elflint: Use Use Elf64_Word for shdr->sh_info cnt.

On 32bit using int might overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c31

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/src/ChangeLog b/src/ChangeLog
index 486f20f1b4c28a46006b0aebc11efb8e4472939f..93f4aba24c5dcb80a570c16ec9a6f31edd014dae 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -2,6 +2,8 @@
 
        * elflint.c (check_gnu_hash): Return early when 2nd hash function
        shift too big.
+       (check_verdef): Use Elf64_Word for shdr->sh_info cnt.
+       (check_verneed): Likewise.
 
 2015-05-05  Mark Wielaard  <mjw@redhat.com>
 

diff --git a/src/elflint.c b/src/elflint.c
index 3abda7186f3ac721494b908c4168bc1a4942bb6c..4e5364603f9975caa2393c5c1994cfc21decc059 100644 (file)
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -3037,8 +3037,10 @@ section [%2d] '%s': sh_link does not link to string table\n"),
       return;
     }
   unsigned int offset = 0;
-  for (int cnt = shdr->sh_info; --cnt >= 0; )
+  for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
     {
+      cnt--;
+
       /* Get the data at the next offset.  */
       GElf_Verneed needmem;
       GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
@@ -3196,8 +3198,10 @@ section [%2d] '%s': sh_link does not link to string table\n"),
 
   bool has_base = false;
   unsigned int offset = 0;
-  for (int cnt = shdr->sh_info; --cnt >= 0; )
+  for (Elf64_Word cnt = shdr->sh_info; cnt > 0; )
     {
+      cnt--;
+
       /* Get the data at the next offset.  */
       GElf_Verdef defmem;
       GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);