Home | History | Annotate | Download | only in libelf
      1 /* Create descriptor for processing file.
      2    Copyright (C) 1998-2010, 2012, 2014, 2015 Red Hat, Inc.
      3    This file is part of elfutils.
      4    Written by Ulrich Drepper <drepper (at) redhat.com>, 1998.
      5 
      6    This file is free software; you can redistribute it and/or modify
      7    it under the terms of either
      8 
      9      * the GNU Lesser General Public License as published by the Free
     10        Software Foundation; either version 3 of the License, or (at
     11        your option) any later version
     12 
     13    or
     14 
     15      * the GNU General Public License as published by the Free
     16        Software Foundation; either version 2 of the License, or (at
     17        your option) any later version
     18 
     19    or both in parallel, as here.
     20 
     21    elfutils is distributed in the hope that it will be useful, but
     22    WITHOUT ANY WARRANTY; without even the implied warranty of
     23    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     24    General Public License for more details.
     25 
     26    You should have received copies of the GNU General Public License and
     27    the GNU Lesser General Public License along with this program.  If
     28    not, see <http://www.gnu.org/licenses/>.  */
     29 
     30 #ifdef HAVE_CONFIG_H
     31 # include <config.h>
     32 #endif
     33 
     34 #include <assert.h>
     35 #include <ctype.h>
     36 #include <errno.h>
     37 #include <fcntl.h>
     38 #include <stdbool.h>
     39 #include <stddef.h>
     40 #include <string.h>
     41 #include <unistd.h>
     42 #include <sys/mman.h>
     43 #include <sys/param.h>
     44 #include <sys/stat.h>
     45 
     46 #include <system.h>
     47 #include "libelfP.h"
     48 #include "common.h"
     49 
     50 
     51 /* Create descriptor for archive in memory.  */
     52 static inline Elf *
     53 file_read_ar (int fildes, void *map_address, off_t offset, size_t maxsize,
     54 	      Elf_Cmd cmd, Elf *parent)
     55 {
     56   Elf *elf;
     57 
     58   /* Create a descriptor.  */
     59   elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
     60                       ELF_K_AR, 0);
     61   if (elf != NULL)
     62     {
     63       /* We don't read all the symbol tables in advance.  All this will
     64 	 happen on demand.  */
     65       elf->state.ar.offset = offset + SARMAG;
     66 
     67       elf->state.ar.elf_ar_hdr.ar_rawname = elf->state.ar.raw_name;
     68     }
     69 
     70   return elf;
     71 }
     72 
     73 
     74 static size_t
     75 get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset,
     76 	   size_t maxsize)
     77 {
     78   size_t result;
     79   union
     80   {
     81     Elf32_Ehdr *e32;
     82     Elf64_Ehdr *e64;
     83     void *p;
     84   } ehdr;
     85   union
     86   {
     87     Elf32_Ehdr e32;
     88     Elf64_Ehdr e64;
     89   } ehdr_mem;
     90   bool is32 = e_ident[EI_CLASS] == ELFCLASS32;
     91 
     92   /* Make the ELF header available.  */
     93   if (e_ident[EI_DATA] == MY_ELFDATA
     94       && (ALLOW_UNALIGNED
     95 	  || (((size_t) e_ident
     96 	       & ((is32 ? __alignof__ (Elf32_Ehdr) : __alignof__ (Elf64_Ehdr))
     97 		  - 1)) == 0)))
     98     ehdr.p = e_ident;
     99   else
    100     {
    101       /* We already read the ELF header.  We have to copy the header
    102 	 since we possibly modify the data here and the caller
    103 	 expects the memory it passes in to be preserved.  */
    104       ehdr.p = &ehdr_mem;
    105 
    106       if (is32)
    107 	{
    108 	  if (ALLOW_UNALIGNED)
    109 	    {
    110 	      ehdr_mem.e32.e_shnum = ((Elf32_Ehdr *) e_ident)->e_shnum;
    111 	      ehdr_mem.e32.e_shoff = ((Elf32_Ehdr *) e_ident)->e_shoff;
    112 	    }
    113 	  else
    114 	    memcpy (&ehdr_mem, e_ident, sizeof (Elf32_Ehdr));
    115 
    116 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    117 	    {
    118 	      CONVERT (ehdr_mem.e32.e_shnum);
    119 	      CONVERT (ehdr_mem.e32.e_shoff);
    120 	    }
    121 	}
    122       else
    123 	{
    124 	  if (ALLOW_UNALIGNED)
    125 	    {
    126 	      ehdr_mem.e64.e_shnum = ((Elf64_Ehdr *) e_ident)->e_shnum;
    127 	      ehdr_mem.e64.e_shoff = ((Elf64_Ehdr *) e_ident)->e_shoff;
    128 	    }
    129 	  else
    130 	    memcpy (&ehdr_mem, e_ident, sizeof (Elf64_Ehdr));
    131 
    132 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    133 	    {
    134 	      CONVERT (ehdr_mem.e64.e_shnum);
    135 	      CONVERT (ehdr_mem.e64.e_shoff);
    136 	    }
    137 	}
    138     }
    139 
    140   if (is32)
    141     {
    142       /* Get the number of sections from the ELF header.  */
    143       result = ehdr.e32->e_shnum;
    144 
    145       if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
    146 	{
    147 	  if (unlikely (ehdr.e32->e_shoff >= maxsize)
    148 	      || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr)))
    149 	    /* Cannot read the first section header.  */
    150 	    return 0;
    151 
    152 	  if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
    153 	      && (ALLOW_UNALIGNED
    154 		  || (((size_t) ((char *) map_address + ehdr.e32->e_shoff))
    155 		      & (__alignof__ (Elf32_Shdr) - 1)) == 0))
    156 	    /* We can directly access the memory.  */
    157 	    result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff
    158 				      + offset))->sh_size;
    159 	  else
    160 	    {
    161 	      Elf32_Word size;
    162 
    163 	      if (likely (map_address != NULL))
    164 		/* gcc will optimize the memcpy to a simple memory
