Bug 12969 - ld silently generates bad DLL when there are more than 65536 exports
Summary: ld silently generates bad DLL when there are more than 65536 exports
Status: NEW
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.22
: P2 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-07 12:22 UTC by batterseapower
Modified: 2016-05-23 14:19 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description batterseapower 2011-07-07 12:22:32 UTC
(This was previously an email message to binutils-bugs at http://lists.gnu.org/archive/html/bug-binutils/2011-07/msg00038.html, but I didn't get a reply)

Windows DLLs use 16-bit ordinals to name exports, but when ld is told
to export more than 65536 exports from a DLL it does not fail.
Instead, it generates a broken DLL which correctly exports the
alphabetically-first 65k exports but also contains bogus "junk"
exports for the remaining exports.

At the very least, ld should error out rather than silently generating
a bad DLL.

Proposed patch:

"""
--- ld-old/pe-dll.c     2011-07-04 15:16:56.050491400 +0100
+++ ld/pe-dll.c 2011-07-04 15:05:27.497120800 +0100
@@ -1095,6 +1095,12 @@
        pe_def_file->exports[i].ordinal = next_ordinal;
       }

+  if (max_ordinal > 65535 || next_ordinal > 65535) {
+    /* xgettext:c-format */
+    einfo(_("%XError, export ordinal too large: %d\n"),
+          max_ordinal > next_ordinal ? max_ordinal : next_ordinal);
+  }
+
   /* OK, now we can allocate some memory.  */
   edata_sz = (40                               /* directory */
              + 4 * export_table_size           /* addresses */
"""

(On reflection, I think this patch can be simplified because it max_ordinal should always be larger than next_ordinal)

Test case:

"""
$ cat generate.c
#include <stdio.h>

int main(int argc, char **argv) {
    FILE *file = fopen("too_big.c", "w");
    int i;

    for (i = 0; i < (1 << 16); i++) {
        fprintf(file, "__declspec(dllexport) int
export%05d(void);\nint export%05d(void) { return %d; }\n\n", i, i, i);
    }

    fclose(file);

    return 0;
}

$ gcc generate.c -o generate && ./generate
$ gcc -shared too_big.c -o too_big.dll
"""

Inspect the generated too_big.dll in e.g. Dependency Walker.
Dependency Walker shows two exports with the same ordinal (this a
result of integer overflow). This is wrong.