summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-02 12:04:08 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-07 20:05:31 +0000
commit2345af9b4829ed3eed5abf60f2483055649f8af7 (patch)
tree96a9a31e4b1957b93c4fe3eb669117d2752caf0d /meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff
parentc4901328fe5cf912c0965e5b011b64a95a9bcb9d (diff)
downloadpoky-uninative-1.5.tar.gz
recipes: Move out stale GPLv2 versions to a seperate layeruninative-1.5
These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. (From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff')
-rw-r--r--meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff1709
1 files changed, 0 insertions, 1709 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff b/meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff
deleted file mode 100644
index cd398549df..0000000000
--- a/meta/recipes-devtools/elfutils/elfutils-0.148/redhat-robustify.diff
+++ /dev/null
@@ -1,1709 +0,0 @@
1Upstream-Status: Backport
2
3Index: elfutils-0.148/libelf/ChangeLog
4===================================================================
5--- elfutils-0.148.orig/libelf/ChangeLog 2010-07-03 13:07:10.000000000 +0000
6+++ elfutils-0.148/libelf/ChangeLog 2010-07-03 13:07:11.000000000 +0000
7@@ -649,10 +649,53 @@
8 If section content hasn't been read yet, do it before looking for the
9 block size. If no section data present, infer size of section header.
10
11+2005-05-14 Jakub Jelinek <jakub@redhat.com>
12+
13+ * libelfP.h (INVALID_NDX): Define.
14+ * gelf_getdyn.c (gelf_getdyn): Use it. Remove ndx < 0 test if any.
15+ * gelf_getlib.c (gelf_getlib): Likewise.
16+ * gelf_getmove.c (gelf_getmove): Likewise.
17+ * gelf_getrel.c (gelf_getrel): Likewise.
18+ * gelf_getrela.c (gelf_getrela): Likewise.
19+ * gelf_getsym.c (gelf_getsym): Likewise.
20+ * gelf_getsyminfo.c (gelf_getsyminfo): Likewise.
21+ * gelf_getsymshndx.c (gelf_getsymshndx): Likewise.
22+ * gelf_getversym.c (gelf_getversym): Likewise.
23+ * gelf_update_dyn.c (gelf_update_dyn): Likewise.
24+ * gelf_update_lib.c (gelf_update_lib): Likewise.
25+ * gelf_update_move.c (gelf_update_move): Likewise.
26+ * gelf_update_rel.c (gelf_update_rel): Likewise.
27+ * gelf_update_rela.c (gelf_update_rela): Likewise.
28+ * gelf_update_sym.c (gelf_update_sym): Likewise.
29+ * gelf_update_syminfo.c (gelf_update_syminfo): Likewise.
30+ * gelf_update_symshndx.c (gelf_update_symshndx): Likewise.
31+ * gelf_update_versym.c (gelf_update_versym): Likewise.
32+ * elf_newscn.c (elf_newscn): Check for overflow.
33+ * elf32_updatefile.c (__elfw2(LIBELFBITS,updatemmap)): Likewise.
34+ (__elfw2(LIBELFBITS,updatefile)): Likewise.
35+ * elf_begin.c (file_read_elf): Likewise.
36+ * elf32_newphdr.c (elfw2(LIBELFBITS,newphdr)): Likewise.
37+ * elf_getarsym.c (elf_getarsym): Likewise.
38+ * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): Likewise.
39 2005-05-11 Ulrich Drepper <drepper@redhat.com>
40
41 * elf.h: Update again.
42
43+2005-05-17 Jakub Jelinek <jakub@redhat.com>
44+
45+ * elf32_getphdr.c (elfw2(LIBELFBITS,getphdr)): Check if program header
46+ table fits into object's bounds.
47+ * elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to
48+ elf->map_address. Check if first section header fits into object's
49+ bounds.
50+ * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)):
51+ Check if section header table fits into object's bounds.
52+ * elf_begin.c (get_shnum): Ensure section headers fits into
53+ object's bounds.