    165 		   access while taking care of alignment issues.  */
    166 		memcpy (&size, &((Elf32_Shdr *) ((char *) map_address
    167 						 + ehdr.e32->e_shoff
    168 						 + offset))->sh_size,
    169 			sizeof (Elf32_Word));
    170 	      else
    171 		if (unlikely (pread_retry (fildes, &size, sizeof (Elf32_Word),
    172 					   offset + ehdr.e32->e_shoff
    173 					   + offsetof (Elf32_Shdr, sh_size))
    174 			      != sizeof (Elf32_Word)))
    175 		  return (size_t) -1l;
    176 
    177 	      if (e_ident[EI_DATA] != MY_ELFDATA)
    178 		CONVERT (size);
    179 
    180 	      result = size;
    181 	    }
    182 	}
    183 
    184       /* If the section headers were truncated, pretend none were there.  */
    185       if (ehdr.e32->e_shoff > maxsize
    186 	  || maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr) * result)
    187 	result = 0;
    188     }
    189   else
    190     {
    191       /* Get the number of sections from the ELF header.  */
    192       result = ehdr.e64->e_shnum;
    193 
    194       if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
    195 	{
    196 	  if (unlikely (ehdr.e64->e_shoff >= maxsize)
    197 	      || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
    198 	    /* Cannot read the first section header.  */
    199 	    return 0;
    200 
    201 	  Elf64_Xword size;
    202 	  if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
    203 	      && (ALLOW_UNALIGNED
    204 		  || (((size_t) ((char *) map_address + ehdr.e64->e_shoff))
    205 		      & (__alignof__ (Elf64_Shdr) - 1)) == 0))
    206 	    /* We can directly access the memory.  */
    207 	    size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff
    208 				    + offset))->sh_size;
    209 	  else
    210 	    {
    211 	      if (likely (map_address != NULL))
    212 		/* gcc will optimize the memcpy to a simple memory
    213 		   access while taking care of alignment issues.  */
    214 		memcpy (&size, &((Elf64_Shdr *) ((char *) map_address
    215 						 + ehdr.e64->e_shoff
    216 						 + offset))->sh_size,
    217 			sizeof (Elf64_Xword));
    218 	      else
    219 		if (unlikely (pread_retry (fildes, &size, sizeof (Elf64_Xword),
    220 					   offset + ehdr.e64->e_shoff
    221 					   + offsetof (Elf64_Shdr, sh_size))
    222 			      != sizeof (Elf64_Xword)))
    223 		  return (size_t) -1l;
    224 
    225 	      if (e_ident[EI_DATA] != MY_ELFDATA)
    226 		CONVERT (size);
    227 	    }
    228 
    229 	  if (size > ~((GElf_Word) 0))
    230 	    /* Invalid value, it is too large.  */
    231 	    return (size_t) -1l;
    232 
    233 	  result = size;
    234 	}
    235 
    236       /* If the section headers were truncated, pretend none were there.  */
    237       if (ehdr.e64->e_shoff > maxsize
    238 	  || maxsize - ehdr.e64->e_shoff < sizeof (Elf64_Shdr) * result)
    239 	result = 0;
    240     }
    241 
    242   return result;
    243 }
    244 
    245 
    246 /* Create descriptor for ELF file in memory.  */
    247 static Elf *
    248 file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
    249 	       off_t offset, size_t maxsize, Elf_Cmd cmd, Elf *parent)
    250 {
    251   /* Verify the binary is of the class we can handle.  */
    252   if (unlikely ((e_ident[EI_CLASS] != ELFCLASS32
    253 		 && e_ident[EI_CLASS] != ELFCLASS64)
    254 		/* We also can only handle two encodings.  */
    255 		|| (e_ident[EI_DATA] != ELFDATA2LSB
    256 		    && e_ident[EI_DATA] != ELFDATA2MSB)))
    257     {
    258       /* Cannot handle this.  */
    259       __libelf_seterrno (ELF_E_INVALID_FILE);
    260       return NULL;
    261     }
    262 
    263   /* Determine the number of sections.  */
    264   size_t scncnt = get_shnum (map_address, e_ident, fildes, offset, maxsize);
    265   if (scncnt == (size_t) -1l)
    266     /* Could not determine the number of sections.  */
    267     return NULL;
    268 
    269   /* Check for too many sections.  */
    270   if (e_ident[EI_CLASS] == ELFCLASS32)
    271     {
    272       if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
    273 	return NULL;
    274     }
    275   else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
    276     return NULL;
    277 
    278   /* We can now allocate the memory.  Even if there are no section headers,
    279      we allocate space for a zeroth section in case we need it later.  */
    280   const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
    281 			 ? 1 : 0);
    282   Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
    283 			   ELF_K_ELF, scnmax * sizeof (Elf_Scn));
    284   if (elf == NULL)
    285     /* Not enough memory.  */
    286     return NULL;
    287 
    288   assert ((unsigned int) scncnt == scncnt);
    289   assert (offsetof (struct Elf, state.elf32.scns)
    290 	  == offsetof (struct Elf, state.elf64.scns));
    291   elf->state.elf32.scns.cnt = scncnt;
    292   elf->state.elf32.scns.max = scnmax;
    293 
    294   /* Some more or less arbitrary value.  */
    295   elf->state.elf.scnincr = 10;
    296 
    297   /* Make the class easily available.  */
    298   elf->class = e_ident[EI_CLASS];
    299 
    300   if (e_ident[EI_CLASS] == ELFCLASS32)
    301     {
    302       /* This pointer might not be directly usable if the alignment is
    303 	 not sufficient for the architecture.  */
    304       Elf32_Ehdr *ehdr = (Elf32_Ehdr *) ((char *) map_address + offset);
    305 
    306       /* This is a 32-bit binary.  */
    307       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    308 	  && (ALLOW_UNALIGNED
    309 	      || (((uintptr_t) ehdr) & (__alignof__ (Elf32_Ehdr) - 1)) == 0))
