This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH 05/17] libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG.

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Sat, 23 May 2015 23:10:18 +0200
Subject: [PATCH 05/17] libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG.

Normally an NT_GNU_ABI_TAG is large, just 4 words (16 bytes).
Only use stack allocated conversion buf for small (max 16 words) notes.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libebl/ChangeLog    |  5 +++++
 libebl/eblobjnote.c | 18 ++++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 9ca7b47..51ae60f 100644
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,5 +1,10 @@
 2015-05-17  Mark Wielaard  <mjw@redhat.com>
 
+	* eblobjnote.c (ebl_object_note): If allocation buf is large, then
+	allocate it with malloc.
+
+2015-05-17  Mark Wielaard  <mjw@redhat.com>
+
 	* eblopenbackend.c (MAX_PREFIX_LEN): New define (16).
 	(openbackend): Stack allocate symname array using MAX_PREFIX_LEN.
 
diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
index d1fe821..c483b1d 100644
--- a/libebl/eblobjnote.c
+++ b/libebl/eblobjnote.c
@@ -1,5 +1,5 @@
 /* Print contents of object file note.
-   Copyright (C) 2002, 2007, 2009, 2011 Red Hat, Inc.
+   Copyright (C) 2002, 2007, 2009, 2011, 2015 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 2002.
 
@@ -33,6 +33,7 @@
 
 #include <inttypes.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <libeblP.h>
 
@@ -165,7 +166,18 @@ ebl_object_note (ebl, name, type, descsz, desc)
 		.d_size = descsz,
 		.d_buf = (void *) desc
 	      };
-	    uint32_t buf[descsz / 4];
+	    /* Normally NT_GNU_ABI_TAG is just 4 words (16 bytes).  If it
+	       is much (4*) larger dynamically allocate memory to convert.  */
+	    uint32_t sbuf[16];
+            uint32_t *buf;
+	    if (descsz / 4 > 16)
+	      {
+	        buf = malloc (descsz);
+		if (buf == NULL)
+		  return;
+	      }
+	    else
+	      buf = sbuf;
 	    Elf_Data out =
 	      {
 		.d_version = EV_CURRENT,
@@ -209,6 +221,8 @@ ebl_object_note (ebl, name, type, descsz, desc)
 		  }
 		putchar_unlocked ('\n');
 	      }
+	    if (descsz / 4 > 16)
+	      free (buf);
 	    break;
 	  }
 	/* FALLTHROUGH */
-- 
1.8.3.1

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]