>>> On 10.10.16 at 18:00, <roger....@citrix.com> wrote:
> --- a/xen/common/libelf/libelf-loader.c
> +++ b/xen/common/libelf/libelf-loader.c
> @@ -174,8 +174,8 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t 
> pstart)
>      /* Space to store the size of the elf image */
>      sz = sizeof(uint32_t);
>  
> -    /* Space for the elf and elf section headers */
> -    sz += elf_uval(elf, elf->ehdr, e_ehsize) +
> +    /* Space for the elf header and elf section headers */
> +    sz += sizeof(elf_ehdr) +
>            ELF_BSDSYM_SECTIONS * elf_uval(elf, elf->ehdr, e_shentsize);

This really should remain consistent: Either you allocate (and later
copy) as much as the respective input fields say, or you use sizeof()
(and then update both e_ehsize and e_shentsize accordingly in the
loaded image). In particular ...

> +    /*
> +     * Load the section headers.
> +     *
> +     * NB: this _must_ be done one by one, and taking the bitness into 
> account,
> +     * so that the guest can treat this as an array of type Elf{32/64}_Shdr.
> +     */
> +    for ( i = 0; i < ELF_BSDSYM_SECTIONS; i++ )
> +    {
> +        rc = elf_load_image(elf, header_base + ehdr_size + shdr_size * i,
> +                            
> ELF_REALPTR2PTRVAL(&header.elf_header.section[i]),
> +                            shdr_size, shdr_size);

... here you may copy more data than there actually is at the source
pointer (which has only sizeof(elf_shdr) bytes).

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to