This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

RFA: patch to bfd/elfcode.h for improving tolerance of bad ELF files


Hi -

While playing with ELF files produced by buggy tools, I came across
a small bug in bfd/elfcode.h, fixed by the following patch.  Briefly,
if a REL/RELA contains an invalid symbol index, it may be used without
range checking to construct pointers into the bfd symbols[] array.
That in turn can lead to a SEGV.  The patch adds the range check.

May I commit?

- FChE


2001-06-14  Frank Ch. Eigler  <fche@redhat.com>

	* elfcode.h (elf_slurp_reloc_table_from_section): Detect corrupt
	symbol index in relocation entry.


Index: elfcode.h
===================================================================
RCS file: /cvs/src/src/bfd/elfcode.h,v
retrieving revision 1.19
diff -u -1 -0 -r1.19 elfcode.h
--- elfcode.h	2001/05/23 08:23:27	1.19
+++ elfcode.h	2001/06/14 19:31:18
@@ -1307,20 +1307,27 @@
 	 file, and absolute for an executable file or shared library.
 	 The address of a normal BFD reloc is always section relative,
 	 and the address of a dynamic reloc is absolute..  */
       if ((abfd->flags & (EXEC_P | DYNAMIC)) == 0 || dynamic)
 	relent->address = rela.r_offset;
       else
 	relent->address = rela.r_offset - asect->vma;
 
       if (ELF_R_SYM (rela.r_info) == 0)
 	relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+      else if (ELF_R_SYM (rela.r_info) >= bfd_get_symcount (abfd))
+	{
+	  (* _bfd_error_handler)
+	    (_("warning: relocation %d corrupt: points to invalid symbol index %d"),
+	     i, ELF_R_SYM (rela.r_info));
+	  goto error_return;
+	}
       else
 	{
 	  asymbol **ps, *s;
 
 	  ps = symbols + ELF_R_SYM (rela.r_info) - 1;
 	  s = *ps;
 
 	  /* Canonicalize ELF section symbols.  FIXME: Why?  */
 	  if ((s->flags & BSF_SECTION_SYM) == 0)
 	    relent->sym_ptr_ptr = ps;


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]