This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
- From: Ren Kimura <rkx1209dev at gmail dot com>
- To: marxin at gcc dot gnu dot org
- Cc: gcc-patches at gcc dot gnu dot org, Ren Kimura <rkx1209dev at gmail dot com>
- Date: Fri, 12 Jul 2019 18:04:09 -0400
- Subject: [PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c
This patch fixes a Bug 90924.
simple_object_elf functions don't load section table 0 of ELF file, which is not a useful.
However If e_shstrndx in ELF header points to a section table 0 (i.e. e_shstrndx == 0), a calculation of offset to string section table causes integer overflow at every line "(eor->shstrndx - 1)".
A result becomes negative value (unsigned int)-1 and cause memory corruption.
Signed-off-by: Ren Kimura <rkx1209dev@gmail.com>
---
libiberty/simple-object-elf.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/libiberty/simple-object-elf.c b/libiberty/simple-object-elf.c
index 22c9ae7ed2d..33562e4eb18 100644
--- a/libiberty/simple-object-elf.c
+++ b/libiberty/simple-object-elf.c
@@ -548,7 +548,15 @@ simple_object_elf_match (unsigned char header[SIMPLE_OBJECT_MATCH_HEADER_LEN],
XDELETE (eor);
return NULL;
}
-
+
+ if (!eor->shstrndx)
+ {
+ *errmsg = "invalid ELF shstrndx == 0";
+ *err = 0;
+ XDELETE (eor);
+ return NULL;
+ }
+
return (void *) eor;
}
--
2.19.1