This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH 05/17] libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Sat, 23 May 2015 23:10:18 +0200
- Subject: [PATCH 05/17] libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG.
Normally an NT_GNU_ABI_TAG is large, just 4 words (16 bytes).
Only use stack allocated conversion buf for small (max 16 words) notes.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libebl/ChangeLog | 5 +++++
libebl/eblobjnote.c | 18 ++++++++++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 9ca7b47..51ae60f 100644
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,5 +1,10 @@
2015-05-17 Mark Wielaard <mjw@redhat.com>
+ * eblobjnote.c (ebl_object_note): If allocation buf is large, then
+ allocate it with malloc.
+
+2015-05-17 Mark Wielaard <mjw@redhat.com>
+
* eblopenbackend.c (MAX_PREFIX_LEN): New define (16).
(openbackend): Stack allocate symname array using MAX_PREFIX_LEN.
diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
index d1fe821..c483b1d 100644
--- a/libebl/eblobjnote.c
+++ b/libebl/eblobjnote.c
@@ -1,5 +1,5 @@
/* Print contents of object file note.
- Copyright (C) 2002, 2007, 2009, 2011 Red Hat, Inc.
+ Copyright (C) 2002, 2007, 2009, 2011, 2015 Red Hat, Inc.
This file is part of elfutils.
Written by Ulrich Drepper <drepper@redhat.com>, 2002.
@@ -33,6 +33,7 @@
#include <inttypes.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <libeblP.h>
@@ -165,7 +166,18 @@ ebl_object_note (ebl, name, type, descsz, desc)
.d_size = descsz,
.d_buf = (void *) desc
};
- uint32_t buf[descsz / 4];
+ /* Normally NT_GNU_ABI_TAG is just 4 words (16 bytes). If it
+ is much (4*) larger dynamically allocate memory to convert. */
+ uint32_t sbuf[16];
+ uint32_t *buf;
+ if (descsz / 4 > 16)
+ {
+ buf = malloc (descsz);
+ if (buf == NULL)
+ return;
+ }
+ else
+ buf = sbuf;
Elf_Data out =
{
.d_version = EV_CURRENT,
@@ -209,6 +221,8 @@ ebl_object_note (ebl, name, type, descsz, desc)
}
putchar_unlocked ('\n');
}
+ if (descsz / 4 > 16)
+ free (buf);
break;
}
/* FALLTHROUGH */
--
1.8.3.1