From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31690 invoked by alias); 20 Apr 2017 14:05:09 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 31596 invoked by uid 89); 20 Apr 2017 14:05:08 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy= X-Spam-Status: No, score=-25.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: EUR01-HE1-obe.outbound.protection.outlook.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qtcompany.onmicrosoft.com; s=selector1-qt-io; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P+jOHLnLiSbOAie3SENW1FXHSTT2FzRvGf+kpNnc6jk=; b=hxTgCaQMTvNr/rp6u1blI0BuN71ucLhrx/jEH006y1pCUX5Yg+ZoJyypJb8KtibCkYbJgTNA9tCWQOrRGSQj5vjJa+P3qpOOaqjKBfCFYHZICeUwcogFqQp+WcAbWEXeUGVvbAghkkefUgmM3A7G7H07NKdE3KBtxrnfrhsSiTA= Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=qt.io; From: Ulf Hermann Subject: [PATCH] Protect against integer overflow on shnum To: Message-ID: <1c93e96d-a9ad-0c96-abc8-9661dad40b6c@qt.io> Date: Thu, 20 Apr 2017 14:05:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [62.220.2.194] X-ClientProxiedBy: DB6PR0802CA0031.eurprd08.prod.outlook.com (10.172.252.145) To DB5PR0201MB1863.eurprd02.prod.outlook.com (10.167.225.149) X-MS-Office365-Filtering-Correlation-Id: 58d71b7d-c731-4d96-05e8-08d487f63d2c X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:DB5PR0201MB1863; X-Microsoft-Exchange-Diagnostics: 1;DB5PR0201MB1863;3:n+G5oS+/6Y2tdZIAp4hAKeLjPqZ9BVNDKbMPA5isONj4yXH+Z7YysloSOj6t6OopIB/zgfns8om+qIpTBIxpVx/Nqjzpdhnn1u5pieniH97HJMTRq3gC3MU9r5XieztlTyJBarqH7HKzORHQWeAwNgRO7J1pfdLVE1G8+dIMtgt2DXJhZ/ypzzmTW8IDhY1wq/inqolEkZZrmT/C3/Yg7yzbOAch4phvTnu32WDrZkIbYIiZS6nPGhNhQtjXxuvbOlSrLNQNZrBW+xGVr395VypA/27XG4jdWVCTzl+/9rTsbrE0He1bDwNisov73k18ycnYOQzUTEwzLnlNDPOxjQ==;25:2lkReS5RHkEi81bWOTxqr871dGPbTV8xS+UBN2Ga/Hqf191nECIeNuZIk+mY2JQvMVf2yZEZ+3SC44qxqMIFr1jzFpJDBdAjL1TXj+GB5ZMpCxB1HJSmwosVoqKDrd7hVAn1tRpFsLc1EblAnHp80TKGACbRbKThSVaz+aRNTjA7pxLHvKkAsWTNKFR7ptnLO7n4hPX71830XqptxeiSk3GCOLIe1dCILX0a5j5fXx7/zpMP78jwqhzf6rjy2Bxnz3M4oBdNjTX4DY+cJrgJcVyzIsig13FlorKs/x1FuBZ7/tt+59+nVRUZ4/Ly3gG1AAZMccUCDEqUK5QJU469pXPeCj8S2TImk89SMuXAVBJa6U5E2u+8jWZOR50kmsQyVDox27FPr6KK2os26mGOpGDyTpTBSqyr+nEx9d+g1lCjsJRwOMO1Ruk5TU2pilwPtbR6kwbAYcsBMAWXqSvZpw== X-Microsoft-Exchange-Diagnostics: 1;DB5PR0201MB1863;31:1csWwJkDSFGX8bWM6X1eii30QcNq1pPHUc5mCgMWr48PbGaGlt38/PmuAsUh885pFUrNC63e6As2iyH6miP/fHZa3AT+UvNhyjzt1quMPkTus6TReeBvr7d9hGLsmlllNiZI41+E0igUC9fkafAmSqdKagxSVlauNHrN0R35Xa3g2kFWufaDaUOKRDp96zHKvJDj2BJ+Ut1CH6lPwvSvFbsXgKZNQEtkS5AeukZ9GNVUvu0YKTFRYBtu4TM9OefRD8Gm8iEn7VTZ0uV3lEYygQFewKr+CmBAHmW1yU1LiE8=;20:/u0pwKYVaE9SBnmsKv4DaITIsz1N5bUdU7VS9k12nkDE4B5XBa7LaBD5S6ilpccvrF2q9dLYU/w7N94jFwLbxAEQAShEjzoAZTlpPnl043HNApgKT4u+s34b8FbQT5pf77qrf3NjwR+r6iyluyITHQmNCnC96+Yi8TYQVMOQ7RJLH5keJLr8Yo/EpGg7xFZR5kBoG14WAvnNzeoSXu7j60EIVHrYn24zwWuksA1X2vXUsokOJd1Ok28M02MmsvS7 