From: Mark Wielaard Date: Sun, 17 May 2015 18:07:56 +0000 (+0200) Subject: libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG. X-Git-Tag: elfutils-0.162~44 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=390dd3d21c5b92dda139da744edae7093d70fc9b;p=thirdparty%2Felfutils.git libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG. Normally an NT_GNU_ABI_TAG is large, just 4 words (16 bytes). Only use stack allocated conversion buf for small (max 16 words) notes. Signed-off-by: Mark Wielaard --- diff --git a/libebl/ChangeLog b/libebl/ChangeLog index 9ca7b47fa..51ae60f2b 100644 --- a/libebl/ChangeLog +++ b/libebl/ChangeLog @@ -1,3 +1,8 @@ +2015-05-17 Mark Wielaard + + * eblobjnote.c (ebl_object_note): If allocation buf is large, then + allocate it with malloc. + 2015-05-17 Mark Wielaard * eblopenbackend.c (MAX_PREFIX_LEN): New define (16). diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c index d1fe8210c..b9bf1c0b9 100644 --- a/libebl/eblobjnote.c +++ b/libebl/eblobjnote.c @@ -1,5 +1,5 @@ /* Print contents of object file note. - Copyright (C) 2002, 2007, 2009, 2011 Red Hat, Inc. + Copyright (C) 2002, 2007, 2009, 2011, 2015 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper , 2002. @@ -33,6 +33,7 @@ #include #include +#include #include #include @@ -165,7 +166,19 @@ ebl_object_note (ebl, name, type, descsz, desc) .d_size = descsz, .d_buf = (void *) desc }; - uint32_t buf[descsz / 4]; + /* Normally NT_GNU_ABI_TAG is just 4 words (16 bytes). If it + is much (4*) larger dynamically allocate memory to convert. */ +#define FIXED_TAG_BYTES 16 + uint32_t sbuf[FIXED_TAG_BYTES]; + uint32_t *buf; + if (unlikely (descsz / 4 > FIXED_TAG_BYTES)) + { + buf = malloc (descsz); + if (unlikely (buf == NULL)) + return; + } + else + buf = sbuf; Elf_Data out = { .d_version = EV_CURRENT, @@ -209,6 +222,8 @@ ebl_object_note (ebl, name, type, descsz, desc) } putchar_unlocked ('\n'); } + if (descsz / 4 > FIXED_TAG_BYTES) + free (buf); break; } /* FALLTHROUGH */