Re: elflint: (zero sized section) alloc flag set but section not in any loaded segment

[Mark Wielaard <mjw at redhat dot com>]

On Fri, 2012-04-27 at 15:43 -0700, Roland McGrath wrote:
> or perhaps better overflow-proofed:
> 
> 	  && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
> 	       && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
> 		   || shdr->sh_size == 0))
> 	      || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
> 		  && shdr->sh_type == SHT_NOBITS)))
> 
> I think we should accept these corner cases but not accept wild sh_addr or
> sh_offset values just because they are technically meaningless with a zero
> sh_size.

That does make sense, and works for me. I have checked in the following:

diff --git a/src/ChangeLog b/src/ChangeLog
index cae5e6b..af1d92b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-09  Roland McGrath  <roland@hack.frob.com>
+
+       * elflint (check_sections): Allow zero sized sections at (filesz) end
+       of segment. And make check overflow-proofed.
+
 2012-04-24  Mark Wielaard  <mjw@redhat.com>
 
        * readelf.c (print_ops): Add DW_OP_GNU_push_tls_address,
diff --git a/src/elflint.c b/src/elflint.c
index a03caac..7c56069 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -3716,8 +3716,10 @@ section [%2zu] '%s' is both executable and writable\n"),
                    || (phdr->p_type == PT_TLS
                        && (shdr->sh_flags & SHF_TLS) != 0))
                && phdr->p_offset <= shdr->sh_offset
-               && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset
-                   || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset
+               && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
+                    && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
+                        || shdr->sh_size == 0))
+                   || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
                        && shdr->sh_type == SHT_NOBITS)))
              {
                /* Found the segment.  */