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(788757137089); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148);SRVR:DB5PR0201MB1863;BCL:0;PCL:0;RULEID:;SRVR:DB5PR0201MB1863; X-Microsoft-Exchange-Diagnostics: 1;DB5PR0201MB1863;4:zE7O7IvqzqfGNFGdFd85Cen8HlWjuzPc3iFCFJIi9zrIvXu+2u6Bp6KRRiVAHe9m5Cg+vW8srikYt4QFswDf8wwymvnXkFFMrwixLuvcGEJdo9ePrJDxIGmzAW69neuJtdKrHKwo880c19TOKpc+n8YD5k+3bd/ply6Wl6+TkrbcAIpwIS7JPh1Dyqduks82hRNCxeF1IKqajrEtX2l93JFg0/RN6cBD/3W6xK2IyPvOJA4Ow9ZMSxpdAqTAkWAAJZF2LAdcLk8KyQAhTS1Z7ugbapq2OUZ08gGbGkxFTGzGCiLecR2hV57/ma0GNeExcMw/2dkbBptt/rMRlvCwu7vaIcg7958Yj46wfDw8BcRs2cfWToTabb+qQ2MDmM2+/glgOOZ6sd1TkqRuEsvJrkRoGOkmg2O9fZpJ2Hp9grIHwr9UbMXftx0sjL4IYTXExiYxVuvzFd2hthbRp8M66pzGKLwMTVWZVeLRB5QFUijVFP0bkYsDXAELs4OaUEqF1JwBRpQrmS+YQlCI+dNONFYwMiCp8xM8b3Pko8deuabBw2WcOZiTplJVkjH/2hWJ4Xwk+j48+3LYuaR5O8MwFPZ3mg9aobzDKOv4pLghml3OZ8B099M1CWGcqWvHpXUqSAX24nepdgHk72/oGpbFyj8Gu3aZ8zjs8Zb3wTutfgsoDUz2caSA5Mjywmr4aVqnHr3eLMsj+1RDB2CzT5bQI4330MFpItwm8btw+zIO0nYXPFvVZVttVi2zh6CvQ3pT X-Forefront-PRVS: 02830F0362 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(39830400002)(39450400003)(39410400002)(39400400002)(377424004)(23676002)(54356999)(50986999)(83506001)(38730400002)(31696002)(86362001)(110136004)(575784001)(66066001)(36756003)(25786009)(305945005)(230700001)(6116002)(7736002)(2906002)(81166006)(8676002)(47776003)(3846002)(4001350100001)(6916009)(5660300001)(77096006)(90366009)(6486002)(53936002)(6666003)(50466002)(2351001)(42186005)(33646002)(31686004)(74482002)(189998001);DIR:OUT;SFP:1102;SCL:1;SRVR:DB5PR0201MB1863;H:[10.9.78.56];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjVQUjAyMDFNQjE4NjM7MjM6cGo0c01iLzVnZVh4eEJXcThyZ2xhVXJB?= =?utf-8?B?eG4vbTh1T016UnlOMDBEdkhqaFNZSm9nbUJhYmxPTUcrZ1ZRVmVSeE0zRkV4?= =?utf-8?B?ZGpIRzdQM0w3M0ZDdTQzNkgrU3hwVEV2ZkVMcy8rNFlZNDZBakZsakhMbmYx?= =?utf-8?B?eTFFN1IwS3R6TXQ3bFZ5elJWdVFUaFJLa0RuVERmWkZoSXhnbUFPU2xXVG9m?= =?utf-8?B?TW1EZldRMzFFbmxpNVRqdEo3bHNKTnRuR3RZVHNtazRmLzdJZzhOT0VKNnNQ?= =?utf-8?B?ZVcrOGhGVFl5TnJZc2E5ODFoVTg5WkdtK2ZNVWZSdG1sa0RLcXJNVnVzYVcv?= =?utf-8?B?RnFhRUpwdG4wOXErY09hQkYrVVc4SE0rajFCdGU2TVk4QlZ5U2FzOUpSVEdM?= =?utf-8?B?S2JHam16UzFaakhuRE9uZ1NyMS9wMU9wMVNtWWxtZGl0RHVCS1JFNE9ENjA2?= =?utf-8?B?bkNJYmpEOGlaSGhjZGExSTJVbWhKRUszK1RKRkJRT2NJaFBaejU0SUIwQWxz?= =?utf-8?B?TE9HZkt1Rm5FczQwSUdRZ1ZMTzFpZk1HM3BhYUVGc2hFQzhmQXBtM09EZC94?= =?utf-8?B?RkZxTS9WcmYwV3B2cHhNTjNVQmVuczNtZlNadFpzTDRiN2J5MTIycmJVL1ZF?