problem will be reported elsewhere.  */
   1140 			      break;
   1141 
   1142 			    if (ebl_relative_reloc_p (ebl,
   1143 						      GELF_R_TYPE (rela->r_info)))
   1144 			      {
   1145 				if (inner >= dyn->d_un.d_val)
   1146 				  ERROR (gettext ("\
   1147 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
   1148 					 idx, section_name (ebl, idx),
   1149 					 (int) dyn->d_un.d_val);
   1150 			      }
   1151 			    else if (inner < dyn->d_un.d_val)
   1152 			      ERROR (gettext ("\
   1153 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
   1154 				     idx, section_name (ebl, idx),
   1155 				     inner, (int) dyn->d_un.d_val);
   1156 			  }
   1157 		    }
   1158 		}
   1159 	    }
   1160 
   1161 	  break;
   1162 	}
   1163     }
   1164 
   1165   return true;
   1166 }
   1167 
   1168 
   1169 struct loaded_segment
   1170 {
   1171   GElf_Addr from;
   1172   GElf_Addr to;
   1173   bool read_only;
   1174   struct loaded_segment *next;
   1175 };
   1176 
   1177 
   1178 /* Check whether binary has text relocation flag set.  */
   1179 static bool textrel;
   1180 
   1181 /* Keep track of whether text relocation flag is needed.  */
   1182 static bool needed_textrel;
   1183 
   1184 
   1185 static bool
   1186 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
   1187 		  int idx, int reltype, GElf_Shdr **destshdrp,
   1188 		  GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
   1189 {
   1190   bool reldyn = false;
   1191 
   1192   /* Check whether the link to the section we relocate is reasonable.  */
   1193   if (shdr->sh_info >= shnum)
   1194     ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
   1195 	   idx, section_name (ebl, idx));
   1196   else if (shdr->sh_info != 0)
   1197     {
   1198       *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
   1199 				 destshdr_memp);
   1200       if (*destshdrp != NULL)
   1201 	{
   1202 	  if((*destshdrp)->sh_type != SHT_PROGBITS
   1203 	     && (*destshdrp)->sh_type != SHT_NOBITS)
   1204 	    {
   1205 	      reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
   1206 	      if (!reldyn)
   1207 		ERROR (gettext ("\
   1208 section [%2d] '%s': invalid destination section type\n"),
   1209 		       idx, section_name (ebl, idx));
   1210 	      else
   1211 		{
   1212 		  /* There is no standard, but we require that .rel{,a}.dyn
   1213 		     sections have a sh_info value of zero.  */
   1214 		  if (shdr->sh_info != 0)
   1215 		    ERROR (gettext ("\
   1216 section [%2d] '%s': sh_info should be zero\n"),
   1217 			   idx, section_name (ebl, idx));
   1218 		}
   1219 	    }
   1220 
   1221 	  if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0)
   1222 	    ERROR (gettext ("\
   1223 section [%2d] '%s': no relocations for merge-able sections possible\n"),
   1224 		   idx, section_name (ebl, idx));
   1225 	}
   1226     }
   1227 
   1228   if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT))
   1229     ERROR (gettext (reltype == ELF_T_RELA ? "\
   1230 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
   1231 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
   1232 	   idx, section_name (ebl, idx));
   1233 
   1234   /* In preparation of checking whether relocations are text
   1235      relocations or not we need to determine whether the file is
   1236      flagged to have text relocation and we need to determine a) what
   1237      the loaded segments are and b) which are read-only.  This will
   1238      also allow us to determine whether the same reloc section is
   1239      modifying loaded and not loaded segments.  */
   1240   for (unsigned int i = 0; i < phnum; ++i)
   1241     {
   1242       GElf_Phdr phdr_mem;
   1243       GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
   1244       if (phdr == NULL)
   1245 	continue;
   1246 
   1247       if (phdr->p_type == PT_LOAD)
   1248 	{
   1249 	  struct loaded_segment *newp = xmalloc (sizeof (*newp));
   1250 	  newp->from = phdr->p_vaddr;
   1251 	  newp->to = phdr->p_vaddr + phdr->p_memsz;
   1252 	  newp->read_only = (phdr->p_flags & PF_W) == 0;
   1253 	  newp->next = *loadedp;
   1254 	  *loadedp = newp;
   1255 	}
   1256       else if (phdr->p_type == PT_DYNAMIC)
   1257 	{
   1258 	  Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
   1259 	  GElf_Shdr dynshdr_mem;
   1260 	  GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
   1261 	  Elf_Data *dyndata = elf_getdata (dynscn, NULL);
   1262 	  if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
   1263 	      && dyndata != NULL)
   1264 	    for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
   1265 	      {
   1266 		GElf_Dyn dyn_mem;
   1267 		GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
   1268 		if (dyn != NULL
   1269 		    && (dyn->d_tag == DT_TEXTREL
   1270 			|| (dyn->d_tag == DT_FLAGS
   1271 			    && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
   1272 		  {
   1273 		    textrel = true;
   1274 		    break;
   1275 		  }
   1276 	      }
   1277 	}
   1278     }
   1279 
   1280   /* A quick test which can be easily done here (although it is a bit
   1281      out of place): the text relocation flag makes only sense if there
   1282      is a segment which is not writable.  */
   1283   if (textrel)
   1284     {
   1285       struct loaded_segment *seg = *loadedp;
   1286       while (seg != NULL && !seg->read_only)
   1287 	seg = seg->next;
   1288       if (seg == NULL)
   1289 	ERROR (gettext ("\
   1290 text relocation flag set but there is no read-only segment\n"));
   1291     }
   1292 
   1293   return reldyn;
   1294 }
   1295 
   1296 
   1297 enum load_state
   1298   {
   1299     state_undecided,
   1300     state_loaded,
   1301     state_unloaded,
   1302     state_error
   1303   };
   1304 
   1305 
   1306 static void
   1307 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
   1308 		 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
   1309 		 GElf_Addr r_offset, GElf_Xword r_info,
   1310 		 const GElf_Shdr *destshdr, bool reldyn,
   1311 		 struct loaded_segment *loaded, enum load_state *statep)
   1312 {
   1313   bool known_broken = gnuld;
   1314 
   1315   if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
   1316     ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
   1317 	   idx, section_name (ebl, idx), cnt);
   1318   else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
   1319 	    /* The executable/DSO can contain relocation sections with
   1320 	       all the relocations the linker has applied.  Those sections
   1321 	       are marked non-loaded, though.  */
   1322 	    || (relshdr->sh_flags & SHF_ALLOC) != 0)
   1323 	   && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
   1324     ERROR (gettext ("\
   1325 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
   1326 	   idx, section_name (ebl, idx), cnt);
   1327 
   1328   if (symshdr != NULL
   1329       && ((GELF_R_SYM (r_info) + 1)
   1330 	  * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
   1331 	  > symshdr->sh_size))
   1332     ERROR (gettext ("\
   1333 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
   1334 	   idx, section_name (ebl, idx), cnt);
   1335 
   1336   /* No more tests if this is a no-op relocation.  */
   1337   if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
   1338     return;
   1339 
   1340   if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
   1341     {
   1342       const char *name;
   1343       char buf[64];
   1344       GElf_Sym sym_mem;
   1345       GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
   1346       if (sym != NULL
   1347 	  /* Get the name for the symbol.  */
   1348 	  && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
   1349 	  && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
   1350 	ERROR (gettext ("\
   1351 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
   1352 	       idx, section_name (ebl, idx), cnt,
   1353 	       ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
   1354 				    buf, sizeof (buf)));
   1355     }
   1356 
   1357   if (reldyn)
   1358     {
   1359       // XXX TODO Check .rel.dyn section addresses.
   1360     }
   1361   else if (!known_broken)
   1362     {
   1363       if (destshdr != NULL
   1364 	  && GELF_R_TYPE (r_info) != 0
   1365 	  && (r_offset - (ehdr->e_type == ET_REL ? 0
   1366 			  : destshdr->sh_addr)) >= destshdr->sh_size)
   1367 	ERROR (gettext ("\
   1368 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
   1369 	       idx, section_name (ebl, idx), cnt);
   1370     }
   1371 
   1372   GElf_Sym sym_mem;
   1373   GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
   1374 
   1375   if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
   1376       /* Make sure the referenced symbol is an object or unspecified.  */
   1377       && sym != NULL
   1378       && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
   1379       && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
   1380     {
   1381       char buf[64];
   1382       ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
   1383 	     idx, section_name (ebl, idx), cnt,
   1384 	     ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
   1385 				   buf, sizeof (buf)));
   1386     }
   1387 
   1388   if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
   1389       || (relshdr->sh_flags & SHF_ALLOC) != 0)
   1390     {
   1391       bool in_loaded_seg = false;
   1392       while (loaded != NULL)
   1393 	{
   1394 	  if (r_offset < loaded->to
   1395 	      && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
   1396 	    {
   1397 	      /* The symbol is in this segment.  */
   1398 	      if  (loaded->read_only)
   1399 		{
   1400 		  if (textrel)
   1401 		    needed_textrel = true;
   1402 		  else
   1403 		    ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
   1404 			   idx, section_name (ebl, idx), cnt);
   1405 		}
   1406 
   1407 	      in_loaded_seg = true;
   1408 	    }
   1409 
   1410 	  loaded = loaded->next;
   1411 	}
   1412 
   1413       if (*statep == state_undecided)
   1414 	*statep = in_loaded_seg ? state_loaded : state_unloaded;
   1415       else if ((*statep == state_unloaded && in_loaded_seg)
   1416 	       || (*statep == state_loaded && !in_loaded_seg))
   1417 	{
   1418 	  ERROR (gettext ("\
   1419 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
   1420 		 idx, section_name (ebl, idx));
   1421 	  *statep = state_error;
   1422 	}
   1423     }
   1424 }
   1425 
   1426 
   1427 static void
   1428 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   1429 {
   1430   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   1431   if (data == NULL)
   1432     {
   1433       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   1434 	     idx, section_name (ebl, idx));
   1435       return;
   1436     }
   1437 
   1438   /* Check the fields of the section header.  */
   1439   GElf_Shdr destshdr_mem;
   1440   GElf_Shdr *destshdr = NULL;
   1441   struct loaded_segment *loaded = NULL;
   1442   bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
   1443 				  &destshdr_mem, &loaded);
   1444 
   1445   Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
   1446   GElf_Shdr symshdr_mem;
   1447   GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
   1448   Elf_Data *symdata = elf_getdata (symscn, NULL);
   1449   enum load_state state = state_undecided;
   1450 
   1451   for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
   1452     {
   1453       GElf_Rela rela_mem;
   1454       GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
   1455       if (rela == NULL)
   1456 	{
   1457 	  ERROR (gettext ("\
   1458 section [%2d] '%s': cannot get relocation %zu: %s\n"),
   1459 		 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
   1460 	  continue;
   1461 	}
   1462 
   1463       check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
   1464 		       rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
   1465 		       &state);
   1466     }
   1467 
   1468   while (loaded != NULL)
   1469     {
   1470       struct loaded_segment *old = loaded;
   1471       loaded = loaded->next;
   1472       free (old);
   1473     }
   1474 }
   1475 
   1476 
   1477 static void
   1478 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   1479 {
   1480   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   1481   if (data == NULL)
   1482     {
   1483       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   1484 	     idx, section_name (ebl, idx));
   1485       return;
   1486     }
   1487 
   1488   /* Check the fields of the section header.  */
   1489   GElf_Shdr destshdr_mem;
   1490   GElf_Shdr *destshdr = NULL;
   1491   struct loaded_segment *loaded = NULL;
   1492   bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
   1493 				  &destshdr_mem, &loaded);
   1494 
   1495   Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
   1496   GElf_Shdr symshdr_mem;
   1497   GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
   1498   Elf_Data *symdata = elf_getdata (symscn, NULL);
   1499   enum load_state state = state_undecided;
   1500 
   1501   for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
   1502     {
   1503       GElf_Rel rel_mem;
   1504       GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
   1505       if (rel == NULL)
   1506 	{
   1507 	  ERROR (gettext ("\
   1508 section [%2d] '%s': cannot get relocation %zu: %s\n"),
   1509 		 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
   1510 	  continue;
   1511 	}
   1512 
   1513       check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
   1514 		       rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
   1515 		       &state);
   1516     }
   1517 
   1518   while (loaded != NULL)
   1519     {
   1520       struct loaded_segment *old = loaded;
   1521       loaded = loaded->next;
   1522       free (old);
   1523     }
   1524 }
   1525 
   1526 
   1527 /* Number of dynamic sections.  */
   1528 static int ndynamic;
   1529 
   1530 
   1531 static void
   1532 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   1533 {
   1534   Elf_Data *data;
   1535   GElf_Shdr strshdr_mem;
   1536   GElf_Shdr *strshdr;
   1537   size_t cnt;
   1538   static const bool dependencies[DT_NUM][DT_NUM] =
   1539     {
   1540       [DT_NEEDED] = { [DT_STRTAB] = true },
   1541       [DT_PLTRELSZ] = { [DT_JMPREL] = true },
   1542       [DT_HASH] = { [DT_SYMTAB] = true },
   1543       [DT_STRTAB] = { [DT_STRSZ] = true },
   1544       [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
   1545       [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
   1546       [DT_RELASZ] = { [DT_RELA] = true },
   1547       [DT_RELAENT] = { [DT_RELA] = true },
   1548       [DT_STRSZ] = { [DT_STRTAB] = true },
   1549       [DT_SYMENT] = { [DT_SYMTAB] = true },
   1550       [DT_SONAME] = { [DT_STRTAB] = true },
   1551       [DT_RPATH] = { [DT_STRTAB] = true },
   1552       [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
   1553       [DT_RELSZ] = { [DT_REL] = true },
   1554       [DT_RELENT] = { [DT_REL] = true },
   1555       [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
   1556       [DT_RUNPATH] = { [DT_STRTAB] = true },
   1557       [DT_PLTREL] = { [DT_JMPREL] = true },
   1558     };
   1559   bool has_dt[DT_NUM];
   1560   bool has_val_dt[DT_VALNUM];
   1561   bool has_addr_dt[DT_ADDRNUM];
   1562   static const bool level2[DT_NUM] =
