On Sat, Dec 27, 2014 at 04:31:14AM +0300, Alexander Cherepanov wrote:
> On 2014-12-27 01:00, Mark Wielaard wrote:
> >diff --git a/src/strings.c b/src/strings.c
> >index f60e4b4..d1eb7b2 100644
> >--- a/src/strings.c
> >+++ b/src/strings.c
> >@@ -725,8 +725,21 @@ read_elf (Elf *elf, int fd, const char *fname, off64_t
> >fdlen)
> > actually have content. */
> > if (shdr != NULL && shdr->sh_type != SHT_NOBITS
> > && (shdr->sh_flags & SHF_ALLOC) != 0)
> >- result |= read_block (fd, fname, fdlen, shdr->sh_offset,
> >- shdr->sh_offset + shdr->sh_size);
> >+ {
> >+ if (shdr->sh_offset > fdlen
> >+ || fdlen - shdr->sh_offset < shdr->sh_size)
> >+ {
>
> It fails to build for me:
>
> strings.c: In function 'read_elf':
> strings.c:729:24: error: comparison between signed and unsigned integer
> expressions [-Werror=sign-compare]
> if (shdr->sh_offset > fdlen
The compiler is correct. sh_offset is an unsigned Elf64_Off and fdlen is
a signed off64_t. But just before we already checked fdlen >= 0, so we
can just cast it to Elf64_Off safely for this comparison. As attached.
Thanks,
Mark
>From 37497cb28139057a5413f9592b6ceb3a06c41482 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <[email protected]>
Date: Fri, 26 Dec 2014 22:57:00 +0100
Subject: [PATCH] strings: Produce error when section data falls outside file.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810
Reported-by: Alexander Cherepanov <[email protected]>
Signed-off-by: Mark Wielaard <[email protected]>
---
src/ChangeLog | 5 +++++
src/strings.c | 17 +++++++++++++++--
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 904b3c9..66d6270 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,10 @@
2014-12-26 Mark Wielaard <[email protected]>
+ * strings.c (read_elf): Produce error when section data falls outside
+ file.
+
+2014-12-26 Mark Wielaard <[email protected]>
+
* nm.c (show_symbols): Guard against divide by zero in error check.
Add section index number in error message.
diff --git a/src/strings.c b/src/strings.c
index f60e4b4..b2bce7b 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -725,8 +725,21 @@ read_elf (Elf *elf, int fd, const char *fname, off64_t
fdlen)
actually have content. */
if (shdr != NULL && shdr->sh_type != SHT_NOBITS
&& (shdr->sh_flags & SHF_ALLOC) != 0)
- result |= read_block (fd, fname, fdlen, shdr->sh_offset,
- shdr->sh_offset + shdr->sh_size);
+ {
+ if (shdr->sh_offset > (Elf64_Off) fdlen
+ || fdlen - shdr->sh_offset < shdr->sh_size)
+ {
+ size_t strndx = 0;
+ elf_getshdrstrndx (elf, &strndx);
+ error (0, 0,
+ gettext ("Skipping section %zd '%s' data outside file"),
+ elf_ndxscn (scn), elf_strptr (elf, strndx, shdr->sh_name));
+ result = 1;
+ }
+ else
+ result |= read_block (fd, fname, fdlen, shdr->sh_offset,
+ shdr->sh_offset + shdr->sh_size);
+ }
}
while ((scn = elf_nextscn (elf, scn)) != NULL);
--
2.1.0
