On Fri, 27 Mar 2020 at 09:50, Alex Bennée <alex.ben...@linaro.org> wrote:
>
> It's perfectly possible to have no function symbols in your elf file
> and if we do the undefined behaviour sanitizer rightly complains about
> us passing NULL to qsort. Check nsyms before we go ahead.
>
> Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
> ---
> include/hw/elf_ops.h | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
> index a1411bfcab6..b5d4074d1e3 100644
> --- a/include/hw/elf_ops.h
> +++ b/include/hw/elf_ops.h
> @@ -170,8 +170,13 @@ static int glue(load_symbols, SZ)(struct elfhdr *ehdr,
> int fd, int must_swab,
> }
> i++;
> }
> - syms = g_realloc(syms, nsyms * sizeof(*syms));
>
> + /* check we have symbols left */
> + if (nsyms == 0) {
> + goto fail;
> + }
> +
> + syms = g_realloc(syms, nsyms * sizeof(*syms));
> qsort(syms, nsyms, sizeof(*syms), glue(symcmp, SZ));
> for (i = 0; i < nsyms - 1; i++) {
> if (syms[i].st_size == 0) {
If "ELF file has no symbols" is valid, it's a bit odd for
load_symbols to report it as a failure by returning -1.
This only works because load_elf (the only caller) just
ignores the return value entirely. OTOH I suppose you
could argue that we can just ignore any oddity in the
attempt to load symbols (eg bogus/malformad symtab section).
If so, we should probably drop the return value from
load_symbols().
thanks
-- PMM
