This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH] libelf: Make sure shdrs are valid before storing extended phnum in newphdr.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 12 May 2015 15:19:37 +0200
- Subject: [PATCH] libelf: Make sure shdrs are valid before storing extended phnum in newphdr.
Creating phdr with more than PN_XNUM phnum requires a valid section zero
shdr to store the extended value. Make sure the shdrs are valid. Also fix
the error when count was too big to store by setting ELF_E_INVALID_INDEX
before failing.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libelf/ChangeLog | 6 ++++++
libelf/elf32_newphdr.c | 12 +++++++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 312d5cf..a7983a0 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2015-05-12 Mark Wielaard <mjw@redhat.com>
+
+ * elf32_newphdr.c (newphdr): Call __libelf_seterrno with
+ ELF_E_INVALID_INDEX before failing. Check whether section zero shdr
+ actually exists if we need to put extended phnum in section zero.
+
2015-05-08 Mark Wielaard <mjw@redhat.com>
* nlist.c (nlist): Call gelf_fsize with EV_CURRENT.
diff --git a/libelf/elf32_newphdr.c b/libelf/elf32_newphdr.c
index 01038e7..f89153b 100644
--- a/libelf/elf32_newphdr.c
+++ b/libelf/elf32_newphdr.c
@@ -116,6 +116,17 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
{
if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
{
+ __libelf_seterrno (ELF_E_INVALID_INDEX);
+ result = NULL;
+ goto out;
+ }
+
+ Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
+ if (unlikely (count >= PN_XNUM && scn0->shdr.ELFW(e,LIBELFBITS) == NULL))
+ {
+ /* Something is wrong with section zero, but we need it to write
+ the extended phdr count. */
+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
result = NULL;
goto out;
}
@@ -134,7 +145,6 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
if (count >= PN_XNUM)
{
/* We have to write COUNT into the zeroth section's sh_info. */
- Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
if (elf->state.ELFW(elf,LIBELFBITS).scns.cnt == 0)
{
assert (elf->state.ELFW(elf,LIBELFBITS).scns.max > 0);
--
2.1.0