This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PATCH: Check number of sections overflow


On Tue, Jul 3, 2012 at 5:06 PM, Alan Modra <amodra@gmail.com> wrote:
> On Tue, Jul 03, 2012 at 11:36:21AM -0700, H.J. Lu wrote:
>> 2008-03-12  H.J. Lu  <hongjiu.lu@intel.com>
>>
>>       * elf.c (assign_section_numbers): Check if number of sections
>>       >= SHN_LORESERVE.
>>       * elfcode.h (elf_object_p): Likewise.
>
> OK, but
>
>> --- bfd/elfcode.h.64k 2008-03-12 12:32:05.000000000 -0700
>> +++ bfd/elfcode.h     2008-03-12 15:30:51.000000000 -0700
>> @@ -684,8 +684,14 @@ elf_object_p (bfd *abfd)
>>        if (i_ehdrp->e_shnum == SHN_UNDEF)
>>       {
>>         i_ehdrp->e_shnum = i_shdr.sh_size;
>> -       if (i_ehdrp->e_shnum != i_shdr.sh_size
>> -           || i_ehdrp->e_shnum == 0)
>> +       if (i_ehdrp->e_shnum >= SHN_LORESERVE)
>> +         {
>> +           _bfd_error_handler (_("%B: too many sections: %u"),
>> +                               abfd, i_ehdrp->e_shnum);
>> +           abort ();
>> +         }
>> +       else if (i_ehdrp->e_shnum != i_shdr.sh_size
>> +                || i_ehdrp->e_shnum  == 0)
>>           goto got_wrong_format_error;
>>       }
>>
>
> this should not abort, and you won't ever hit the error message except
> on a corrupted file, so I'd prefer the extra test just
> goto got_wrong_format_error
>
> Testcase?  Grins.  Just kidding.
>

This is what I checked in with the same ChangeLog entry.

Thanks.

-- 
H.J.
---
diff --git a/bfd/elf.c b/bfd/elf.c
index 532c7f9..48e5d68 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -3014,6 +3014,13 @@ assign_section_numbers (bfd *abfd, struct
bfd_link_info *link_info)
       _bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name);
     }

+  if (section_number >= SHN_LORESERVE)
+    {
+      _bfd_error_handler (_("%B: too many sections: %u"),
+			  abfd, section_number);
+      return FALSE;
+    }
+
   _bfd_elf_strtab_finalize (elf_shstrtab (abfd));
   t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd));

diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index cc55c86..30bda73 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -633,8 +633,9 @@ elf_object_p (bfd *abfd)
       if (i_ehdrp->e_shnum == SHN_UNDEF)
 	{
 	  i_ehdrp->e_shnum = i_shdr.sh_size;
-	  if (i_ehdrp->e_shnum != i_shdr.sh_size
-	      || i_ehdrp->e_shnum == 0)
+	  if (i_ehdrp->e_shnum >= SHN_LORESERVE
+	      || i_ehdrp->e_shnum != i_shdr.sh_size
+	      || i_ehdrp->e_shnum  == 0)
 	    goto got_wrong_format_error;
 	}


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]