   1563     {
   1564       [DT_RPATH] = true,
   1565       [DT_SYMBOLIC] = true,
   1566       [DT_TEXTREL] = true,
   1567       [DT_BIND_NOW] = true
   1568     };
   1569   static const bool mandatory[DT_NUM] =
   1570     {
   1571       [DT_NULL] = true,
   1572       [DT_STRTAB] = true,
   1573       [DT_SYMTAB] = true,
   1574       [DT_STRSZ] = true,
   1575       [DT_SYMENT] = true
   1576     };
   1577 
   1578   memset (has_dt, '\0', sizeof (has_dt));
   1579   memset (has_val_dt, '\0', sizeof (has_val_dt));
   1580   memset (has_addr_dt, '\0', sizeof (has_addr_dt));
   1581 
   1582   if (++ndynamic == 2)
   1583     ERROR (gettext ("more than one dynamic section present\n"));
   1584 
   1585   data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   1586   if (data == NULL)
   1587     {
   1588       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   1589 	     idx, section_name (ebl, idx));
   1590       return;
   1591     }
   1592 
   1593   strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
   1594   if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
   1595     ERROR (gettext ("\
   1596 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
   1597 	   shdr->sh_link, section_name (ebl, shdr->sh_link),
   1598 	   idx, section_name (ebl, idx));
   1599 
   1600   if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT))
   1601     ERROR (gettext ("\
   1602 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
   1603 	   idx, section_name (ebl, idx));
   1604 
   1605   if (shdr->sh_info != 0)
   1606     ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
   1607 	   idx, section_name (ebl, idx));
   1608 
   1609   bool non_null_warned = false;
   1610   for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
   1611     {
   1612       GElf_Dyn dyn_mem;
   1613       GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
   1614       if (dyn == NULL)
   1615 	{
   1616 	  ERROR (gettext ("\
   1617 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
   1618 		 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
   1619 	  continue;
   1620 	}
   1621 
   1622       if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
   1623 	{
   1624 	  ERROR (gettext ("\
   1625 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
   1626 		 idx, section_name (ebl, idx));
   1627 	  non_null_warned = true;
   1628 	}
   1629 
   1630       if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
   1631 	ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
   1632 	       idx, section_name (ebl, idx), cnt);
   1633 
   1634       if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
   1635 	{
   1636 	  if (has_dt[dyn->d_tag]
   1637 	      && dyn->d_tag != DT_NEEDED
   1638 	      && dyn->d_tag != DT_NULL
   1639 	      && dyn->d_tag != DT_POSFLAG_1)
   1640 	    {
   1641 	      char buf[50];
   1642 	      ERROR (gettext ("\
   1643 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
   1644 		     idx, section_name (ebl, idx), cnt,
   1645 		     ebl_dynamic_tag_name (ebl, dyn->d_tag,
   1646 					   buf, sizeof (buf)));
   1647 	    }
   1648 
   1649 	  if (be_strict && level2[dyn->d_tag])
   1650 	    {
   1651 	      char buf[50];
   1652 	      ERROR (gettext ("\
   1653 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
   1654 		     idx, section_name (ebl, idx), cnt,
   1655 		     ebl_dynamic_tag_name (ebl, dyn->d_tag,
   1656 					   buf, sizeof (buf)));
   1657 	    }
   1658 
   1659 	  has_dt[dyn->d_tag] = true;
   1660 	}
   1661       else if (dyn->d_tag <= DT_VALRNGHI
   1662 	       && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
   1663 	has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
   1664       else if (dyn->d_tag <= DT_ADDRRNGHI
   1665 	       && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
   1666 	has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
   1667 
   1668       if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
   1669 	  && dyn->d_un.d_val != DT_RELA)
   1670 	ERROR (gettext ("\
   1671 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
   1672 	       idx, section_name (ebl, idx), cnt);
   1673 
   1674       /* Check that addresses for entries are in loaded segments.  */
   1675       switch (dyn->d_tag)
   1676 	{
   1677 	  size_t n;
   1678 	case DT_STRTAB:
   1679 	  /* We require the referenced section is the same as the one
   1680 	     specified in sh_link.  */
   1681 	  if (strshdr->sh_addr != dyn->d_un.d_val)
   1682 	    {
   1683 	      ERROR (gettext ("\
   1684 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
   1685 		     idx, section_name (ebl, idx), cnt,
   1686 		     shdr->sh_link, section_name (ebl, shdr->sh_link));
   1687 	      break;
   1688 	    }
   1689 	  goto check_addr;
   1690 
   1691 	default:
   1692 	  if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
   1693 	    /* Value is no pointer.  */
   1694 	    break;
   1695 	  /* FALLTHROUGH */
   1696 
   1697 	case DT_AUXILIARY:
   1698 	case DT_FILTER:
   1699 	case DT_FINI:
   1700 	case DT_FINI_ARRAY:
   1701 	case DT_HASH:
   1702 	case DT_INIT:
   1703 	case DT_INIT_ARRAY:
   1704 	case DT_JMPREL:
   1705 	case DT_PLTGOT:
   1706 	case DT_REL:
   1707 	case DT_RELA:
   1708 	case DT_SYMBOLIC:
   1709 	case DT_SYMTAB:
   1710 	case DT_VERDEF:
   1711 	case DT_VERNEED:
   1712 	case DT_VERSYM:
   1713 	check_addr:
   1714 	  for (n = 0; n < phnum; ++n)
   1715 	    {
   1716 	      GElf_Phdr phdr_mem;
   1717 	      GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
   1718 	      if (phdr != NULL && phdr->p_type == PT_LOAD
   1719 		  && phdr->p_vaddr <= dyn->d_un.d_ptr
   1720 		  && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
   1721 		break;
   1722 	    }
   1723 	  if (unlikely (n >= phnum))
   1724 	    {
   1725 	      char buf[50];
   1726 	      ERROR (gettext ("\
   1727 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
   1728 		     idx, section_name (ebl, idx), cnt,
   1729 		     ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
   1730 					   sizeof (buf)));
   1731 	    }
   1732 	  break;
   1733 
   1734 	case DT_NEEDED:
   1735 	case DT_RPATH:
   1736 	case DT_RUNPATH:
   1737 	case DT_SONAME:
   1738 	  if (dyn->d_un.d_ptr >= strshdr->sh_size)
   1739 	    {
   1740 	      char buf[50];
   1741 	      ERROR (gettext ("\
   1742 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
   1743 		     idx, section_name (ebl, idx), cnt,
   1744 		     ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
   1745 					   sizeof (buf)),
   1746 		     shdr->sh_link, section_name (ebl, shdr->sh_link));
   1747 	    }
   1748 	  break;
   1749 	}
   1750     }
   1751 
   1752   for (cnt = 1; cnt < DT_NUM; ++cnt)
   1753     if (has_dt[cnt])
   1754       {
   1755 	for (int inner = 0; inner < DT_NUM; ++inner)
   1756 	  if (dependencies[cnt][inner] && ! has_dt[inner])
   1757 	    {
   1758 	      char buf1[50];
   1759 	      char buf2[50];
   1760 
   1761 	      ERROR (gettext ("\
   1762 section [%2d] '%s': contains %s entry but not %s\n"),
   1763 		     idx, section_name (ebl, idx),
   1764 		     ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
   1765 		     ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
   1766 	    }
   1767       }
   1768     else
   1769       {
   1770 	if (mandatory[cnt])
   1771 	  {
   1772 	    char buf[50];
   1773 	    ERROR (gettext ("\
   1774 section [%2d] '%s': mandatory tag %s not present\n"),
   1775 		   idx, section_name (ebl, idx),
   1776 		   ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
   1777 	  }
   1778       }
   1779 
   1780   /* Make sure we have an hash table.  */
   1781   if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
   1782     ERROR (gettext ("\
   1783 section [%2d] '%s': no hash section present\n"),
   1784 	   idx, section_name (ebl, idx));
   1785 
   1786   /* The GNU-style hash table also needs a symbol table.  */
   1787   if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
   1788       && !has_dt[DT_SYMTAB])
   1789     ERROR (gettext ("\
   1790 section [%2d] '%s': contains %s entry but not %s\n"),
   1791 	   idx, section_name (ebl, idx),
   1792 	   "DT_GNU_HASH", "DT_SYMTAB");
   1793 
   1794   /* Check the rel/rela tags.  At least one group must be available.  */
   1795   if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
   1796       && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
   1797     ERROR (gettext ("\
   1798 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
   1799 	   idx, section_name (ebl, idx),
   1800 	   "DT_RELA", "DT_RELASZ", "DT_RELAENT");
   1801 
   1802   if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
   1803       && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
   1804     ERROR (gettext ("\
   1805 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
   1806 	   idx, section_name (ebl, idx),
   1807 	   "DT_REL", "DT_RELSZ", "DT_RELENT");
   1808 
   1809   /* Check that all prelink sections are present if any of them is.  */
   1810   if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
   1811       || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
   1812     {
   1813       if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
   1814 	ERROR (gettext ("\
   1815 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
   1816 	       idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
   1817       if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
   1818 	ERROR (gettext ("\
   1819 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
   1820 	       idx, section_name (ebl, idx), "DT_CHECKSUM");
   1821 
   1822       /* Only DSOs can be marked like this.  */
   1823       if (ehdr->e_type != ET_DYN)
   1824 	ERROR (gettext ("\
   1825 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
   1826 	       idx, section_name (ebl, idx));
   1827     }
   1828 
   1829   if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
   1830       || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
   1831       || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
   1832       || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
   1833     {
   1834       if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
   1835 	ERROR (gettext ("\
   1836 section [%2d] '%s': %s tag missing in prelinked executable\n"),
   1837 	       idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
   1838       if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
   1839 	ERROR (gettext ("\
   1840 section [%2d] '%s': %s tag missing in prelinked executable\n"),
   1841 	       idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
   1842       if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
   1843 	ERROR (gettext ("\
   1844 section [%2d] '%s': %s tag missing in prelinked executable\n"),
   1845 	       idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
   1846       if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
   1847 	ERROR (gettext ("\
   1848 section [%2d] '%s': %s tag missing in prelinked executable\n"),
   1849 	       idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
   1850     }
   1851 }
   1852 
   1853 
   1854 static void
   1855 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   1856 {
   1857   if (ehdr->e_type != ET_REL)
   1858     {
   1859       ERROR (gettext ("\
   1860 section [%2d] '%s': only relocatable files can have extended section index\n"),
   1861 	     idx, section_name (ebl, idx));
   1862       return;
   1863     }
   1864 
   1865   Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
   1866   GElf_Shdr symshdr_mem;
   1867   GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
   1868   if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
   1869     ERROR (gettext ("\
   1870 section [%2d] '%s': extended section index section not for symbol table\n"),
   1871 	   idx, section_name (ebl, idx));
   1872   Elf_Data *symdata = elf_getdata (symscn, NULL);
   1873   if (symdata == NULL)
   1874     ERROR (gettext ("cannot get data for symbol section\n"));
   1875 
   1876   if (shdr->sh_entsize != sizeof (Elf32_Word))
   1877     ERROR (gettext ("\
   1878 section [%2d] '%s': entry size does not match Elf32_Word\n"),
   1879 	   idx, section_name (ebl, idx));
   1880 
   1881   if (symshdr != NULL
   1882       && (shdr->sh_size / shdr->sh_entsize
   1883 	  < symshdr->sh_size / symshdr->sh_entsize))
   1884     ERROR (gettext ("\
   1885 section [%2d] '%s': extended index table too small for symbol table\n"),
   1886 	   idx, section_name (ebl, idx));
   1887 
   1888   if (shdr->sh_info != 0)
   1889     ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
   1890 	   idx, section_name (ebl, idx));
   1891 
   1892   for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
   1893     {
   1894       GElf_Shdr rshdr_mem;
   1895       GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
   1896       if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
   1897 	  && rshdr->sh_link == shdr->sh_link)
   1898 	{
   1899 	  ERROR (gettext ("\
   1900 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
   1901 		 idx, section_name (ebl, idx),
   1902 		 cnt, section_name (ebl, cnt));
   1903 	  break;
   1904 	}
   1905     }
   1906 
   1907   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   1908 
   1909   if (*((Elf32_Word *) data->d_buf) != 0)
   1910     ERROR (gettext ("symbol 0 should have zero extended section index\n"));
   1911 
   1912   for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
   1913     {
   1914       Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
   1915 
   1916       if (xndx != 0)
   1917 	{
   1918 	  GElf_Sym sym_data;
   1919 	  GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
   1920 	  if (sym == NULL)
   1921 	    {
   1922 	      ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
   1923 	      continue;
   1924 	    }
   1925 
   1926 	  if (sym->st_shndx != SHN_XINDEX)
   1927 	    ERROR (gettext ("\
   1928 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
   1929 		   (uint32_t) xndx);
   1930 	}
   1931     }
   1932 }
   1933 
   1934 
   1935 static void
   1936 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
   1937 		 GElf_Shdr *symshdr)
   1938 {
   1939   Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
   1940   Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
   1941 
   1942   if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
   1943     ERROR (gettext ("\
   1944 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
   1945 	   idx, section_name (ebl, idx), (long int) shdr->sh_size,
   1946 	   (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
   1947 
   1948   size_t maxidx = nchain;
   1949 
   1950   if (symshdr != NULL)
   1951     {
   1952       size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
   1953 
   1954       if (nchain > symshdr->sh_size / symshdr->sh_entsize)
   1955 	ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
   1956 	       idx, section_name (ebl, idx));
   1957 
   1958       maxidx = symsize;
   1959     }
   1960 
   1961   size_t cnt;
   1962   for (cnt = 2; cnt < 2 + nbucket; ++cnt)
   1963     if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
   1964       ERROR (gettext ("\
   1965 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
   1966 	     idx, section_name (ebl, idx), cnt - 2);
   1967 
   1968   for (; cnt < 2 + nbucket + nchain; ++cnt)
