This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PATCH: Check number of sections overflow
- From: "H.J. Lu" <hongjiu dot lu at intel dot com>
- To: binutils at sourceware dot org
- Date: Tue, 3 Jul 2012 11:36:21 -0700
- Subject: PATCH: Check number of sections overflow
- Reply-to: "H.J. Lu" <hjl dot tools at gmail dot com>
Hi,
SHN_LORESERVE is defined as
#define SHN_LORESERVE 0xFF00
externally and defined as
#define SHN_LORESERVE (-0x100u)
internally. It may overflow when number of sections >= (-0x100u). It
is very unlikely to happen sine -0x100u is 0xffffff00. This patch
adds a check just in case. OK to install?
Thanks.
H.J.
---
2008-03-12 H.J. Lu <hongjiu.lu@intel.com>
* elf.c (assign_section_numbers): Check if number of sections
>= SHN_LORESERVE.
* elfcode.h (elf_object_p): Likewise.
--- bfd/elf.c.64k 2008-03-12 12:32:53.000000000 -0700
+++ bfd/elf.c 2008-03-12 14:06:17.000000000 -0700
@@ -2831,6 +2831,13 @@ assign_section_numbers (bfd *abfd, struc
_bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name);
}
+ if (section_number >= SHN_LORESERVE)
+ {
+ _bfd_error_handler (_("%B: too many sections: %u"),
+ abfd, section_number);
+ return FALSE;
+ }
+
_bfd_elf_strtab_finalize (elf_shstrtab (abfd));
t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd));
--- bfd/elfcode.h.64k 2008-03-12 12:32:05.000000000 -0700
+++ bfd/elfcode.h 2008-03-12 15:30:51.000000000 -0700
@@ -684,8 +684,14 @@ elf_object_p (bfd *abfd)
if (i_ehdrp->e_shnum == SHN_UNDEF)
{
i_ehdrp->e_shnum = i_shdr.sh_size;
- if (i_ehdrp->e_shnum != i_shdr.sh_size
- || i_ehdrp->e_shnum == 0)
+ if (i_ehdrp->e_shnum >= SHN_LORESERVE)
+ {
+ _bfd_error_handler (_("%B: too many sections: %u"),
+ abfd, i_ehdrp->e_shnum);
+ abort ();
+ }
+ else if (i_ehdrp->e_shnum != i_shdr.sh_size
+ || i_ehdrp->e_shnum == 0)
goto got_wrong_format_error;
}