This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PR5900


On Wed, Mar 12, 2008 at 6:20 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Mar 12, 2008 at 07:02:40PM +1030, Alan Modra wrote:
>  >  /* The number of entries in a section is its size divided by the size
>  > Index: bfd/elfcode.h
>  > ===================================================================
>  > RCS file: /cvs/src/src/bfd/elfcode.h,v
>  > retrieving revision 1.89
>  > diff -u -p -r1.89 elfcode.h
>  > --- bfd/elfcode.h     11 Mar 2008 23:23:23 -0000      1.89
>  > +++ bfd/elfcode.h     12 Mar 2008 07:45:21 -0000
>  > @@ -189,12 +189,14 @@ elf_swap_symbol_in (bfd *abfd,
>  >    dst->st_info = H_GET_8 (abfd, src->st_info);
>  >    dst->st_other = H_GET_8 (abfd, src->st_other);
>  >    dst->st_shndx = H_GET_16 (abfd, src->st_shndx);
>  > -  if (dst->st_shndx == SHN_XINDEX)
>  > +  if (dst->st_shndx == (SHN_XINDEX & 0xffff))
>  >      {
>  >        if (shndx == NULL)
>  >       return FALSE;
>  >        dst->st_shndx = H_GET_32 (abfd, shndx->est_shndx);
>  >      }
>  > +  else if (dst->st_shndx >= (SHN_LORESERVE & 0xffff))
>  > +    dst->st_shndx += SHN_LORESERVE - (SHN_LORESERVE & 0xffff);
>  >    return TRUE;
>  >  }
>  >
>  > @@ -215,12 +217,12 @@ elf_swap_symbol_out (bfd *abfd,
>  >    H_PUT_8 (abfd, src->st_info, dst->st_info);
>  >    H_PUT_8 (abfd, src->st_other, dst->st_other);
>  >    tmp = src->st_shndx;
>  > -  if (tmp > SHN_HIRESERVE)
>  > +  if (tmp >= (SHN_LORESERVE & 0xffff) && tmp < SHN_LORESERVE)
>  >      {
>  >        if (shndx == NULL)
>  >       abort ();
>  >        H_PUT_32 (abfd, tmp, shndx);
>  > -      tmp = SHN_XINDEX;
>  > +      tmp = SHN_XINDEX & 0xffff;
>  >      }
>  >    H_PUT_16 (abfd, tmp, dst->st_shndx);
>  >  }
>  > @@ -280,12 +282,12 @@ elf_swap_ehdr_out (bfd *abfd,
>  >    H_PUT_16 (abfd, src->e_phnum, dst->e_phnum);
>  >    H_PUT_16 (abfd, src->e_shentsize, dst->e_shentsize);
>  >    tmp = src->e_shnum;
>  > -  if (tmp >= SHN_LORESERVE)
>  > +  if (tmp >= (SHN_LORESERVE & 0xffff))
>  >      tmp = SHN_UNDEF;
>  >    H_PUT_16 (abfd, tmp, dst->e_shnum);
>  >    tmp = src->e_shstrndx;
>  > -  if (tmp >= SHN_LORESERVE)
>  > -    tmp = SHN_XINDEX;
>  > +  if (tmp >= (SHN_LORESERVE & 0xffff))
>  > +    tmp = SHN_XINDEX & 0xffff;
>  >    H_PUT_16 (abfd, tmp, dst->e_shstrndx);
>  >  }
>
>  Will the above work when number of sections >= (unsigned int) -0x100u?
>
>

Here is a patch to check it.


H.J.
2008-03-12  H.J. Lu  <hongjiu.lu@intel.com>

	* elf.c (assign_section_numbers): Check if number of sections
	>= SHN_LORESERVE.
	* elfcode.h (elf_object_p): Likewise.

--- bfd/elf.c.64k	2008-03-12 12:32:53.000000000 -0700
+++ bfd/elf.c	2008-03-12 14:06:17.000000000 -0700
@@ -2831,6 +2831,13 @@ assign_section_numbers (bfd *abfd, struc
       _bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name);
     }
 
+  if (section_number >= SHN_LORESERVE)
+    {
+      _bfd_error_handler (_("%B: too many sections: %u"),
+			  abfd, section_number);
+      return FALSE;
+    }
+
   _bfd_elf_strtab_finalize (elf_shstrtab (abfd));
   t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd));
 
--- bfd/elfcode.h.64k	2008-03-12 12:32:05.000000000 -0700
+++ bfd/elfcode.h	2008-03-12 14:07:49.000000000 -0700
@@ -684,8 +684,14 @@ elf_object_p (bfd *abfd)
       if (i_ehdrp->e_shnum == SHN_UNDEF)
 	{
 	  i_ehdrp->e_shnum = i_shdr.sh_size;
-	  if (i_ehdrp->e_shnum != i_shdr.sh_size
-	      || i_ehdrp->e_shnum == 0)
+	  if (i_ehdrp->e_shnum >= SHN_LORESERVE)
+	    {
+	      _bfd_error_handler (_("%B: too many sections: %u"),
+				  abfd, i_ehdrp->e_shnum);
+	      goto got_wrong_format_error;
+	    }
+	  else if (i_ehdrp->e_shnum != i_shdr.sh_size
+		   || i_ehdrp->e_shnum  == 0)
 	    goto got_wrong_format_error;
 	}
 

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]