Home Original page

[PATCH v10 09/28] readelf: dump Object Attributes v2

Jan Beulich jbeulich@suse.com
Tue Dec 9 16:04:13 GMT 2025 
On 20.11.2025 18:59, Matthieu Longo wrote:
> +/* Print out the raw attribute value.  It should be feasible to support custom
> +   formatters here for known tags that explain the interpretation of specific
> +   values.  */
> +static unsigned char *
> +display_aarch64_attribute (unsigned char *cursor,
> +			   const unsigned char *const end,
> +			   const oav2_known_tag_t *tag_info,
> +			   obj_attr_encoding_v2_t value_encoding)
> +{
> +  printf (_("    %s:	"), tag_info->name);

There's nothing translatable here.

> +static unsigned char *
> +display_attr_v2 (unsigned char *cursor,
> +		 const unsigned char *const end,
> +		 const oav2_known_subsection_t *subsec_info,
> +		 obj_attr_encoding_v2_t value_encoding,
> +		 display_arch_attr_t display_arch_attr)
> +{
> +  obj_attr_tag_t tag;
> +  READ_ULEB (tag, cursor, end);
> +
> +  const oav2_known_tag_t *tag_info = NULL;
> +  if (subsec_info != NULL)
> +    tag_info = oav2_identify_tag (subsec_info, tag);
> +
> +  if (tag_info != NULL)
> +    return display_arch_attr (cursor, end, tag_info, value_encoding);
> +
> +  printf (_("    Tag_unknown_%lu:	"), tag);

Nor here, I think.

> +static BufferReadOp_t
> +elf_parse_attrs_subsection_v2 (unsigned char *cursor,
> +			       const uint64_t max_read,
> +			       const char *public_name,
> +			       display_arch_attr_t display_arch_attr)
> +{
> +  BufferReadOp_t op = { .err = false, .read = 0 };
> +
> +  const uint32_t F_SUBSECTION_LEN = sizeof (uint32_t);
> +  const uint32_t F_SUBSECTION_COMPREHENSION = sizeof(uint8_t);
> +  const uint32_t F_SUBSECTION_ENCODING = sizeof(uint8_t);
> +  /* The minimum subsection length is 7: 4 bytes for the length itself, and 1
> +     byte for an empty NUL-terminated string, 1 byte for the comprehension,
> +     1 byte for the encoding, and no vendor-data.  */
> +  const uint32_t F_MIN_SUBSECTION_DATA_LEN
> +    = F_SUBSECTION_LEN + 1 /* for '\0' */
> +      + F_SUBSECTION_COMPREHENSION + F_SUBSECTION_ENCODING;
> +
> +  /* Handle cases where the attributes data is not strictly valid (e.g. due to
> +     fuzzing).  */
> +  if (max_read < F_MIN_SUBSECTION_DATA_LEN)
> +    {
> +      error (_("Object attributes section ends prematurely\n"));
> +      return op;
> +    }
> +
> +  uint32_t subsection_len = byte_get (cursor, F_SUBSECTION_LEN);
> +  op.read += F_SUBSECTION_LEN;
> +  cursor += F_SUBSECTION_LEN;
> +  if (subsection_len > max_read)
> +    {
> +      error (_("Bad subsection length: too big (%u > max=%lu)\n"),
> +	     subsection_len, max_read);
> +      /* Error, but still try to display the content until meeting a more
> +	 serious error.  */
> +      subsection_len = max_read;
> +      op.err = true;
> +    }
> +  else if (subsection_len < F_MIN_SUBSECTION_DATA_LEN)
> +    {
> +      error (_("Bad subsection length: too small (%u < min=%u)\n"),
> +	     subsection_len, F_MIN_SUBSECTION_DATA_LEN);
> +      /* Error, but still try to display the content until meeting a more
> +	 serious error.  */
> +      subsection_len = max_read;
> +      op.err = true;
> +    }
> +
> +  const size_t MAX_SUBSECTION_NAME_LEN
> +    = subsection_len - F_SUBSECTION_LEN
> +      - F_SUBSECTION_COMPREHENSION - F_SUBSECTION_ENCODING;
> +  size_t subsection_name_len
> +    = strnlen ((char *) cursor, MAX_SUBSECTION_NAME_LEN);
> +  if (subsection_name_len >= MAX_SUBSECTION_NAME_LEN)
> +    {
> +      error (_("Subsection name seems corrupted (missing '\\0')\n"));
> +      op.err = true;
> +      return op;
> +    }
> +  /* Note: if the length of the subsection name is 0 (i.e. the string is '\0'),
> +     it is still considered a valid name for dumping, and an empty string will
> +     be displayed.
> +     However, in practice, such a name would be unexploitable by the linker
> +     during the merge, thus the subsection would be dropped.  */
> +  subsection_name_len += 1;
> +
> +  /* Note: at this stage,
> +     1. the length of the subsection name is validated, as the presence of '\0'
> +	at the end of the string, so no risk of buffer overrun.
> +     2. the data for comprehension and encoding can also safely be read.  */
> +  unsigned char *const end = cursor + subsection_len - F_SUBSECTION_LEN;
> +  while (cursor < end)
> +    {
> +      const char *subsec_name = (const char *) cursor;
> +      printf (_(" - Name:	  %s\n"), subsec_name);
> +      /* The code below needs to be kept in sync with the code of
> +	 bfd_elf_obj_attr_subsection_v2_scope() in bfd/elf-attrs.c.  */
> +      size_t public_name_len = strlen (public_name);
> +      bool public_subsection
> +	= strncmp (subsec_name, public_name, public_name_len) == 0
> +	  && subsec_name[public_name_len] == '_';
> +      cursor += subsection_name_len;
> +      op.read += subsection_name_len;
> +
> +      printf (_("   Scope:	  %s\n"),
> +	      public_subsection ? "public" : "private");
> +      printf (_("   Length:	  %u\n"), subsection_len);
> +
> +      uint8_t optional;
> +      READ_ULEB (optional, cursor, end);
> +      op.read += 1;
> +
> +      if (optional > 1)
> +	{
> +	  error (_("Optional value seems corrupted, got %u but only"
> +		   " 0x0 (false) or 0x1 (true) are valid values."), optional);

Are the 0x prefixes of any real use here?

> +	  op.err = true;
> +	  op.read = subsection_len;
> +	  return op;
> +	}
> +
> +      printf (_("   Comprehension: %s\n"), optional ? "optional" : "required");
> +
> +      uint8_t value_encoding_raw;
> +      READ_ULEB (value_encoding_raw, cursor, end);
> +      op.read += 1;
> +      enum obj_attr_encoding_v2 value_encoding
> +	= obj_attr_encoding_v2_from_u8 (value_encoding_raw);
> +
> +      if (value_encoding > OA_ENC_MAX)
> +	{
> +	  error (_("Attribute type seems corrupted, got %u but only 0x0 (ULEB128)"
> +		   " or 0x1 (NTBS) are valid types."), value_encoding_raw);

Same here. Also (I'm pretty sure I said so before), please no further arguments
on the same line as a wrapped one.

Jan
More information about the Binutils mailing list