54+ (file_read_elf): Make sure scncnt is small enough to allocate both
55+ ElfXX_Shdr and Elf_Scn array. Make sure section and program header
56+ tables fit into object's bounds. Avoid memory leak on failure.
57+
58 2005-05-09 Ulrich Drepper <drepper@redhat.com>
59
60 * elf.h: Update from glibc.
61Index: elfutils-0.148/libelf/elf32_getphdr.c
62===================================================================
63--- elfutils-0.148.orig/libelf/elf32_getphdr.c 2010-04-21 14:26:40.000000000 +0000
64+++ elfutils-0.148/libelf/elf32_getphdr.c 2010-07-03 13:07:11.000000000 +0000
65@@ -114,6 +114,16 @@
66
67 if (elf->map_address != NULL)
68 {
69+ /* First see whether the information in the ELF header is
70+ valid and it does not ask for too much. */
71+ if (unlikely (ehdr->e_phoff >= elf->maximum_size)
72+ || unlikely (elf->maximum_size - ehdr->e_phoff < size))
73+ {
74+ /* Something is wrong. */
75+ __libelf_seterrno (ELF_E_INVALID_PHDR);
76+ goto out;
77+ }
78+
79 /* All the data is already mapped. Use it. */
80 void *file_phdr = ((char *) elf->map_address
81 + elf->start_offset + ehdr->e_phoff);
82Index: elfutils-0.148/libelf/elf32_getshdr.c
83===================================================================
84--- elfutils-0.148.orig/libelf/elf32_getshdr.c 2009-06-13 22:41:42.000000000 +0000
85+++ elfutils-0.148/libelf/elf32_getshdr.c 2010-07-03 13:07:11.000000000 +0000
86@@ -1,5 +1,5 @@
87 /* Return section header.
88- Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2007, 2009 Red Hat, Inc.
89+ Copyright (C) 1998-2009 Red Hat, Inc.
90 This file is part of Red Hat elfutils.
91 Written by Ulrich Drepper <drepper@redhat.com>, 1998.
92
93@@ -81,7 +81,8 @@
94 goto out;
95
96 size_t shnum;
97- if (__elf_getshdrnum_rdlock (elf, &shnum) != 0)
98+ if (__elf_getshdrnum_rdlock (elf, &shnum) != 0
99+ || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr)))
100 goto out;
101 size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr));
102
103@@ -98,6 +99,16 @@
104
105 if (elf->map_address != NULL)
106 {
107+ /* First see whether the information in the ELF header is
108+ valid and it does not ask for too much. */
109+ if (unlikely (ehdr->e_shoff >= elf->maximum_size)
110+ || unlikely (elf->maximum_size - ehdr->e_shoff < size))
111+ {
112+ /* Something is wrong. */
113+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
114+ goto free_and_out;
115+ }
116+
117 ElfW2(LIBELFBITS,Shdr) *notcvt;
118
119 /* All the data is already mapped. If we could use it
120Index: elfutils-0.148/libelf/elf32_newphdr.c
121===================================================================
122--- elfutils-0.148.orig/libelf/elf32_newphdr.c 2010-01-12 16:57:54.000000000 +0000
123+++ elfutils-0.148/libelf/elf32_newphdr.c 2010-07-03 13:07:11.000000000 +0000
124@@ -135,6 +135,12 @@
125 || count == PN_XNUM
126 || elf->state.ELFW(elf,LIBELFBITS).phdr == NULL)
127 {
128+ if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
129+ {
130+ result = NULL;
131+ goto out;
132+ }
133+
134 /* Allocate a new program header with the appropriate number of
135 elements. */
136 result = (ElfW2(LIBELFBITS,Phdr) *)
137Index: elfutils-0.148/libelf/elf32_updatefile.c
138===================================================================
139--- elfutils-0.148.orig/libelf/elf32_updatefile.c 2010-01-12 16:57:54.000000000 +0000
140+++ elfutils-0.148/libelf/elf32_updatefile.c 2010-07-03 13:07:11.000000000 +0000
141@@ -223,6 +223,9 @@
142 /* Write all the sections. Well, only those which are modified. */
143 if (shnum > 0)
144 {
