From: Mark Wielaard Date: Tue, 12 May 2015 13:16:35 +0000 (+0200) Subject: libelf: Make sure shdrs are valid before storing extended phnum in newphdr. X-Git-Tag: elfutils-0.162~60 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=458027d294ac6e8a8678d9fd0f96759d7196ae2b;p=thirdparty%2Felfutils.git libelf: Make sure shdrs are valid before storing extended phnum in newphdr. Creating phdr with more than PN_XNUM phnum requires a valid section zero shdr to store the extended value. Make sure the shdrs are valid. Also fix the error when count was too big to store by setting ELF_E_INVALID_INDEX before failing. Signed-off-by: Mark Wielaard --- diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 312d5cfb0..a7983a0ad 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,9 @@ +2015-05-12 Mark Wielaard + + * elf32_newphdr.c (newphdr): Call __libelf_seterrno with + ELF_E_INVALID_INDEX before failing. Check whether section zero shdr + actually exists if we need to put extended phnum in section zero. + 2015-05-08 Mark Wielaard * nlist.c (nlist): Call gelf_fsize with EV_CURRENT. diff --git a/libelf/elf32_newphdr.c b/libelf/elf32_newphdr.c index 01038e733..f89153b46 100644 --- a/libelf/elf32_newphdr.c +++ b/libelf/elf32_newphdr.c @@ -116,6 +116,17 @@ elfw2(LIBELFBITS,newphdr) (elf, count) { if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr)))) { + __libelf_seterrno (ELF_E_INVALID_INDEX); + result = NULL; + goto out; + } + + Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0]; + if (unlikely (count >= PN_XNUM && scn0->shdr.ELFW(e,LIBELFBITS) == NULL)) + { + /* Something is wrong with section zero, but we need it to write + the extended phdr count. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); result = NULL; goto out; } @@ -134,7 +145,6 @@ elfw2(LIBELFBITS,newphdr) (elf, count) if (count >= PN_XNUM) { /* We have to write COUNT into the zeroth section's sh_info. */ - Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0]; if (elf->state.ELFW(elf,LIBELFBITS).scns.cnt == 0) { assert (elf->state.ELFW(elf,LIBELFBITS).scns.max > 0);