This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] libelf: find 1st section instead of assuming


When getting section headers it is assumed that the first section
is on the first section list. However, it is possible that the
first section list only contains the zeroth section, in which
case either illegal memory access occurs or elf_nextscn()
erroneously returns NULL.

With this patch, checks are added to avoid the illegal memory
access and (if available) the second section list is looked at
to find the first section.

Signed-off-by: John Ogness <john.ogness@linutronix.de>
---
 libelf/elf32_updatenull.c | 11 +++++++++--
 libelf/elf_nextscn.c      | 38 +++++++++++++++++---------------------
 2 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c
index 03de032..7507062 100644
--- a/libelf/elf32_updatenull.c
+++ b/libelf/elf32_updatenull.c
@@ -180,6 +180,7 @@ __elfw2(LIBELFBITS,updatenull_wrlock) (Elf *elf, int *change_bop, size_t shnum)
 
   if (shnum > 0)
     {
+      struct Elf_Scn *scn1 = NULL;
       Elf_ScnList *list;
       bool first = true;
 
@@ -198,10 +199,16 @@ __elfw2(LIBELFBITS,updatenull_wrlock) (Elf *elf, int *change_bop, size_t shnum)
       /* Go over all sections and find out how large they are.  */
       list = &elf->state.ELFW(elf,LIBELFBITS).scns;
 
+      /* Find the first section. */
+      if (list->cnt > 1)
+	scn1 = &list->data[1];
+      else if (list->next != NULL)
+	scn1 = &list->next->data[0];
+
       /* Load the section headers if necessary.  This loads the
 	 headers for all sections.  */
-      if (list->data[1].shdr.ELFW(e,LIBELFBITS) == NULL)
-	(void) __elfw2(LIBELFBITS,getshdr_wrlock) (&list->data[1]);
+      if (scn1 != NULL && scn1->shdr.ELFW(e,LIBELFBITS) == NULL)
+	(void) __elfw2(LIBELFBITS,getshdr_wrlock) (scn1);
 
       do
 	{
diff --git a/libelf/elf_nextscn.c b/libelf/elf_nextscn.c
index 62cb891..d2f3e7c 100644
--- a/libelf/elf_nextscn.c
+++ b/libelf/elf_nextscn.c
@@ -41,6 +41,7 @@
 Elf_Scn *
 elf_nextscn (Elf *elf, Elf_Scn *scn)
 {
+  Elf_ScnList *list;
   Elf_Scn *result = NULL;
 
   if (elf == NULL)
@@ -50,34 +51,29 @@ elf_nextscn (Elf *elf, Elf_Scn *scn)
 
   if (scn == NULL)
     {
-      /* If no section handle is given return the first (not 0th) section.  */
+      /* If no section handle is given return the first (not 0th) section.
+	 Set scn to the 0th section and perform nextscn.  */
       if (elf->class == ELFCLASS32
 	   || (offsetof (Elf, state.elf32.scns)
 	       == offsetof (Elf, state.elf64.scns)))
-	{
-	  if (elf->state.elf32.scns.cnt > 1)
-	    result = &elf->state.elf32.scns.data[1];
-	}
+	list = &elf->state.elf32.scns;
       else
-	{
-	  if (elf->state.elf64.scns.cnt > 1)
-	    result = &elf->state.elf64.scns.data[1];
-	}
+	list = &elf->state.elf64.scns;
+
+      scn = &list->data[0];
     }
   else
+    list = scn->list;
+
+  if (scn + 1 < &list->data[list->cnt])
+    result = scn + 1;
+  else if (scn + 1 == &list->data[list->max]
+	   && (list = list->next) != NULL)
     {
-      Elf_ScnList *list = scn->list;
-
-      if (scn + 1 < &list->data[list->cnt])
-	result = scn + 1;
-      else if (scn + 1 == &list->data[list->max]
-	       && (list = list->next) != NULL)
-	{
-	  /* If there is another element in the section list it must
-	     have at least one entry.  */
-	  assert (list->cnt > 0);
-	  result = &list->data[0];
-	}
+      /* If there is another element in the section list it must
+         have at least one entry.  */
+      assert (list->cnt > 0);
+      result = &list->data[0];
     }
 
   rwlock_unlock (elf->lock);
-- 
2.8.1

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]