This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb/binutils-2_29-branch] x86: Check for valid PLT section size
- From: H.J.Lu <hjl at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 9 Sep 2017 11:38:47 -0000
- Subject: [binutils-gdb/binutils-2_29-branch] x86: Check for valid PLT section size
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0216e26681531bf967a6a3f1800789ade3693d
commit bb0216e26681531bf967a6a3f1800789ade3693d
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Mon Aug 28 11:25:58 2017 -0700
x86: Check for valid PLT section size
Update x86 get_synthetic_symtab to check for valid PLT section size
before examining PLT section contents.
PR binutils/22018
* elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
PLT section size.
* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
(cherry picked from commit 90efb6422939ca031804266fba669f77c22a274a)
Diff:
---
bfd/ChangeLog | 7 +++++++
bfd/elf32-i386.c | 19 +++++++++++++------
bfd/elf64-x86-64.c | 14 +++++++++++---
3 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fc93dec..a78e819 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-09-09 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/22018
+ * elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
+ PLT section size.
+ * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
+
2017-09-05 Nick Clifton <nickc@redhat.com>
Import from mainline:
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index c123f12..00a6397 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -6372,7 +6372,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
for (j = 0; plts[j].name != NULL; j++)
{
plt = bfd_get_section_by_name (abfd, plts[j].name);
- if (plt == NULL)
+ if (plt == NULL || plt->size == 0)
continue;
/* Get the PLT section contents. */
@@ -6388,7 +6388,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* Check what kind of PLT it is. */
plt_type = plt_unknown;
- if (plts[j].type == plt_unknown)
+ if (plts[j].type == plt_unknown
+ && (plt->size >= (lazy_plt->plt0_entry_size
+ + lazy_plt->plt_entry_size)))
{
/* Match lazy PLT first. */
if (memcmp (plt_contents, lazy_plt->plt0_entry,
@@ -6397,7 +6399,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* The fist entry in the lazy IBT PLT is the same as the
normal lazy PLT. */
if (lazy_ibt_plt != NULL
- && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+ && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
lazy_ibt_plt->plt_entry,
lazy_ibt_plt->plt_got_offset) == 0))
plt_type = plt_lazy | plt_second;
@@ -6410,7 +6412,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* The fist entry in the PIC lazy IBT PLT is the same as
the normal PIC lazy PLT. */
if (lazy_ibt_plt != NULL
- && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+ && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
lazy_ibt_plt->pic_plt_entry,
lazy_ibt_plt->plt_got_offset) == 0))
plt_type = plt_lazy | plt_pic | plt_second;
@@ -6420,7 +6422,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
}
if (non_lazy_plt != NULL
- && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+ && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+ && plt->size >= non_lazy_plt->plt_entry_size)
{
/* Match non-lazy PLT. */
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6432,7 +6435,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
}
if ((non_lazy_ibt_plt != NULL)
- && (plt_type == plt_unknown || plt_type == plt_second))
+ && (plt_type == plt_unknown || plt_type == plt_second)
+ && plt->size >= non_lazy_ibt_plt->plt_entry_size)
{
if (memcmp (plt_contents,
non_lazy_ibt_plt->plt_entry,
@@ -6490,6 +6494,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
got_addr = (bfd_vma) -1;
}
+ if (count == 0)
+ return -1;
+
size = count * sizeof (asymbol);
s = *ret = (asymbol *) bfd_zmalloc (size);
if (s == NULL)
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index c59b8c0..6bc1898 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -6752,7 +6752,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
for (j = 0; plts[j].name != NULL; j++)
{
plt = bfd_get_section_by_name (abfd, plts[j].name);
- if (plt == NULL)
+ if (plt == NULL || plt->size == 0)
continue;
/* Get the PLT section contents. */
@@ -6768,7 +6768,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
/* Check what kind of PLT it is. */
plt_type = plt_unknown;
- if (plts[j].type == plt_unknown)
+ if (plts[j].type == plt_unknown
+ && (plt->size >= (lazy_plt->plt_entry_size
+ + lazy_plt->plt_entry_size)))
{
/* Match lazy PLT first. Need to check the first two
instructions. */
@@ -6796,7 +6798,8 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
}
if (non_lazy_plt != NULL
- && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+ && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+ && plt->size >= non_lazy_plt->plt_entry_size)
{
/* Match non-lazy PLT. */
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6807,6 +6810,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
if (plt_type == plt_unknown || plt_type == plt_second)
{
if (non_lazy_bnd_plt != NULL
+ && plt->size >= non_lazy_bnd_plt->plt_entry_size
&& (memcmp (plt_contents, non_lazy_bnd_plt->plt_entry,
non_lazy_bnd_plt->plt_got_offset) == 0))
{
@@ -6815,6 +6819,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
non_lazy_plt = non_lazy_bnd_plt;
}
else if (non_lazy_ibt_plt != NULL
+ && plt->size >= non_lazy_ibt_plt->plt_entry_size
&& (memcmp (plt_contents,
non_lazy_ibt_plt->plt_entry,
non_lazy_ibt_plt->plt_got_offset) == 0))
@@ -6860,6 +6865,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
plts[j].contents = plt_contents;
}
+ if (count == 0)
+ return -1;
+
size = count * sizeof (asymbol);
s = *ret = (asymbol *) bfd_zmalloc (size);
if (s == NULL)