    310 	{
    311 	  /* We can use the mmapped memory.  */
    312 	  elf->state.elf32.ehdr = ehdr;
    313 	}
    314       else
    315 	{
    316 	  /* Copy the ELF header.  */
    317 	  elf->state.elf32.ehdr = memcpy (&elf->state.elf32.ehdr_mem, e_ident,
    318 					  sizeof (Elf32_Ehdr));
    319 
    320 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    321 	    {
    322 	      CONVERT (elf->state.elf32.ehdr_mem.e_type);
    323 	      CONVERT (elf->state.elf32.ehdr_mem.e_machine);
    324 	      CONVERT (elf->state.elf32.ehdr_mem.e_version);
    325 	      CONVERT (elf->state.elf32.ehdr_mem.e_entry);
    326 	      CONVERT (elf->state.elf32.ehdr_mem.e_phoff);
    327 	      CONVERT (elf->state.elf32.ehdr_mem.e_shoff);
    328 	      CONVERT (elf->state.elf32.ehdr_mem.e_flags);
    329 	      CONVERT (elf->state.elf32.ehdr_mem.e_ehsize);
    330 	      CONVERT (elf->state.elf32.ehdr_mem.e_phentsize);
    331 	      CONVERT (elf->state.elf32.ehdr_mem.e_phnum);
    332 	      CONVERT (elf->state.elf32.ehdr_mem.e_shentsize);
    333 	      CONVERT (elf->state.elf32.ehdr_mem.e_shnum);
    334 	      CONVERT (elf->state.elf32.ehdr_mem.e_shstrndx);
    335 	    }
    336 	}
    337 
    338       /* Don't precache the phdr pointer here.
    339 	 elf32_getphdr will validate it against the size when asked.  */
    340 
    341       Elf32_Off e_shoff = elf->state.elf32.ehdr->e_shoff;
    342       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    343 	  && cmd != ELF_C_READ_MMAP /* We need a copy to be able to write.  */
    344 	  && (ALLOW_UNALIGNED
    345 	      || (((uintptr_t) ((char *) ehdr + e_shoff)
    346 		   & (__alignof__ (Elf32_Shdr) - 1)) == 0)))
    347 	{
    348 	  if (unlikely (e_shoff >= maxsize)
    349 	      || unlikely (maxsize - e_shoff
    350 			   < scncnt * sizeof (Elf32_Shdr)))
    351 	    {
    352 	    free_and_out:
    353 	      free (elf);
    354 	      __libelf_seterrno (ELF_E_INVALID_FILE);
    355 	      return NULL;
    356 	    }
    357 	  elf->state.elf32.shdr
    358 	    = (Elf32_Shdr *) ((char *) ehdr + e_shoff);
    359 
    360 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    361 	    {
    362 	      elf->state.elf32.scns.data[cnt].index = cnt;
    363 	      elf->state.elf32.scns.data[cnt].elf = elf;
    364 	      elf->state.elf32.scns.data[cnt].shdr.e32 =
    365 		&elf->state.elf32.shdr[cnt];
    366 	      if (likely (elf->state.elf32.shdr[cnt].sh_offset < maxsize)
    367 		  && likely (elf->state.elf32.shdr[cnt].sh_size
    368 			     <= maxsize - elf->state.elf32.shdr[cnt].sh_offset))
    369 		elf->state.elf32.scns.data[cnt].rawdata_base =
    370 		  elf->state.elf32.scns.data[cnt].data_base =
    371 		  ((char *) map_address + offset
    372 		   + elf->state.elf32.shdr[cnt].sh_offset);
    373 	      elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
    374 
    375 	      /* If this is a section with an extended index add a
    376 		 reference in the section which uses the extended
    377 		 index.  */
    378 	      if (elf->state.elf32.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
    379 		  && elf->state.elf32.shdr[cnt].sh_link < scncnt)
    380 		elf->state.elf32.scns.data[elf->state.elf32.shdr[cnt].sh_link].shndx_index
    381 		  = cnt;
    382 
    383 	      /* Set the own shndx_index field in case it has not yet
    384 		 been set.  */
    385 	      if (elf->state.elf32.scns.data[cnt].shndx_index == 0)
    386 		elf->state.elf32.scns.data[cnt].shndx_index = -1;
    387 	    }
    388 	}
    389       else
    390 	{
    391 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    392 	    {
    393 	      elf->state.elf32.scns.data[cnt].index = cnt;
    394 	      elf->state.elf32.scns.data[cnt].elf = elf;
    395 	      elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
    396 	    }
    397 	}
    398 
    399       /* So far only one block with sections.  */
    400       elf->state.elf32.scns_last = &elf->state.elf32.scns;
    401     }
    402   else
    403     {
    404       /* This pointer might not be directly usable if the alignment is
    405 	 not sufficient for the architecture.  */
    406       Elf64_Ehdr *ehdr = (Elf64_Ehdr *) ((char *) map_address + offset);
    407 
    408       /* This is a 64-bit binary.  */
    409       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    410 	  && (ALLOW_UNALIGNED
    411 	      || (((uintptr_t) ehdr) & (__alignof__ (Elf64_Ehdr) - 1)) == 0))
    412 	{
    413 	  /* We can use the mmapped memory.  */
    414 	  elf->state.elf64.ehdr = ehdr;
    415 	}
    416       else
    417 	{
    418 	  /* Copy the ELF header.  */
    419 	  elf->state.elf64.ehdr = memcpy (&elf->state.elf64.ehdr_mem, e_ident,
    420 					  sizeof (Elf64_Ehdr));
    421 
    422 	  if (e_ident[EI_DATA] != MY_ELFDATA)
    423 	    {
    424 	      CONVERT (elf->state.elf64.ehdr_mem.e_type);
    425 	      CONVERT (elf->state.elf64.ehdr_mem.e_machine);
    426 	      CONVERT (elf->state.elf64.ehdr_mem.e_version);
    427 	      CONVERT (elf->state.elf64.ehdr_mem.e_entry);
    428 	      CONVERT (elf->state.elf64.ehdr_mem.e_phoff);
    429 	      CONVERT (elf->state.elf64.ehdr_mem.e_shoff);
    430 	      CONVERT (elf->state.elf64.ehdr_mem.e_flags);
    431 	      CONVERT (elf->state.elf64.ehdr_mem.e_ehsize);
    432 	      CONVERT (elf->state.elf64.ehdr_mem.e_phentsize);
    433 	      CONVERT (elf->state.elf64.ehdr_mem.e_phnum);
    434 	      CONVERT (elf->state.elf64.ehdr_mem.e_shentsize);
    435 	      CONVERT (elf->state.elf64.ehdr_mem.e_shnum);
    436 	      CONVERT (elf->state.elf64.ehdr_mem.e_shstrndx);
    437 	    }
    438 	}
    439 
    440       /* Don't precache the phdr pointer here.
