This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: PR5900
On Wed, Mar 12, 2008 at 6:20 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Wed, Mar 12, 2008 at 07:02:40PM +1030, Alan Modra wrote:
> > /* The number of entries in a section is its size divided by the size
> > Index: bfd/elfcode.h
> > ===================================================================
> > RCS file: /cvs/src/src/bfd/elfcode.h,v
> > retrieving revision 1.89
> > diff -u -p -r1.89 elfcode.h
> > --- bfd/elfcode.h 11 Mar 2008 23:23:23 -0000 1.89
> > +++ bfd/elfcode.h 12 Mar 2008 07:45:21 -0000
> > @@ -189,12 +189,14 @@ elf_swap_symbol_in (bfd *abfd,
> > dst->st_info = H_GET_8 (abfd, src->st_info);
> > dst->st_other = H_GET_8 (abfd, src->st_other);
> > dst->st_shndx = H_GET_16 (abfd, src->st_shndx);
> > - if (dst->st_shndx == SHN_XINDEX)
> > + if (dst->st_shndx == (SHN_XINDEX & 0xffff))
> > {
> > if (shndx == NULL)
> > return FALSE;
> > dst->st_shndx = H_GET_32 (abfd, shndx->est_shndx);
> > }
> > + else if (dst->st_shndx >= (SHN_LORESERVE & 0xffff))
> > + dst->st_shndx += SHN_LORESERVE - (SHN_LORESERVE & 0xffff);
> > return TRUE;
> > }
> >
> > @@ -215,12 +217,12 @@ elf_swap_symbol_out (bfd *abfd,
> > H_PUT_8 (abfd, src->st_info, dst->st_info);
> > H_PUT_8 (abfd, src->st_other, dst->st_other);
> > tmp = src->st_shndx;
> > - if (tmp > SHN_HIRESERVE)
> > + if (tmp >= (SHN_LORESERVE & 0xffff) && tmp < SHN_LORESERVE)
> > {
> > if (shndx == NULL)
> > abort ();
> > H_PUT_32 (abfd, tmp, shndx);
> > - tmp = SHN_XINDEX;
> > + tmp = SHN_XINDEX & 0xffff;
> > }
> > H_PUT_16 (abfd, tmp, dst->st_shndx);
> > }
> > @@ -280,12 +282,12 @@ elf_swap_ehdr_out (bfd *abfd,
> > H_PUT_16 (abfd, src->e_phnum, dst->e_phnum);
> > H_PUT_16 (abfd, src->e_shentsize, dst->e_shentsize);
> > tmp = src->e_shnum;
> > - if (tmp >= SHN_LORESERVE)
> > + if (tmp >= (SHN_LORESERVE & 0xffff))
> > tmp = SHN_UNDEF;
> > H_PUT_16 (abfd, tmp, dst->e_shnum);
> > tmp = src->e_shstrndx;
> > - if (tmp >= SHN_LORESERVE)
> > - tmp = SHN_XINDEX;
> > + if (tmp >= (SHN_LORESERVE & 0xffff))
> > + tmp = SHN_XINDEX & 0xffff;
> > H_PUT_16 (abfd, tmp, dst->e_shstrndx);
> > }
>
> Will the above work when number of sections >= (unsigned int) -0x100u?
>
>
Here is a patch to check it.
H.J.
2008-03-12 H.J. Lu <hongjiu.lu@intel.com>
* elf.c (assign_section_numbers): Check if number of sections
>= SHN_LORESERVE.
* elfcode.h (elf_object_p): Likewise.
--- bfd/elf.c.64k 2008-03-12 12:32:53.000000000 -0700
+++ bfd/elf.c 2008-03-12 14:06:17.000000000 -0700
@@ -2831,6 +2831,13 @@ assign_section_numbers (bfd *abfd, struc
_bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name);
}
+ if (section_number >= SHN_LORESERVE)
+ {
+ _bfd_error_handler (_("%B: too many sections: %u"),
+ abfd, section_number);
+ return FALSE;
+ }
+
_bfd_elf_strtab_finalize (elf_shstrtab (abfd));
t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd));
--- bfd/elfcode.h.64k 2008-03-12 12:32:05.000000000 -0700
+++ bfd/elfcode.h 2008-03-12 14:07:49.000000000 -0700
@@ -684,8 +684,14 @@ elf_object_p (bfd *abfd)
if (i_ehdrp->e_shnum == SHN_UNDEF)
{
i_ehdrp->e_shnum = i_shdr.sh_size;
- if (i_ehdrp->e_shnum != i_shdr.sh_size
- || i_ehdrp->e_shnum == 0)
+ if (i_ehdrp->e_shnum >= SHN_LORESERVE)
+ {
+ _bfd_error_handler (_("%B: too many sections: %u"),
+ abfd, i_ehdrp->e_shnum);
+ goto got_wrong_format_error;
+ }
+ else if (i_ehdrp->e_shnum != i_shdr.sh_size
+ || i_ehdrp->e_shnum == 0)
goto got_wrong_format_error;
}