From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0BBA7139085 for ; Wed, 1 Feb 2017 23:08:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 64D3E21C206; Wed, 1 Feb 2017 23:08:13 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3434621C206 for ; Wed, 1 Feb 2017 23:08:13 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BD569340EE8 for ; Wed, 1 Feb 2017 23:08:11 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0E4C13DB4 for ; Wed, 1 Feb 2017 23:08:09 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1485977350.4609f57a690b4a5670baeb93167dab5300d07d4e.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: dumpelf.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 4609f57a690b4a5670baeb93167dab5300d07d4e X-VCS-Branch: master Date: Wed, 1 Feb 2017 23:08:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 631418af-ac00-4da0-96b8-f8a3dd39366e X-Archives-Hash: 7f67a2e00436ef71befd8b5b73df39fb commit: 4609f57a690b4a5670baeb93167dab5300d07d4e Author: Mike Frysinger gentoo org> AuthorDate: Wed Feb 1 19:29:10 2017 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Wed Feb 1 19:29:10 2017 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4609f57a dumpelf: check for invalid section entry sizes URL: https://bugs.gentoo.org/607894 Reported-by: Agostino Sarubbo gentoo.org> dumpelf.c | 50 ++++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index 6b2458a..44da3ee 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -413,17 +413,20 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const case SHT_DYNSYM: { \ Elf##B##_Sym *sym = vdata; \ printf("\n\t/%c section dump:\n", '*'); \ - for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \ - printf("\t * Elf%i_Sym sym%zu = {\n", B, i); \ - printf("\t * \t.st_name = %u,\n", (uint32_t)EGET(sym->st_name)); \ - printf("\t * \t.st_value = 0x%"PRIX64",\n", EGET(sym->st_value)); \ - printf("\t * \t.st_size = %"PRIu64", (bytes)\n", EGET(sym->st_size)); \ - printf("\t * \t.st_info = %u,\n", (unsigned char)EGET(sym->st_info)); \ - printf("\t * \t.st_other = %u,\n", (unsigned char)EGET(sym->st_other)); \ - printf("\t * \t.st_shndx = %u\n", (uint16_t)EGET(sym->st_shndx)); \ - printf("\t * };\n"); \ - ++sym; \ - } \ + if (EGET(shdr->sh_entsize) < sizeof(*sym)) \ + printf(" /* corrupt section ! */ "); \ + else \ + for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \ + printf("\t * Elf%i_Sym sym%zu = {\n", B, i); \ + printf("\t * \t.st_name = %u,\n", (uint32_t)EGET(sym->st_name)); \ + printf("\t * \t.st_value = 0x%"PRIX64",\n", EGET(sym->st_value)); \ + printf("\t * \t.st_size = %"PRIu64", (bytes)\n", EGET(sym->st_size)); \ + printf("\t * \t.st_info = %u,\n", (unsigned char)EGET(sym->st_info)); \ + printf("\t * \t.st_other = %u,\n", (unsigned char)EGET(sym->st_other)); \ + printf("\t * \t.st_shndx = %u\n", (uint16_t)EGET(sym->st_shndx)); \ + printf("\t * };\n"); \ + ++sym; \ + } \ printf("\t */\n"); \ break; \ } \ @@ -433,17 +436,20 @@ static void dump_shdr(elfobj *elf, const void *shdr_void, size_t shdr_cnt, const case SHT_GNU_LIBLIST: { \ Elf##B##_Lib *lib = vdata; \ printf("\n\t/%c section dump:\n", '*'); \ - for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \ - printf("\t * Elf%i_Lib lib%zu = {\n", B, i); \ - printf("\t * \t.l_name = %"PRIu64",\n", EGET(lib->l_name)); \ - printf("\t * \t.l_time_stamp = 0x%"PRIX64", (%s)\n", \ - EGET(lib->l_time_stamp), timestamp(EGET(lib->l_time_stamp))); \ - printf("\t * \t.l_checksum = 0x%"PRIX64",\n", EGET(lib->l_checksum)); \ - printf("\t * \t.l_version = %"PRIu64",\n", EGET(lib->l_version)); \ - printf("\t * \t.l_flags = 0x%"PRIX64"\n", EGET(lib->l_flags)); \ - printf("\t * };\n"); \ - ++lib; \ - } \ + if (EGET(shdr->sh_entsize) < sizeof(*lib)) \ + printf(" /* corrupt section ! */ "); \ + else \ + for (i = 0; i < EGET(shdr->sh_size) / EGET(shdr->sh_entsize); ++i) { \ + printf("\t * Elf%i_Lib lib%zu = {\n", B, i); \ + printf("\t * \t.l_name = %"PRIu64",\n", EGET(lib->l_name)); \ + printf("\t * \t.l_time_stamp = 0x%"PRIX64", (%s)\n", \ + EGET(lib->l_time_stamp), timestamp(EGET(lib->l_time_stamp))); \ + printf("\t * \t.l_checksum = 0x%"PRIX64",\n", EGET(lib->l_checksum)); \ + printf("\t * \t.l_version = %"PRIu64",\n", EGET(lib->l_version)); \ + printf("\t * \t.l_flags = 0x%"PRIX64"\n", EGET(lib->l_flags)); \ + printf("\t * };\n"); \ + ++lib; \ + } \ printf("\t */\n"); \ } \ default: { \