    441 	 elf64_getphdr will validate it against the size when asked.  */
    442 
    443       Elf64_Off e_shoff = elf->state.elf64.ehdr->e_shoff;
    444       if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
    445 	  && cmd != ELF_C_READ_MMAP /* We need a copy to be able to write.  */
    446 	  && (ALLOW_UNALIGNED
    447 	      || (((uintptr_t) ((char *) ehdr + e_shoff)
    448 		   & (__alignof__ (Elf64_Shdr) - 1)) == 0)))
    449 	{
    450 	  if (unlikely (e_shoff >= maxsize)
    451 	      || unlikely (maxsize - e_shoff
    452 			   < scncnt * sizeof (Elf64_Shdr)))
    453 	    goto free_and_out;
    454 	  elf->state.elf64.shdr
    455 	    = (Elf64_Shdr *) ((char *) ehdr + e_shoff);
    456 
    457 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    458 	    {
    459 	      elf->state.elf64.scns.data[cnt].index = cnt;
    460 	      elf->state.elf64.scns.data[cnt].elf = elf;
    461 	      elf->state.elf64.scns.data[cnt].shdr.e64 =
    462 		&elf->state.elf64.shdr[cnt];
    463 	      if (likely (elf->state.elf64.shdr[cnt].sh_offset < maxsize)
    464 		  && likely (elf->state.elf64.shdr[cnt].sh_size
    465 			     <= maxsize - elf->state.elf64.shdr[cnt].sh_offset))
    466 		elf->state.elf64.scns.data[cnt].rawdata_base =
    467 		  elf->state.elf64.scns.data[cnt].data_base =
    468 		  ((char *) map_address + offset
    469 		   + elf->state.elf64.shdr[cnt].sh_offset);
    470 	      elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
    471 
    472 	      /* If this is a section with an extended index add a
    473 		 reference in the section which uses the extended
    474 		 index.  */
    475 	      if (elf->state.elf64.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
    476 		  && elf->state.elf64.shdr[cnt].sh_link < scncnt)
    477 		elf->state.elf64.scns.data[elf->state.elf64.shdr[cnt].sh_link].shndx_index
    478 		  = cnt;
    479 
    480 	      /* Set the own shndx_index field in case it has not yet
    481 		 been set.  */
    482 	      if (elf->state.elf64.scns.data[cnt].shndx_index == 0)
    483 		elf->state.elf64.scns.data[cnt].shndx_index = -1;
    484 	    }
    485 	}
    486       else
    487 	{
    488 	  for (size_t cnt = 0; cnt < scncnt; ++cnt)
    489 	    {
    490 	      elf->state.elf64.scns.data[cnt].index = cnt;
    491 	      elf->state.elf64.scns.data[cnt].elf = elf;
    492 	      elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
    493 	    }
    494 	}
    495 
    496       /* So far only one block with sections.  */
    497       elf->state.elf64.scns_last = &elf->state.elf64.scns;
    498     }
    499 
    500   return elf;
    501 }
    502 
    503 
    504 Elf *
    505 internal_function
    506 __libelf_read_mmaped_file (int fildes, void *map_address,  off_t offset,
    507 			   size_t maxsize, Elf_Cmd cmd, Elf *parent)
    508 {
    509   /* We have to find out what kind of file this is.  We handle ELF
    510      files and archives.  To find out what we have we must look at the
    511      header.  The header for an ELF file is EI_NIDENT bytes in size,
    512      the header for an archive file SARMAG bytes long.  */
    513   unsigned char *e_ident = (unsigned char *) map_address + offset;
    514 
    515   /* See what kind of object we have here.  */
    516   Elf_Kind kind = determine_kind (e_ident, maxsize);
    517 
    518   switch (kind)
    519     {
    520     case ELF_K_ELF:
    521       return file_read_elf (fildes, map_address, e_ident, offset, maxsize,
    522 			    cmd, parent);
    523 
    524     case ELF_K_AR:
    525       return file_read_ar (fildes, map_address, offset, maxsize, cmd, parent);
    526 
    527     default:
    528       break;
    529     }
    530 
    531   /* This case is easy.  Since we cannot do anything with this file
    532      create a dummy descriptor.  */
    533   return allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
    534 		       ELF_K_NONE, 0);
    535 }
    536 
    537 
    538 static Elf *
    539 read_unmmaped_file (int fildes, off_t offset, size_t maxsize, Elf_Cmd cmd,
    540 		    Elf *parent)
    541 {
    542   /* We have to find out what kind of file this is.  We handle ELF
    543      files and archives.  To find out what we have we must read the
    544      header.  The identification header for an ELF file is EI_NIDENT
    545      bytes in size, but we read the whole ELF header since we will
    546      need it anyway later.  For archives the header in SARMAG bytes
    547      long.  Read the maximum of these numbers.
