| Revisão | 5dcae8f603b9379ef1c5f59331987322fd4d2126 (tree) |
|---|---|
| Hora | 2022-10-26 15:57:45 |
| Autor | Alan Modra <amodra@gmai...> |
| Commiter | Alan Modra |
Correct ELF reloc size sanity check
The external reloc size check was wrong. Here asect is the code/data
section, not the reloc section. So using this_hdr gave the size of
the code/data section.
* elf.c (_bfd_elf_get_reloc_upper_bound): Properly get
external size from reloc headers.
| @@ -8708,15 +8708,20 @@ _bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect) | ||
| 8708 | 8708 | if (asect->reloc_count != 0 && !bfd_write_p (abfd)) |
| 8709 | 8709 | { |
| 8710 | 8710 | /* Sanity check reloc section size. */ |
| 8711 | - struct bfd_elf_section_data *d = elf_section_data (asect); | |
| 8712 | - Elf_Internal_Shdr *rel_hdr = &d->this_hdr; | |
| 8713 | - bfd_size_type ext_rel_size = rel_hdr->sh_size; | |
| 8714 | 8711 | ufile_ptr filesize = bfd_get_file_size (abfd); |
| 8715 | 8712 | |
| 8716 | - if (filesize != 0 && ext_rel_size > filesize) | |
| 8713 | + if (filesize != 0) | |
| 8717 | 8714 | { |
| 8718 | - bfd_set_error (bfd_error_file_truncated); | |
| 8719 | - return -1; | |
| 8715 | + struct bfd_elf_section_data *d = elf_section_data (asect); | |
| 8716 | + bfd_size_type rel_size = d->rel.hdr ? d->rel.hdr->sh_size : 0; | |
| 8717 | + bfd_size_type rela_size = d->rela.hdr ? d->rela.hdr->sh_size : 0; | |
| 8718 | + | |
| 8719 | + if (rel_size + rela_size > filesize | |
| 8720 | + || rel_size + rela_size < rel_size) | |
| 8721 | + { | |
| 8722 | + bfd_set_error (bfd_error_file_truncated); | |
| 8723 | + return -1; | |
| 8724 | + } | |
| 8720 | 8725 | } |
| 8721 | 8726 | } |
| 8722 | 8727 |
Fork
bfd/elf.c