This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: elflint: (zero sized section) alloc flag set but section not in any loaded segment

From: Roland McGrath <roland at hack dot frob dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Fri, 27 Apr 2012 15:43:31 -0700
Subject: Re: elflint: (zero sized section) alloc flag set but section not in any loaded segment

But it *is* clearly inside the second PT_LOAD segment.
It's just that the check is:

	  && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset
	      || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset
		  && shdr->sh_type == SHT_NOBITS)))

and it's on the cusp between p_filesz and p_memsz.  So:

	  && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset
	      || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset
		  && shdr->sh_type == SHT_NOBITS)
	      || (phdr->p_offset + phdr->p_filesz == shdr->sh_offset
		  && shdr->sh_size == 0)))

or perhaps better overflow-proofed:

	  && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz
	       && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz
		   || shdr->sh_size == 0))
	      || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz
		  && shdr->sh_type == SHT_NOBITS)))

I think we should accept these corner cases but not accept wild sh_addr or
sh_offset values just because they are technically meaningless with a zero
sh_size.


Thanks,
Roland

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]