145+ if (unlikely (shnum > SIZE_MAX / sizeof (Elf_Scn *)))
146+ return 1;
147+
148 Elf_ScnList *list = &elf->state.ELFW(elf,LIBELFBITS).scns;
149 Elf_Scn **scns = (Elf_Scn **) alloca (shnum * sizeof (Elf_Scn *));
150 char *const shdr_start = ((char *) elf->map_address + elf->start_offset
151@@ -645,6 +648,10 @@
152 /* Write all the sections. Well, only those which are modified. */
153 if (shnum > 0)
154 {
155+ if (unlikely (shnum > SIZE_MAX / (sizeof (Elf_Scn *)
156+ + sizeof (ElfW2(LIBELFBITS,Shdr)))))
157+ return 1;
158+
159 off_t shdr_offset = elf->start_offset + ehdr->e_shoff;
160 #if EV_NUM != 2
161 xfct_t shdr_fctp = __elf_xfctstom[__libelf_version - 1][EV_CURRENT - 1][ELFW(ELFCLASS, LIBELFBITS) - 1][ELF_T_SHDR];
162Index: elfutils-0.148/libelf/elf_begin.c
163===================================================================
164--- elfutils-0.148.orig/libelf/elf_begin.c 2010-04-21 14:26:40.000000000 +0000
165+++ elfutils-0.148/libelf/elf_begin.c 2010-07-03 13:07:11.000000000 +0000
166@@ -165,7 +165,8 @@
167
168 if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
169 {
170- if (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
171+ if (unlikely (ehdr.e32->e_shoff >= maxsize)
172+ || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr)))
173 /* Cannot read the first section header. */
174 return 0;
175
176@@ -213,7 +214,8 @@
177
178 if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
179 {
180- if (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
181+ if (unlikely (ehdr.e64->e_shoff >= maxsize)
182+ || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
183 /* Cannot read the first section header. */
184 return 0;
185
186@@ -285,6 +287,15 @@
187 /* Could not determine the number of sections. */
188 return NULL;
189
190+ /* Check for too many sections. */
191+ if (e_ident[EI_CLASS] == ELFCLASS32)
192+ {
193+ if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
194+ return NULL;
195+ }
196+ else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
197+ return NULL;
198+
199 /* We can now allocate the memory. Even if there are no section headers,
200 we allocate space for a zeroth section in case we need it later. */
201 const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
202@@ -324,6 +335,16 @@
203 {
204 /* We can use the mmapped memory. */
205 elf->state.elf32.ehdr = ehdr;
206+
207+ if (unlikely (ehdr->e_shoff >= maxsize)
208+ || unlikely (maxsize - ehdr->e_shoff
209+ < scncnt * sizeof (Elf32_Shdr)))
210+ {
211+ free_and_out:
212+ free (elf);
213+ __libelf_seterrno (ELF_E_INVALID_FILE);
214+ return NULL;
215+ }
216 elf->state.elf32.shdr
217 = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
218
219@@ -410,6 +431,11 @@
220 {
221 /* We can use the mmapped memory. */
222 elf->state.elf64.ehdr = ehdr;
223+
224+ if (unlikely (ehdr->e_shoff >= maxsize)
225+ || unlikely (ehdr->e_shoff
226+ + scncnt * sizeof (Elf32_Shdr) > maxsize))
227+ goto free_and_out;
228 elf->state.elf64.shdr
229 = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
230
231Index: elfutils-0.148/libelf/elf_getarsym.c
232===================================================================
233--- elfutils-0.148.orig/libelf/elf_getarsym.c 2009-01-08 20:56:37.000000000 +0000
234+++ elfutils-0.148/libelf/elf_getarsym.c 2010-07-03 13:07:11.000000000 +0000
235@@ -179,6 +179,9 @@
236 size_t index_size = atol (tmpbuf);
237
238 if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
239+#if SIZE_MAX <= 4294967295U
240+ || n >= SIZE_MAX / sizeof (Elf_Arsym)
241+#endif
242 || n * sizeof (uint32_t) > index_size)
243 {
