From: Mark Wielaard Date: Tue, 13 Oct 2015 14:02:10 +0000 (+0200) Subject: elflint: Check relro flags are a subset of the load segment. X-Git-Tag: elfutils-0.164~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9be1434ff0a4ce9ebe80fcda5c6a9891904b26e;p=thirdparty%2Felfutils.git elflint: Check relro flags are a subset of the load segment. If the RELRO segment doesn't fully overlap with the load segment then the load segment might have more flags sets. This happens for example on sparc when the .plt, which is executable, is also part of the load segment that RELRO covers. Signed-off-by: Mark Wielaard --- diff --git a/src/ChangeLog b/src/ChangeLog index 796878f8e..8ba253977 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2015-10-13 Mark Wielaard + + * elflint.c (check_program_header): Check relro flags are a subset + of the load segment if they don't fully overlap. + 2015-10-07 Mark Wielaard * Makefile.am (ldlex_no_Wstack_usage): New. diff --git a/src/elflint.c b/src/elflint.c index fac457ea6..63192bbd0 100644 --- a/src/elflint.c +++ b/src/elflint.c @@ -4459,10 +4459,26 @@ more than one GNU_RELRO entry in program header\n")); if ((phdr2->p_flags & PF_W) == 0) ERROR (gettext ("\ loadable segment GNU_RELRO applies to is not writable\n")); - if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W)) - ERROR (gettext ("\ + /* Unless fully covered, relro flags could be a + subset of the phdrs2 flags. For example the load + segment could also have PF_X set. */ + if (phdr->p_vaddr == phdr2->p_vaddr + && (phdr->p_vaddr + phdr->p_memsz + == phdr2->p_vaddr + phdr2->p_memsz)) + { + if ((phdr2->p_flags & ~PF_W) + != (phdr->p_flags & ~PF_W)) + ERROR (gettext ("\ loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"), - cnt, inner); + cnt, inner); + } + else + { + if ((phdr->p_flags & ~phdr2->p_flags) != 0) + ERROR (gettext ("\ +GNU_RELRO [%u] flags are not a subset of the loadable segment [%u] flags\n"), + inner, cnt); + } break; } }