Created attachment 8438 [details] Patch to fix the bug readelf does not show the last entries in .dynamic section under the following conditions: - readelf is built for a target with 64-bit pointers - readelf input is a binary built for a target with 32-bit pointer - .dynamic section size exactly equals to number of entries * 4-byte The problem is in the following code from the get_32bit_dynamic_section function. Suppose the last two entries in the .dynamic section is DT_PLTGOT and DT_NULL. They both occupy 16 bytes. On 64-bit host the size of Elf_Internal_Dyn is 16 bytes so the readelf stops iterating too early and misses the DT_PLTGOT entry. Attached patch fixes the bug. Elf32_External_Dyn * edyn; Elf32_External_Dyn * ext; Elf_Internal_Dyn * entry; ... for (ext = edyn, dynamic_nent = 0; (char *) ext < (char *) edyn + dynamic_size - sizeof (* entry); ext++) {
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=53c3012ccc25ecfc4fa1f52e341e19b30d1e57db commit 53c3012ccc25ecfc4fa1f52e341e19b30d1e57db Author: Alan Modra <amodra@gmail.com> Date: Fri Jul 17 00:13:22 2015 +0930 Correct readelf dynamic section buffer overlow test PR binutils/18672 * readelf.c (get_32bit_dynamic_section): Correct buffer limit test. (get_64bit_dynamic_section): Likewise.
The binutils-2_25-branch branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bba0ea53ab18d34511045416cdfa20c8151a49bd commit bba0ea53ab18d34511045416cdfa20c8151a49bd Author: Alan Modra <amodra@gmail.com> Date: Fri Jul 17 00:13:22 2015 +0930 Correct readelf dynamic section buffer overlow test PR binutils/18672 * readelf.c (get_32bit_dynamic_section): Correct buffer limit test. (get_64bit_dynamic_section): Likewise.
Fixed