This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[Bug libelf/21199] New: elf_update might "fill" over existing section data
- From: "mark at klomp dot org" <sourceware-bugzilla at sourceware dot org>
- To: elfutils-devel at sourceware dot org
- Date: Fri, 24 Feb 2017 06:15:04 +0000
- Subject: [Bug libelf/21199] New: elf_update might "fill" over existing section data
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21199
Bug ID: 21199
Summary: elf_update might "fill" over existing section data
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libelf
Assignee: unassigned at sourceware dot org
Reporter: mark at klomp dot org
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
When adding or changing data for sections, when there is also existing,
non-dirty, sections then elf_update might write "fill" over some existing data.
This happens if the sections that aren't changed have some extra space between
them. For example because they should be aligned. If two such sections are both
not dirty then the last_position/offset written is not updated correctly. Only
the data d_size of the existing data is added, missing any extra space needed
for e.g. alignment. Then when dirty section data is later written too much
"fill" is written because elf_update thinks there is a larger gap than there
really is. Overwriting existing data.
Proposed patch that always updates the last_position/offset to the start of the
section even if there is no changed/dirty section data:
diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c
index 8dd85d1..7ac9951 100644
--- a/libelf/elf32_updatefile.c
+++ b/libelf/elf32_updatefile.c
@@ -343,9 +343,10 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo,
size_t shnum)
{
fill_mmap (dl->data.d.d_off, last_position, scn_start,
shdr_start, shdr_end);
- last_position = scn_start + dl->data.d.d_off;
}
+ last_position = scn_start + dl->data.d.d_off;
+
if ((scn->flags | dl->flags | elf->flags) & ELF_F_DIRTY)
{
/* Let it go backward if the sections use a bogus
@@ -353,8 +354,6 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo,
size_t shnum)
user's section data with the latest one, rather than
crashing. */
- last_position = scn_start + dl->data.d.d_off;
-
if (unlikely (change_bo))
{
#if EV_NUM != 2
@@ -728,6 +727,8 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf, int change_bo,
size_t shnum)
}
}
+ last_offset = scn_start + dl->data.d.d_off;
+
if ((scn->flags | dl->flags | elf->flags) & ELF_F_DIRTY)
{
char tmpbuf[MAX_TMPBUF];
@@ -738,8 +739,6 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf, int change_bo,
size_t shnum)
user's section data with the latest one, rather than
crashing. */
- last_offset = scn_start + dl->data.d.d_off;
-
if (unlikely (change_bo))
{
#if EV_NUM != 2
--
You are receiving this mail because:
You are on the CC list for the bug.