    548 
    549      XXX We have to change this for the extended `ar' format some day.
    550 
    551      Use a union to ensure alignment.  We might later access the
    552      memory as a ElfXX_Ehdr.  */
    553   union
    554   {
    555     Elf64_Ehdr ehdr;
    556     unsigned char header[MAX (sizeof (Elf64_Ehdr), SARMAG)];
    557   } mem;
    558 
    559   /* Read the head of the file.  */
    560   ssize_t nread = pread_retry (fildes, mem.header,
    561 			       MIN (MAX (sizeof (Elf64_Ehdr), SARMAG),
    562 				    maxsize),
    563 			       offset);
    564   if (unlikely (nread == -1))
    565     {
    566       /* We cannot even read the head of the file.  Maybe FILDES is associated
    567 	 with an unseekable device.  This is nothing we can handle.  */
    568       __libelf_seterrno (ELF_E_INVALID_FILE);
    569       return NULL;
    570     }
    571 
    572   /* See what kind of object we have here.  */
    573   Elf_Kind kind = determine_kind (mem.header, nread);
    574 
    575   switch (kind)
    576     {
    577     case ELF_K_AR:
    578       return file_read_ar (fildes, NULL, offset, maxsize, cmd, parent);
    579 
    580     case ELF_K_ELF:
    581       /* Make sure at least the ELF header is contained in the file.  */
    582       if ((size_t) nread >= (mem.header[EI_CLASS] == ELFCLASS32
    583 			     ? sizeof (Elf32_Ehdr) : sizeof (Elf64_Ehdr)))
    584 	return file_read_elf (fildes, NULL, mem.header, offset, maxsize, cmd,
    585 			      parent);
    586       /* FALLTHROUGH */
    587 
    588     default:
    589       break;
    590     }
    591 
    592   /* This case is easy.  Since we cannot do anything with this file
    593      create a dummy descriptor.  */
    594   return allocate_elf (fildes, NULL, offset, maxsize, cmd, parent,
    595 		       ELF_K_NONE, 0);
    596 }
    597 
    598 
    599 /* Open a file for reading.  If possible we will try to mmap() the file.  */
    600 static struct Elf *
    601 read_file (int fildes, off_t offset, size_t maxsize,
    602 	   Elf_Cmd cmd, Elf *parent)
    603 {
    604   void *map_address = NULL;
    605   int use_mmap = (cmd == ELF_C_READ_MMAP || cmd == ELF_C_RDWR_MMAP
    606 		  || cmd == ELF_C_WRITE_MMAP
    607 		  || cmd == ELF_C_READ_MMAP_PRIVATE);
    608 
    609   if (use_mmap)
    610     {
    611       if (parent == NULL)
    612 	{
    613 	  if (maxsize == ~((size_t) 0))
    614 	    {
    615 	      /* We don't know in the moment how large the file is.
    616 		 Determine it now.  */
    617 	      struct stat st;
    618 
    619 	      if (fstat (fildes, &st) == 0
    620 		  && (sizeof (size_t) >= sizeof (st.st_size)
    621 		      || st.st_size <= ~((size_t) 0)))
    622 		maxsize = (size_t) st.st_size;
    623 	    }
    624 
    625 	  /* We try to map the file ourself.  */
    626 	  map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP
    627 					      ? PROT_READ
    628 					      : PROT_READ|PROT_WRITE),
    629 			      cmd == ELF_C_READ_MMAP_PRIVATE
    630 			      || cmd == ELF_C_READ_MMAP
    631 			      ? MAP_PRIVATE : MAP_SHARED,
    632 			      fildes, offset);
    633 
    634 	  if (map_address == MAP_FAILED)
    635 	    map_address = NULL;
    636 	}
    637       else
    638 	{
    639 	  /* The parent is already loaded.  Use it.  */
    640 	  assert (maxsize != ~((size_t) 0));
    641 
    642 	  map_address = parent->map_address;
    643 	}
    644     }
    645 
    646   /* If we have the file in memory optimize the access.  */
    647   if (map_address != NULL)
    648     {
    649       assert (map_address != MAP_FAILED);
    650 
    651       struct Elf *result = __libelf_read_mmaped_file (fildes, map_address,
    652 						      offset, maxsize, cmd,
    653 						      parent);
    654 
    655       /* If something went wrong during the initialization unmap the
    656 	 memory if we mmaped here.  */
    657       if (result == NULL
    658 	  && (parent == NULL
    659 	      || parent->map_address != map_address))
    660 	munmap (map_address, maxsize);
    661       else if (parent == NULL)
    662 	/* Remember that we mmap()ed the memory.  */
    663 	result->flags |= ELF_F_MMAPPED;
    664 
    665       return result;
    666     }
    667 
    668   /* Otherwise we have to do it the hard way.  We read as much as necessary
    669      from the file whenever we need information which is not available.  */
    670   return read_unmmaped_file (fildes, offset, maxsize, cmd, parent);
    671 }
    672 
    673 
    674 /* Find the entry with the long names for the content of this archive.  */
    675 static const char *
    676 read_long_names (Elf *elf)
    677 {
    678   off_t offset = SARMAG;	/* This is the first entry.  */
    679   struct ar_hdr hdrm;
    680   struct ar_hdr *hdr;
    681   char *newp;
    682   size_t len;
    683 
    684   while (1)
    685     {
    686       if (elf->map_address != NULL)
    687 	{
    688 	  if ((size_t) offset > elf->maximum_size
    689 	      || elf->maximum_size - offset < sizeof (struct ar_hdr))
    690 	    return NULL;
    691 
    692 	  /* The data is mapped.  */
    693 	  hdr = (struct ar_hdr *) (elf->map_address + offset);
    694 	}
    695       else
    696 	{
    697 	  /* Read the header from the file.  */
    698 	  if (unlikely (pread_retry (elf->fildes, &hdrm, sizeof (hdrm),
    699 				     elf->start_offset + offset)
    700 			!= sizeof (hdrm)))
    701 	    return NULL;
    702 
    703 	  hdr = &hdrm;
    704 	}
    705 
    706       len = atol (hdr->ar_size);
    707 
    708       if (memcmp (hdr->ar_name, "//              ", 16) == 0)
    709 	break;
    710 
    711       offset += sizeof (struct ar_hdr) + ((len + 1) & ~1l);
