This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting

From: Kai Tietz <ktietz70 at googlemail dot com>
To: Kai Tietz <ktietz70 at googlemail dot com>, Binutils <binutils at sourceware dot org>, Nick Clifton <nickc at redhat dot com>
Cc: Alan Modra <amodra at gmail dot com>
Date: Sat, 9 Apr 2011 11:50:45 +0200
Subject: Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
References: <BANLkTimv7dy1SPBi=dKP+fnWayX13VpU7g@mail.gmail.com> <20110407010943.GW19002@bubble.grove.modra.org> <BANLkTi=DMtBm2a8ZpmRDEKkOgx3=fHVFtA@mail.gmail.com> <BANLkTinnUe6LhJDrv1GrO458yvL9rn=8TA@mail.gmail.com> <20110407085238.GZ19002@bubble.grove.modra.org> <BANLkTikcz4aFaUd=Zwm5L-QWG16U1Kb6hQ@mail.gmail.com> <20110409043456.GG19002@bubble.grove.modra.org>

2011/4/9 Alan Modra <amodra@gmail.com>:
> On Thu, Apr 07, 2011 at 04:31:45PM +0200, Kai Tietz wrote:
>> 2011/4/7 Alan Modra <amodra@gmail.com>:
>> > On Thu, Apr 07, 2011 at 08:15:42AM +0200, Kai Tietz wrote:
>> >> Hmm, not sure.
>> >
>> > Well, I'm 99% sure. :-) ?rawsize on an output section, if non-zero, is
>> > just a stale size at bfd_final_link.
>>
>> So this 1% hits. I changed locally to use here just sec->size and I
>> found that pdata section doesn't get sorted proper anymore. (you can
>> verify this by objdump -x and it prints warnings about not ascending
>> data).
>
> Ah, what I missed seeing is that coff_compute_section_file_positions
> is bumping the section size here:
>
> #ifdef COFF_IMAGE_WITH_PE
> ? ? ?/* Set the padded size. ?*/
> ? ? ?current->size = (current->size + page_size -1) & -page_size;
> #endif
>
> Obviously, you do want the size of data before this padding is added,
> but it's only a fluke that rawsize happens to be set correctly. ?(You
> get it from the lang_reset_memory_regions call during preliminary
> section sizing in ldlang.c:strip_excluded_output_sections.) ?That
> seems a little unreliable to me. ?I'd be happier if in
> coff_compute_section_file_positions you always set rawsize in the loop
> that is padding section size (do it before any block of code that
> changes section size!). ?Then just use sec->rawsize in your peXXigen.c
> patch. ?I'll preapprove those changes.
>
> --
> Alan Modra
> Australia Development Lab, IBM
>

Ok, AFAICS it is enough here to set rawsize at one place.  Just for
bss-section we don't want to set rawsize.

ChangeLog

2011-04-09  Kai Tietz

       * peXXigen.c (_bfd_XXi_final_link_postscripte): Sort pdata in temporary
       buffer and use rawsize for sorting.
       * coffcode.h (coff_compute_section_file_positions): Set rawsize
before doing alignment.

Tested for x86_64-w64-mingw32. Ok for apply?

Regards,
Kai

Attachment: pdata_x64_sort.txt
Description: Text document

References:
- [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Kai Tietz
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Alan Modra
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Kai Tietz
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Kai Tietz
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Alan Modra
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Kai Tietz
- Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]