= =?utf-8?B?RmxHN2lRQmNRaWhneGxFWjlCVDJuSjlEcnc3bWwvSE90ZUxSVjlHTmtwTXhq?= =?utf-8?B?aUNYMjF1TSthVS9BT2h0N0Jyb3NRMHpLenY2ZTVxeVkrMk5aVzFzdG5ublZ3?= =?utf-8?B?SnUybTBiZTFmUkNTei9IdEhnTGtJZjhWUHNQcXBWcStkTVNOdk1VN2w2T0hj?= =?utf-8?B?UTg3dXJGdmJkcjNUSFQ1b3g4SW5UbXd4N2NEK2Y2dndhNWp5UkZGc1JsVkRF?= =?utf-8?B?UFRyZTFBbWt5UGpJeHJOekdiTWlkenRlUzNVNWZ2SE1QLzBPQXJFRlFGRE9s?= =?utf-8?B?UXhCQTZqWU9vK3F2Mys3Ukx3QkdBcThXZTdBbzUxd2RQZUlpNDIrRk5GK2Ex?= =?utf-8?B?cVFIaWt3SDZPdzdsSUYyZ2dqekkvdHlnQS9lc1NBN3p3UFNSN2hpMEUxNU5h?= =?utf-8?B?UWptYVE3RDl0SlB4VEVmTVJaTDdKbWhmck9TUkluRU9pcllQcjM3ZnhWT2pJ?= =?utf-8?B?NElDMmFHeEdYSTZkV0J1Z3JyVGFWSkxJYnc5aTladjNmOG5hTTludHVDM29k?= =?utf-8?B?emxhYXYvWktTc3hjbFVnaVJCOStjTEl4VXZ2M1prbzBuVng4UUhHZGwvSVZu?= =?utf-8?B?NGJMQzhUeEI1V2M0UGFMM215TWJrc0pQOFI1d29TOUxLdE5CQkt3NWwwdlF4?= =?utf-8?B?bkNqY1VBVmd2dTFHcSt3cWdRbzRCWnRvbXlPdGxueGtKWUxUUGh0bWpqc2RQ?= =?utf-8?B?ZXFqUzRRak1qTXhnRFBHWnQ5T2cyOUpjdWZYejhFd1Q2Z1BWMEp5a0s1MUF1?= =?utf-8?B?MUVvTFZhV0ZsMU9MZ3hNbnptdmdiMTIwdHdacFRuWlJJeTh0MzdjVjNJUEN3?= =?utf-8?Q?fkXhwBcgbBft0C8wfjslROixko4=3D?= X-Microsoft-Exchange-Diagnostics: 1;DB5PR0201MB1863;6:o71qN4xyhUr56b4LiNEQboIrVrhW9jQhG8tx7xc+6MxYDGYKosi1qnB3h3xyETCQrzWHbrQLM9WYFObavfpZivHcXpOjLR2Pubb1/j3xvghhdFkfIh4nrwqabc8/8Z6Jze/87xLAc69xsWJzTJAh5JwglHNDn/b1EGTXByN9k8RE8gzbug4eQ87mJVgyOGnKie6ARbT9Y/XKhqBAFPnw8q6wM+kH1CUXWWgFv6NKfQYYuXEDJjI0HoUMcldivnwO+6PswpisKlDJqa3beAKNn17o3J7Op1VD6HLapBZxoEUgHQfqfkzw5Ay99U+h5gBajlvqktvWiHFDpdk9EFYkRBele+6HQwmm32yhJ4SouiU41gPs1fOxl4DP7tAL4/8c9bW5PsVe1C1tkO0GNX7COrMyv0eCIUwrhCZ8aZpzLJHq4KIPkhrSUR7uCJV0uctq2ZRb0Uho16SqMmlsWcYo8KumnDb16/RR0nnrJxZYDX61XTLLXxWr0dDcuqiPgM4Bu8MEijh8oeX8k7u/J8MpOw==;5:+u7X4X6IRdnCko98F1Fc87bDUoiqxE+3cLQanxoA89YMU09NxilAywYniEDbC6FAcRHsRJXY0ztbKy6nmsLxqtDXvFvss4jutNxx25iAHgrS5z5e/4Ysp1S8Xh8DXQQioaiVZCx1GYw8eCBzDPe2tw==;24:rT/17qTzSTmQe6780eHMcDHzhSTj7fxaLLIKuKR0ZZZt2uMhGZjcsMFb3zQ4gj33BfKRZoJdTRfc3TUvb2cIVHH3DIKbFSzfeU0tT8vVZoE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB5PR0201MB1863;7:vm8MKGMF/npGPFRj6rsqAqOVOsaP9pDPh4/ZuFXs6N3c39W/l61npN6jO0ctqfo7VtSGAqjBT580asmPUvIlRQw7FkIyh5LPWmnWPG5m9SP87Cl2Ggp45nXOAEXzncenC9cdGMf2NJGsd7dS4oD4wMR/r1m0KLL6get5guLfppQ/eS8ZpBgHlwE9oZ78u1cgyxjN/HSHXiuFk4XYI9wJWVW8+Uqx7ibP2freRRDDt+Qm64cyTqCb+YZ8NbEQbn8cn81HxMkLCXei0t4kVivEkD4AxcVi+xCdDLnAgO1bhoCq+ImWhMKDbGidrZfTBE4ZZDjsvyfmb/FwZWBuxjBfGg== X-OriginatorOrg: qt.io X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2017 14:05:02.2691 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR0201MB1863 X-SW-Source: 2017-q2/txt/msg00057.txt.bz2 If shnum is 0, the many "shnum - 