244 /* This index table cannot be right since it does not fit into
245Index: elfutils-0.148/libelf/elf_getshdrstrndx.c
246===================================================================
247--- elfutils-0.148.orig/libelf/elf_getshdrstrndx.c 2009-06-13 22:31:35.000000000 +0000
248+++ elfutils-0.148/libelf/elf_getshdrstrndx.c 2010-07-03 13:07:11.000000000 +0000
249@@ -125,10 +125,25 @@
250 if (elf->map_address != NULL
251 && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
252 && (ALLOW_UNALIGNED
253- || (((size_t) ((char *) elf->map_address + offset))
254+ || (((size_t) ((char *) elf->map_address
255+ + elf->start_offset + offset))
256 & (__alignof__ (Elf32_Shdr) - 1)) == 0))
257- /* We can directly access the memory. */
258- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
259+ {
260+ /* First see whether the information in the ELF header is
261+ valid and it does not ask for too much. */
262+ if (unlikely (elf->maximum_size - offset
263+ < sizeof (Elf32_Shdr)))
264+ {
265+ /* Something is wrong. */
266+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
267+ result = -1;
268+ goto out;
269+ }
270+
271+ /* We can directly access the memory. */
272+ num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
273+ + offset))->sh_link;
274+ }
275 else
276 {
277 /* We avoid reading in all the section headers. Just read
278@@ -163,10 +178,25 @@
279 if (elf->map_address != NULL
280 && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
281 && (ALLOW_UNALIGNED
282- || (((size_t) ((char *) elf->map_address + offset))
283+ || (((size_t) ((char *) elf->map_address
284+ + elf->start_offset + offset))
285 & (__alignof__ (Elf64_Shdr) - 1)) == 0))
286- /* We can directly access the memory. */
287- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
288+ {
289+ /* First see whether the information in the ELF header is
290+ valid and it does not ask for too much. */
291+ if (unlikely (elf->maximum_size - offset
292+ < sizeof (Elf64_Shdr)))
293+ {
294+ /* Something is wrong. */
295+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
296+ result = -1;
297+ goto out;
298+ }
299+
300+ /* We can directly access the memory. */
301+ num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset
302+ + offset))->sh_link;
303+ }
304 else
305 {
306 /* We avoid reading in all the section headers. Just read
307Index: elfutils-0.148/libelf/elf_newscn.c
308===================================================================
309--- elfutils-0.148.orig/libelf/elf_newscn.c 2009-01-08 20:56:37.000000000 +0000
310+++ elfutils-0.148/libelf/elf_newscn.c 2010-07-03 13:07:11.000000000 +0000
311@@ -104,10 +104,18 @@
312 else
313 {
314 /* We must allocate a new element. */
315- Elf_ScnList *newp;
316+ Elf_ScnList *newp = NULL;
317
318 assert (elf->state.elf.scnincr > 0);
319
320+ if (
321+#if SIZE_MAX <= 4294967295U
322+ likely (elf->state.elf.scnincr
323+ < SIZE_MAX / 2 / sizeof (Elf_Scn) - sizeof (Elf_ScnList))
324+#else
325+ 1
326+#endif
327+ )
328 newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
329 + ((elf->state.elf.scnincr *= 2)
330 * sizeof (Elf_Scn)), 1);
331Index: elfutils-0.148/libelf/gelf_getdyn.c
332===================================================================
333--- elfutils-0.148.orig/libelf/gelf_getdyn.c 2009-01-08 20:56:37.000000000 +0000
334+++ elfutils-0.148/libelf/gelf_getdyn.c 2010-07-03 13:07:11.000000000 +0000
335@@ -1,5 +1,5 @@
336 /* Get information from dynamic table at the given index.
337- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
338+ Copyright (C) 2000-2009 Red Hat, Inc.