   1969     if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
   1970       ERROR (gettext ("\
   1971 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
   1972 	     idx, section_name (ebl, idx), cnt - 2 - nbucket);
   1973 }
   1974 
   1975 
   1976 static void
   1977 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
   1978 		 GElf_Shdr *symshdr)
   1979 {
   1980   Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
   1981   Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
   1982 
   1983   if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
   1984     ERROR (gettext ("\
   1985 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
   1986 	   idx, section_name (ebl, idx), (long int) shdr->sh_size,
   1987 	   (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
   1988 
   1989   size_t maxidx = nchain;
   1990 
   1991   if (symshdr != NULL)
   1992     {
   1993       size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
   1994 
   1995       if (nchain > symshdr->sh_size / symshdr->sh_entsize)
   1996 	ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
   1997 	       idx, section_name (ebl, idx));
   1998 
   1999       maxidx = symsize;
   2000     }
   2001 
   2002   size_t cnt;
   2003   for (cnt = 2; cnt < 2 + nbucket; ++cnt)
   2004     if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
   2005       ERROR (gettext ("\
   2006 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
   2007 	     idx, section_name (ebl, idx), cnt - 2);
   2008 
   2009   for (; cnt < 2 + nbucket + nchain; ++cnt)
   2010     if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
   2011       ERROR (gettext ("\
   2012 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
   2013 	     idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket));
   2014 }
   2015 
   2016 
   2017 static void
   2018 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
   2019 		GElf_Shdr *symshdr)
   2020 {
   2021   Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
   2022   Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
   2023   Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
   2024 
   2025   if (!powerof2 (bitmask_words))
   2026     ERROR (gettext ("\
   2027 section [%2d] '%s': bitmask size not power of 2: %u\n"),
   2028 	   idx, section_name (ebl, idx), bitmask_words);
   2029 
   2030   size_t bitmask_idxmask = bitmask_words - 1;
   2031   if (gelf_getclass (ebl->elf) == ELFCLASS64)
   2032     bitmask_words *= 2;
   2033   Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
   2034 
   2035   if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
   2036     {
   2037       ERROR (gettext ("\
   2038 section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"),
   2039 	     idx, section_name (ebl, idx), (long int) shdr->sh_size,
   2040 	     (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
   2041       return;
   2042     }
   2043 
   2044   if (shift > 31)
   2045     ERROR (gettext ("\
   2046 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
   2047 	   idx, section_name (ebl, idx), shift);
   2048 
   2049   size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
   2050 							 + nbuckets);
   2051 
   2052   if (symshdr != NULL)
   2053     maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
   2054 
   2055   /* We need the symbol section data.  */
   2056   Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
   2057 
   2058   union
   2059   {
   2060     Elf32_Word *p32;
   2061     Elf64_Xword *p64;
   2062   } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
   2063       collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
   2064 
   2065   size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
   2066 
   2067   size_t cnt;
   2068   for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
   2069     {
   2070       Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
   2071 
   2072       if (symidx == 0)
   2073 	continue;
   2074 
   2075       if (symidx < symbias)
   2076 	{
   2077 	  ERROR (gettext ("\
   2078 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
   2079 		 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
   2080 	  continue;
   2081 	}
   2082 
   2083       while (symidx - symbias < maxidx)
   2084 	{
   2085 	  Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
   2086 							      + bitmask_words
   2087 							      + nbuckets
   2088 							      + symidx
   2089 							      - symbias];
   2090 
   2091 	  if (symdata != NULL)
   2092 	    {
   2093 	      /* Check that the referenced symbol is not undefined.  */
   2094 	      GElf_Sym sym_mem;
   2095 	      GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
   2096 	      if (sym != NULL && sym->st_shndx == SHN_UNDEF
   2097 		  && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
   2098 		ERROR (gettext ("\
   2099 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
   2100 		       idx, section_name (ebl, idx), symidx,
   2101 		       cnt - (4 + bitmask_words));
   2102 
   2103 	      const char *symname = elf_strptr (ebl->elf, symshdr->sh_link,
   2104 						sym->st_name);
   2105 	      if (symname != NULL)
   2106 		{
   2107 		  Elf32_Word hval = elf_gnu_hash (symname);
   2108 		  if ((hval & ~1u) != (chainhash & ~1u))
   2109 		    ERROR (gettext ("\
   2110 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
   2111 			   idx, section_name (ebl, idx), symidx,
   2112 			   cnt - (4 + bitmask_words));
   2113 
   2114 		  /* Set the bits in the bitmask.  */
   2115 		  size_t maskidx = (hval / classbits) & bitmask_idxmask;
   2116 		  if (classbits == 32)
   2117 		    {
   2118 		      collected.p32[maskidx]
   2119 			|= UINT32_C (1) << (hval & (classbits - 1));
   2120 		      collected.p32[maskidx]
   2121 			|= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
   2122 		    }
   2123 		  else
   2124 		    {
   2125 		      collected.p64[maskidx]
   2126 			|= UINT64_C (1) << (hval & (classbits - 1));
   2127 		      collected.p64[maskidx]
   2128 			|= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
   2129 		    }
   2130 		}
   2131 	    }
   2132 
   2133 	  if ((chainhash & 1) != 0)
   2134 	    break;
   2135 
   2136 	  ++symidx;
   2137 	}
   2138 
   2139       if (symidx - symbias >= maxidx)
   2140 	ERROR (gettext ("\
   2141 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
   2142 	       idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
   2143       else if (symshdr != NULL
   2144 	       && symidx > symshdr->sh_size / symshdr->sh_entsize)
   2145 	ERROR (gettext ("\
   2146 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
   2147 	       idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
   2148     }
   2149 
   2150   if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
   2151     ERROR (gettext ("\
   2152 section [%2d] '%s': bitmask does not match names in the hash table\n"),
   2153 	   idx, section_name (ebl, idx));
   2154 
   2155   free (collected.p32);
   2156 }
   2157 
   2158 
   2159 static void
   2160 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   2161 {
   2162   if (ehdr->e_type == ET_REL)
   2163     {
   2164       ERROR (gettext ("\
   2165 section [%2d] '%s': relocatable files cannot have hash tables\n"),
   2166 	     idx, section_name (ebl, idx));
   2167       return;
   2168     }
   2169 
   2170   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   2171   if (data == NULL)
   2172     {
   2173       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   2174 	     idx, section_name (ebl, idx));
   2175       return;
   2176     }
   2177 
   2178   GElf_Shdr symshdr_mem;
   2179   GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
   2180 				     &symshdr_mem);
   2181   if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
   2182     ERROR (gettext ("\
   2183 section [%2d] '%s': hash table not for dynamic symbol table\n"),
   2184 	   idx, section_name (ebl, idx));
   2185 
   2186   if (shdr->sh_entsize != (tag == SHT_GNU_HASH
   2187 			   ? (gelf_getclass (ebl->elf) == ELFCLASS32
   2188 			      ? sizeof (Elf32_Word) : 0)
   2189 			   : (size_t) ebl_sysvhash_entrysize (ebl)))
   2190     ERROR (gettext ("\
   2191 section [%2d] '%s': hash table entry size incorrect\n"),
   2192 	   idx, section_name (ebl, idx));
   2193 
   2194   if ((shdr->sh_flags & SHF_ALLOC) == 0)
   2195     ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
   2196 	   idx, section_name (ebl, idx));
   2197 
   2198   if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
   2199     {
   2200       ERROR (gettext ("\
   2201 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
   2202 	     idx, section_name (ebl, idx));
   2203       return;
   2204     }
   2205 
   2206   switch (tag)
   2207     {
   2208     case SHT_HASH:
   2209       if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
   2210 	check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
   2211       else
   2212 	check_sysv_hash (ebl, shdr, data, idx, symshdr);
   2213       break;
   2214 
   2215     case SHT_GNU_HASH:
   2216       check_gnu_hash (ebl, shdr, data, idx, symshdr);
   2217       break;
   2218 
   2219     default:
   2220       assert (! "should not happen");
   2221     }
   2222 }
   2223 
   2224 
   2225 /* Compare content of both hash tables, it must be identical.  */
   2226 static void
   2227 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
   2228 		       size_t gnu_hash_idx)
   2229 {
   2230   Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
   2231   Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
   2232   GElf_Shdr hash_shdr_mem;
   2233   GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
   2234   Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
   2235   Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
   2236   GElf_Shdr gnu_hash_shdr_mem;
   2237   GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
   2238 
   2239   if (hash_shdr == NULL || gnu_hash_shdr == NULL
   2240       || hash_data == NULL || gnu_hash_data == NULL)
   2241     /* None of these pointers should be NULL since we used the
   2242        sections already.  We are careful nonetheless.  */
   2243     return;
   2244 
   2245   /* The link must point to the same symbol table.  */
   2246   if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
   2247     {
   2248       ERROR (gettext ("\
   2249 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
   2250 	     hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
   2251 	     gnu_hash_idx,
   2252 	     elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
   2253       return;
   2254     }
   2255 
   2256   Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
   2257   Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
   2258   GElf_Shdr sym_shdr_mem;
   2259   GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
   2260 
   2261   if (sym_data == NULL || sym_shdr == NULL)
   2262     return;
   2263 
   2264   int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
   2265   char *used = alloca (nentries);
   2266   memset (used, '\0', nentries);
   2267 
   2268   /* First go over the GNU_HASH table and mark the entries as used.  */
   2269   const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
   2270   Elf32_Word gnu_nbucket = gnu_hasharr[0];
   2271   const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
   2272   const Elf32_Word *gnu_bucket = (gnu_hasharr
   2273 				  + (4 + gnu_hasharr[2] * bitmap_factor));
   2274   const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1];
   2275 
   2276   for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
   2277     {
   2278       Elf32_Word symidx = gnu_bucket[cnt];
   2279       if (symidx != STN_UNDEF)
   2280 	do
   2281 	  used[symidx] |= 1;
   2282 	while ((gnu_chain[symidx++] & 1u) == 0);
   2283     }
   2284 
   2285   /* Now go over the old hash table and check that we cover the same
   2286      entries.  */
   2287   if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
   2288     {
   2289       const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
   2290       Elf32_Word nbucket = hasharr[0];
   2291       const Elf32_Word *bucket = &hasharr[2];
   2292       const Elf32_Word *chain = &hasharr[2 + nbucket];
   2293 
   2294       for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
   2295 	{
   2296 	  Elf32_Word symidx = bucket[cnt];
   2297 	  while (symidx != STN_UNDEF)
   2298 	    {
   2299 	      used[symidx] |= 2;
   2300 	      symidx = chain[symidx];
   2301 	    }
   2302 	}
   2303     }
   2304   else
   2305     {
   2306       const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
   2307       Elf64_Xword nbucket = hasharr[0];
   2308       const Elf64_Xword *bucket = &hasharr[2];
   2309       const Elf64_Xword *chain = &hasharr[2 + nbucket];
   2310 
   2311       for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
   2312 	{
   2313 	  Elf64_Xword symidx = bucket[cnt];
   2314 	  while (symidx != STN_UNDEF)
   2315 	    {
   2316 	      used[symidx] |= 2;
   2317 	      symidx = chain[symidx];
   2318 	    }
   2319 	}
   2320     }
   2321 
   2322   /* Now see which entries are not set in one or both hash tables
   2323      (unless the symbol is undefined in which case it can be omitted
   2324      in the new table format).  */
   2325   if ((used[0] & 1) != 0)
   2326     ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
   2327 	   gnu_hash_idx,
   2328 	   elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
   2329   if ((used[0] & 2) != 0)
   2330     ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
   2331 	   hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
   2332 
   2333   for (int cnt = 1; cnt < nentries; ++cnt)
   2334     if (used[cnt] != 0 && used[cnt] != 3)
   2335       {
   2336 	if (used[cnt] == 1)
   2337 	  ERROR (gettext ("\
   2338 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
   2339 		 cnt, gnu_hash_idx,
   2340 		 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
   2341 		 hash_idx,
   2342 		 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
   2343 	else
   2344 	  {
   2345 	    GElf_Sym sym_mem;
   2346 	    GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
   2347 
   2348 	    if (sym != NULL && sym->st_shndx != STN_UNDEF)
   2349 	      ERROR (gettext ("\
   2350 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
   2351 		     cnt, hash_idx,
   2352 		     elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
   2353 		     gnu_hash_idx,
   2354 		     elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
   2355 	  }
   2356       }
   2357 }
   2358 
   2359 
   2360 static void
   2361 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
   2362 {
   2363 #define TEST(name, extra) \
   2364   if (extra && shdr->sh_##name != 0)					      \
   2365     ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"),  \
   2366 	   idx, section_name (ebl, idx), #name)
   2367 
   2368   TEST (name, 1);
   2369   TEST (flags, 1);
   2370   TEST (addr, 1);
   2371   TEST (offset, 1);
   2372   TEST (size, idx != 0);
   2373   TEST (link, idx != 0);
   2374   TEST (info, 1);
   2375   TEST (addralign, 1);
   2376   TEST (entsize, 1);
   2377 }
   2378 
   2379 
   2380 static void
   2381 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   2382 {
   2383   if (ehdr->e_type != ET_REL)
   2384     {