1" would result in an overflow. Check it for 0, and only subtract once, rather than on every usage. Signed-off-by: Ulf Hermann --- libdwfl/ChangeLog | 5 +++++ libdwfl/dwfl_module_getdwarf.c | 18 ++++++++++-------- src/ChangeLog | 4 ++++ src/unstrip.c | 25 ++++++++++++++----------- 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index 0a572ad..de73d79 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,5 +1,10 @@ 2017-04-20 Ulf Hermann + * dwfl_module_getdwarf.c: Check shnum for 0 before subtracting from + it. + +2017-04-20 Ulf Hermann + * libdwfl.h: Use __const_attribute__. 2017-04-20 Ulf Hermann diff --git a/libdwfl/dwfl_module_getdwarf.c b/libdwfl/dwfl_module_getdwarf.c index 46caece..c8b839d 100644 --- a/libdwfl/dwfl_module_getdwarf.c +++ b/libdwfl/dwfl_module_getdwarf.c @@ -349,12 +349,14 @@ find_prelink_address_sync (Dwfl_Module *mod, struct dwfl_file *file) /* Since prelink does not store the zeroth section header in the undo section, it cannot support SHN_XINDEX encoding. */ - if (unlikely (shnum >= SHN_LORESERVE) + if (unlikely (shnum >= SHN_LORESERVE) || unlikely(shnum == 0) || unlikely (undodata->d_size != (src.d_size + phnum * phentsize + (shnum - 1) * shentsize))) return DWFL_E_BAD_PRELINK; + --shnum; + /* We look at the allocated SHT_PROGBITS (or SHT_NOBITS) sections. (Most every file will have some SHT_PROGBITS sections, but it's possible to have one with nothing but .bss, i.e. SHT_NOBITS.) The special sections @@ -431,12 +433,12 @@ find_prelink_address_sync (Dwfl_Module *mod, struct dwfl_file *file) src.d_buf += src.d_size; src.d_type = ELF_T_SHDR; - src.d_size = gelf_fsize (mod->main.elf, ELF_T_SHDR, shnum - 1, EV_CURRENT); + src.d_size = gelf_fsize (mod->main.elf, ELF_T_SHDR, shnum, EV_CURRENT); size_t shdr_size = class32 ? sizeof (Elf32_Shdr) : sizeof (Elf64_Shdr); - if (unlikely (shnum - 1 > SIZE_MAX / shdr_size)) + if (unlikely (shnum > SIZE_MAX / shdr_size)) return DWFL_E_NOMEM; - const size_t shdrs_bytes = (shnum - 1) * shdr_size; + const size_t shdrs_bytes = shnum * shdr_size; void *shdrs = malloc (shdrs_bytes); if (unlikely (shdrs == NULL)) return DWFL_E_NOMEM; @@ -488,16 +490,16 @@ find_prelink_address_sync (Dwfl_Module *mod, struct dwfl_file *file) highest = 0; if (class32) { - Elf32_Shdr (*s32)[shnum - 1] = shdrs; - for (size_t i = 0; i < shnum - 1; ++i) + Elf32_Shdr (*s32)[shnum] = shdrs; + for (size_t i = 0; i < shnum; ++i) consider_shdr (undo_interp, (*s32)[i].sh_type, (*s32)[i].sh_flags, (*s32)[i].sh_addr, (*s32)[i].sh_size, &highest); } else { - Elf64_Shdr (*s64)[shnum - 1] = shdrs; - for (size_t i = 0; i < shnum - 