PR25569, PDP11 ld -s clobbers last data byte

This patch fixes an ancient wart in aout support, in that text and
data section sizes are rounded up for alignment rather that just the
corresponding header sizes.  Changing section sizes could conceivably
result in buffer overflows if section contents were held in memory.
Also, keeping the original section sizes allows this PR to be fixed
nicely.

bfd/
	PR 25569
	* aoutx.h (adjust_o_magic, adjust_z_magic, adjust_n_magic): Use
	"text", "data" and "bss" section pointer vars.  Don't update
	section size, just exec header sizes.
	(adjust_sizes_and_vmas): Don't update text section size.  Set
	initial exec header a_text.  Print exec headers sizes.
	* pdp11.c (adjust_o_magic, adjust_z_magic, adjust_n_magic),
	(adjust_sizes_and_vmas): Similarly.  Formatting.
	(final_link): Correct final file extension.
gas/
	PR 25569
	* config/obj-aout.c (obj_aout_frob_file_before_fix): Don't loop
	on section size adjustment, instead perform another write if
	exec header size is larger than section size.

1 files changed, 84 insertions, 95 deletions

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index b843357b091..fef75e54525 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -891,57 +891,56 @@ adjust_o_magic (bfd *abfd, struct internal_exec *execp)
   file_ptr pos = adata (abfd).exec_bytes_size;
   bfd_vma vma = 0;
   int pad = 0;
+  asection *text = obj_textsec (abfd);
+  asection *data = obj_datasec (abfd);
+  asection *bss = obj_bsssec (abfd);
 
   /* Text.  */
-  obj_textsec (abfd)->filepos = pos;
-  if (!obj_textsec (abfd)->user_set_vma)
-    obj_textsec (abfd)->vma = vma;
+  text->filepos = pos;
+  if (!text->user_set_vma)
+    text->vma = vma;
   else
-    vma = obj_textsec (abfd)->vma;
+    vma = text->vma;
 
-  pos += obj_textsec (abfd)->size;
-  vma += obj_textsec (abfd)->size;
+  pos += execp->a_text;
+  vma += execp->a_text;
 
   /* Data.  */
-  if (!obj_datasec (abfd)->user_set_vma)
+  if (!data->user_set_vma)
     {
-      obj_textsec (abfd)->size += pad;
       pos += pad;
       vma += pad;
-      obj_datasec (abfd)->vma = vma;
+      data->vma = vma;
     }
   else
-    vma = obj_datasec (abfd)->vma;
-  obj_datasec (abfd)->filepos = pos;
-  pos += obj_datasec (abfd)->size;
-  vma += obj_datasec (abfd)->size;
+    vma = data->vma;
+  execp->a_text += pad;
+
+  data->filepos = pos;
+  pos += data->size;
+  vma += data->size;
 
   /* BSS.  */
-  if (!obj_bsssec (abfd)->user_set_vma)
+  if (!bss->user_set_vma)
     {
-      obj_datasec (abfd)->size += pad;
       pos += pad;
       vma += pad;
-      obj_bsssec (abfd)->vma = vma;
+      bss->vma = vma;
     }
   else
     {
       /* The VMA of the .bss section is set by the VMA of the
 	 .data section plus the size of the .data section.  We may
 	 need to add padding bytes to make this true.  */
-      pad = obj_bsssec (abfd)->vma - vma;
-      if (pad > 0)
-	{
-	  obj_datasec (abfd)->size += pad;
-	  pos += pad;
-	}
+      pad = bss->vma - vma;
+      if (pad < 0)
+	pad = 0;
+      pos += pad;
     }
-  obj_bsssec (abfd)->filepos = pos;
+  execp->a_data = data->size + pad;
+  bss->filepos = pos;
+  execp->a_bss = bss->size;
 
-  /* Fix up the exec header.  */
-  execp->a_text = obj_textsec (abfd)->size;
-  execp->a_data = obj_datasec (abfd)->size;
-  execp->a_bss = obj_bsssec (abfd)->size;
   N_SET_MAGIC (execp, OMAGIC);
 }
 
@@ -953,6 +952,9 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
   const struct aout_backend_data *abdp;
   /* TRUE if text includes exec header.  */
   bfd_boolean ztih;
+  asection *text = obj_textsec (abfd);
+  asection *data = obj_datasec (abfd);
+  asection *bss = obj_bsssec (abfd);
 
   abdp = aout_backend_info (abfd);
 
