This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[committed, PATCH] x86: Check for valid PLT section size
- From: "H.J. Lu" <hongjiu dot lu at intel dot com>
- To: binutils at sourceware dot org
- Date: Mon, 28 Aug 2017 11:29:27 -0700
- Subject: [committed, PATCH] x86: Check for valid PLT section size
- Authentication-results: sourceware.org; auth=none
- Reply-to: "H.J. Lu" <hjl dot tools at gmail dot com>
Update x86 get_synthetic_symtab to check for valid PLT section size
before examining PLT section contents.
PR binutils/22018
* elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
PLT section size.
* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
---
bfd/ChangeLog | 7 +++++++
bfd/elf32-i386.c | 19 +++++++++++++------
bfd/elf64-x86-64.c | 14 +++++++++++---
3 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 063253f4a5..419c311eea 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-08-28 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR binutils/22018
+ * elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
+ PLT section size.
+ * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
+
2017-08-27 H.J. Lu <hongjiu.lu@intel.com>
* elf32-i386.c (elf_i386_link_hash_newfunc): Initialize
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 999cd48ee4..05ba2c3b15 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -6362,7 +6362,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
for (j = 0; plts[j].name != NULL; j++)
{
plt = bfd_get_section_by_name (abfd, plts[j].name);
- if (plt == NULL)
+ if (plt == NULL || plt->size == 0)
continue;
/* Get the PLT section contents. */
@@ -6378,7 +6378,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* Check what kind of PLT it is. */
plt_type = plt_unknown;
- if (plts[j].type == plt_unknown)
+ if (plts[j].type == plt_unknown
+ && (plt->size >= (lazy_plt->plt0_entry_size
+ + lazy_plt->plt_entry_size)))
{
/* Match lazy PLT first. */
if (memcmp (plt_contents, lazy_plt->plt0_entry,
@@ -6387,7 +6389,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* The fist entry in the lazy IBT PLT is the same as the
normal lazy PLT. */
if (lazy_ibt_plt != NULL
- && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+ && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
lazy_ibt_plt->plt_entry,
lazy_ibt_plt->plt_got_offset) == 0))
plt_type = plt_lazy | plt_second;
@@ -6400,7 +6402,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
/* The fist entry in the PIC lazy IBT PLT is the same as
the normal PIC lazy PLT. */
if (lazy_ibt_plt != NULL
- && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+ && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
lazy_ibt_plt->pic_plt_entry,
lazy_ibt_plt->plt_got_offset) == 0))
plt_type = plt_lazy | plt_pic | plt_second;
@@ -6410,7 +6412,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
}
if (non_lazy_plt != NULL
- && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+ && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+ && plt->size >= non_lazy_plt->plt_entry_size)
{
/* Match non-lazy PLT. */
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6422,7 +6425,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
}
if ((non_lazy_ibt_plt != NULL)
- && (plt_type == plt_unknown || plt_type == plt_second))
+ && (plt_type == plt_unknown || plt_type == plt_second)
+ && plt->size >= non_lazy_ibt_plt->plt_entry_size)
{
if (memcmp (plt_contents,
non_lazy_ibt_plt->plt_entry,
@@ -6480,6 +6484,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
got_addr = (bfd_vma) -1;
}
+ if (count == 0)
+ return -1;
+
size = count * sizeof (asymbol);
/* Allocate space for @plt suffixes. */
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index c9c6dba8c5..25ce295c17 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -6763,7 +6763,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
for (j = 0; plts[j].name != NULL; j++)
{
plt = bfd_get_section_by_name (abfd, plts[j].name);
- if (plt == NULL)
+ if (plt == NULL || plt->size == 0)
continue;
/* Get the PLT section contents. */
@@ -6779,7 +6779,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
/* Check what kind of PLT it is. */
plt_type = plt_unknown;
- if (plts[j].type == plt_unknown)
+ if (plts[j].type == plt_unknown
+ && (plt->size >= (lazy_plt->plt_entry_size
+ + lazy_plt->plt_entry_size)))
{
/* Match lazy PLT first. Need to check the first two
instructions. */
@@ -6807,7 +6809,8 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
}
if (non_lazy_plt != NULL
- && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+ && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+ && plt->size >= non_lazy_plt->plt_entry_size)
{
/* Match non-lazy PLT. */
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6818,6 +6821,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
if (plt_type == plt_unknown || plt_type == plt_second)
{
if (non_lazy_bnd_plt != NULL
+ && plt->size >= non_lazy_bnd_plt->plt_entry_size
&& (memcmp (plt_contents, non_lazy_bnd_plt->plt_entry,
non_lazy_bnd_plt->plt_got_offset) == 0))
{
@@ -6826,6 +6830,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
non_lazy_plt = non_lazy_bnd_plt;
}
else if (non_lazy_ibt_plt != NULL
+ && plt->size >= non_lazy_ibt_plt->plt_entry_size
&& (memcmp (plt_contents,
non_lazy_ibt_plt->plt_entry,
non_lazy_ibt_plt->plt_got_offset) == 0))
@@ -6871,6 +6876,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
plts[j].contents = plt_contents;
}
+ if (count == 0)
+ return -1;
+
size = count * sizeof (asymbol);
/* Allocate space for @plt suffixes. */
--
2.13.5