Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Kai Tietz <ktietz70@googlemail.com>
To: Kai Tietz <ktietz70@googlemail.com>,
	Binutils <binutils@sourceware.org>,
		Nick Clifton <nickc@redhat.com>
Cc: Alan Modra <amodra@gmail.com>
Subject: Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
Date: Thu, 07 Apr 2011 06:15:00 -0000	[thread overview]
Message-ID: <BANLkTinnUe6LhJDrv1GrO458yvL9rn=8TA@mail.gmail.com> (raw)
In-Reply-To: <BANLkTi=DMtBm2a8ZpmRDEKkOgx3=fHVFtA@mail.gmail.com>

2011/4/7 Kai Tietz <ktietz70@googlemail.com>:
> 2011/4/7 Alan Modra <amodra@gmail.com>:
>> On Wed, Apr 06, 2011 at 06:50:15PM +0200, Kai Tietz wrote:
>>> Hello,
>>>
>>> this issue was reported by H. Becker to me.  He found that the code in
>>> peXXigen.c about pdata-section sorting might cause a buffer-overrun
>>> for large pdata-data.  By working in private allocated buffer -
>>> instead of using the pfinfo->contents - avoids this.
>>>
>>> ChangeLog
>>>
>>> 2011-04-06  Kai Tietz
>>>
>>>         * peXXigen.c (_bfd_XXi_final_link_postscripte): Sort pdata in temporary
>>>         buffer.
>>>
>>> Tested for x86_64-w64-mingw32. Ok for apply?
>>>
>>> Regards,
>>> Kai
>>
>>> Index: src/bfd/peXXigen.c
>>> ===================================================================
>>> --- src.orig/bfd/peXXigen.c   2010-12-21 19:33:07.000000000 +0100
>>> +++ src/bfd/peXXigen.c        2011-04-06 18:19:45.945394800 +0200
>>> @@ -2459,14 +2459,22 @@ _bfd_XXi_final_link_postscript (bfd * ab
>>>      if (sec)
>>>        {
>>>       bfd_size_type x = sec->rawsize ? sec->rawsize : sec->size;
>>
>> Since this is an output section, this should just be sec->size I
>> think.  See section.c rawsize comment.
>
> Well, the cause for using here raw_size (I will look into section.c to
> read the comment there9 was that we need to sort without alignment. As
> it is an output-section, its size might be padded already with
> alignment fill, which shouldn't be sorted.  But you might be right
> here that size is suitable.

Hmm, not sure. I think it makes sense to check here for raw_size. In
section.c the member size has the following documentation: "The size
of the section in octets, as it will be output. Contains a value even
if the section has no contents (e.g., the size of <<.bss>>). )".
And the rawsize memember has for output-sections the following
definition: "For output sections, rawsize holds the  section size
calculated on a previous linker relaxation pass.", which seems to be
the thing we need. It might be a way to allocate section's size, but
then sort only in range of rawsize, but not sure if this is necessary,
as on output the section alignment get applied again, isn't it?

Kai

next prev parent reply	other threads:[~2011-04-07  6:15 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-06 16:50 Kai Tietz
2011-04-06 21:55 ` h.becker
2011-04-07  1:09 ` Alan Modra
2011-04-07  5:55   ` Kai Tietz
2011-04-07  6:15     ` Kai Tietz [this message]
2011-04-07  8:52       ` Alan Modra
2011-04-07 14:31         ` Kai Tietz
2011-04-09  4:40           ` Alan Modra
2011-04-09  9:50             ` Kai Tietz
     [not found]               ` <20110409131155.GH19002@bubble.grove.modra.org>
     [not found]                 ` <BANLkTikediRDiabar9P0k526O4Pyy_qWSQ@mail.gmail.com>
     [not found]                   ` <20110409140103.GI19002@bubble.grove.modra.org>
2011-04-09 16:07                     ` Kai Tietz
2011-04-11  4:08         ` rawsize and output sections Alan Modra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='BANLkTinnUe6LhJDrv1GrO458yvL9rn=8TA@mail.gmail.com' \
    --to=ktietz70@googlemail.com \
    --cc=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    --cc=nickc@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).