From patchwork Fri Jul 12 23:37:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ren Kimura X-Patchwork-Id: 1131532 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-505040-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="D01fCWnj"; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="vHalRAxn"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45lq9R2H5rz9sNF for ; Sat, 13 Jul 2019 09:37:58 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version :content-transfer-encoding; q=dns; s=default; b=vB+liFMQuJbFiqiW wKvPx8CXtk1hp6vARR400kts7/zvRNnSEaUDNOibCTHiD88X1D1dN5TW31hW+Bry 6fXq/7LG+Zrn9EhVlqNK0VHQWeEje2aGjXRO4wb7vQqAfslpXxautIThwR4og4Oc vNGYnImHuX4ZTkh5Hu/HS7WxyP8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version :content-transfer-encoding; s=default; bh=P529w/ux8iVFyY9fXN93DO YAnEk=; b=D01fCWnjWkeAdIvYRayZxijM9Mz3vyDp/8Z/E0vGwEbAJJmL0qjjFP Lj8zzMlMKctz4uDLjANgn/TA4Z3dvV3/qPz7PpaqMcWhXLFuLrtXGdFMD7jHlOOe BVjngZSsYrB0sPQQqWVrpW2rQjMFsNo9bQxAUPEIQOqEx5NX9OjFk= Received: (qmail 57235 invoked by alias); 12 Jul 2019 23:37:51 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 57223 invoked by uid 89); 12 Jul 2019 23:37:51 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:1091, HContent-Transfer-Encoding:8bit X-HELO: mail-qk1-f193.google.com Received: from mail-qk1-f193.google.com (HELO mail-qk1-f193.google.com) (209.85.222.193) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 12 Jul 2019 23:37:49 +0000 Received: by mail-qk1-f193.google.com with SMTP id w190so7723535qkc.6; Fri, 12 Jul 2019 16:37:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=GRzNO0PhnOEvi/+0e5wStaDoGgRg4ja4s5L32+1kU8Y=; b=vHalRAxnp8+guwSiy6Qecw0T0En53rATOUwWuUKpOQk03xlMi5r9rWO7UXjAU3VZSm p7YnY8rhFDrjDv+/FmXXYihP8WIEOQakIItQ5oRSZGpItBWLGavLdEzYMJzAwdBggjCY W9Z+t1jFCVPVvA0lo32H9fet3yDYUc5eb5sAedM7mRr/rQZdruTN9COw/PVNchsY1yvA I2FJw8melPGkyagEod+u9XSukpgwOlKY9YfKu3YUOOJnLTT52nFRmqyk6uPNq0gMRiwC cAGAXAhV3FdjDncoN56tU+qFMMsymIfNXRv10+RTESGzh9n4cJu+MvZlxdJTSpoxKjUc xvOQ== Received: from AuroraR8-EB5C.WV.CC.CMU.EDU (AURORAR8-0D73.WV.CC.CMU.EDU. [128.237.251.117]) by smtp.gmail.com with ESMTPSA id p32sm4964065qtb.67.2019.07.12.16.37.47 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 12 Jul 2019 16:37:47 -0700 (PDT) From: Ren Kimura To: marxin@gcc.gnu.org Cc: iant@golang.org, gcc-patches@gcc.gnu.org, Ren Kimura Subject: [PATCH v2] libiberty: Check zero value shstrndx in simple-object-elf.c Date: Fri, 12 Jul 2019 19:37:40 -0400 Message-Id: <20190712233741.23276-1-rkx1209dev@gmail.com> MIME-Version: 1.0 This patch fixes a Bug 90924. simple_object_elf functions don't load section table 0 of ELF file, which is not a useful. However If e_shstrndx in ELF header points to a section table 0 (i.e. e_shstrndx == 0), a calculation of offset to string section table causes integer overflow at every line "(eor->shstrndx - 1)". A result becomes negative value (unsigned int)-1 and causes memory corruption. Signed-off-by: Ren Kimura --- libiberty/simple-object-elf.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c index 22c9ae7ed2d..9c561632bc5 100644 --- a/libiberty/simple-object-elf.c +++ b/libiberty/simple-object-elf.c @@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN], XDELETE (eor); return NULL; } - + + if (eor->shstrndx == 0) + { + *errmsg = "invalid ELF shstrndx == 0"; + *err = 0; + XDELETE (eor); + return NULL; + } + return (void *) eor; }