From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: Evgeny Vereshchagin <evvers@ya.ru>,
david korczynski <david@adalogics.com>,
Mark Wielaard <mark@klomp.org>
Subject: [PATCH 1/2] libelf: Take map offset into account for Shdr alignment check in elf_begin
Date: Thu, 17 Mar 2022 14:30:50 +0100 [thread overview]
Message-ID: <20220317133051.100876-2-mark@klomp.org> (raw)
In-Reply-To: <20220317133051.100876-1-mark@klomp.org>
The sh_num function tries to get at the zero section Shdr directly.
When the file is mmapped it has to make sure the offset into the file
to the start of the Elf structure is taken into account when trying to
cast the address to make sure the alignment is correct.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libelf/ChangeLog | 5 +++++
libelf/elf_begin.c | 6 ++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 29a8aae1..1883af07 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2022-03-17 Mark Wielaard <mark@klomp.org>
+
+ * elf_begin.c (get_shnum): Take offset into account for Shdr
+ alignment check.
+
2021-12-19 Mark Wielaard <mark@klomp.org>
* elf_begin.c (file_read_elf): Cast ehdr to uintptr_t before e_shoff
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 0c9a988d..03b80185 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -158,7 +158,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes,
if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
- || (((size_t) ((char *) map_address + ehdr.e32->e_shoff))
+ || (((size_t) ((char *) (map_address + ehdr.e32->e_shoff
+ + offset)))
& (__alignof__ (Elf32_Shdr) - 1)) == 0))
/* We can directly access the memory. */
result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff
@@ -218,7 +219,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes,
Elf64_Xword size;
if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
- || (((size_t) ((char *) map_address + ehdr.e64->e_shoff))
+ || (((size_t) ((char *) (map_address + ehdr.e64->e_shoff
+ + offset)))
& (__alignof__ (Elf64_Shdr) - 1)) == 0))
/* We can directly access the memory. */
size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff
--
2.30.2
next prev parent reply other threads:[~2022-03-17 13:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 13:30 Some fuzzer workarounds Mark Wielaard
2022-03-17 13:30 ` Mark Wielaard [this message]
2022-03-17 13:30 ` [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol Mark Wielaard
2022-03-18 9:11 ` Evgeny Vereshchagin
2022-03-18 11:44 ` Mark Wielaard
2022-03-18 13:18 ` Evgeny Vereshchagin
2022-03-18 7:26 ` Some fuzzer workarounds Evgeny Vereshchagin
2022-03-19 11:08 ` Evgeny Vereshchagin
2022-03-21 2:24 ` Evgeny Vereshchagin
2022-03-21 10:50 ` Mark Wielaard
2022-03-21 11:10 ` Evgeny Vereshchagin
2022-03-21 14:33 ` Evgeny Vereshchagin
2022-03-21 17:30 ` Mark Wielaard
2022-03-21 18:01 ` Evgeny Vereshchagin
2022-03-22 16:59 ` Evgeny Vereshchagin
2022-03-23 0:35 ` Mark Wielaard
2022-03-23 1:15 ` Evgeny Vereshchagin
2022-03-23 9:21 ` Mark Wielaard
2022-03-21 10:57 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220317133051.100876-2-mark@klomp.org \
--to=mark@klomp.org \
--cc=david@adalogics.com \
--cc=elfutils-devel@sourceware.org \
--cc=evvers@ya.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).