SOURCES: elfutils-robustify.patch - updated from FC
qboosh
qboosh at pld-linux.org
Tue May 1 16:02:49 CEST 2007
Author: qboosh Date: Tue May 1 14:02:49 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- updated from FC
---- Files affected:
SOURCES:
elfutils-robustify.patch (1.6 -> 1.7)
---- Diffs:
================================================================
Index: SOURCES/elfutils-robustify.patch
diff -u SOURCES/elfutils-robustify.patch:1.6 SOURCES/elfutils-robustify.patch:1.7
--- SOURCES/elfutils-robustify.patch:1.6 Thu Mar 1 17:55:50 2007
+++ SOURCES/elfutils-robustify.patch Tue May 1 16:02:44 2007
@@ -65,757 +65,504 @@
(check_symtab, is_rel_dyn, check_rela, check_rel, check_dynamic,
check_symtab_shndx, check_hash, check_versym): Robustify.
---- elfutils-0.122/libelf/elf32_getphdr.c
-+++ elfutils-0.122/libelf/elf32_getphdr.c
-@@ -115,6 +115,16 @@ elfw2(LIBELFBITS,getphdr) (elf)
+--- elfutils-0.127/src/readelf.c.robustify
++++ elfutils-0.127/src/readelf.c
+@@ -958,6 +958,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
+ Elf32_Word *grpref = (Elf32_Word *) data->d_buf;
- if (elf->map_address != NULL)
- {
-+ /* First see whether the information in the ELF header is
-+ valid and it does not ask for too much. */
-+ if (unlikely (ehdr->e_phoff >= elf->maximum_size)
-+ || unlikely (ehdr->e_phoff + size > elf->maximum_size))
-+ {
-+ /* Something is wrong. */
-+ __libelf_seterrno (ELF_E_INVALID_PHDR);
-+ goto out;
-+ }
+ GElf_Sym sym_mem;
++ GElf_Sym *sym = gelf_getsym (symdata, shdr->sh_info, &sym_mem);
+
- /* All the data is already mapped. Use it. */
- if (ehdr->e_ident[EI_DATA] == MY_ELFDATA
- && (ALLOW_UNALIGNED
---- elfutils-0.126/libelf/elf32_getshdr.c
-+++ elfutils-0.126/libelf/elf32_getshdr.c
-@@ -101,7 +101,8 @@ elfw2(LIBELFBITS,getshdr) (scn)
- goto out;
-
- size_t shnum;
-- if (INTUSE (elf_getshnum) (elf, &shnum) != 0)
-+ if (INTUSE (elf_getshnum) (elf, &shnum) != 0
-+ || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr)))
- goto out;
- size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr));
+ printf ((grpref[0] & GRP_COMDAT)
+ ? ngettext ("\
+ \nCOMDAT section group [%2zu] '%s' with signature '%s' contains %zu entry:\n",
+@@ -970,8 +972,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
+ data->d_size / sizeof (Elf32_Word) - 1),
+ elf_ndxscn (scn),
+ elf_strptr (ebl->elf, shstrndx, shdr->sh_name),
+- elf_strptr (ebl->elf, symshdr->sh_link,
+- gelf_getsym (symdata, shdr->sh_info, &sym_mem)->st_name)
++ (sym == NULL ? NULL
++ : elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
+ ?: gettext ("<INVALID SYMBOL>"),
+ data->d_size / sizeof (Elf32_Word) - 1);
-@@ -118,6 +119,16 @@ elfw2(LIBELFBITS,getshdr) (scn)
+@@ -1122,7 +1124,8 @@ static void
+ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+ {
+ int class = gelf_getclass (ebl->elf);
+- GElf_Shdr glink;
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink;
+ Elf_Data *data;
+ size_t cnt;
+ size_t shstrndx;
+@@ -1137,6 +1140,11 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
+ error (EXIT_FAILURE, 0,
+ gettext ("cannot get section header string table index"));
- if (elf->map_address != NULL)
- {
-+ /* First see whether the information in the ELF header is
-+ valid and it does not ask for too much. */
-+ if (unlikely (ehdr->e_shoff >= elf->maximum_size)
-+ || unlikely (ehdr->e_shoff + size > elf->maximum_size))
-+ {
-+ /* Something is wrong. */
-+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
-+ goto free_and_out;
-+ }
++ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
++ if (glink == NULL)
++ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
+
- ElfW2(LIBELFBITS,Shdr) *notcvt;
+ printf (ngettext ("\
+ \nDynamic segment contains %lu entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
+ "\
+@@ -1146,9 +1154,7 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
+ class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
+ shdr->sh_offset,
+ (int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