@@ -960,18 +962,17 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
   ztih = (abdp != NULL
 	  && (abdp->text_includes_header
 	      || obj_aout_subformat (abfd) == q_magic_format));
-  obj_textsec (abfd)->filepos = (ztih
-				 ? adata (abfd).exec_bytes_size
-				 : adata (abfd).zmagic_disk_block_size);
-  if (! obj_textsec (abfd)->user_set_vma)
+  text->filepos = (ztih
+		   ? adata (abfd).exec_bytes_size
+		   : adata (abfd).zmagic_disk_block_size);
+  if (!text->user_set_vma)
     {
       /* ?? Do we really need to check for relocs here?  */
-      obj_textsec (abfd)->vma = ((abfd->flags & HAS_RELOC)
-				 ? 0
-				 : (ztih
-				    ? (abdp->default_text_vma
-				       + adata (abfd).exec_bytes_size)
-				    : abdp->default_text_vma));
+      text->vma = ((abfd->flags & HAS_RELOC)
+		   ? 0
+		   : (ztih
+		      ? abdp->default_text_vma + adata (abfd).exec_bytes_size
+		      : abdp->default_text_vma));
       text_pad = 0;
     }
   else
@@ -980,17 +981,17 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
 	 may need to pad it such that the .data section starts at a page
 	 boundary.  */
       if (ztih)
-	text_pad = ((obj_textsec (abfd)->filepos - obj_textsec (abfd)->vma)
+	text_pad = ((text->filepos - text->vma)
 		    & (adata (abfd).page_size - 1));
       else
-	text_pad = ((- obj_textsec (abfd)->vma)
+	text_pad = (-text->vma
 		    & (adata (abfd).page_size - 1));
     }
 
   /* Find start of data.  */
   if (ztih)
     {
-      text_end = obj_textsec (abfd)->filepos + obj_textsec (abfd)->size;
+      text_end = text->filepos + execp->a_text;
       text_pad += BFD_ALIGN (text_end, adata (abfd).page_size) - text_end;
     }
   else
@@ -998,36 +999,30 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
       /* Note that if page_size == zmagic_disk_block_size, then
 	 filepos == page_size, and this case is the same as the ztih
 	 case.  */
-      text_end = obj_textsec (abfd)->size;
+      text_end = execp->a_text;
       text_pad += BFD_ALIGN (text_end, adata (abfd).page_size) - text_end;
-      text_end += obj_textsec (abfd)->filepos;
+      text_end += text->filepos;
     }
-  obj_textsec (abfd)->size += text_pad;
-  text_end += text_pad;
+  execp->a_text += text_pad;
 
   /* Data.  */
-  if (!obj_datasec (abfd)->user_set_vma)
+  if (!data->user_set_vma)
     {
       bfd_vma vma;
-      vma = obj_textsec (abfd)->vma + obj_textsec (abfd)->size;
-      obj_datasec (abfd)->vma = BFD_ALIGN (vma, adata (abfd).segment_size);
+      vma = text->vma + execp->a_text;
+      data->vma = BFD_ALIGN (vma, adata (abfd).segment_size);
     }
   if (abdp && abdp->zmagic_mapped_contiguous)
     {
-      asection * text = obj_textsec (abfd);
-      asection * data = obj_datasec (abfd);
-
-      text_pad = data->vma - (text->vma + text->size);
+      text_pad = data->vma - (text->vma + execp->a_text);
       /* Only pad the text section if the data
 	 section is going to be placed after it.  */
       if (text_pad > 0)
-	text->size += text_pad;
+	execp->a_text += text_pad;
     }
-  obj_datasec (abfd)->filepos = (obj_textsec (abfd)->filepos
-				 + obj_textsec (abfd)->size);
+  data->filepos = text->filepos + execp->a_text;
 
   /* Fix up exec header while we're at it.  */
-  execp->a_text = obj_textsec (abfd)->size;
   if (ztih && (!abdp || (abdp && !abdp->exec_header_not_counted)))
     execp->a_text += adata (abfd).exec_bytes_size;
   if (obj_aout_subformat (abfd) == q_magic_format)
@@ -1036,17 +1031,13 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
     N_SET_MAGIC (execp, ZMAGIC);
 
   /* Spec says data section should be rounded up to page boundary.  */
-  obj_datasec (abfd)->size
-    = align_power (obj_datasec (abfd)->size,
-		   obj_bsssec (abfd)->alignment_power);
-  execp->a_data = BFD_ALIGN (obj_datasec (abfd)->size,
-			     adata (abfd).page_size);
-  data_pad = execp->a_data - obj_datasec (abfd)->size;
+  execp->a_data = align_power (data->size, bss->alignment_power);
+  execp->a_data = BFD_ALIGN (execp->a_data, adata (abfd).page_size);
+  data_pad = execp->a_data - data->size;
 