   2385       ERROR (gettext ("\
   2386 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
   2387 	     idx, section_name (ebl, idx));
   2388       return;
   2389     }
   2390 
   2391   /* Check that sh_link is an index of a symbol table.  */
   2392   Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
   2393   GElf_Shdr symshdr_mem;
   2394   GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
   2395   if (symshdr == NULL)
   2396     ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
   2397 	   idx, section_name (ebl, idx), elf_errmsg (-1));
   2398   else
   2399     {
   2400       if (symshdr->sh_type != SHT_SYMTAB)
   2401 	ERROR (gettext ("\
   2402 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
   2403 	       idx, section_name (ebl, idx));
   2404 
   2405       if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
   2406 							  1, EV_CURRENT))
   2407 	ERROR (gettext ("\
   2408 section [%2d] '%s': invalid symbol index in sh_info\n"),
   2409 	       idx, section_name (ebl, idx));
   2410 
   2411       if (shdr->sh_flags != 0)
   2412 	ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
   2413 	       idx, section_name (ebl, idx));
   2414 
   2415       GElf_Sym sym_data;
   2416       GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
   2417 				   &sym_data);
   2418       if (sym == NULL)
   2419 	ERROR (gettext ("\
   2420 section [%2d] '%s': cannot get symbol for signature\n"),
   2421 	       idx, section_name (ebl, idx));
   2422       else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
   2423 		       "") == 0)
   2424 	ERROR (gettext ("\
   2425 section [%2d] '%s': signature symbol cannot be empty string\n"),
   2426 	       idx, section_name (ebl, idx));
   2427 
   2428       if (be_strict
   2429 	  && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
   2430 	ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
   2431 	       idx, section_name (ebl, idx));
   2432     }
   2433 
   2434   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   2435   if (data == NULL)
   2436     ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
   2437 	   idx, section_name (ebl, idx), elf_errmsg (-1));
   2438   else
   2439     {
   2440       size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
   2441       size_t cnt;
   2442       Elf32_Word val;
   2443 
   2444       if (data->d_size % elsize != 0)
   2445 	ERROR (gettext ("\
   2446 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
   2447 	       idx, section_name (ebl, idx));
   2448 
   2449       if (data->d_size < elsize)
   2450 	ERROR (gettext ("\
   2451 section [%2d] '%s': section group without flags word\n"),
   2452 	       idx, section_name (ebl, idx));
   2453       else if (be_strict)
   2454 	{
   2455 	  if (data->d_size < 2 * elsize)
   2456 	    ERROR (gettext ("\
   2457 section [%2d] '%s': section group without member\n"),
   2458 		   idx, section_name (ebl, idx));
   2459 	  else if (data->d_size < 3 * elsize)
   2460 	    ERROR (gettext ("\
   2461 section [%2d] '%s': section group with only one member\n"),
   2462 		   idx, section_name (ebl, idx));
   2463 	}
   2464 
   2465 #if ALLOW_UNALIGNED
   2466       val = *((Elf32_Word *) data->d_buf);
   2467 #else
   2468       memcpy (&val, data->d_buf, elsize);
   2469 #endif
   2470       if ((val & ~GRP_COMDAT) != 0)
   2471 	ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
   2472 	       idx, section_name (ebl, idx));
   2473 
   2474       for (cnt = elsize; cnt < data->d_size; cnt += elsize)
   2475 	{
   2476 #if ALLOW_UNALIGNED
   2477 	  val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
   2478 #else
   2479 	  memcpy (&val, (char *) data->d_buf + cnt, elsize);
   2480 #endif
   2481 
   2482 	  if (val > shnum)
   2483 	    ERROR (gettext ("\
   2484 section [%2d] '%s': section index %Zu out of range\n"),
   2485 		   idx, section_name (ebl, idx), cnt / elsize);
   2486 	  else
   2487 	    {
   2488 	      GElf_Shdr refshdr_mem;
   2489 	      GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
   2490 						 &refshdr_mem);
   2491 	      if (refshdr == NULL)
   2492 		ERROR (gettext ("\
   2493 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
   2494 		       idx, section_name (ebl, idx), cnt / elsize,
   2495 		       elf_errmsg (-1));
   2496 	      else
   2497 		{
   2498 		  if (refshdr->sh_type == SHT_GROUP)
   2499 		    ERROR (gettext ("\
   2500 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
   2501 			   idx, section_name (ebl, idx),
   2502 			   val, section_name (ebl, val));
   2503 
   2504 		  if ((refshdr->sh_flags & SHF_GROUP) == 0)
   2505 		    ERROR (gettext ("\
   2506 section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
   2507 			   idx, section_name (ebl, idx), cnt / elsize,
   2508 			   val, section_name (ebl, val));
   2509 		}
   2510 
   2511 	      if (++scnref[val] == 2)
   2512 		ERROR (gettext ("\
   2513 section [%2d] '%s' is contained in more than one section group\n"),
   2514 		       val, section_name (ebl, val));
   2515 	    }
   2516 	}
   2517     }
   2518 }
   2519 
   2520 
   2521 static const char *
   2522 section_flags_string (GElf_Word flags, char *buf, size_t len)
   2523 {
   2524   if (flags == 0)
   2525     return "none";
   2526 
   2527   static const struct
   2528   {
   2529     GElf_Word flag;
   2530     const char *name;
   2531   } known_flags[] =
   2532     {
   2533 #define NEWFLAG(name) { SHF_##name, #name }
   2534       NEWFLAG (WRITE),
   2535       NEWFLAG (ALLOC),
   2536       NEWFLAG (EXECINSTR),
   2537       NEWFLAG (MERGE),
   2538       NEWFLAG (STRINGS),
   2539       NEWFLAG (INFO_LINK),
   2540       NEWFLAG (LINK_ORDER),
   2541       NEWFLAG (OS_NONCONFORMING),
   2542       NEWFLAG (GROUP),
   2543       NEWFLAG (TLS)
   2544     };
   2545 #undef NEWFLAG
   2546   const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
   2547 
   2548   char *cp = buf;
   2549 
   2550   for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
   2551     if (flags & known_flags[cnt].flag)
   2552       {
   2553 	if (cp != buf && len > 1)
   2554 	  {
   2555 	    *cp++ = '|';
   2556 	    --len;
   2557 	  }
   2558 
   2559 	size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
   2560 	cp = mempcpy (cp, known_flags[cnt].name, ncopy);
   2561 	len -= ncopy;
   2562 
   2563 	flags ^= known_flags[cnt].flag;
   2564       }
   2565 
   2566   if (flags != 0 || cp == buf)
   2567     snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
   2568 
   2569   *cp = '\0';
   2570 
   2571   return buf;
   2572 }
   2573 
   2574 
   2575 static int
   2576 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
   2577 {
   2578   /* First find the relocation section for the symbol table.  */
   2579   Elf_Scn *scn = NULL;
   2580   GElf_Shdr shdr_mem;
   2581   GElf_Shdr *shdr = NULL;
   2582   while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
   2583     {
   2584       shdr = gelf_getshdr (scn, &shdr_mem);
   2585       if (shdr != NULL
   2586 	  && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
   2587 	  && shdr->sh_link == symscnndx)
   2588 	/* Found the section.  */
   2589 	break;
   2590     }
   2591 
   2592   if (scn == NULL)
   2593     return 0;
   2594 
   2595   Elf_Data *data = elf_getdata (scn, NULL);
   2596   if (data == NULL)
   2597     return 0;
   2598 
   2599   if (shdr->sh_type == SHT_REL)
   2600     for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
   2601       {
   2602 	GElf_Rel rel_mem;
   2603 	GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
   2604 	if (rel == NULL)
   2605 	  continue;
   2606 
   2607 	if (GELF_R_SYM (rel->r_info) == symndx
   2608 	    && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
   2609 	  return 1;
   2610       }
   2611   else
   2612     for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
   2613       {
   2614 	GElf_Rela rela_mem;
   2615 	GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
   2616 	if (rela == NULL)
   2617 	  continue;
   2618 
   2619 	if (GELF_R_SYM (rela->r_info) == symndx
   2620 	    && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
   2621 	  return 1;
   2622       }
   2623 
   2624   return 0;
   2625 }
   2626 
   2627 
   2628 static int
   2629 in_nobits_scn (Ebl *ebl, unsigned int shndx)
   2630 {
   2631   GElf_Shdr shdr_mem;
   2632   GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
   2633   return shdr != NULL && shdr->sh_type == SHT_NOBITS;
   2634 }
   2635 
   2636 
   2637 static struct version_namelist
   2638 {
   2639   const char *objname;
   2640   const char *name;
   2641   GElf_Versym ndx;
   2642   enum { ver_def, ver_need } type;
   2643   struct version_namelist *next;
   2644 } *version_namelist;
   2645 
   2646 
   2647 static int
   2648 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
   2649 {
   2650   /* Check that there are no duplications.  */
   2651   struct version_namelist *nlp = version_namelist;
   2652   while (nlp != NULL)
   2653     {
   2654       if (((nlp->objname == NULL && objname == NULL)
   2655 	   || (nlp->objname != NULL && objname != NULL
   2656 	       && strcmp (nlp->objname, objname) == 0))
   2657 	  && strcmp (nlp->name, name) == 0)
   2658 	return nlp->type == ver_def ? 1 : -1;
   2659       nlp = nlp->next;
   2660     }
   2661 
   2662   nlp = xmalloc (sizeof (*nlp));
   2663   nlp->objname = objname;
   2664   nlp->name = name;
   2665   nlp->ndx = ndx;
   2666   nlp->type = type;
   2667   nlp->next = version_namelist;
   2668   version_namelist = nlp;
   2669 
   2670   return 0;
   2671 }
   2672 
   2673 
   2674 static void
   2675 check_versym (Ebl *ebl, int idx)
   2676 {
   2677   Elf_Scn *scn = elf_getscn (ebl->elf, idx);
   2678   GElf_Shdr shdr_mem;
   2679   GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
   2680   if (shdr == NULL)
   2681     /* The error has already been reported.  */
   2682     return;
   2683 
   2684   Elf_Data *data = elf_getdata (scn, NULL);
   2685   if (data == NULL)
   2686     {
   2687       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   2688 	     idx, section_name (ebl, idx));
   2689       return;
   2690     }
   2691 
   2692   Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
   2693   GElf_Shdr symshdr_mem;
   2694   GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
   2695   if (symshdr == NULL)
   2696     /* The error has already been reported.  */
   2697     return;
   2698 
   2699   if (symshdr->sh_type != SHT_DYNSYM)
   2700     {
   2701       ERROR (gettext ("\
   2702 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
   2703 	     idx, section_name (ebl, idx),
   2704 	     shdr->sh_link, section_name (ebl, shdr->sh_link));
   2705       return;
   2706     }
   2707 
   2708   /* The number of elements in the version symbol table must be the
   2709      same as the number of symbols.  */
   2710   if (shdr->sh_size / shdr->sh_entsize
   2711       != symshdr->sh_size / symshdr->sh_entsize)
   2712     ERROR (gettext ("\
   2713 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
   2714 	   idx, section_name (ebl, idx),
   2715 	   shdr->sh_link, section_name (ebl, shdr->sh_link));
   2716 
   2717   Elf_Data *symdata = elf_getdata (symscn, NULL);
   2718   if (symdata == NULL)
   2719     /* The error has already been reported.  */
   2720     return;
   2721 
   2722   for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
   2723     {
   2724       GElf_Versym versym_mem;
   2725       GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
   2726       if (versym == NULL)
   2727 	{
   2728 	  ERROR (gettext ("\
   2729 section [%2d] '%s': symbol %d: cannot read version data\n"),
   2730 		 idx, section_name (ebl, idx), cnt);
   2731 	  break;
   2732 	}
   2733 
   2734       GElf_Sym sym_mem;
   2735       GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
   2736       if (sym == NULL)
   2737 	/* Already reported elsewhere.  */
   2738 	continue;
   2739 
   2740       if (*versym == VER_NDX_GLOBAL)
   2741 	{
   2742 	  /* Global symbol.  Make sure it is not defined as local.  */
   2743 	  if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
   2744 	    ERROR (gettext ("\
   2745 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
   2746 		   idx, section_name (ebl, idx), cnt);
   2747 	}
   2748       else if (*versym != VER_NDX_LOCAL)
   2749 	{
   2750 	  /* Versioned symbol.  Make sure it is not defined as local.  */
   2751 	  if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
   2752 	    ERROR (gettext ("\
   2753 section [%2d] '%s': symbol %d: local symbol with version\n"),
   2754 		   idx, section_name (ebl, idx), cnt);
   2755 
   2756 	  /* Look through the list of defined versions and locate the
   2757 	     index we need for this symbol.  */
   2758 	  struct version_namelist *runp = version_namelist;
   2759 	  while (runp != NULL)
   2760 	    if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
   2761 	      break;
   2762 	    else
   2763 	      runp = runp->next;
   2764 
   2765 	  if (runp == NULL)
   2766 	    ERROR (gettext ("\
   2767 section [%2d] '%s': symbol %d: invalid version index %d\n"),
   2768 		   idx, section_name (ebl, idx), cnt, (int) *versym);
   2769 	  else if (sym->st_shndx == SHN_UNDEF
   2770 		   && runp->type == ver_def)
   2771 	    ERROR (gettext ("\
   2772 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
   2773 		   idx, section_name (ebl, idx), cnt, (int) *versym);
   2774 	  else if (sym->st_shndx != SHN_UNDEF
   2775 		   && runp->type == ver_need)
   2776 	    {
   2777 	      /* Unless this symbol has a copy relocation associated
   2778 		 this must not happen.  */
   2779 	      if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
   2780 		  && !in_nobits_scn (ebl, sym->st_shndx))
   2781 		ERROR (gettext ("\
   2782 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
   2783 		       idx, section_name (ebl, idx), cnt, (int) *versym);
   2784 	    }
   2785 	}
   2786     }
   2787 }
   2788 
   2789 
   2790 static int
   2791 unknown_dependency_p (Elf *elf, const char *fname)
   2792 {
   2793   GElf_Phdr phdr_mem;
   2794   GElf_Phdr *phdr = NULL;
   2795 
   2796   unsigned int i;
   2797   for (i = 0; i < phnum; ++i)
   2798     if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
   2799 	&& phdr->p_type == PT_DYNAMIC)
   2800       break;
   2801 
   2802   if (i == phnum)
   2803     return 1;
   2804   assert (phdr != NULL);
   2805   Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
   2806   GElf_Shdr shdr_mem;
   2807   GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
   2808   Elf_Data *data = elf_getdata (scn, NULL);
   2809   if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL)
   2810     for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
   2811       {
   2812 	GElf_Dyn dyn_mem;
   2813 	GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
   2814 	if (dyn != NULL && dyn->d_tag == DT_NEEDED)
   2815 	  {
   2816 	    const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
   2817 	    if (str != NULL && strcmp (str, fname) == 0)
   2818 	      /* Found it.  */
   2819 	      return 0;
   2820 	  }
   2821       }
   2822 
   2823   return 1;
   2824 }
   2825 
   2826 
   2827 static unsigned int nverneed;
   2828 
   2829 static void
   2830 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
   2831 {
   2832   if (++nverneed == 2)