+ fputs_unlocked (gettext (" Type Value\n"), stdout);
- /* All the data is already mapped. If we could use it
-
---- elfutils-0.122/libelf/elf32_newphdr.c
-+++ elfutils-0.122/libelf/elf32_newphdr.c
-@@ -124,6 +124,12 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
- else if (elf->state.ELFW(elf,LIBELFBITS).ehdr->e_phnum != count
- || elf->state.ELFW(elf,LIBELFBITS).phdr == NULL)
- {
-+ if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
-+ {
-+ result = NULL;
-+ goto out;
-+ }
-+
- /* Allocate a new program header with the appropriate number of
- elements. */
- result = (ElfW2(LIBELFBITS,Phdr) *)
---- elfutils-0.122/libelf/elf32_updatefile.c
-+++ elfutils-0.122/libelf/elf32_updatefile.c
-@@ -201,6 +201,9 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf
- /* Write all the sections. Well, only those which are modified. */
- if (shnum > 0)
- {
-+ if (unlikely (shnum > SIZE_MAX / sizeof (Elf_Scn *)))
-+ return 1;
+ for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
+@@ -1666,6 +1672,13 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
+ error (EXIT_FAILURE, 0,
+ gettext ("cannot get section header string table index"));
+
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
++ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
+
- Elf_ScnList *list = &elf->state.ELFW(elf,LIBELFBITS).scns;
- Elf_Scn **scns = (Elf_Scn **) alloca (shnum * sizeof (Elf_Scn *));
- char *const shdr_start = ((char *) elf->map_address + elf->start_offset
-@@ -571,6 +574,10 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf
- /* Write all the sections. Well, only those which are modified. */
- if (shnum > 0)
- {
-+ if (unlikely (shnum > SIZE_MAX / (sizeof (Elf_Scn *)
-+ + sizeof (ElfW2(LIBELFBITS,Shdr)))))
-+ return 1;
+ /* Now we can compute the number of entries in the section. */
+ unsigned int nsyms = data->d_size / (class == ELFCLASS32
+ ? sizeof (Elf32_Sym)
+@@ -1676,15 +1689,12 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
+ nsyms),
+ (unsigned int) elf_ndxscn (scn),
+ elf_strptr (ebl->elf, shstrndx, shdr->sh_name), nsyms);
+- GElf_Shdr glink;
+ printf (ngettext (" %lu local symbol String table: [%2u] '%s'\n",
+ " %lu local symbols String table: [%2u] '%s'\n",
+ shdr->sh_info),
+ (unsigned long int) shdr->sh_info,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
+
+ fputs_unlocked (class == ELFCLASS32
+ ? gettext ("\
+@@ -1920,7 +1930,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
+ error (EXIT_FAILURE, 0,
+ gettext ("cannot get section header string table index"));
+
+- GElf_Shdr glink;
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
++ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
+
- off_t shdr_offset = elf->start_offset + ehdr->e_shoff;
- #if EV_NUM != 2
- xfct_t shdr_fctp = __elf_xfctstom[__libelf_version - 1][EV_CURRENT - 1][ELFW(ELFCLASS, LIBELFBITS) - 1][ELF_T_SHDR];
---- elfutils-0.122/libelf/elf_begin.c
-+++ elfutils-0.122/libelf/elf_begin.c
-@@ -155,7 +155,8 @@ get_shnum (void *map_address, unsigned c
+ printf (ngettext ("\
+ \nVersion needs section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
+ "\
+@@ -1931,9 +1947,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
+ class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
+ shdr->sh_offset,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
- if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
- {
-- if (offset + ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
-+ if (unlikely (ehdr.e32->e_shoff >= maxsize)
-+ || unlikely (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize))
- /* Cannot read the first section header. */
- return (size_t) -1l;
+ unsigned int offset = 0;
+ for (int cnt = shdr->sh_info; --cnt >= 0; )
+@@ -1986,8 +2000,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
+ error (EXIT_FAILURE, 0,
+ gettext ("cannot get section header string table index"));
+
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
++ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
++
