This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: [RFA/PATCH] Fix recognition of NT_PRXFREG notes
On Mon, Jul 08, 2002 at 11:49:31PM +0200, Mark Kettenis wrote:
> Date: Fri, 5 Jul 2002 11:00:29 +0930
> From: Alan Modra <amodra@bigpond.net.au>
>
> On Thu, Jul 04, 2002 at 05:03:22PM +0200, Mark Kettenis wrote:
> > Index: elf.c
> > ===================================================================
> > RCS file: /cvs/src/src/bfd/elf.c,v
> > retrieving revision 1.152
> > diff -u -p -r1.152 elf.c
> > --- elf.c 4 Jul 2002 13:26:30 -0000 1.152
> > +++ elf.c 4 Jul 2002 14:54:36 -0000
> > @@ -6718,8 +6718,7 @@ elfcore_grok_note (abfd, note)
> > #endif
> >
> > case NT_PRXFPREG: /* Linux SSE extension */
> > - if (note->namesz == 5
> > - && ! strcmp (note->namedata, "LINUX"))
> > + if (strncmp (note->namedata, "LINUX", 5) == 0)
> > return elfcore_grok_prxfpreg (abfd, note);
> > else
> > return true;
>
> Don't the alignment rules require that the name be padded out to a
> multiple of 4 chars? (or 8 on 64 bit ELF files). So you should have
> 'L','I','N','U','X','\0','\0','\0' and thus can use strcmp. Also,
> it's a good idea to check namesz before accessing namedata. I'm
> sure I can make your strncmp segfault by carefully crafting a
> non-compliant note.
>
> Hmm, I modelled my code after the bits that check for "NetBSD-CORE"
> notes. Therefore I'm pretty sure you won't crash on *my* strncmp ;-).
That sounds like a challenge.
notesz 4 yes, no string terminator
descsz 0
type NT_PRXFPREG
name 'L', 'I', 'N', 'U'
I reckon your strncmp will run off the end of this note, possibly
crashing.
> That said, the current code isn't really robust. There is no place
> where we check wheter namesz and descsz actually make any sense. This
Yup.
> if (note->namesz == 6
> && strcmp (note->namedata, "LINUX") == 0)
OK.
--
Alan Modra
IBM OzLabs - Linux Technology Centre