    712     }
    713 
    714   /* Due to the stupid format of the long name table entry (which are not
    715      NUL terminted) we have to provide an appropriate representation anyhow.
    716      Therefore we always make a copy which has the appropriate form.  */
    717   newp = (char *) malloc (len);
    718   if (newp != NULL)
    719     {
    720       char *runp;
    721 
    722       if (elf->map_address != NULL)
    723 	{
    724 	  if (len > elf->maximum_size - offset - sizeof (struct ar_hdr))
    725 	    goto too_much;
    726 	  /* Simply copy it over.  */
    727 	  elf->state.ar.long_names = (char *) memcpy (newp,
    728 						      elf->map_address + offset
    729 						      + sizeof (struct ar_hdr),
    730 						      len);
    731 	}
    732       else
    733 	{
    734 	  if (unlikely ((size_t) pread_retry (elf->fildes, newp, len,
    735 					      elf->start_offset + offset
    736 					      + sizeof (struct ar_hdr))
    737 			!= len))
    738 	    {
    739 	    too_much:
    740 	      /* We were not able to read all data.  */
    741 	      free (newp);
    742 	      elf->state.ar.long_names = NULL;
    743 	      return NULL;
    744 	    }
    745 	  elf->state.ar.long_names = newp;
    746 	}
    747 
    748       elf->state.ar.long_names_len = len;
    749 
    750       /* Now NUL-terminate the strings.  */
    751       runp = newp;
    752       while (1)
    753         {
    754 	  char *startp = runp;
    755 	  runp = (char *) memchr (runp, '/', newp + len - runp);
    756 	  if (runp == NULL)
    757 	    {
    758 	      /* This was the last entry.  Clear any left overs.  */
    759 	      memset (startp, '\0', newp + len - startp);
    760 	      break;
    761 	    }
    762 
    763 	  /* NUL-terminate the string.  */
    764 	  *runp++ = '\0';
    765 
    766 	  /* A sanity check.  Somebody might have generated invalid
    767 	     archive.  */
    768 	  if (runp >= newp + len)
    769 	    break;
    770 	}
    771     }
    772 
    773   return newp;
    774 }
    775 
    776 
    777 /* Read the next archive header.  */
    778 int
    779 internal_function
    780 __libelf_next_arhdr_wrlock (Elf *elf)
    781 {
    782   struct ar_hdr *ar_hdr;
    783   Elf_Arhdr *elf_ar_hdr;
    784 
    785   if (elf->map_address != NULL)
    786     {
    787       /* See whether this entry is in the file.  */
    788       if (unlikely ((size_t) elf->state.ar.offset
    789 		    > elf->start_offset + elf->maximum_size
    790 		    || (elf->start_offset + elf->maximum_size
    791 			- elf->state.ar.offset) < sizeof (struct ar_hdr)))
    792 	{
    793 	  /* This record is not anymore in the file.  */
    794 	  __libelf_seterrno (ELF_E_RANGE);
    795 	  return -1;
    796 	}
    797       ar_hdr = (struct ar_hdr *) (elf->map_address + elf->state.ar.offset);
    798     }
    799   else
    800     {
    801       ar_hdr = &elf->state.ar.ar_hdr;
    802 
    803       if (unlikely (pread_retry (elf->fildes, ar_hdr, sizeof (struct ar_hdr),
    804 				 elf->state.ar.offset)
    805 		    != sizeof (struct ar_hdr)))
    806 	{
    807 	  /* Something went wrong while reading the file.  */
    808 	  __libelf_seterrno (ELF_E_RANGE);
    809 	  return -1;
    810 	}
    811     }
    812 
    813   /* One little consistency check.  */
    814   if (unlikely (memcmp (ar_hdr->ar_fmag, ARFMAG, 2) != 0))
    815     {
    816       /* This is no valid archive.  */
    817       __libelf_seterrno (ELF_E_ARCHIVE_FMAG);
    818       return -1;
    819     }
    820 
    821   /* Copy the raw name over to a NUL terminated buffer.  */
    822   *((char *) mempcpy (elf->state.ar.raw_name, ar_hdr->ar_name, 16)) = '\0';
    823 
    824   elf_ar_hdr = &elf->state.ar.elf_ar_hdr;
    825 
    826   /* Now convert the `struct ar_hdr' into `Elf_Arhdr'.
