readelf: invalid error message triggered when last tag is an empty string

Disclaimer: this issue cannot occur with Object Attributes v1 (OAv1) while
using the GNU binutils because a value of '\0' (empty string) for a tag
with a string value is considered as the default value for the attribute,
and consequently is eliminated by gas from the output object file during
the serialization.

An empty string is a valid value for a NTBS tag in both OAv1 and OAv2 [1]
cases. However, contrarily to OAv1, a OAv2 subsection can be required and
so, tags in this subsection might have to be present even if the value is
the default. To comply with this requirement, the OAv2 serializer won't
drop the default values.

In the case where a NTBS tag has the value '\0' and is last in the object
attributes section, the current code in readelf used for dumping the object
attributes incorrectly detects an overflow, and prints out an error message
for a corrupted string tag.

This patch fixes the detection of the overflow so that it now accept an
empty string in the last tag of the object attributes section.

It also fixes the previous tests for the empty NTBS case and the non-null
terminated string one. The fix was also tested in the context of OAv2's
patch series [1] where the issue was originally detected. No regression
was found.

[1]: https://inbox.sourceware.org/binutils/20250509151319.88725-1-matthieu
     .longo@arm.com/

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 77a88bff032fb28b22de7cc54674bfcda9dd4121..f49092f11b98a190836eebf5f6ba347ec1566498 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -17779,13 +17779,17 @@ display_tag_value (signed int tag,
   else if (tag & 1)
     {
       /* PR 17531 file: 027-19978-0.004.  */
-      size_t maxlen = (end - p) - 1;
+      size_t maxlen = end - p;
 
       putchar ('"');
       if (maxlen > 0)
        {
+         maxlen -= 1; /* Remove \0 from the character count.  */
          print_symbol_name ((int) maxlen, (const char *) p);
-         p += strnlen ((char *) p, maxlen) + 1;
+         size_t len = strnlen ((char *) p, maxlen);
+         if (len == maxlen && p[maxlen] != '\0')
+           printf (_("<corrupt string tag>"));
+         p += len + 1;
        }
       else
        {

diff --git a/gas/testsuite/gas/arm/attr-empty-string.d b/gas/testsuite/gas/arm/attr-empty-string.d
index 3c6560c80a818d9a8445315a3ae904002f0ff1a8..b4a91418e8036722eab41ab7ca033a7ecf87febf 100644 (file)
--- a/gas/testsuite/gas/arm/attr-empty-string.d
+++ b/gas/testsuite/gas/arm/attr-empty-string.d
@@ -4,7 +4,6 @@
 # readelf: -T -A
 # This test is only valid on EABI based ports.
 # target: *-*-*eabi* *-*-nacl*
-# xfail: *
 
 Attribute Section: aeabi
 File Attributes

diff --git a/gas/testsuite/gas/arm/attr-non-null-terminated-string.d b/gas/testsuite/gas/arm/attr-non-null-terminated-string.d
index d079d14903e48dd92d898511fd08550b1de50f13..ac376a9ab9fe5bcaa0bbcce549cc7aefab63d488 100644 (file)
--- a/gas/testsuite/gas/arm/attr-non-null-terminated-string.d
+++ b/gas/testsuite/gas/arm/attr-non-null-terminated-string.d
@@ -6,4 +6,4 @@
 # readelf: --silent-truncation -A
 Attribute Section: aeabi
 File Attributes
-  Tag_CPU_raw_name: "ab"
+  Tag_CPU_raw_name: "ab<corrupt string tag>"