   2833     ERROR (gettext ("more than one version reference section present\n"));
   2834 
   2835   GElf_Shdr strshdr_mem;
   2836   GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
   2837 				     &strshdr_mem);
   2838   if (strshdr == NULL)
   2839     return;
   2840   if (strshdr->sh_type != SHT_STRTAB)
   2841     ERROR (gettext ("\
   2842 section [%2d] '%s': sh_link does not link to string table\n"),
   2843 	   idx, section_name (ebl, idx));
   2844 
   2845   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   2846   if (data == NULL)
   2847     {
   2848       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   2849 	     idx, section_name (ebl, idx));
   2850       return;
   2851     }
   2852   unsigned int offset = 0;
   2853   for (int cnt = shdr->sh_info; --cnt >= 0; )
   2854     {
   2855       /* Get the data at the next offset.  */
   2856       GElf_Verneed needmem;
   2857       GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
   2858       if (need == NULL)
   2859 	break;
   2860 
   2861       unsigned int auxoffset = offset + need->vn_aux;
   2862 
   2863       if (need->vn_version != EV_CURRENT)
   2864 	ERROR (gettext ("\
   2865 section [%2d] '%s': entry %d has wrong version %d\n"),
   2866 	       idx, section_name (ebl, idx), cnt, (int) need->vn_version);
   2867 
   2868       if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
   2869 							 1, EV_CURRENT))
   2870 	ERROR (gettext ("\
   2871 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
   2872 	       idx, section_name (ebl, idx), cnt);
   2873 
   2874       const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
   2875 					need->vn_file);
   2876       if (libname == NULL)
   2877 	{
   2878 	  ERROR (gettext ("\
   2879 section [%2d] '%s': entry %d has invalid file reference\n"),
   2880 		 idx, section_name (ebl, idx), cnt);
   2881 	  goto next_need;
   2882 	}
   2883 
   2884       /* Check that there is a DT_NEEDED entry for the referenced library.  */
   2885       if (unknown_dependency_p (ebl->elf, libname))
   2886 	ERROR (gettext ("\
   2887 section [%2d] '%s': entry %d references unknown dependency\n"),
   2888 	       idx, section_name (ebl, idx), cnt);
   2889 
   2890       for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
   2891 	{
   2892 	  GElf_Vernaux auxmem;
   2893 	  GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
   2894 	  if (aux == NULL)
   2895 	    break;
   2896 
   2897 	  if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
   2898 	    ERROR (gettext ("\
   2899 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
   2900 		   idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
   2901 
   2902 	  const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
   2903 					   aux->vna_name);
   2904 	  if (verstr == NULL)
   2905 	    ERROR (gettext ("\
   2906 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
   2907 		   idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
   2908 	  else
   2909 	    {
   2910 	      GElf_Word hashval = elf_hash (verstr);
   2911 	      if (hashval != aux->vna_hash)
   2912 		ERROR (gettext ("\
   2913 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
   2914 		       idx, section_name (ebl, idx), need->vn_cnt - cnt2,
   2915 		       cnt, (int) hashval, (int) aux->vna_hash);
   2916 
   2917 	      int res = add_version (libname, verstr, aux->vna_other,
   2918 				     ver_need);
   2919 	      if (unlikely (res !=0))
   2920 		{
   2921 		  assert (res > 0);
   2922 		  ERROR (gettext ("\
   2923 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
   2924 			 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
   2925 			 cnt, verstr);
   2926 		}
   2927 	    }
   2928 
   2929 	  if ((aux->vna_next != 0 || cnt2 > 0)
   2930 	      && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
   2931 					     EV_CURRENT))
   2932 	    {
   2933 	      ERROR (gettext ("\
   2934 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
   2935 		     idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
   2936 	      break;
   2937 	    }
   2938 
   2939 	  auxoffset += MAX (aux->vna_next,
   2940 			    gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
   2941 	}
   2942 
   2943       /* Find the next offset.  */
   2944     next_need:
   2945       offset += need->vn_next;
   2946 
   2947       if ((need->vn_next != 0 || cnt > 0)
   2948 	  && offset < auxoffset)
   2949 	ERROR (gettext ("\
   2950 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
   2951 	       idx, section_name (ebl, idx), cnt);
   2952     }
   2953 }
   2954 
   2955 
   2956 static unsigned int nverdef;
   2957 
   2958 static void
   2959 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
   2960 {
   2961   if (++nverdef == 2)
   2962     ERROR (gettext ("more than one version definition section present\n"));
   2963 
   2964   GElf_Shdr strshdr_mem;
   2965   GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
   2966 				     &strshdr_mem);
   2967   if (strshdr == NULL)
   2968     return;
   2969   if (strshdr->sh_type != SHT_STRTAB)
   2970     ERROR (gettext ("\
   2971 section [%2d] '%s': sh_link does not link to string table\n"),
   2972 	   idx, section_name (ebl, idx));
   2973 
   2974   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   2975   if (data == NULL)
   2976     {
   2977     no_data:
   2978       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   2979 	     idx, section_name (ebl, idx));
   2980       return;
   2981     }
   2982 
   2983   /* Iterate over all version definition entries.  We check that there
   2984      is a BASE entry and that each index is unique.  To do the later
   2985      we collection the information in a list which is later
   2986      examined.  */
   2987   struct namelist
   2988   {
   2989     const char *name;
   2990     struct namelist *next;
   2991   } *namelist = NULL;
   2992   struct namelist *refnamelist = NULL;
   2993 
   2994   bool has_base = false;
   2995   unsigned int offset = 0;
   2996   for (int cnt = shdr->sh_info; --cnt >= 0; )
   2997     {
   2998       /* Get the data at the next offset.  */
   2999       GElf_Verdef defmem;
   3000       GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
   3001       if (def == NULL)
   3002 	goto no_data;
   3003 
   3004       if ((def->vd_flags & VER_FLG_BASE) != 0)
   3005 	{
   3006 	  if (has_base)
   3007 	    ERROR (gettext ("\
   3008 section [%2d] '%s': more than one BASE definition\n"),
   3009 		   idx, section_name (ebl, idx));
   3010 	  if (def->vd_ndx != VER_NDX_GLOBAL)
   3011 	    ERROR (gettext ("\
   3012 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
   3013 		   idx, section_name (ebl, idx));
   3014 	  has_base = true;
   3015 	}
   3016       if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
   3017 	ERROR (gettext ("\
   3018 section [%2d] '%s': entry %d has unknown flag\n"),
   3019 	       idx, section_name (ebl, idx), cnt);
   3020 
   3021       if (def->vd_version != EV_CURRENT)
   3022 	ERROR (gettext ("\
   3023 section [%2d] '%s': entry %d has wrong version %d\n"),
   3024 	       idx, section_name (ebl, idx), cnt, (int) def->vd_version);
   3025 
   3026       if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
   3027 						       1, EV_CURRENT))
   3028 	ERROR (gettext ("\
   3029 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
   3030 	       idx, section_name (ebl, idx), cnt);
   3031 
   3032       unsigned int auxoffset = offset + def->vd_aux;
   3033       GElf_Verdaux auxmem;
   3034       GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
   3035       if (aux == NULL)
   3036 	goto no_data;
   3037 
   3038       const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
   3039       if (name == NULL)
   3040 	{
   3041 	  ERROR (gettext ("\
   3042 section [%2d] '%s': entry %d has invalid name reference\n"),
   3043 		 idx, section_name (ebl, idx), cnt);
   3044 	  goto next_def;
   3045 	}
   3046       GElf_Word hashval = elf_hash (name);
   3047       if (def->vd_hash != hashval)
   3048 	ERROR (gettext ("\
   3049 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
   3050 	       idx, section_name (ebl, idx), cnt, (int) hashval,
   3051 	       (int) def->vd_hash);
   3052 
   3053       int res = add_version (NULL, name, def->vd_ndx, ver_def);
   3054       if (unlikely (res !=0))
   3055 	{
   3056 	  assert (res > 0);
   3057 	  ERROR (gettext ("\
   3058 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
   3059 		 idx, section_name (ebl, idx), cnt, name);
   3060 	}
   3061 
   3062       struct namelist *newname = alloca (sizeof (*newname));
   3063       newname->name = name;
   3064       newname->next = namelist;
   3065       namelist = newname;
   3066 
   3067       auxoffset += aux->vda_next;
   3068       for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
   3069 	{
   3070 	  aux = gelf_getverdaux (data, auxoffset, &auxmem);
   3071 	  if (aux == NULL)
   3072 	    goto no_data;
   3073 
   3074 	  name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
   3075 	  if (name == NULL)
   3076 	    ERROR (gettext ("\
   3077 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
   3078 		   idx, section_name (ebl, idx), cnt);
   3079 	  else
   3080 	    {
   3081 	      newname = alloca (sizeof (*newname));
   3082 	      newname->name = name;
   3083 	      newname->next = refnamelist;
   3084 	      refnamelist = newname;
   3085 	    }
   3086 
   3087 	  if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
   3088 	      && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
   3089 					     EV_CURRENT))
   3090 	    {
   3091 	      ERROR (gettext ("\
   3092 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
   3093 		     idx, section_name (ebl, idx), cnt);
   3094 	      break;
   3095 	    }
   3096 
   3097 	  auxoffset += MAX (aux->vda_next,
   3098 			    gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
   3099 	}
   3100 
   3101       /* Find the next offset.  */
   3102     next_def:
   3103       offset += def->vd_next;
   3104 
   3105       if ((def->vd_next != 0 || cnt > 0)
   3106 	  && offset < auxoffset)
   3107 	ERROR (gettext ("\
   3108 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
   3109 	       idx, section_name (ebl, idx), cnt);
   3110     }
   3111 
   3112   if (!has_base)
   3113     ERROR (gettext ("section [%2d] '%s': no BASE definition\n"),
   3114 	   idx, section_name (ebl, idx));
   3115 
   3116   /* Check whether the referenced names are available.  */
   3117   while (namelist != NULL)
   3118     {
   3119       struct version_namelist *runp = version_namelist;
   3120       while (runp != NULL)
   3121 	{
   3122 	  if (runp->type == ver_def
   3123 	      && strcmp (runp->name, namelist->name) == 0)
   3124 	    break;
   3125 	  runp = runp->next;
   3126 	}
   3127 
   3128       if (runp == NULL)
   3129 	ERROR (gettext ("\
   3130 section [%2d] '%s': unknown parent version '%s'\n"),
   3131 	       idx, section_name (ebl, idx), namelist->name);
   3132 
   3133       namelist = namelist->next;
   3134     }
   3135 }
   3136 
   3137 static void
   3138 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   3139 {
   3140   if (shdr->sh_size == 0)
   3141     {
   3142       ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"),
   3143 	     idx, section_name (ebl, idx));
   3144       return;
   3145     }
   3146 
   3147   Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
   3148   if (data == NULL || data->d_size == 0)
   3149     {
   3150       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   3151 	     idx, section_name (ebl, idx));
   3152       return;
   3153     }
   3154 
   3155   inline size_t pos (const unsigned char *p)
   3156   {
   3157     return p - (const unsigned char *) data->d_buf;
   3158   }
   3159 
   3160   const unsigned char *p = data->d_buf;
   3161   if (*p++ != 'A')
   3162     {
   3163       ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"),
   3164 	     idx, section_name (ebl, idx));
   3165       return;
   3166     }
   3167 
   3168   inline size_t left (void)
   3169   {
   3170     return (const unsigned char *) data->d_buf + data->d_size - p;
   3171   }
   3172 
   3173   while (left () >= 4)
   3174     {
   3175       uint32_t len;
   3176       memcpy (&len, p, sizeof len);
   3177 
   3178       if (len == 0)
   3179 	ERROR (gettext ("\
   3180 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
   3181 	       idx, section_name (ebl, idx), pos (p));
   3182 
   3183       if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
   3184 	CONVERT (len);
   3185 
   3186       if (len > left ())
   3187 	{
   3188 	  ERROR (gettext ("\
   3189 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
   3190 		 idx, section_name (ebl, idx), pos (p));
   3191 	  break;
   3192 	}
   3193 
   3194       const unsigned char *name = p + sizeof len;
   3195       p += len;
   3196 
   3197       unsigned const char *q = memchr (name, '\0', len);
   3198       if (q == NULL)
   3199 	{
   3200 	  ERROR (gettext ("\
   3201 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
   3202 		 idx, section_name (ebl, idx), pos (p));
   3203 	  continue;
   3204 	}
   3205       ++q;
   3206 
   3207       if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
   3208 	while (q < p)
   3209 	  {
   3210 	    unsigned const char *chunk = q;
   3211 
   3212 	    unsigned int subsection_tag;
   3213 	    get_uleb128 (subsection_tag, q);
   3214 
   3215 	    if (q >= p)
   3216 	      {
   3217 		ERROR (gettext ("\
   3218 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
   3219 		       idx, section_name (ebl, idx), pos (chunk));
   3220 		break;
   3221 	      }
   3222 
   3223 	    uint32_t subsection_len;
   3224 	    if (p - q < (ptrdiff_t) sizeof subsection_len)
   3225 	      {
   3226 		ERROR (gettext ("\
   3227 section [%2d] '%s': offset %zu: truncated attribute section\n"),
   3228 		       idx, section_name (ebl, idx), pos (q));
   3229 		break;
   3230 	      }
   3231 
   3232 	    memcpy (&subsection_len, q, sizeof subsection_len);
   3233 	    if (subsection_len == 0)
   3234 	      {
   3235 		ERROR (gettext ("\
   3236 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
   3237 		       idx, section_name (ebl, idx), pos (q));
   3238 
   3239 		q += sizeof subsection_len;
   3240 		continue;
   3241 	      }
   3242 
   3243 	    if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
   3244 	      CONVERT (subsection_len);
   3245 
   3246 	    if (p - chunk < (ptrdiff_t) subsection_len)
   3247 	      {
   3248 		ERROR (gettext ("\
   3249 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
   3250 		       idx, section_name (ebl, idx), pos (q));
   3251 		break;
   3252 	      }
   3253 
   3254 	    const unsigned char *subsection_end = chunk + subsection_len;
   3255 	    chunk = q;
   3256 	    q = subsection_end;
   3257 
   3258 	    if (subsection_tag != 1) /* Tag_File */
   3259 	      ERROR (gettext ("\
   3260 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
   3261 		     idx, section_name (ebl, idx), pos (chunk), subsection_tag);
   3262 	    else
   3263 	      {
   3264 		chunk += sizeof subsection_len;
   3265 		while (chunk < q)
   3266 		  {
   3267 		    unsigned int tag;
   3268 		    get_uleb128 (tag, chunk);
   3269 
   3270 		    uint64_t value = 0;
   3271 		    const unsigned char *r = chunk;