    827      Determine whether this is a special entry.  */
    828   if (ar_hdr->ar_name[0] == '/')
    829     {
    830       if (ar_hdr->ar_name[1] == ' '
    831 	  && memcmp (ar_hdr->ar_name, "/               ", 16) == 0)
    832 	/* This is the index.  */
    833 	elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/", 2);
    834       else if (ar_hdr->ar_name[1] == 'S'
    835 	       && memcmp (ar_hdr->ar_name, "/SYM64/         ", 16) == 0)
    836 	/* 64-bit index.  */
    837 	elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/SYM64/", 8);
    838       else if (ar_hdr->ar_name[1] == '/'
    839 	       && memcmp (ar_hdr->ar_name, "//              ", 16) == 0)
    840 	/* This is the array with the long names.  */
    841 	elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "//", 3);
    842       else if (likely  (isdigit (ar_hdr->ar_name[1])))
    843 	{
    844 	  size_t offset;
    845 
    846 	  /* This is a long name.  First we have to read the long name
    847 	     table, if this hasn't happened already.  */
    848 	  if (unlikely (elf->state.ar.long_names == NULL
    849 			&& read_long_names (elf) == NULL))
    850 	    {
    851 	      /* No long name table although it is reference.  The archive is
    852 		 broken.  */
    853 	      __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    854 	      return -1;
    855 	    }
    856 
    857 	  offset = atol (ar_hdr->ar_name + 1);
    858 	  if (unlikely (offset >= elf->state.ar.long_names_len))
    859 	    {
    860 	      /* The index in the long name table is larger than the table.  */
    861 	      __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    862 	      return -1;
    863 	    }
    864 	  elf_ar_hdr->ar_name = elf->state.ar.long_names + offset;
    865 	}
    866       else
    867 	{
    868 	  /* This is none of the known special entries.  */
    869 	  __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    870 	  return -1;
    871 	}
    872     }
    873   else
    874     {
    875       char *endp;
    876 
    877       /* It is a normal entry.  Copy over the name.  */
    878       endp = (char *) memccpy (elf->state.ar.ar_name, ar_hdr->ar_name,
    879 			       '/', 16);
    880       if (endp != NULL)
    881 	endp[-1] = '\0';
    882       else
    883 	{
    884 	  /* In the old BSD style of archive, there is no / terminator.
    885 	     Instead, there is space padding at the end of the name.  */
    886 	  size_t i = 15;
    887 	  do
    888 	    elf->state.ar.ar_name[i] = '\0';
    889 	  while (i > 0 && elf->state.ar.ar_name[--i] == ' ');
    890 	}
    891 
    892       elf_ar_hdr->ar_name = elf->state.ar.ar_name;
    893     }
    894 
    895   if (unlikely (ar_hdr->ar_size[0] == ' '))
    896     /* Something is really wrong.  We cannot live without a size for
    897        the member since it will not be possible to find the next
    898        archive member.  */
    899     {
    900       __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    901       return -1;
    902     }
    903 
    904   /* Since there are no specialized functions to convert ASCII to
    905      time_t, uid_t, gid_t, mode_t, and off_t we use either atol or
    906      atoll depending on the size of the types.  We are also prepared
    907      for the case where the whole field in the `struct ar_hdr' is
    908      filled in which case we cannot simply use atol/l but instead have
    909      to create a temporary copy.  */
    910 
    911 #define INT_FIELD(FIELD)						      \
    912   do									      \
    913     {									      \
    914       char buf[sizeof (ar_hdr->FIELD) + 1];				      \
    915       const char *string = ar_hdr->FIELD;				      \
    916       if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ')		      \
    917 	{								      \
    918 	  *((char *) mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD)))  \
    919 	    = '\0';							      \
    920 	  string = buf;							      \
    921 	}								      \
    922       if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int))		      \
    923 	elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atol (string);     \
    924       else								      \
    925 	elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atoll (string);    \
    926     }									      \
    927   while (0)
    928 
    929   INT_FIELD (ar_date);
    930   INT_FIELD (ar_uid);
    931   INT_FIELD (ar_gid);
    932   INT_FIELD (ar_mode);
    933   INT_FIELD (ar_size);
    934 
    935   if (elf_ar_hdr->ar_size < 0)
    936     {
    937       __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
    938       return -1;
    939     }
    940 
    941   /* Truncated file?  */
    942   size_t maxsize;
    943   maxsize = (elf->start_offset + elf->maximum_size
    944 	     - elf->state.ar.offset - sizeof (struct ar_hdr));
    945   if ((size_t) elf_ar_hdr->ar_size > maxsize)
    946     elf_ar_hdr->ar_size = maxsize;
    947 
    948   return 0;
    949 }
    950 
    951 
    952 /* We were asked to return a clone of an existing descriptor.  This
    953    function must be called with the lock on the parent descriptor
    954    being held. */
    955 static Elf *
    956 dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
    957 {
    958   struct Elf *result;
    959 
    960   if (fildes == -1)
    961     /* Allow the user to pass -1 as the file descriptor for the new file.  */
    962     fildes = ref->fildes;
    963   /* The file descriptor better should be the same.  If it was disconnected
    964      already (using `elf_cntl') we do not test it.  */
    965   else if (unlikely (ref->fildes != -1 && fildes != ref->fildes))
    966     {
    967       __libelf_seterrno (ELF_E_FD_MISMATCH);
    968       return NULL;
    969     }
    970 
    971   /* The mode must allow reading.  I.e., a descriptor creating with a
    972      command different then ELF_C_READ, ELF_C_WRITE and ELF_C_RDWR is
    973      not allowed.  */
    974   if (unlikely (ref->cmd != ELF_C_READ && ref->cmd != ELF_C_READ_MMAP
    975 		&& ref->cmd != ELF_C_WRITE && ref->cmd != ELF_C_WRITE_MMAP
    976 		&& ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
    977 		&& ref->cmd != ELF_C_READ_MMAP_PRIVATE))
    978     {
    979       __libelf_seterrno (ELF_E_INVALID_OP);
    980       return NULL;
    981     }
    982 
    983   /* Now it is time to distinguish between reading normal files and
    984      archives.  Normal files can easily be handled be incrementing the
    985      reference counter and return the same descriptor.  */
    986   if (ref->kind != ELF_K_AR)
    987     {
    988       ++ref->ref_count;
    989       return ref;
    990     }
    991 
    992   /* This is an archive.  We must create a descriptor for the archive
    993      member the internal pointer of the archive file desriptor is
    994      pointing to.  First read the header of the next member if this
    995      has not happened already.  */
    996   if (ref->state.ar.elf_ar_hdr.ar_name == NULL
    997       && __libelf_next_arhdr_wrlock (ref) != 0)
    998     /* Something went wrong.  Maybe there is no member left.  */
    999     return NULL;
   1000 
   1001   /* We have all the information we need about the next archive member.
