From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 40439 invoked by alias); 15 Mar 2019 15:11:41 -0000 Mailing-List: contact dwz-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: dwz-owner@sourceware.org Received: (qmail 40423 invoked by uid 89); 15 Mar 2019 15:11:40 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-26.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: mx1.suse.de X-Virus-Scanned: by amavisd-new at test-mx.suse.de Date: Tue, 01 Jan 2019 00:00:00 -0000 From: Tom de Vries To: dwz@sourceware.org, jakub@redhat.com Subject: [PATCH] Fix potential wrong-code issue in write_dso Message-ID: <20190315151221.GA7938@delia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-SW-Source: 2019-q1/txt/msg00127.txt.bz2 Hi, The function write_dso has the responsibility to update: - the file offset of the sections, and - the file offset of the section header table. It does this in two steps: - it calculates the effects of adding, removing and updating debug sections - it makes sure the file offsets have the required alignment The second step may or may not update the file offsets, but if it does, it requires the entries in the section header table to be in file offset order. However, if the second step does not update the file offsets, no check on section header table order is done, which implies that the first step should be able to handle an unsorted section header table. That is not the case for this update loop: ... for (j = dso->ehdr.e_shstrndx + 1; j < dso->ehdr.e_shnum; ++j) dso->shdr[j].sh_offset += len; ... This loop adds an increase of the size of the section header string table to sections 'after' the section header string table. But the after test here is implemented in terms of order in the section header table, which only works if if the section header table is sorted. Fix this by rewriting the after test in terms of sh_offset: ... for (j = 1; j < dso->ehdr.e_shnum; ++j) if (dso->shdr[j].sh_offset > dso->shdr[dso->ehdr.e_shstrndx].sh_offset) dso->shdr[j].sh_offset += len; ... OK for trunk? Thanks, - Tom Fix potential wrong-code issue in write_dso 2019-03-15 Tom de Vries * dwz.c (write_dso): Make updating of sections after section header string table robust against unsortes section header table. --- dwz.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dwz.c b/dwz.c index 6b6a33e..5672ede 100644 --- a/dwz.c +++ b/dwz.c @@ -10097,8 +10097,10 @@ write_dso (DSO *dso, const char *file, struct stat *st) dso->shdr[dso->ehdr.e_shstrndx].sh_size += len; if (dso->shdr[dso->ehdr.e_shstrndx].sh_offset < min_shoff) min_shoff = dso->shdr[dso->ehdr.e_shstrndx].sh_offset; - for (j = dso->ehdr.e_shstrndx + 1; j < dso->ehdr.e_shnum; ++j) - dso->shdr[j].sh_offset += len; + for (j = 1; j < dso->ehdr.e_shnum; ++j) + if (dso->shdr[j].sh_offset + > dso->shdr[dso->ehdr.e_shstrndx].sh_offset) + dso->shdr[j].sh_offset += len; if (ehdr.e_shoff > dso->shdr[dso->ehdr.e_shstrndx].sh_offset) ehdr.e_shoff += len; shstrtabadd += len;