+ int class = gelf_getclass (ebl->elf);
+- GElf_Shdr glink;
+ printf (ngettext ("\
+ \nVersion definition section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
+ "\
+@@ -1999,9 +2019,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
+ class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
+ shdr->sh_offset,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
-@@ -198,7 +199,8 @@ get_shnum (void *map_address, unsigned c
+ unsigned int offset = 0;
+ for (int cnt = shdr->sh_info; --cnt >= 0; )
+@@ -2263,8 +2281,14 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
+ filename = NULL;
+ }
- if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
- {
-- if (offset + ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
-+ if (unlikely (ehdr.e64->e_shoff >= maxsize)
-+ || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
- /* Cannot read the first section header. */
- return (size_t) -1l;
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
++ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
++
+ /* Print the header. */
+- GElf_Shdr glink;
+ printf (ngettext ("\
+ \nVersion symbols section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'",
+ "\
+@@ -2276,9 +2300,7 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
+ class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
+ shdr->sh_offset,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
-@@ -265,6 +267,15 @@ file_read_elf (int fildes, void *map_add
- /* Could not determine the number of sections. */
- return NULL;
+ /* Now we can finally look at the actual contents of this section. */
+ for (unsigned int cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
+@@ -2330,7 +2352,17 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
+ for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
+ ++counts[lengths[cnt]];
-+ /* Check for too many sections. */
-+ if (e_ident[EI_CLASS] == ELFCLASS32)
+- GElf_Shdr glink;
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf,
++ shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
+ {
-+ if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
-+ return NULL;
++ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
++ return;
+ }
-+ else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
-+ return NULL;
+
- /* We can now allocate the memory. */
- Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
- ELF_K_ELF, scncnt * sizeof (Elf_Scn));
-@@ -298,13 +309,31 @@ file_read_elf (int fildes, void *map_add
- {
- /* We can use the mmapped memory. */
- elf->state.elf32.ehdr = ehdr;
-+
-+ if (unlikely (ehdr->e_shoff >= maxsize)
-+ || unlikely (ehdr->e_shoff
-+ + scncnt * sizeof (Elf32_Shdr) > maxsize))
-+ {
-+ free_and_out:
-+ free (elf);
-+ __libelf_seterrno (ELF_E_INVALID_FILE);
-+ return NULL;
-+ }
- elf->state.elf32.shdr
- = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
-+
- if (ehdr->e_phnum > 0)
-+ {
- /* Assign a value only if there really is a program
- header. Otherwise the value remains NULL. */
-+ if (unlikely (ehdr->e_phoff >= maxsize)
-+ || unlikely (ehdr->e_phoff
-+ + ehdr->e_phnum
-+ * sizeof (Elf32_Phdr) > maxsize))
-+ goto free_and_out;
- elf->state.elf32.phdr
- = (Elf32_Phdr *) ((char *) ehdr + ehdr->e_phoff);
-+ }
+ printf (ngettext ("\
+ \nHistogram for bucket list length in section [%2u] '%s' (total of %d bucket):\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
+ "\
+@@ -2343,9 +2375,7 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
+ shdr->sh_addr,
+ shdr->sh_offset,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
- for (size_t cnt = 0; cnt < scncnt; ++cnt)
- {
-@@ -373,13 +402,26 @@ file_read_elf (int fildes, void *map_add
- {
- /* We can use the mmapped memory. */
- elf->state.elf64.ehdr = ehdr;
-+
-+ if (unlikely (ehdr->e_shoff >= maxsize)
-+ || unlikely (ehdr->e_shoff
-+ + scncnt * sizeof (Elf32_Shdr) > maxsize))
-+ goto free_and_out;
- elf->state.elf64.shdr
- = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
+ if (extrastr != NULL)