   1002      Now create a descriptor for it.  */
   1003   result = read_file (fildes, ref->state.ar.offset + sizeof (struct ar_hdr),
   1004 		      ref->state.ar.elf_ar_hdr.ar_size, cmd, ref);
   1005 
   1006   /* Enlist this new descriptor in the list of children.  */
   1007   if (result != NULL)
   1008     {
   1009       result->next = ref->state.ar.children;
   1010       ref->state.ar.children = result;
   1011     }
   1012 
   1013   return result;
   1014 }
   1015 
   1016 
   1017 /* Return desriptor for empty file ready for writing.  */
   1018 static struct Elf *
   1019 write_file (int fd, Elf_Cmd cmd)
   1020 {
   1021   /* We simply create an empty `Elf' structure.  */
   1022 #define NSCNSALLOC	10
   1023   Elf *result = allocate_elf (fd, NULL, 0, 0, cmd, NULL, ELF_K_ELF,
   1024 			      NSCNSALLOC * sizeof (Elf_Scn));
   1025 
   1026   if (result != NULL)
   1027     {
   1028       /* We have to write to the file in any case.  */
   1029       result->flags = ELF_F_DIRTY;
   1030 
   1031       /* Some more or less arbitrary value.  */
   1032       result->state.elf.scnincr = NSCNSALLOC;
   1033 
   1034       /* We have allocated room for some sections.  */
   1035       assert (offsetof (struct Elf, state.elf32.scns)
   1036 	      == offsetof (struct Elf, state.elf64.scns));
   1037       result->state.elf.scns_last = &result->state.elf32.scns;
   1038       result->state.elf32.scns.max = NSCNSALLOC;
   1039     }
   1040 
   1041   return result;
   1042 }
   1043 
   1044 /* Lock if necessary before dup an archive.  */
   1045 static inline Elf *
   1046 lock_dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
   1047 {
   1048   /* We need wrlock to dup an archive.  */
   1049   if (ref->kind == ELF_K_AR)
   1050     {
   1051       rwlock_unlock (ref->lock);
   1052       rwlock_wrlock (ref->lock);
   1053     }
   1054     /* Duplicate the descriptor.  */
   1055   return dup_elf (fildes, cmd, ref);
   1056 }
   1057 
   1058 /* Return a descriptor for the file belonging to FILDES.  */
   1059 Elf *
   1060 elf_begin (int fildes, Elf_Cmd cmd, Elf *ref)
   1061 {
   1062   Elf *retval;
   1063 
   1064   if (unlikely (! __libelf_version_initialized))
   1065     {
   1066       /* Version wasn't set so far.  */
   1067       __libelf_seterrno (ELF_E_NO_VERSION);
   1068       return NULL;
   1069     }
   1070 
   1071   if (ref != NULL)
   1072     /* Make sure the descriptor is not suddenly going away.  */
   1073     rwlock_rdlock (ref->lock);
   1074   else if (unlikely (fcntl (fildes, F_GETFL) == -1 && errno == EBADF))
   1075     {
   1076       /* We cannot do anything productive without a file descriptor.  */
   1077       __libelf_seterrno (ELF_E_INVALID_FILE);
   1078       return NULL;
   1079     }
   1080 
   1081   switch (cmd)
   1082     {
   1083     case ELF_C_NULL:
   1084       /* We simply return a NULL pointer.  */
   1085       retval = NULL;
   1086       break;
   1087 
   1088     case ELF_C_READ_MMAP_PRIVATE:
   1089       /* If we have a reference it must also be opened this way.  */
   1090       if (unlikely (ref != NULL && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
   1091 	{
   1092 	  __libelf_seterrno (ELF_E_INVALID_CMD);
   1093 	  retval = NULL;
   1094 	  break;
   1095 	}
   1096       /* FALLTHROUGH */
   1097 
   1098     case ELF_C_READ:
   1099     case ELF_C_READ_MMAP:
   1100       if (ref != NULL)
   1101 	retval = lock_dup_elf (fildes, cmd, ref);
   1102       else
   1103 	/* Create descriptor for existing file.  */
   1104 	retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
   1105       break;
   1106 
   1107     case ELF_C_RDWR:
   1108     case ELF_C_RDWR_MMAP:
   1109       /* If we have a REF object it must also be opened using this
   1110 	 command.  */
   1111       if (ref != NULL)
   1112 	{
   1113 	  if (unlikely (ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
   1114 			&& ref->cmd != ELF_C_WRITE
   1115 			&& ref->cmd != ELF_C_WRITE_MMAP))
   1116 	    {
   1117 	      /* This is not ok.  REF must also be opened for writing.  */
   1118 	      __libelf_seterrno (ELF_E_INVALID_CMD);
   1119 	      retval = NULL;
   1120 	    }
   1121 	  else
   1122 	    retval = lock_dup_elf (fildes, cmd, ref);
   1123 	}
   1124       else
   1125 	/* Create descriptor for existing file.  */
   1126 	retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
   1127       break;
   1128 
   1129     case ELF_C_WRITE:
   1130     case ELF_C_WRITE_MMAP:
   1131       /* We ignore REF and prepare a descriptor to write a new file.  */
   1132       retval = write_file (fildes, cmd);
   1133       break;
   1134 
   1135     default:
   1136       __libelf_seterrno (ELF_E_INVALID_CMD);
   1137       retval = NULL;
   1138       break;
   1139     }
   1140 
   1141   /* Release the lock.  */
   1142   if (ref != NULL)
   1143     rwlock_unlock (ref->lock);
   1144 
   1145   return retval;
   1146 }
   1147 INTDEF(elf_begin)
   1148