[Bug ld/12969] New: ld silently generates bad DLL when there are more than 65536 exports

Thu, 07 Jul 2011 05:28:52 -0700 

http://sourceware.org/bugzilla/show_bug.cgi?id=12969

           Summary: ld silently generates bad DLL when there are more than
                    65536 exports
           Product: binutils
           Version: 2.22 (HEAD)
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ld
        AssignedTo: unassig...@sources.redhat.com
        ReportedBy: batterseapo...@hotmail.com


(This was previously an email message to binutils-bugs at
http://lists.gnu.org/archive/html/bug-binutils/2011-07/msg00038.html, but I
didn't get a reply)

Windows DLLs use 16-bit ordinals to name exports, but when ld is told
to export more than 65536 exports from a DLL it does not fail.
Instead, it generates a broken DLL which correctly exports the
alphabetically-first 65k exports but also contains bogus "junk"
exports for the remaining exports.

At the very least, ld should error out rather than silently generating
a bad DLL.

Proposed patch:

"""
--- ld-old/pe-dll.c     2011-07-04 15:16:56.050491400 +0100
+++ ld/pe-dll.c 2011-07-04 15:05:27.497120800 +0100
@@ -1095,6 +1095,12 @@
        pe_def_file->exports[i].ordinal = next_ordinal;
       }

+  if (max_ordinal > 65535 || next_ordinal > 65535) {
+    /* xgettext:c-format */
+    einfo(_("%XError, export ordinal too large: %d\n"),
+          max_ordinal > next_ordinal ? max_ordinal : next_ordinal);
+  }
+
   /* OK, now we can allocate some memory.  */
   edata_sz = (40                               /* directory */
              + 4 * export_table_size           /* addresses */
"""

(On reflection, I think this patch can be simplified because it max_ordinal
should always be larger than next_ordinal)

Test case:

"""
$ cat generate.c
#include <stdio.h>

int main(int argc, char **argv) {
    FILE *file = fopen("too_big.c", "w");
    int i;

    for (i = 0; i < (1 << 16); i++) {
        fprintf(file, "__declspec(dllexport) int
export%05d(void);\nint export%05d(void) { return %d; }\n\n", i, i, i);
    }

    fclose(file);

    return 0;
}

$ gcc generate.c -o generate && ./generate
$ gcc -shared too_big.c -o too_big.dll
"""

Inspect the generated too_big.dll in e.g. Dependency Walker.
Dependency Walker shows two exports with the same ordinal (this a
result of integer overflow). This is wrong.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to