   3272 		    if (tag == 32 || (tag & 1) == 0)
   3273 		      {
   3274 			get_uleb128 (value, r);
   3275 			if (r > q)
   3276 			  {
   3277 			    ERROR (gettext ("\
   3278 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
   3279 				   idx, section_name (ebl, idx), pos (chunk));
   3280 			    break;
   3281 			  }
   3282 		      }
   3283 		    if (tag == 32 || (tag & 1) != 0)
   3284 		      {
   3285 			r = memchr (r, '\0', q - r);
   3286 			if (r == NULL)
   3287 			  {
   3288 			    ERROR (gettext ("\
   3289 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
   3290 				   idx, section_name (ebl, idx), pos (chunk));
   3291 			    break;
   3292 			  }
   3293 			++r;
   3294 		      }
   3295 
   3296 		    const char *tag_name = NULL;
   3297 		    const char *value_name = NULL;
   3298 		    if (!ebl_check_object_attribute (ebl, (const char *) name,
   3299 						     tag, value,
   3300 						     &tag_name, &value_name))
   3301 		      ERROR (gettext ("\
   3302 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
   3303 			     idx, section_name (ebl, idx), pos (chunk), tag);
   3304 		    else if ((tag & 1) == 0 && value_name == NULL)
   3305 		      ERROR (gettext ("\
   3306 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
   3307 			     idx, section_name (ebl, idx), pos (chunk),
   3308 			     tag_name, value);
   3309 
   3310 		    chunk = r;
   3311 		  }
   3312 	      }
   3313 	  }
   3314       else
   3315 	ERROR (gettext ("\
   3316 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
   3317 	       idx, section_name (ebl, idx), pos (p), name);
   3318     }
   3319 
   3320   if (left () != 0)
   3321     ERROR (gettext ("\
   3322 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
   3323 	   idx, section_name (ebl, idx), pos (p));
   3324 }
   3325 
   3326 static bool has_loadable_segment;
   3327 static bool has_interp_segment;
   3328 
   3329 static const struct
   3330 {
   3331   const char *name;
   3332   size_t namelen;
   3333   GElf_Word type;
   3334   enum { unused, exact, atleast, exact_or_gnuld } attrflag;
   3335   GElf_Word attr;
   3336   GElf_Word attr2;
   3337 } special_sections[] =
   3338   {
   3339     /* See figure 4-14 in the gABI.  */
   3340     { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3341     { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
   3342     { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3343     { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3344     { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
   3345     { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
   3346     { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
   3347     { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
   3348     { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
   3349     { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
   3350     { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3351     { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
   3352     { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
   3353     { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
   3354     { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3355     { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
   3356     { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
   3357     { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
   3358     { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
   3359     { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
   3360     { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC }, // XXX more tests
   3361     { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC }, // XXX more tests
   3362     { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
   3363     { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
   3364     { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
   3365     { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
   3366     { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
   3367     { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
   3368     { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
   3369     { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
   3370     { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
   3371     { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
   3372 
   3373     /* The following are GNU extensions.  */
   3374     { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
   3375     { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
   3376     { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
   3377     { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
   3378   };
   3379 #define nspecial_sections \
   3380   (sizeof (special_sections) / sizeof (special_sections[0]))
   3381 
   3382 #define IS_KNOWN_SPECIAL(idx, string, prefix)			      \
   3383   (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0)  \
   3384    && !memcmp (special_sections[idx].name, string, \
   3385 	       sizeof string - (prefix ? 1 : 0)))
   3386 
   3387 
   3388 /* Indeces of some sections we need later.  */
   3389 static size_t eh_frame_hdr_scnndx;
   3390 static size_t eh_frame_scnndx;
   3391 static size_t gcc_except_table_scnndx;
   3392 
   3393 
   3394 static void
   3395 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
   3396 {
   3397   if (ehdr->e_shoff == 0)
   3398     /* No section header.  */
   3399     return;
   3400 
   3401   /* Allocate array to count references in section groups.  */
   3402   scnref = (int *) xcalloc (shnum, sizeof (int));
   3403 
   3404   /* Check the zeroth section first.  It must not have any contents
   3405      and the section header must contain nonzero value at most in the
   3406      sh_size and sh_link fields.  */
   3407   GElf_Shdr shdr_mem;
   3408   GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
   3409   if (shdr == NULL)
   3410     ERROR (gettext ("cannot get section header of zeroth section\n"));
   3411   else
   3412     {
   3413       if (shdr->sh_name != 0)
   3414 	ERROR (gettext ("zeroth section has nonzero name\n"));
   3415       if (shdr->sh_type != 0)
   3416 	ERROR (gettext ("zeroth section has nonzero type\n"));
   3417       if (shdr->sh_flags != 0)
   3418 	ERROR (gettext ("zeroth section has nonzero flags\n"));
   3419       if (shdr->sh_addr != 0)
   3420 	ERROR (gettext ("zeroth section has nonzero address\n"));
   3421       if (shdr->sh_offset != 0)
   3422 	ERROR (gettext ("zeroth section has nonzero offset\n"));
   3423       if (shdr->sh_addralign != 0)
   3424 	ERROR (gettext ("zeroth section has nonzero align value\n"));
   3425       if (shdr->sh_entsize != 0)
   3426 	ERROR (gettext ("zeroth section has nonzero entry size value\n"));
   3427 
   3428       if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
   3429 	ERROR (gettext ("\
   3430 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
   3431 
   3432       if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
   3433 	ERROR (gettext ("\
   3434 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
   3435 
   3436       if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
   3437 	ERROR (gettext ("\
   3438 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
   3439     }
   3440 
   3441   int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
   3442 
   3443   bool dot_interp_section = false;
   3444 
   3445   size_t hash_idx = 0;
   3446   size_t gnu_hash_idx = 0;
   3447 
   3448   size_t versym_scnndx = 0;
   3449   for (size_t cnt = 1; cnt < shnum; ++cnt)
   3450     {
   3451       shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem);
   3452       if (shdr == NULL)
   3453 	{
   3454 	  ERROR (gettext ("\
   3455 cannot get section header for section [%2zu] '%s': %s\n"),
   3456 		 cnt, section_name (ebl, cnt), elf_errmsg (-1));
   3457 	  continue;
   3458 	}
   3459 
   3460       const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
   3461 
   3462       if (scnname == NULL)
   3463 	ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
   3464       else
   3465 	{
   3466 	  /* Check whether it is one of the special sections defined in
   3467 	     the gABI.  */
   3468 	  size_t s;
   3469 	  for (s = 0; s < nspecial_sections; ++s)
   3470 	    if (strncmp (scnname, special_sections[s].name,
   3471 			 special_sections[s].namelen) == 0)
   3472 	      {
   3473 		char stbuf1[100];
   3474 		char stbuf2[100];
   3475 		char stbuf3[100];
   3476 
   3477 		GElf_Word good_type = special_sections[s].type;
   3478 		if (IS_KNOWN_SPECIAL (s, ".plt", false)
   3479 		    && ebl_bss_plt_p (ebl, ehdr))
   3480 		  good_type = SHT_NOBITS;
   3481 
   3482 		/* In a debuginfo file, any normal section can be SHT_NOBITS.
   3483 		   This is only invalid for DWARF sections and .shstrtab.  */
   3484 		if (shdr->sh_type != good_type
   3485 		    && (shdr->sh_type != SHT_NOBITS
   3486 			|| !is_debuginfo
   3487 			|| IS_KNOWN_SPECIAL (s, ".debug_str", false)
   3488 			|| IS_KNOWN_SPECIAL (s, ".debug", true)
   3489 			|| IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
   3490 		  ERROR (gettext ("\
   3491 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
   3492 			 (int) cnt, scnname,
   3493 			 ebl_section_type_name (ebl, special_sections[s].type,
   3494 						stbuf1, sizeof (stbuf1)),
   3495 			 ebl_section_type_name (ebl, shdr->sh_type,
   3496 						stbuf2, sizeof (stbuf2)));
   3497 
   3498 		if (special_sections[s].attrflag == exact
   3499 		    || special_sections[s].attrflag == exact_or_gnuld)
   3500 		  {
   3501 		    /* Except for the link order and group bit all the
   3502 		       other bits should match exactly.  */
   3503 		    if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP))
   3504 			!= special_sections[s].attr
   3505 			&& (special_sections[s].attrflag == exact || !gnuld))
   3506 		      ERROR (gettext ("\
   3507 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
   3508 			     cnt, scnname,
   3509 			     section_flags_string (special_sections[s].attr,
   3510 						   stbuf1, sizeof (stbuf1)),
   3511 			     section_flags_string (shdr->sh_flags
   3512 						   & ~SHF_LINK_ORDER,
   3513 						   stbuf2, sizeof (stbuf2)));
   3514 		  }
   3515 		else if (special_sections[s].attrflag == atleast)
   3516 		  {
   3517 		    if ((shdr->sh_flags & special_sections[s].attr)
   3518 			!= special_sections[s].attr
   3519 			|| ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP
   3520 						| special_sections[s].attr
   3521 						| special_sections[s].attr2))
   3522 			    != 0))
   3523 		      ERROR (gettext ("\
   3524 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
   3525 			     cnt, scnname,
   3526 			     section_flags_string (special_sections[s].attr,
   3527 						   stbuf1, sizeof (stbuf1)),
   3528 			     section_flags_string (special_sections[s].attr2,
   3529 						   stbuf2, sizeof (stbuf2)),
   3530 			     section_flags_string (shdr->sh_flags
   3531 						   & ~(SHF_LINK_ORDER
   3532 						       | SHF_GROUP),
   3533 						   stbuf3, sizeof (stbuf3)));
   3534 		  }
   3535 
   3536 		if (strcmp (scnname, ".interp") == 0)
   3537 		  {
   3538 		    dot_interp_section = true;
   3539 
   3540 		    if (ehdr->e_type == ET_REL)
   3541 		      ERROR (gettext ("\
   3542 section [%2zu] '%s' present in object file\n"),
   3543 			     cnt, scnname);
   3544 
   3545 		    if ((shdr->sh_flags & SHF_ALLOC) != 0
   3546 			&& !has_loadable_segment)
   3547 		      ERROR (gettext ("\
   3548 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
   3549 			     cnt, scnname);
   3550 		    else if ((shdr->sh_flags & SHF_ALLOC) == 0
   3551 			     && has_loadable_segment)
   3552 		      ERROR (gettext ("\
   3553 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
   3554 			     cnt, scnname);
   3555 		  }
   3556 		else
   3557 		  {
   3558 		    if (strcmp (scnname, ".symtab_shndx") == 0
   3559 			&& ehdr->e_type != ET_REL)
   3560 		      ERROR (gettext ("\
   3561 section [%2zu] '%s' is extension section index table in non-object file\n"),
   3562 			     cnt, scnname);
   3563 
   3564 		    /* These sections must have the SHF_ALLOC flag set iff
   3565 		       a loadable segment is available.
   3566 
   3567 		       .relxxx
   3568 		       .strtab
   3569 		       .symtab
   3570 		       .symtab_shndx
   3571 
   3572 		       Check that if there is a reference from the
   3573 		       loaded section these sections also have the
   3574 		       ALLOC flag set.  */
   3575 #if 0
   3576 		    // XXX TODO
   3577 		    if ((shdr->sh_flags & SHF_ALLOC) != 0
   3578 			&& !has_loadable_segment)
   3579 		      ERROR (gettext ("\
   3580 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
   3581 			     cnt, scnname);
   3582 		    else if ((shdr->sh_flags & SHF_ALLOC) == 0
   3583 			     && has_loadable_segment)
   3584 		      ERROR (gettext ("\
   3585 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
   3586 			     cnt, scnname);
   3587 #endif
   3588 		  }
   3589 
   3590 		break;
   3591 	      }
   3592 
   3593 	  /* Remember a few special sections for later.  */
   3594 	  if (strcmp (scnname, ".eh_frame_hdr") == 0)
   3595 	    eh_frame_hdr_scnndx = cnt;
   3596 	  else if (strcmp (scnname, ".eh_frame") == 0)
   3597 	    eh_frame_scnndx = cnt;
   3598 	  else if (strcmp (scnname, ".gcc_except_table") == 0)
   3599 	    gcc_except_table_scnndx = cnt;
   3600 	}
   3601 
   3602       if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
   3603 	ERROR (gettext ("\
   3604 section [%2zu] '%s': size not multiple of entry size\n"),
   3605 	       cnt, section_name (ebl, cnt));
   3606 
   3607       if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
   3608 	ERROR (gettext ("cannot get section header\n"));
   3609 
   3610       if (shdr->sh_type >= SHT_NUM
   3611 	  && shdr->sh_type != SHT_GNU_ATTRIBUTES
   3612 	  && shdr->sh_type != SHT_GNU_LIBLIST
   3613 	  && shdr->sh_type != SHT_CHECKSUM
   3614 	  && shdr->sh_type != SHT_GNU_verdef
   3615 	  && shdr->sh_type != SHT_GNU_verneed
   3616 	  && shdr->sh_type != SHT_GNU_versym
   3617 	  && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
   3618 	ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"),
   3619 	       cnt, section_name (ebl, cnt),
   3620 	       (int) shdr->sh_type);
   3621 
   3622 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
   3623 		      | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
   3624 		      | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS)
   3625       if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
   3626 	{
   3627 	  GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
   3628 	  if (sh_flags & SHF_MASKPROC)
   3629 	    {
   3630 	      if (!ebl_machine_section_flag_check (ebl,
   3631 						   sh_flags & SHF_MASKPROC))
   3632 		ERROR (gettext ("section [%2zu] '%s'"
   3633 				" contains invalid processor-specific flag(s)"
   3634 				" %#" PRIx64 "\n"),
   3635 		       cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
   3636 	      sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
   3637 	    }
   3638 	  if (sh_flags != 0)
   3639 	    ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)"
   3640 			    " %#" PRIx64 "\n"),
   3641 		   cnt, section_name (ebl, cnt), sh_flags);
   3642 	}
   3643       if (shdr->sh_flags & SHF_TLS)
   3644 	{
   3645 	  // XXX Correct?