1; ++i) + Elf64_Shdr (*s64)[shnum] = shdrs; + for (size_t i = 0; i < shnum; ++i) consider_shdr (undo_interp, (*s64)[i].sh_type, (*s64)[i].sh_flags, (*s64)[i].sh_addr, (*s64)[i].sh_size, &highest); diff --git a/src/ChangeLog b/src/ChangeLog index e0a591e..1521d80 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2017-04-20 Ulf Hermann + + * unstrip.c: Check shnum for 0 before subtracting from it. + 2017-04-20 Ulf Hermann * readelf.c: Replace YESSTR and NOSTR with gettext ("yes") and diff --git a/src/unstrip.c b/src/unstrip.c index 6e57a6b..5074909 100644 --- a/src/unstrip.c +++ b/src/unstrip.c @@ -1027,21 +1027,24 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab, shnum = ehdr.e64.e_shnum; } + bool class32 = ehdr.e32.e_ident[EI_CLASS] == ELFCLASS32; + size_t shsize = class32 ? sizeof (Elf32_Shdr) : sizeof (Elf64_Shdr); + if (unlikely (shnum == 0 || shnum > SIZE_MAX / shsize + 1)) + error (EXIT_FAILURE, 0, _("overflow with shnum = %zu in '%s' section"), + (size_t) shnum, ".gnu.prelink_undo"); + + --shnum; + size_t phsize = gelf_fsize (main, ELF_T_PHDR, phnum, EV_CURRENT); src.d_buf += src.d_size + phsize; - src.d_size = gelf_fsize (main, ELF_T_SHDR, shnum - 1, EV_CURRENT); + src.d_size = gelf_fsize (main, ELF_T_SHDR, shnum, EV_CURRENT); src.d_type = ELF_T_SHDR; if ((size_t) (src.d_buf - undodata->d_buf) > undodata->d_size || undodata->d_size - (src.d_buf - undodata->d_buf) != src.d_size) error (EXIT_FAILURE, 0, _("invalid contents in '%s' section"), ".gnu.prelink_undo"); - bool class32 = ehdr.e32.e_ident[EI_CLASS] == ELFCLASS32; - size_t shsize = class32 ? sizeof (Elf32_Shdr) : sizeof (Elf64_Shdr); - if (unlikely ((shnum - 1) > SIZE_MAX / shsize)) - error (EXIT_FAILURE, 0, _("overflow with shnum = %zu in '%s' section"), - (size_t) shnum, ".gnu.prelink_undo"); - const size_t shdr_bytes = (shnum - 1) * shsize; + const size_t shdr_bytes = shnum * shsize; void *shdr = xmalloc (shdr_bytes); dst.d_buf = shdr; dst.d_size = shdr_bytes; @@ -1049,12 +1052,12 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab, main_ehdr->e_ident[EI_DATA]) != NULL, _("cannot read '.gnu.prelink_undo' section: %s")); - undo_sections = xmalloc ((shnum - 1) * sizeof undo_sections[0]); - for (size_t i = 0; i < shnum - 1; ++i) + undo_sections = xmalloc (shnum * sizeof undo_sections[0]); + for (size_t i = 0; i < shnum; ++i) { struct section *sec = &undo_sections[undo_nalloc]; - Elf32_Shdr (*s32)[shnum - 1] = shdr; - Elf64_Shdr (*s64)[shnum - 1] = shdr; + Elf32_Shdr (*s32)[shnum] = shdr; + Elf64_Shdr (*s64)[shnum] = shdr; if (class32) { #define COPY(field) sec->shdr.field = (*s32)[i].field -- 2.1.4