   /* BSS.  */
-  if (!obj_bsssec (abfd)->user_set_vma)
-    obj_bsssec (abfd)->vma = (obj_datasec (abfd)->vma
-			      + obj_datasec (abfd)->size);
+  if (!bss->user_set_vma)
+    bss->vma = data->vma + execp->a_data;
   /* If the BSS immediately follows the data section and extra space
      in the page is left after the data section, fudge data
      in the header so that the bss section looks smaller by that
@@ -1054,12 +1045,10 @@ adjust_z_magic (bfd *abfd, struct internal_exec *execp)
      (Note that a linker script, as well as the above assignment,
      could have explicitly set the BSS vma to immediately follow
      the data section.)  */
-  if (align_power (obj_bsssec (abfd)->vma, obj_bsssec (abfd)->alignment_power)
-      == obj_datasec (abfd)->vma + obj_datasec (abfd)->size)
-    execp->a_bss = (data_pad > obj_bsssec (abfd)->size
-		    ? 0 : obj_bsssec (abfd)->size - data_pad);
+  if (align_power (bss->vma, bss->alignment_power) == data->vma + execp->a_data)
+    execp->a_bss = data_pad > bss->size ? 0 : bss->size - data_pad;
   else
-    execp->a_bss = obj_bsssec (abfd)->size;
+    execp->a_bss = bss->size;
 }
 
 static void
@@ -1068,38 +1057,39 @@ adjust_n_magic (bfd *abfd, struct internal_exec *execp)
   file_ptr pos = adata (abfd).exec_bytes_size;
   bfd_vma vma = 0;
   int pad;
+  asection *text = obj_textsec (abfd);
+  asection *data = obj_datasec (abfd);
+  asection *bss = obj_bsssec (abfd);
 
   /* Text.  */
-  obj_textsec (abfd)->filepos = pos;
-  if (!obj_textsec (abfd)->user_set_vma)
-    obj_textsec (abfd)->vma = vma;
+  text->filepos = pos;
+  if (!text->user_set_vma)
+    text->vma = vma;
   else
-    vma = obj_textsec (abfd)->vma;
-  pos += obj_textsec (abfd)->size;
-  vma += obj_textsec (abfd)->size;
+    vma = text->vma;
+  pos += execp->a_text;
+  vma += execp->a_text;
 
   /* Data.  */
-  obj_datasec (abfd)->filepos = pos;
-  if (!obj_datasec (abfd)->user_set_vma)
-    obj_datasec (abfd)->vma = BFD_ALIGN (vma, adata (abfd).segment_size);
-  vma = obj_datasec (abfd)->vma;
+  data->filepos = pos;
+  if (!data->user_set_vma)
+    data->vma = BFD_ALIGN (vma, adata (abfd).segment_size);
+  vma = data->vma;
 
   /* Since BSS follows data immediately, see if it needs alignment.  */
-  vma += obj_datasec (abfd)->size;
-  pad = align_power (vma, obj_bsssec (abfd)->alignment_power) - vma;
-  obj_datasec (abfd)->size += pad;
-  pos += obj_datasec (abfd)->size;
+  vma += data->size;
+  pad = align_power (vma, bss->alignment_power) - vma;
+  execp->a_data = data->size + pad;
+  pos += execp->a_data;
 
   /* BSS.  */
-  if (!obj_bsssec (abfd)->user_set_vma)
-    obj_bsssec (abfd)->vma = vma;
+  if (!bss->user_set_vma)
+    bss->vma = vma;
   else
-    vma = obj_bsssec (abfd)->vma;
+    vma = bss->vma;
 
   /* Fix up exec header.  */
-  execp->a_text = obj_textsec (abfd)->size;
-  execp->a_data = obj_datasec (abfd)->size;
-  execp->a_bss = obj_bsssec (abfd)->size;
+  execp->a_bss = bss->size;
   N_SET_MAGIC (execp, NMAGIC);
 }
 
@@ -1114,9 +1104,8 @@ NAME (aout, adjust_sizes_and_vmas) (bfd *abfd)
   if (adata (abfd).magic != undecided_magic)
     return TRUE;
 
-  obj_textsec (abfd)->size =
-    align_power (obj_textsec (abfd)->size,
-		 obj_textsec (abfd)->alignment_power);
+  execp->a_text = align_power (obj_textsec (abfd)->size,
+			       obj_textsec (abfd)->alignment_power);
 
   /* Rule (heuristic) for when to pad to a new page.  Note that there
      are (at least) two ways demand-paged (ZMAGIC) files have been
@@ -1181,11 +1170,11 @@ NAME (aout, adjust_sizes_and_vmas) (bfd *abfd)
 
 #ifdef BFD_AOUT_DEBUG
   fprintf (stderr, "       text=<%x,%x,%x> data=<%x,%x,%x> bss=<%x,%x>\n",
-	   obj_textsec (abfd)->vma, obj_textsec (abfd)->size,
+	   obj_textsec (abfd)->vma, execp->a_text,
 		obj_textsec (abfd)->filepos,
-	   obj_datasec (abfd)->vma, obj_datasec (abfd)->size,
+	   obj_datasec (abfd)->vma, execp->a_data,
 		obj_datasec (abfd)->filepos,
-	   obj_bsssec (abfd)->vma, obj_bsssec (abfd)->size);
+	   obj_bsssec (abfd)->vma, execp->a_bss);
 #endif
 
   return TRUE;