diff options
| author | Alan Modra <amodra@gmail.com> | 2022-10-26 17:13:12 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-10-26 17:27:45 +1030 |
| commit | 5dcae8f603b9379ef1c5f59331987322fd4d2126 (patch) | |
| tree | 349aabe392eff8a546a0562e8dd115bfc9f7f082 | |
| parent | 4d664d5711b297ca6666f529e83bb624f587df77 (diff) | |
| download | gdb-5dcae8f603b9379ef1c5f59331987322fd4d2126.zip gdb-5dcae8f603b9379ef1c5f59331987322fd4d2126.tar.gz gdb-5dcae8f603b9379ef1c5f59331987322fd4d2126.tar.bz2 | |
Correct ELF reloc size sanity check
The external reloc size check was wrong. Here asect is the code/data
section, not the reloc section. So using this_hdr gave the size of
the code/data section.
* elf.c (_bfd_elf_get_reloc_upper_bound): Properly get
external size from reloc headers.
| -rw-r--r-- | bfd/elf.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -8708,15 +8708,20 @@ _bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect) if (asect->reloc_count != 0 && !bfd_write_p (abfd)) { /* Sanity check reloc section size. */ - struct bfd_elf_section_data *d = elf_section_data (asect); - Elf_Internal_Shdr *rel_hdr = &d->this_hdr; - bfd_size_type ext_rel_size = rel_hdr->sh_size; ufile_ptr filesize = bfd_get_file_size (abfd); - if (filesize != 0 && ext_rel_size > filesize) + if (filesize != 0) { - bfd_set_error (bfd_error_file_truncated); - return -1; + struct bfd_elf_section_data *d = elf_section_data (asect); + bfd_size_type rel_size = d->rel.hdr ? d->rel.hdr->sh_size : 0; + bfd_size_type rela_size = d->rela.hdr ? d->rela.hdr->sh_size : 0; + + if (rel_size + rela_size > filesize + || rel_size + rela_size < rel_size) + { + bfd_set_error (bfd_error_file_truncated); + return -1; + } } } |