   3646 	  if (shdr->sh_addr != 0 && !gnuld)
   3647 	    ERROR (gettext ("\
   3648 section [%2zu] '%s': thread-local data sections address not zero\n"),
   3649 		   cnt, section_name (ebl, cnt));
   3650 
   3651 	  // XXX TODO more tests!?
   3652 	}
   3653 
   3654       if (shdr->sh_link >= shnum)
   3655 	ERROR (gettext ("\
   3656 section [%2zu] '%s': invalid section reference in link value\n"),
   3657 	       cnt, section_name (ebl, cnt));
   3658 
   3659       if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
   3660 	ERROR (gettext ("\
   3661 section [%2zu] '%s': invalid section reference in info value\n"),
   3662 	       cnt, section_name (ebl, cnt));
   3663 
   3664       if ((shdr->sh_flags & SHF_MERGE) == 0
   3665 	  && (shdr->sh_flags & SHF_STRINGS) != 0
   3666 	  && be_strict)
   3667 	ERROR (gettext ("\
   3668 section [%2zu] '%s': strings flag set without merge flag\n"),
   3669 	       cnt, section_name (ebl, cnt));
   3670 
   3671       if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
   3672 	ERROR (gettext ("\
   3673 section [%2zu] '%s': merge flag set but entry size is zero\n"),
   3674 	       cnt, section_name (ebl, cnt));
   3675 
   3676       if (shdr->sh_flags & SHF_GROUP)
   3677 	check_scn_group (ebl, cnt);
   3678 
   3679       if (shdr->sh_flags & SHF_EXECINSTR)
   3680 	{
   3681 	  switch (shdr->sh_type)
   3682 	    {
   3683 	    case SHT_PROGBITS:
   3684 	      break;
   3685 
   3686 	    case SHT_NOBITS:
   3687 	      if (is_debuginfo)
   3688 		break;
   3689 	    default:
   3690 	      ERROR (gettext ("\
   3691 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
   3692 		     cnt, section_name (ebl, cnt), shdr->sh_type);
   3693 	      break;
   3694 	    }
   3695 
   3696 	  if ((shdr->sh_flags & SHF_WRITE)
   3697 	      && !ebl_check_special_section (ebl, cnt, shdr,
   3698 					     section_name (ebl, cnt)))
   3699 	    ERROR (gettext ("\
   3700 section [%2zu] '%s' is both executable and writable\n"),
   3701 		   cnt, section_name (ebl, cnt));
   3702 	}
   3703 
   3704       if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0)
   3705 	{
   3706 	  /* Make sure the section is contained in a loaded segment
   3707 	     and that the initialization part matches NOBITS sections.  */
   3708 	  unsigned int pcnt;
   3709 	  GElf_Phdr phdr_mem;
   3710 	  GElf_Phdr *phdr;
   3711 
   3712 	  for (pcnt = 0; pcnt < phnum; ++pcnt)
   3713 	    if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
   3714 		&& ((phdr->p_type == PT_LOAD
   3715 		     && (shdr->sh_flags & SHF_TLS) == 0)
   3716 		    || (phdr->p_type == PT_TLS
   3717 			&& (shdr->sh_flags & SHF_TLS) != 0))
   3718 		&& phdr->p_offset <= shdr->sh_offset
   3719 		&& (phdr->p_offset + phdr->p_filesz > shdr->sh_offset
   3720 		    || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset
   3721 			&& shdr->sh_type == SHT_NOBITS)))
   3722 	      {
   3723 		/* Found the segment.  */
   3724 		if (phdr->p_offset + phdr->p_memsz
   3725 		    < shdr->sh_offset + shdr->sh_size)
   3726 		  ERROR (gettext ("\
   3727 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
   3728 			 cnt, section_name (ebl, cnt), pcnt);
   3729 
   3730 		if (shdr->sh_type == SHT_NOBITS)
   3731 		  {
   3732 		    if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
   3733 			&& !is_debuginfo)
   3734 		      ERROR (gettext ("\
   3735 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
   3736 			 cnt, section_name (ebl, cnt), pcnt);
   3737 		  }
   3738 		else
   3739 		  {
   3740 		    const GElf_Off end = phdr->p_offset + phdr->p_filesz;
   3741 		    if (shdr->sh_offset > end ||
   3742 			(shdr->sh_offset == end && shdr->sh_size != 0))
   3743 		      ERROR (gettext ("\
   3744 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
   3745 			 cnt, section_name (ebl, cnt), pcnt);
   3746 		  }
   3747 
   3748 		if (shdr->sh_type != SHT_NOBITS)
   3749 		  {
   3750 		    if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
   3751 		      {
   3752 			segment_flags[pcnt] |= PF_X;
   3753 			if ((phdr->p_flags & PF_X) == 0)
   3754 			  ERROR (gettext ("\
   3755 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
   3756 				 cnt, section_name (ebl, cnt), pcnt);
   3757 		      }
   3758 
   3759 		    if ((shdr->sh_flags & SHF_WRITE) != 0)
   3760 		      {
   3761 			segment_flags[pcnt] |= PF_W;
   3762 			if (0	/* XXX vdso images have this */
   3763 			    && (phdr->p_flags & PF_W) == 0)
   3764 			  ERROR (gettext ("\
   3765 section [%2zu] '%s' is writable in unwritable segment %d\n"),
   3766 				 cnt, section_name (ebl, cnt), pcnt);
   3767 		      }
   3768 		  }
   3769 
   3770 		break;
   3771 	      }
   3772 
   3773 	  if (pcnt == phnum)
   3774 	    ERROR (gettext ("\
   3775 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
   3776 		   cnt, section_name (ebl, cnt));
   3777 	}
   3778 
   3779       if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
   3780 	ERROR (gettext ("\
   3781 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
   3782 	       cnt, section_name (ebl, cnt));
   3783 
   3784       switch (shdr->sh_type)
   3785 	{
   3786 	case SHT_DYNSYM:
   3787 	  if (ehdr->e_type == ET_REL)
   3788 	    ERROR (gettext ("\
   3789 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
   3790 		   cnt, section_name (ebl, cnt));
   3791 	  /* FALLTHROUGH */
   3792 	case SHT_SYMTAB:
   3793 	  check_symtab (ebl, ehdr, shdr, cnt);
   3794 	  break;
   3795 
   3796 	case SHT_RELA:
   3797 	  check_rela (ebl, ehdr, shdr, cnt);
   3798 	  break;
   3799 
   3800 	case SHT_REL:
   3801 	  check_rel (ebl, ehdr, shdr, cnt);
   3802 	  break;
   3803 
   3804 	case SHT_DYNAMIC:
   3805 	  check_dynamic (ebl, ehdr, shdr, cnt);
   3806 	  break;
   3807 
   3808 	case SHT_SYMTAB_SHNDX:
   3809 	  check_symtab_shndx (ebl, ehdr, shdr, cnt);
   3810 	  break;
   3811 
   3812 	case SHT_HASH:
   3813 	  check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
   3814 	  hash_idx = cnt;
   3815 	  break;
   3816 
   3817 	case SHT_GNU_HASH:
   3818 	  check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
   3819 	  gnu_hash_idx = cnt;
   3820 	  break;
   3821 
   3822 	case SHT_NULL:
   3823 	  check_null (ebl, shdr, cnt);
   3824 	  break;
   3825 
   3826 	case SHT_GROUP:
   3827 	  check_group (ebl, ehdr, shdr, cnt);
   3828 	  break;
   3829 
   3830 	case SHT_NOTE:
   3831 	  check_note_section (ebl, ehdr, shdr, cnt);
   3832 	  break;
   3833 
   3834 	case SHT_GNU_versym:
   3835 	  /* We cannot process this section now since we have no guarantee
   3836 	     that the verneed and verdef sections have already been read.
   3837 	     Just remember the section index.  */
   3838 	  if (versym_scnndx != 0)
   3839 	    ERROR (gettext ("more than one version symbol table present\n"));
   3840 	  versym_scnndx = cnt;
   3841 	  break;
   3842 
   3843 	case SHT_GNU_verneed:
   3844 	  check_verneed (ebl, shdr, cnt);
   3845 	  break;
   3846 
   3847 	case SHT_GNU_verdef:
   3848 	  check_verdef (ebl, shdr, cnt);
   3849 	  break;
   3850 
   3851 	case SHT_GNU_ATTRIBUTES:
   3852 	  check_attributes (ebl, ehdr, shdr, cnt);
   3853 	  break;
   3854 
   3855 	default:
   3856 	  /* Nothing.  */
   3857 	  break;
   3858 	}
   3859     }
   3860 
   3861   if (has_interp_segment && !dot_interp_section)
   3862     ERROR (gettext ("INTERP program header entry but no .interp section\n"));
   3863 
   3864   if (!is_debuginfo)
   3865     for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
   3866       {
   3867 	GElf_Phdr phdr_mem;
   3868 	GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
   3869 	if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
   3870 	  {
   3871 	    if ((phdr->p_flags & PF_X) != 0
   3872 		&& (segment_flags[pcnt] & PF_X) == 0)
   3873 	      ERROR (gettext ("\
   3874 loadable segment [%u] is executable but contains no executable sections\n"),
   3875 		     pcnt);
   3876 
   3877 	    if ((phdr->p_flags & PF_W) != 0
   3878 		&& (segment_flags[pcnt] & PF_W) == 0)
   3879 	      ERROR (gettext ("\
   3880 loadable segment [%u] is writable but contains no writable sections\n"),
   3881 		     pcnt);
   3882 	  }
   3883       }
   3884 
   3885   free (segment_flags);
   3886 
   3887   if (version_namelist != NULL)
   3888     {
   3889       if (versym_scnndx == 0)
   3890     ERROR (gettext ("\
   3891 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
   3892       else
   3893 	check_versym (ebl, versym_scnndx);
   3894 
   3895       /* Check for duplicate index numbers.  */
   3896       do
   3897 	{
   3898 	  struct version_namelist *runp = version_namelist->next;
   3899 	  while (runp != NULL)
   3900 	    {
   3901 	      if (version_namelist->ndx == runp->ndx)
   3902 		{
   3903 		  ERROR (gettext ("duplicate version index %d\n"),
   3904 			 (int) version_namelist->ndx);
   3905 		  break;
   3906 		}
   3907 	      runp = runp->next;
   3908 	    }
   3909 
   3910 	  struct version_namelist *old = version_namelist;
   3911 	  version_namelist = version_namelist->next;
   3912 	  free (old);
   3913 	}
   3914       while (version_namelist != NULL);
   3915     }
   3916   else if (versym_scnndx != 0)
   3917     ERROR (gettext ("\
   3918 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
   3919 
   3920   if (hash_idx != 0 && gnu_hash_idx != 0)
   3921     compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
   3922 
   3923   free (scnref);
   3924 }
   3925 
   3926 
   3927 static GElf_Off
   3928 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
   3929 		 Elf_Data *data, int shndx, int phndx, GElf_Off start)
   3930 {
   3931   size_t offset = 0;
   3932   size_t last_offset = 0;
   3933   GElf_Nhdr nhdr;
   3934   size_t name_offset;
   3935   size_t desc_offset;
   3936   while (offset < data->d_size
   3937 	 && (offset = gelf_getnote (data, offset,
   3938 				    &nhdr, &name_offset, &desc_offset)) > 0)
   3939     {
   3940       last_offset = offset;
   3941 
   3942       /* Make sure it is one of the note types we know about.  */
   3943       if (ehdr->e_type == ET_CORE)
   3944 	switch (nhdr.n_type)
   3945 	  {
   3946 	  case NT_PRSTATUS:
   3947 	  case NT_FPREGSET:
   3948 	  case NT_PRPSINFO:
   3949 	  case NT_TASKSTRUCT:		/* NT_PRXREG on Solaris.  */
   3950 	  case NT_PLATFORM:
   3951 	  case NT_AUXV:
   3952 	  case NT_GWINDOWS:
   3953 	  case NT_ASRS:
   3954 	  case NT_PSTATUS:
   3955 	  case NT_PSINFO:
   3956 	  case NT_PRCRED:
   3957 	  case NT_UTSNAME:
   3958 	  case NT_LWPSTATUS:
   3959 	  case NT_LWPSINFO:
   3960 	  case NT_PRFPXREG:
   3961 	    /* Known type.  */
   3962 	    break;
   3963 
   3964 	  default:
   3965 	    if (shndx == 0)
   3966 	      ERROR (gettext ("\
   3967 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
   3968 		     phndx, (uint32_t) nhdr.n_type, start + offset);
   3969 	    else
   3970 	      ERROR (gettext ("\
   3971 section [%2d] '%s': unknown core file note type %" PRIu32
   3972 			      " at offset %Zu\n"),
   3973 		     shndx, section_name (ebl, shndx),
   3974 		     (uint32_t) nhdr.n_type, offset);
   3975 	  }
   3976       else
   3977 	switch (nhdr.n_type)
   3978 	  {
   3979 	  case NT_GNU_ABI_TAG:
   3980 	  case NT_GNU_HWCAP:
   3981 	  case NT_GNU_BUILD_ID:
   3982 	  case NT_GNU_GOLD_VERSION:
   3983 	    break;
   3984 
   3985 	  case 0:
   3986 	    /* Linux vDSOs use a type 0 note for the kernel version word.  */
   3987 	    if (nhdr.n_namesz == sizeof "Linux"
   3988 		&& !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
   3989 	      break;
   3990 
   3991 	  default:
   3992 	    if (shndx == 0)
   3993 	      ERROR (gettext ("\
   3994 phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"),
   3995 		     phndx, (uint32_t) nhdr.n_type, offset);
   3996 	    else
   3997 	      ERROR (gettext ("\
   3998 section [%2d] '%s': unknown object file note type %" PRIu32
   3999 			      " at offset %Zu\n"),
   4000 		     shndx, section_name (ebl, shndx),
   4001 		     (uint32_t) nhdr.n_type, offset);
   4002 	  }
   4003     }
   4004 
   4005   return last_offset;
   4006 }
   4007 
   4008 
   4009 static void
   4010 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
   4011 {
   4012   if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
   4013       && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
   4014     ERROR (gettext ("\
   4015 phdr[%d]: no note entries defined for the type of file\n"),
   4016 	   cnt);
   4017 
   4018   if (is_debuginfo)
   4019     /* The p_offset values in a separate debug file are bogus.  */
   4020     return;
   4021 
   4022   if (phdr->p_filesz == 0)
   4023     return;
   4024 
   4025   GElf_Off notes_size = 0;
   4026   Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
   4027 					 phdr->p_offset, phdr->p_filesz,
   4028 					 ELF_T_NHDR);
   4029   if (data != NULL)
   4030     notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
   4031 
