From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============0331118346314178694=="
MIME-Version: 1.0
From: Mark Wielaard <mjw@redhat.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: [PATCH] unstrip: Fix off by one array access with unstripped_strent.
Date: Wed, 06 Jul 2016 21:43:15 +0200
Message-ID: <1467834195-17924-1-git-send-email-mjw@redhat.com>

--===============0331118346314178694==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

When configuring with --enable-sanitize-undefined the latest GCC found
an array out of bounds access when running the un-strip-strmerge.sh test.
We keep an array of section names. But skipped section zero, since it
didn't have a name. We should however not actually skip the first array
index (zero) when storing and reading the names.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 src/ChangeLog | 5 +++++
 src/unstrip.c | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 21fc7d5..fbe4afc 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2016-07-06  Mark Wielaard  <mjw@redhat.com>
+
+	* unstrip.c (copy_elided_sections): Use unstripped_strent[] from
+	index zero, instead of one.
+
 2016-06-28  Richard Henderson <rth@redhat.com>
 =

 	* elflint.c (valid_e_machine): Add EM_BPF.
diff --git a/src/unstrip.c b/src/unstrip.c
index 85e0a1d..adeb599 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -1761,8 +1761,8 @@ more sections in stripped file than debug file -- arg=
uments reversed?"));
 	      GElf_Shdr mem;
 	      GElf_Shdr *hdr =3D gelf_getshdr (sec, &mem);
 	      const char *name =3D get_section_name (i + 1, hdr, shstrtab);
-	      unstripped_strent[i + 1] =3D ebl_strtabadd (symstrtab, name, 0);
-	      ELF_CHECK (unstripped_strent[i + 1] !=3D NULL,
+	      unstripped_strent[i] =3D ebl_strtabadd (symstrtab, name, 0);
+	      ELF_CHECK (unstripped_strent[i] !=3D NULL,
 			 _("cannot add section name to string table: %s"));
 	    }
 =

@@ -1785,7 +1785,7 @@ more sections in stripped file than debug file -- arg=
uments reversed?"));
 	      Elf_Scn *sec =3D elf_getscn (unstripped, i + 1);
 	      GElf_Shdr mem;
 	      GElf_Shdr *hdr =3D gelf_getshdr (sec, &mem);
-	      shdr->sh_name =3D ebl_strtaboffset (unstripped_strent[i + 1]);
+	      shdr->sh_name =3D ebl_strtaboffset (unstripped_strent[i]);
 	      update_shdr (sec, hdr);
 	    }
 	}
-- =

2.7.4

--===============0331118346314178694==--