+ fputs (extrastr, stdout);
+@@ -3655,6 +3685,16 @@ print_debug_aranges_section (Ebl *ebl __
+ return;
+ }
+
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink;
++ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
++ if (glink == NULL)
++ {
++ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
++ return;
++ }
+
- if (ehdr->e_phnum > 0)
-+ {
- /* Assign a value only if there really is a program
- header. Otherwise the value remains NULL. */
-+ if (unlikely (ehdr->e_phoff >= maxsize)
-+ || unlikely (ehdr->e_phoff
-+ + ehdr->e_phnum
-+ * sizeof (Elf32_Phdr) > maxsize))
-+ goto free_and_out;
- elf->state.elf64.phdr
- = (Elf64_Phdr *) ((char *) ehdr + ehdr->e_phoff);
-+ }
+ printf (ngettext ("\
+ \nDWARF section '%s' at offset %#" PRIx64 " contains %zu entry:\n",
+ "\
+--- elfutils-0.127/src/strip.c.robustify
++++ elfutils-0.127/src/strip.c
+@@ -412,6 +412,7 @@ handle_elf (int fd, Elf *elf, const char
+ Elf_Data debuglink_crc_data;
+ bool any_symtab_changes = false;
+ Elf_Data *shstrtab_data = NULL;
++ size_t shdridx = 0;
- for (size_t cnt = 0; cnt < scncnt; ++cnt)
- {
---- elfutils-0.122/libelf/elf_getarsym.c
-+++ elfutils-0.122/libelf/elf_getarsym.c
-@@ -179,6 +179,9 @@ elf_getarsym (elf, ptr)
- size_t index_size = atol (tmpbuf);
+ /* Create the full name of the file. */
+ if (prefix != NULL)
+@@ -542,6 +543,11 @@ handle_elf (int fd, Elf *elf, const char
+ goto fail_close;
+ }
- if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
-+#if SIZE_MAX <= 4294967295U
-+ || n >= SIZE_MAX / sizeof (Elf_Arsym)
-+#endif
- || n * sizeof (uint32_t) > index_size)
- {
- /* This index table cannot be right since it does not fit into
---- elfutils-0.122/libelf/elf_getshstrndx.c
-+++ elfutils-0.122/libelf/elf_getshstrndx.c
-@@ -125,10 +125,25 @@ elf_getshstrndx (elf, dst)
- if (elf->map_address != NULL
- && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
- && (ALLOW_UNALIGNED
-- || (((size_t) ((char *) elf->map_address + offset))
-+ || (((size_t) ((char *) elf->map_address
-+ + elf->start_offset + offset))
- & (__alignof__ (Elf32_Shdr) - 1)) == 0))
-+ {
-+ /* First see whether the information in the ELF header is
-+ valid and it does not ask for too much. */
-+ if (unlikely (offset + sizeof (Elf32_Shdr)
-+ > elf->maximum_size))
-+ {
-+ /* Something is wrong. */
-+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
-+ result = -1;
-+ goto out;
-+ }
++ if (shstrndx >= shnum)
++ goto illformed;
+
- /* We can directly access the memory. */
-- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
-+ num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
-+ + offset))->sh_link;
-+ }
- else
- {
- /* We avoid reading in all the section headers. Just read
-@@ -163,10 +178,25 @@ elf_getshstrndx (elf, dst)
- if (elf->map_address != NULL
- && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
- && (ALLOW_UNALIGNED
-- || (((size_t) ((char *) elf->map_address + offset))
-+ || (((size_t) ((char *) elf->map_address
-+ + elf->start_offset + offset))
- & (__alignof__ (Elf64_Shdr) - 1)) == 0))
-+ {
-+ /* First see whether the information in the ELF header is
-+ valid and it does not ask for too much. */
-+ if (unlikely (offset + sizeof (Elf64_Shdr)
-+ > elf->maximum_size))
-+ {
-+ /* Something is wrong. */
-+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
-+ result = -1;
-+ goto out;
-+ }
++#define elf_assert(test) do { if (!(test)) goto illformed; } while (0)
+
- /* We can directly access the memory. */
-- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
-+ num = ((Elf64_Shdr *) (elf->map_address
-+ + elf->start_offset + offset))->sh_link;
-+ }
- else
- {
- /* We avoid reading in all the section headers. Just read
---- elfutils-0.122/libelf/elf_newscn.c
-+++ elfutils-0.122/libelf/elf_newscn.c
-@@ -104,10 +104,18 @@ elf_newscn (elf)
- else
+ /* Storage for section information. We leave room for two more
+ entries since we unconditionally create a section header string
+ table. Maybe some weird tool created an ELF file without one.