   4032   if (notes_size == 0)
   4033     ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"),
   4034 	   cnt, elf_errmsg (-1));
   4035   else if (notes_size != phdr->p_filesz)
   4036     ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
   4037 	   cnt, phdr->p_filesz - notes_size);
   4038 }
   4039 
   4040 
   4041 static void
   4042 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
   4043 {
   4044   if (shdr->sh_size == 0)
   4045     return;
   4046 
   4047   Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
   4048   if (data == NULL)
   4049     {
   4050       ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
   4051 	     idx, section_name (ebl, idx));
   4052       return;
   4053     }
   4054 
   4055   if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
   4056       && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
   4057     ERROR (gettext ("\
   4058 section [%2d] '%s': no note entries defined for the type of file\n"),
   4059 	     idx, section_name (ebl, idx));
   4060 
   4061   GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
   4062 
   4063   if (notes_size == 0)
   4064     ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"),
   4065 	   idx, section_name (ebl, idx));
   4066   else if (notes_size != shdr->sh_size)
   4067     ERROR (gettext ("section [%2d] '%s': extra %" PRIu64
   4068 		    " bytes after last note\n"),
   4069 	   idx, section_name (ebl, idx), shdr->sh_size - notes_size);
   4070 }
   4071 
   4072 
   4073 /* Index of the PT_GNU_EH_FRAME program eader entry.  */
   4074 static int pt_gnu_eh_frame_pndx;
   4075 
   4076 
   4077 static void
   4078 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
   4079 {
   4080   if (ehdr->e_phoff == 0)
   4081     return;
   4082 
   4083   if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
   4084       && ehdr->e_type != ET_CORE)
   4085     ERROR (gettext ("\
   4086 only executables, shared objects, and core files can have program headers\n"));
   4087 
   4088   int num_pt_interp = 0;
   4089   int num_pt_tls = 0;
   4090   int num_pt_relro = 0;
   4091 
   4092   for (unsigned int cnt = 0; cnt < phnum; ++cnt)
   4093     {
   4094       GElf_Phdr phdr_mem;
   4095       GElf_Phdr *phdr;
   4096 
   4097       phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
   4098       if (phdr == NULL)
   4099 	{
   4100 	  ERROR (gettext ("cannot get program header entry %d: %s\n"),
   4101 		 cnt, elf_errmsg (-1));
   4102 	  continue;
   4103 	}
   4104 
   4105       if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
   4106 	  && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
   4107 	  /* Check for a known machine-specific type.  */
   4108 	  && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
   4109 	ERROR (gettext ("\
   4110 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
   4111 	       cnt, (uint64_t) phdr->p_type);
   4112 
   4113       if (phdr->p_type == PT_LOAD)
   4114 	has_loadable_segment = true;
   4115       else if (phdr->p_type == PT_INTERP)
   4116 	{
   4117 	  if (++num_pt_interp != 1)
   4118 	    {
   4119 	      if (num_pt_interp == 2)
   4120 		ERROR (gettext ("\
   4121 more than one INTERP entry in program header\n"));
   4122 	    }
   4123 	  has_interp_segment = true;
   4124 	}
   4125       else if (phdr->p_type == PT_TLS)
   4126 	{
   4127 	  if (++num_pt_tls == 2)
   4128 	    ERROR (gettext ("more than one TLS entry in program header\n"));
   4129 	}
   4130       else if (phdr->p_type == PT_NOTE)
   4131 	check_note (ebl, ehdr, phdr, cnt);
   4132       else if (phdr->p_type == PT_DYNAMIC)
   4133 	{
   4134 	  if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
   4135 	    ERROR (gettext ("\
   4136 static executable cannot have dynamic sections\n"));
   4137 	  else
   4138 	    {
   4139 	      /* Check that the .dynamic section, if it exists, has
   4140 		 the same address.  */
   4141 	      Elf_Scn *scn = NULL;
   4142 	      while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
   4143 		{
   4144 		  GElf_Shdr shdr_mem;
   4145 		  GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
   4146 		  if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
   4147 		    {
   4148 		      if (phdr->p_offset != shdr->sh_offset)
   4149 			ERROR (gettext ("\
   4150 dynamic section reference in program header has wrong offset\n"));
   4151 		      if (phdr->p_memsz != shdr->sh_size)
   4152 			ERROR (gettext ("\
   4153 dynamic section size mismatch in program and section header\n"));
   4154 		      break;
   4155 		    }
   4156 		}
   4157 	    }
   4158 	}
   4159       else if (phdr->p_type == PT_GNU_RELRO)
   4160 	{
   4161 	  if (++num_pt_relro == 2)
   4162 	    ERROR (gettext ("\
   4163 more than one GNU_RELRO entry in program header\n"));
   4164 	  else
   4165 	    {
   4166 	      /* Check that the region is in a writable segment.  */
   4167 	      unsigned int inner;
   4168 	      for (inner = 0; inner < phnum; ++inner)
   4169 		{
   4170 		  GElf_Phdr phdr2_mem;
   4171 		  GElf_Phdr *phdr2;
   4172 
   4173 		  phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
   4174 		  if (phdr2 == NULL)
   4175 		    continue;
   4176 
   4177 		  if (phdr2->p_type == PT_LOAD
   4178 		      && phdr->p_vaddr >= phdr2->p_vaddr
   4179 		      && (phdr->p_vaddr + phdr->p_memsz
   4180 			  <= phdr2->p_vaddr + phdr2->p_memsz))
   4181 		    {
   4182 		      if ((phdr2->p_flags & PF_W) == 0)
   4183 			ERROR (gettext ("\
   4184 loadable segment GNU_RELRO applies to is not writable\n"));
   4185 		      if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W))
   4186 			ERROR (gettext ("\
   4187 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
   4188 			       cnt, inner);
   4189 		      break;
   4190 		    }
   4191 		}
   4192 
   4193 	      if (inner >= phnum)
   4194 		ERROR (gettext ("\
   4195 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
   4196 	    }
   4197 	}
   4198       else if (phdr->p_type == PT_PHDR)
   4199 	{
   4200 	  /* Check that the region is in a writable segment.  */
   4201 	  unsigned int inner;
   4202 	  for (inner = 0; inner < phnum; ++inner)
   4203 	    {
   4204 	      GElf_Phdr phdr2_mem;
   4205 	      GElf_Phdr *phdr2;
   4206 
   4207 	      phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
   4208 	      if (phdr2 != NULL
   4209 		  && phdr2->p_type == PT_LOAD
   4210 		  && phdr->p_vaddr >= phdr2->p_vaddr
   4211 		  && (phdr->p_vaddr + phdr->p_memsz
   4212 		      <= phdr2->p_vaddr + phdr2->p_memsz))
   4213 		break;
   4214 	    }
   4215 
   4216 	  if (inner >= phnum)
   4217 	    ERROR (gettext ("\
   4218 %s segment not contained in a loaded segment\n"), "PHDR");
   4219 
   4220 	  /* Check that offset in segment corresponds to offset in ELF
   4221 	     header.  */
   4222 	  if (phdr->p_offset != ehdr->e_phoff)
   4223 	    ERROR (gettext ("\
   4224 program header offset in ELF header and PHDR entry do not match"));
   4225 	}
   4226       else if (phdr->p_type == PT_GNU_EH_FRAME)
   4227 	{
   4228 	  /* If there is an .eh_frame_hdr section it must be
   4229 	     referenced by this program header entry.  */
   4230 	  Elf_Scn *scn = NULL;
   4231 	  GElf_Shdr shdr_mem;
   4232 	  GElf_Shdr *shdr = NULL;
   4233 	  bool any = false;
   4234 	  while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
   4235 	    {
   4236 	      any = true;
   4237 	      shdr = gelf_getshdr (scn, &shdr_mem);
   4238 	      if (shdr != NULL
   4239 		  && shdr->sh_type == (is_debuginfo
   4240 				       ? SHT_NOBITS : SHT_PROGBITS)
   4241 		  && ! strcmp (".eh_frame_hdr",
   4242 			       elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
   4243 		{
   4244 		  if (! is_debuginfo)
   4245 		    {
   4246 		      if (phdr->p_offset != shdr->sh_offset)
   4247 			ERROR (gettext ("\
   4248 call frame search table reference in program header has wrong offset\n"));
   4249 		      if (phdr->p_memsz != shdr->sh_size)
   4250 			ERROR (gettext ("\
   4251 call frame search table size mismatch in program and section header\n"));
   4252 		    }
   4253 		  break;
   4254 		}
   4255 	    }
   4256 
   4257 	  if (scn == NULL)
   4258 	    {
   4259 	      /* If there is no section header table we don't
   4260 		 complain.  But if there is one there should be an
   4261 		 entry for .eh_frame_hdr.  */
   4262 	      if (any)
   4263 		ERROR (gettext ("\
   4264 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
   4265 	    }
   4266 	  else
   4267 	    {
   4268 	      /* The section must be allocated and not be writable and
   4269 		 executable.  */
   4270 	      if ((phdr->p_flags & PF_R) == 0)
   4271 		ERROR (gettext ("\
   4272 call frame search table must be allocated\n"));
   4273 	      else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
   4274 		ERROR (gettext ("\
   4275 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
   4276 
   4277 	      if ((phdr->p_flags & PF_W) != 0)
   4278 		ERROR (gettext ("\
   4279 call frame search table must not be writable\n"));
   4280 	      else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
   4281 		ERROR (gettext ("\
   4282 section [%2zu] '%s' must not be writable\n"),
   4283 		       elf_ndxscn (scn), ".eh_frame_hdr");
   4284 
   4285 	      if ((phdr->p_flags & PF_X) != 0)
   4286 		ERROR (gettext ("\
   4287 call frame search table must not be executable\n"));
   4288 	      else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
   4289 		ERROR (gettext ("\
   4290 section [%2zu] '%s' must not be executable\n"),
   4291 		       elf_ndxscn (scn), ".eh_frame_hdr");
   4292 	    }
   4293 
   4294 	  /* Remember which entry this is.  */
   4295 	  pt_gnu_eh_frame_pndx = cnt;
   4296 	}
   4297 
   4298       if (phdr->p_filesz > phdr->p_memsz
   4299 	  && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
   4300 	ERROR (gettext ("\
   4301 program header entry %d: file size greater than memory size\n"),
   4302 	       cnt);
   4303 
   4304       if (phdr->p_align > 1)
   4305 	{
   4306 	  if (!powerof2 (phdr->p_align))
   4307 	    ERROR (gettext ("\
   4308 program header entry %d: alignment not a power of 2\n"), cnt);
   4309 	  else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
   4310 	    ERROR (gettext ("\
   4311 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
   4312 	}
   4313     }
   4314 }
   4315 
   4316 
   4317 static void
   4318 check_exception_data (Ebl *ebl __attribute__ ((unused)),
   4319 		      GElf_Ehdr *ehdr __attribute__ ((unused)))
   4320 {
   4321   if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
   4322       && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
   4323     ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have "
   4324 		    "a PT_GNU_EH_FRAME program header entry"));
   4325 }
   4326 
   4327 
   4328 /* Process one file.  */
   4329 static void
   4330 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
   4331 		  const char *fname, size_t size, bool only_one)
   4332 {
   4333   /* Reset variables.  */
   4334   ndynamic = 0;
   4335   nverneed = 0;
   4336   nverdef = 0;
   4337   textrel = false;
   4338   needed_textrel = false;
   4339   has_loadable_segment = false;
   4340   has_interp_segment = false;
   4341 
   4342   GElf_Ehdr ehdr_mem;
   4343   GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
   4344   Ebl *ebl;
   4345 
   4346   /* Print the file name.  */
   4347   if (!only_one)
   4348     {
   4349       if (prefix != NULL)
   4350 	printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
   4351       else
   4352 	printf ("\n%s:\n", fname);
   4353     }
   4354 
   4355   if (ehdr == NULL)
   4356     {
   4357       ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
   4358       return;
   4359     }
   4360 
   4361   ebl = ebl_openbackend (elf);
   4362   /* If there is no appropriate backend library we cannot test
   4363      architecture and OS specific features.  Any encountered extension
   4364      is an error.  */
   4365 
   4366   /* Go straight by the gABI, check all the parts in turn.  */
   4367   check_elf_header (ebl, ehdr, size);
   4368 
   4369   /* Check the program header.  */
   4370   check_program_header (ebl, ehdr);
   4371 
   4372   /* Next the section headers.  It is OK if there are no section
   4373      headers at all.  */
   4374   check_sections (ebl, ehdr);
   4375 
   4376   /* Check the exception handling data, if it exists.  */
   4377   if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
   4378       || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
   4379     check_exception_data (ebl, ehdr);
   4380 
   4381   /* Report if no relocation section needed the text relocation flag.  */
   4382   if (textrel && !needed_textrel)
   4383     ERROR (gettext ("text relocation flag set but not needed\n"));
   4384 
   4385   /* Free the resources.  */
   4386   ebl_closebackend (ebl);
   4387 }
   4388 
   4389 
   4390 #include "debugpred.h"
   4391