diff options
author | H.J. Lu <hjl.tools@gmail.com> | 2017-08-28 11:25:58 -0700 |
---|---|---|
committer | H.J. Lu <hjl.tools@gmail.com> | 2017-08-28 11:25:58 -0700 |
commit | 90efb6422939ca031804266fba669f77c22a274a (patch) | |
tree | c1d882c2427b52a20c05e5295b6714d172c05e52 | |
parent | cefdd1cd64f3b67aba1b219547b8f895c22d48ed (diff) | |
download | gdb-90efb6422939ca031804266fba669f77c22a274a.zip gdb-90efb6422939ca031804266fba669f77c22a274a.tar.gz gdb-90efb6422939ca031804266fba669f77c22a274a.tar.bz2 |
x86: Check for valid PLT section size
Update x86 get_synthetic_symtab to check for valid PLT section size
before examining PLT section contents.
PR binutils/22018
* elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
PLT section size.
* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
-rw-r--r-- | bfd/ChangeLog | 7 | ||||
-rw-r--r-- | bfd/elf32-i386.c | 19 | ||||
-rw-r--r-- | bfd/elf64-x86-64.c | 14 |
3 files changed, 31 insertions, 9 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 063253f..419c311 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2017-08-28 H.J. Lu <hongjiu.lu@intel.com> + + PR binutils/22018 + * elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid + PLT section size. + * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. + 2017-08-27 H.J. Lu <hongjiu.lu@intel.com> * elf32-i386.c (elf_i386_link_hash_newfunc): Initialize diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c index 999cd48..05ba2c3 100644 --- a/bfd/elf32-i386.c +++ b/bfd/elf32-i386.c @@ -6362,7 +6362,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd, for (j = 0; plts[j].name != NULL; j++) { plt = bfd_get_section_by_name (abfd, plts[j].name); - if (plt == NULL) + if (plt == NULL || plt->size == 0) continue; /* Get the PLT section contents. */ @@ -6378,7 +6378,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd, /* Check what kind of PLT it is. */ plt_type = plt_unknown; - if (plts[j].type == plt_unknown) + if (plts[j].type == plt_unknown + && (plt->size >= (lazy_plt->plt0_entry_size + + lazy_plt->plt_entry_size))) { /* Match lazy PLT first. */ if (memcmp (plt_contents, lazy_plt->plt0_entry, @@ -6387,7 +6389,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd, /* The fist entry in the lazy IBT PLT is the same as the normal lazy PLT. */ if (lazy_ibt_plt != NULL - && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size, + && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size, lazy_ibt_plt->plt_entry, lazy_ibt_plt->plt_got_offset) == 0)) plt_type = plt_lazy | plt_second; @@ -6400,7 +6402,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd, /* The fist entry in the PIC lazy IBT PLT is the same as the normal PIC lazy PLT. */ if (lazy_ibt_plt != NULL - && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size, + && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size, lazy_ibt_plt->pic_plt_entry, lazy_ibt_plt->plt_got_offset) == 0)) plt_type = plt_lazy | plt_pic | plt_second; @@ -6410,7 +6412,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd, } if (non_lazy_plt != NULL - && (plt_type == plt_unknown || plt_type == plt_non_lazy)) + && (plt_type == plt_unknown || plt_type == plt_non_lazy) + && plt->size >= non_lazy_plt->plt_entry_size) { /* Match non-lazy PLT. */ if (memcmp (plt_contents, non_lazy_plt->plt_entry, @@ -6422,7 +6425,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd, } if ((non_lazy_ibt_plt != NULL) - && (plt_type == plt_unknown || plt_type == plt_second)) + && (plt_type == plt_unknown || plt_type == plt_second) + && plt->size >= non_lazy_ibt_plt->plt_entry_size) { if (memcmp (plt_contents, non_lazy_ibt_plt->plt_entry, @@ -6480,6 +6484,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd, got_addr = (bfd_vma) -1; } + if (count == 0) + return -1; + size = count * sizeof (asymbol); /* Allocate space for @plt suffixes. */ diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c index c9c6dba..25ce295 100644 --- a/bfd/elf64-x86-64.c +++ b/bfd/elf64-x86-64.c @@ -6763,7 +6763,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, for (j = 0; plts[j].name != NULL; j++) { plt = bfd_get_section_by_name (abfd, plts[j].name); - if (plt == NULL) + if (plt == NULL || plt->size == 0) continue; /* Get the PLT section contents. */ @@ -6779,7 +6779,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, /* Check what kind of PLT it is. */ plt_type = plt_unknown; - if (plts[j].type == plt_unknown) + if (plts[j].type == plt_unknown + && (plt->size >= (lazy_plt->plt_entry_size + + lazy_plt->plt_entry_size))) { /* Match lazy PLT first. Need to check the first two instructions. */ @@ -6807,7 +6809,8 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, } if (non_lazy_plt != NULL - && (plt_type == plt_unknown || plt_type == plt_non_lazy)) + && (plt_type == plt_unknown || plt_type == plt_non_lazy) + && plt->size >= non_lazy_plt->plt_entry_size) { /* Match non-lazy PLT. */ if (memcmp (plt_contents, non_lazy_plt->plt_entry, @@ -6818,6 +6821,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, if (plt_type == plt_unknown || plt_type == plt_second) { if (non_lazy_bnd_plt != NULL + && plt->size >= non_lazy_bnd_plt->plt_entry_size && (memcmp (plt_contents, non_lazy_bnd_plt->plt_entry, non_lazy_bnd_plt->plt_got_offset) == 0)) { @@ -6826,6 +6830,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, non_lazy_plt = non_lazy_bnd_plt; } else if (non_lazy_ibt_plt != NULL + && plt->size >= non_lazy_ibt_plt->plt_entry_size && (memcmp (plt_contents, non_lazy_ibt_plt->plt_entry, non_lazy_ibt_plt->plt_got_offset) == 0)) @@ -6871,6 +6876,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd, plts[j].contents = plt_contents; } + if (count == 0) + return -1; + size = count * sizeof (asymbol); /* Allocate space for @plt suffixes. */ |