x86: Check for valid PLT section size

Update x86 get_synthetic_symtab to check for valid PLT section size
before examining PLT section contents.

	PR binutils/22018
	* elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
	PLT section size.
	* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.

(cherry picked from commit 90efb6422939ca031804266fba669f77c22a274a)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fc93decfae52648be15981494862c93c724d7d3c..a78e8192aeb8a32a94b110a4df77df88bf360385 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-09-09  H.J. Lu  <hongjiu.lu@intel.com>
+
+       PR binutils/22018
+       * elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
+       PLT section size.
+       * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
+
 2017-09-05  Nick Clifton  <nickc@redhat.com>
 
        Import from mainline:

diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index c123f122c30305f8b0ffbee1fac8b5eb565f2dc4..00a639791305467ad3e81fcf61426b33d0959c93 100644 (file)
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -6372,7 +6372,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
   for (j = 0; plts[j].name != NULL; j++)
     {
       plt = bfd_get_section_by_name (abfd, plts[j].name);
-      if (plt == NULL)
+      if (plt == NULL || plt->size == 0)
        continue;
 
       /* Get the PLT section contents.  */
@@ -6388,7 +6388,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
 
       /* Check what kind of PLT it is.  */
       plt_type = plt_unknown;
-      if (plts[j].type == plt_unknown)
+      if (plts[j].type == plt_unknown
+         && (plt->size >= (lazy_plt->plt0_entry_size
+                           + lazy_plt->plt_entry_size)))
        {
          /* Match lazy PLT first.  */
          if (memcmp (plt_contents, lazy_plt->plt0_entry,
@@ -6397,7 +6399,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
              /* The fist entry in the lazy IBT PLT is the same as the
                 normal lazy PLT.  */
              if (lazy_ibt_plt != NULL
-                 && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+                 && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
                              lazy_ibt_plt->plt_entry,
                              lazy_ibt_plt->plt_got_offset) == 0))
                plt_type = plt_lazy | plt_second;
@@ -6410,7 +6412,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
              /* The fist entry in the PIC lazy IBT PLT is the same as
                 the normal PIC lazy PLT.  */
              if (lazy_ibt_plt != NULL
-                 && (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
+                 && (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
                              lazy_ibt_plt->pic_plt_entry,
                              lazy_ibt_plt->plt_got_offset) == 0))
                plt_type = plt_lazy | plt_pic | plt_second;
@@ -6420,7 +6422,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
        }
 
       if (non_lazy_plt != NULL
-         && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+         && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+         && plt->size >= non_lazy_plt->plt_entry_size)
        {
          /* Match non-lazy PLT.  */
          if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6432,7 +6435,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
        }
 
       if ((non_lazy_ibt_plt != NULL)
-         && (plt_type == plt_unknown || plt_type == plt_second))
+         && (plt_type == plt_unknown || plt_type == plt_second)
+         && plt->size >= non_lazy_ibt_plt->plt_entry_size)
        {
          if (memcmp (plt_contents,
                      non_lazy_ibt_plt->plt_entry,
@@ -6490,6 +6494,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
        got_addr = (bfd_vma) -1;
     }
 
+  if (count == 0)
+    return -1;
+
   size = count * sizeof (asymbol);
   s = *ret = (asymbol *) bfd_zmalloc (size);
   if (s == NULL)

diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index c59b8c015bdf0261f68fcd37b7b3baebe3210246..6bc1898a966bf2e842ac02cc4af55ccfc5cc8232 100644 (file)
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -6752,7 +6752,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
   for (j = 0; plts[j].name != NULL; j++)
     {
       plt = bfd_get_section_by_name (abfd, plts[j].name);
-      if (plt == NULL)
+      if (plt == NULL || plt->size == 0)
        continue;
 
       /* Get the PLT section contents.  */
@@ -6768,7 +6768,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
 
       /* Check what kind of PLT it is.  */
       plt_type = plt_unknown;
-      if (plts[j].type == plt_unknown)
+      if (plts[j].type == plt_unknown
+         && (plt->size >= (lazy_plt->plt_entry_size
+                           + lazy_plt->plt_entry_size)))
        {
          /* Match lazy PLT first.  Need to check the first two
             instructions.   */
@@ -6796,7 +6798,8 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
        }
 
       if (non_lazy_plt != NULL
-         && (plt_type == plt_unknown || plt_type == plt_non_lazy))
+         && (plt_type == plt_unknown || plt_type == plt_non_lazy)
+         && plt->size >= non_lazy_plt->plt_entry_size)
        {
          /* Match non-lazy PLT.  */
          if (memcmp (plt_contents, non_lazy_plt->plt_entry,
@@ -6807,6 +6810,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
       if (plt_type == plt_unknown || plt_type == plt_second)
        {
          if (non_lazy_bnd_plt != NULL
+             && plt->size >= non_lazy_bnd_plt->plt_entry_size
              && (memcmp (plt_contents, non_lazy_bnd_plt->plt_entry,
                          non_lazy_bnd_plt->plt_got_offset) == 0))
            {
@@ -6815,6 +6819,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
              non_lazy_plt = non_lazy_bnd_plt;
            }
          else if (non_lazy_ibt_plt != NULL
+                  && plt->size >= non_lazy_ibt_plt->plt_entry_size
                   && (memcmp (plt_contents,
                               non_lazy_ibt_plt->plt_entry,
                               non_lazy_ibt_plt->plt_got_offset) == 0))
@@ -6860,6 +6865,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
       plts[j].contents = plt_contents;
     }
 
+  if (count == 0)
+    return -1;
+
   size = count * sizeof (asymbol);
   s = *ret = (asymbol *) bfd_zmalloc (size);
   if (s == NULL)