+@@ -563,7 +569,7 @@ handle_elf (int fd, Elf *elf, const char
{
- /* We must allocate a new element. */
-- Elf_ScnList *newp;
-+ Elf_ScnList *newp = NULL;
-
- assert (elf->state.elf.scnincr > 0);
+ /* This should always be true (i.e., there should not be any
+ holes in the numbering). */
+- assert (elf_ndxscn (scn) == cnt);
++ elf_assert (elf_ndxscn (scn) == cnt);
-+ if (
-+#if SIZE_MAX <= 4294967295U
-+ likely (elf->state.elf.scnincr
-+ < SIZE_MAX / 2 / sizeof (Elf_Scn) - sizeof (Elf_ScnList))
-+#else
-+ 1
-+#endif
-+ )
- newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
- + ((elf->state.elf.scnincr *= 2)
- * sizeof (Elf_Scn)), 1);
---- elfutils-0.122/libelf/gelf_getdyn.c
-+++ elfutils-0.122/libelf/gelf_getdyn.c
-@@ -93,7 +93,8 @@ gelf_getdyn (data, ndx, dst)
- table entries has to be adopted. The user better has provided
- a buffer where we can store the information. While copying the
- data we are converting the format. */
-- if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
-+ if (INVALID_NDX (ndx, Elf32_Dyn)
-+ || unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
- {
- __libelf_seterrno (ELF_E_INVALID_INDEX);
- goto out;
-@@ -114,7 +115,8 @@ gelf_getdyn (data, ndx, dst)
+ shdr_info[cnt].scn = scn;
- /* The data is already in the correct form. Just make sure the
- index is OK. */
-- if (unlikely ((ndx + 1) * sizeof (GElf_Dyn) > data_scn->d.d_size))
-+ if (INVALID_NDX (ndx, GElf_Dyn)
-+ || unlikely ((ndx + 1) * sizeof (GElf_Dyn) > data_scn->d.d_size))
+@@ -576,6 +582,7 @@ handle_elf (int fd, Elf *elf, const char
+ shdr_info[cnt].shdr.sh_name);
+ if (shdr_info[cnt].name == NULL)
{
- __libelf_seterrno (ELF_E_INVALID_INDEX);
- goto out;
---- elfutils-0.122/libelf/gelf_getlib.c
-+++ elfutils-0.122/libelf/gelf_getlib.c
-@@ -86,7 +86,8 @@ gelf_getlib (data, ndx, dst)
- /* The data is already in the correct form. Just make sure the
- index is OK. */
- GElf_Lib *result = NULL;
-- if (unlikely ((ndx + 1) * sizeof (GElf_Lib) > data->d_size))
-+ if (INVALID_NDX (ndx, GElf_Lib)
-+ || unlikely ((ndx + 1) * sizeof (GElf_Lib) > data->d_size))
- __libelf_seterrno (ELF_E_INVALID_INDEX);
- else
- {
---- elfutils-0.122/libelf/gelf_getmove.c
-+++ elfutils-0.122/libelf/gelf_getmove.c
-@@ -83,7 +83,8 @@ gelf_getmove (data, ndx, dst)
++ illformed:
+ error (0, 0, gettext ("illformed file '%s'"), fname);
+ goto fail_close;
+ }
+@@ -585,6 +592,8 @@ handle_elf (int fd, Elf *elf, const char
- /* The data is already in the correct form. Just make sure the
- index is OK. */
-- if (unlikely ((ndx + 1) * sizeof (GElf_Move) > data->d_size))
-+ if (INVALID_NDX (ndx, GElf_Move)
-+ || unlikely ((ndx + 1) * sizeof (GElf_Move) > data->d_size))
- {
- __libelf_seterrno (ELF_E_INVALID_INDEX);
- goto out;
---- elfutils-0.122/libelf/gelf_getrela.c
-+++ elfutils-0.122/libelf/gelf_getrela.c
-@@ -71,12 +71,6 @@ gelf_getrela (data, ndx, dst)
- if (data_scn == NULL)
- return NULL;
+ /* Remember the shdr.sh_link value. */
+ shdr_info[cnt].old_sh_link = shdr_info[cnt].shdr.sh_link;
++ if (shdr_info[cnt].old_sh_link >= shnum)
++ goto illformed;
-- if (unlikely (ndx < 0))
-- {
-- __libelf_seterrno (ELF_E_INVALID_INDEX);
-- return NULL;
-- }
--
- if (unlikely (data_scn->d.d_type != ELF_T_RELA))
- {
- __libelf_seterrno (ELF_E_INVALID_HANDLE);
-@@ -93,7 +87,8 @@ gelf_getrela (data, ndx, dst)
- if (scn->elf->class == ELFCLASS32)
- {
- /* We have to convert the data. */
-- if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
-+ if (INVALID_NDX (ndx, Elf32_Rela)
-+ || unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
+ /* Sections in files other than relocatable object files which
+ are not loaded can be freely moved by us. In relocatable
+@@ -597,7 +606,7 @@ handle_elf (int fd, Elf *elf, const char
+ appropriate reference. */
+ if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB_SHNDX))
{
- __libelf_seterrno (ELF_E_INVALID_INDEX);
- result = NULL;
-@@ -114,7 +109,8 @@ gelf_getrela (data, ndx, dst)
- {
- /* Simply copy the data after we made sure we are actually getting
- correct data. */
-- if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size))
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/elfutils-robustify.patch?r1=1.6&r2=1.7&f=u
More information about the pld-cvs-commit
mailing list