339 This file is part of Red Hat elfutils.
340 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
341
342@@ -93,7 +93,7 @@
343 table entries has to be adopted. The user better has provided
344 a buffer where we can store the information. While copying the
345 data we are converting the format. */
346- if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
347+ if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d))
348 {
349 __libelf_seterrno (ELF_E_INVALID_INDEX);
350 goto out;
351@@ -114,7 +114,7 @@
352
353 /* The data is already in the correct form. Just make sure the
354 index is OK. */
355- if (unlikely ((ndx + 1) * sizeof (GElf_Dyn) > data_scn->d.d_size))
356+ if (INVALID_NDX (ndx, GElf_Dyn, &data_scn->d))
357 {
358 __libelf_seterrno (ELF_E_INVALID_INDEX);
359 goto out;
360Index: elfutils-0.148/libelf/gelf_getlib.c
361===================================================================
362--- elfutils-0.148.orig/libelf/gelf_getlib.c 2009-01-08 20:56:37.000000000 +0000
363+++ elfutils-0.148/libelf/gelf_getlib.c 2010-07-03 13:07:11.000000000 +0000
364@@ -1,5 +1,5 @@
365 /* Get library from table at the given index.
366- Copyright (C) 2004 Red Hat, Inc.
367+ Copyright (C) 2004-2009 Red Hat, Inc.
368 This file is part of Red Hat elfutils.
369 Written by Ulrich Drepper <drepper@redhat.com>, 2004.
370
371@@ -86,7 +86,7 @@
372 /* The data is already in the correct form. Just make sure the
373 index is OK. */
374 GElf_Lib *result = NULL;
375- if (unlikely ((ndx + 1) * sizeof (GElf_Lib) > data->d_size))
376+ if (INVALID_NDX (ndx, GElf_Lib, data))
377 __libelf_seterrno (ELF_E_INVALID_INDEX);
378 else
379 {
380Index: elfutils-0.148/libelf/gelf_getmove.c
381===================================================================
382--- elfutils-0.148.orig/libelf/gelf_getmove.c 2009-01-08 20:56:37.000000000 +0000
383+++ elfutils-0.148/libelf/gelf_getmove.c 2010-07-03 13:07:11.000000000 +0000
384@@ -1,5 +1,5 @@
385 /* Get move structure at the given index.
386- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
387+ Copyright (C) 2000-2009 Red Hat, Inc.
388 This file is part of Red Hat elfutils.
389 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
390
391@@ -83,7 +83,7 @@
392
393 /* The data is already in the correct form. Just make sure the
394 index is OK. */
395- if (unlikely ((ndx + 1) * sizeof (GElf_Move) > data->d_size))
396+ if (INVALID_NDX (ndx, GElf_Move, data))
397 {
398 __libelf_seterrno (ELF_E_INVALID_INDEX);
399 goto out;
400Index: elfutils-0.148/libelf/gelf_getrela.c
401===================================================================
402--- elfutils-0.148.orig/libelf/gelf_getrela.c 2009-01-08 20:56:37.000000000 +0000
403+++ elfutils-0.148/libelf/gelf_getrela.c 2010-07-03 13:07:11.000000000 +0000
404@@ -1,5 +1,5 @@
405 /* Get RELA relocation information at given index.
406- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
407+ Copyright (C) 2000-2009 Red Hat, Inc.
408 This file is part of Red Hat elfutils.
409 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
410
411@@ -71,12 +71,6 @@
412 if (data_scn == NULL)
413 return NULL;
414
415- if (unlikely (ndx < 0))
416- {
417- __libelf_seterrno (ELF_E_INVALID_INDEX);
418- return NULL;
419- }
420-
421 if (unlikely (data_scn->d.d_type != ELF_T_RELA))
422 {
423 __libelf_seterrno (ELF_E_INVALID_HANDLE);
424@@ -93,7 +87,7 @@
425 if (scn->elf->class == ELFCLASS32)
426 {
427 /* We have to convert the data. */
428- if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
429+ if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d))
430 {
431 __libelf_seterrno (ELF_E_INVALID_INDEX);
432 result = NULL;
433@@ -114,7 +108,7 @@
434 {
435 /* Simply copy the data after we made sure we are actually getting
436 correct data. */
437- if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size))
438+ if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d))
439 {
440 __libelf_seterrno (ELF_E_INVALID_INDEX);
441 result = NULL;
442Index: elfutils-0.148/libelf/gelf_getrel.c
443===================================================================
444--- elfutils-0.148.orig/libelf/gelf_getrel.c 2009-01-08 20:56:37.000000000 +0000
445+++ elfutils-0.148/libelf/gelf_getrel.c 2010-07-03 13:07:11.000000000 +0000
446@@ -1,5 +1,5 @@
447 /* Get REL relocation information at given index.
448- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
449+ Copyright (C) 2000-2009 Red Hat, Inc.
450 This file is part of Red Hat elfutils.
451 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
452
453@@ -71,12 +71,6 @@
454 if (data_scn == NULL)
455 return NULL;
456
457- if (unlikely (ndx < 0))
458- {
459- __libelf_seterrno (ELF_E_INVALID_INDEX);
460- return NULL;
461- }
462-
463 if (unlikely (data_scn->d.d_type != ELF_T_REL))
464 {
465 __libelf_seterrno (ELF_E_INVALID_HANDLE);
466@@ -93,7 +87,7 @@
467 if (scn->elf->class == ELFCLASS32)
468 {
469 /* We have to convert the data. */
470- if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size))
471+ if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d))
472 {
473 __libelf_seterrno (ELF_E_INVALID_INDEX);
474 result = NULL;
475@@ -113,7 +107,7 @@
476 {
477 /* Simply copy the data after we made sure we are actually getting
478 correct data. */
479- if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size))
480+ if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d))
481 {
482 __libelf_seterrno (ELF_E_INVALID_INDEX);
483 result = NULL;
484Index: elfutils-0.148/libelf/gelf_getsym.c
485===================================================================
486--- elfutils-0.148.orig/libelf/gelf_getsym.c 2009-01-08 20:56:37.000000000 +0000
487+++ elfutils-0.148/libelf/gelf_getsym.c 2010-07-03 13:07:11.000000000 +0000
488@@ -1,5 +1,5 @@
489 /* Get symbol information from symbol table at the given index.
490- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
491+ Copyright (C) 1999-2009 Red Hat, Inc.
492 This file is part of Red Hat elfutils.
493 Written by Ulrich Drepper <drepper@redhat.com>, 1999.
494
495@@ -90,7 +90,7 @@
496 table entries has to be adopted. The user better has provided
497 a buffer where we can store the information. While copying the
498 data we are converting the format. */
499- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data->d_size))
500+ if (INVALID_NDX (ndx, Elf32_Sym, data))
501 {
502 __libelf_seterrno (ELF_E_INVALID_INDEX);
503 goto out;
504@@ -119,7 +119,7 @@
505
506 /* The data is already in the correct form. Just make sure the
507 index is OK. */
508- if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > data->d_size))
509+ if (INVALID_NDX (ndx, GElf_Sym, data))
510 {
511 __libelf_seterrno (ELF_E_INVALID_INDEX);
512 goto out;
513Index: elfutils-0.148/libelf/gelf_getsyminfo.c
514===================================================================
515--- elfutils-0.148.orig/libelf/gelf_getsyminfo.c 2009-01-08 20:56:37.000000000 +0000
516+++ elfutils-0.148/libelf/gelf_getsyminfo.c 2010-07-03 13:07:11.000000000 +0000
517@@ -1,5 +1,5 @@
518 /* Get additional symbol information from symbol table at the given index.
519- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
520+ Copyright (C) 2000-2009 Red Hat, Inc.
521 This file is part of Red Hat elfutils.
522 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
523
524@@ -84,7 +84,7 @@
525
526 /* The data is already in the correct form. Just make sure the
527 index is OK. */
528- if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data->d_size))
529+ if (INVALID_NDX (ndx, GElf_Syminfo, data))
530 {
531 __libelf_seterrno (ELF_E_INVALID_INDEX);
532 goto out;
533Index: elfutils-0.148/libelf/gelf_getsymshndx.c
534===================================================================
535--- elfutils-0.148.orig/libelf/gelf_getsymshndx.c 2009-01-08 20:56:37.000000000 +0000
536+++ elfutils-0.148/libelf/gelf_getsymshndx.c 2010-07-03 13:07:11.000000000 +0000
537@@ -1,6 +1,6 @@
538 /* Get symbol information and separate section index from symbol table
539 at the given index.
540- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
541+ Copyright (C) 2000-2009 Red Hat, Inc.
542 This file is part of Red Hat elfutils.
543 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
544
545@@ -90,7 +90,7 @@
546 section index table. */
547 if (likely (shndxdata_scn != NULL))
548 {
549- if (unlikely ((ndx + 1) * sizeof (Elf32_Word) > shndxdata_scn->d.d_size))
550+ if (INVALID_NDX (ndx, Elf32_Word, &shndxdata_scn->d))
551 {
552 __libelf_seterrno (ELF_E_INVALID_INDEX);
553 goto out;
554@@ -110,7 +110,7 @@
555 table entries has to be adopted. The user better has provided
556 a buffer where we can store the information. While copying the
557 data we are converting the format. */
558- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata->d_size))
559+ if (INVALID_NDX (ndx, Elf32_Sym, symdata))
560 {
561 __libelf_seterrno (ELF_E_INVALID_INDEX);
562 goto out;
563@@ -139,7 +139,7 @@
564
565 /* The data is already in the correct form. Just make sure the
566 index is OK. */
567- if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > symdata->d_size))
568+ if (INVALID_NDX (ndx, GElf_Sym, symdata))
569 {
570 __libelf_seterrno (ELF_E_INVALID_INDEX);
571 goto out;
572Index: elfutils-0.148/libelf/gelf_getversym.c
573===================================================================
574--- elfutils-0.148.orig/libelf/gelf_getversym.c 2009-01-08 20:56:37.000000000 +0000
575+++ elfutils-0.148/libelf/gelf_getversym.c 2010-07-03 13:07:11.000000000 +0000
576@@ -1,5 +1,5 @@
577 /* Get symbol version information at the given index.
578- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
579+ Copyright (C) 1999-2009 Red Hat, Inc.
580 This file is part of Red Hat elfutils.
581 Written by Ulrich Drepper <drepper@redhat.com>, 1999.
582
583@@ -92,7 +92,7 @@
584
585 /* The data is already in the correct form. Just make sure the
586 index is OK. */
587- if (unlikely ((ndx + 1) * sizeof (GElf_Versym) > data->d_size))
588+ if (INVALID_NDX (ndx, GElf_Versym, data))
589 {
590 __libelf_seterrno (ELF_E_INVALID_INDEX);
591 result = NULL;
592Index: elfutils-0.148/libelf/gelf_update_dyn.c
593===================================================================
594--- elfutils-0.148.orig/libelf/gelf_update_dyn.c 2009-01-08 20:56:37.000000000 +0000
595+++ elfutils-0.148/libelf/gelf_update_dyn.c 2010-07-03 13:07:11.000000000 +0000
596@@ -1,5 +1,5 @@
597 /* Update information in dynamic table at the given index.
598- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
599+ Copyright (C) 2000-2009 Red Hat, Inc.
600 This file is part of Red Hat elfutils.
601 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
602
603@@ -71,12 +71,6 @@
604 if (data == NULL)
605 return 0;
606
607- if (unlikely (ndx < 0))
608- {
609- __libelf_seterrno (ELF_E_INVALID_INDEX);
610- return 0;
611- }
612-
613 if (unlikely (data_scn->d.d_type != ELF_T_DYN))
614 {
615 /* The type of the data better should match. */
616@@ -102,7 +96,7 @@
617 }
618
619 /* Check whether we have to resize the data buffer. */
620- if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
621+ if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d))
622 {
623 __libelf_seterrno (ELF_E_INVALID_INDEX);
624 goto out;
625@@ -116,7 +110,7 @@
626 else
627 {
628 /* Check whether we have to resize the data buffer. */
629- if (unlikely ((ndx + 1) * sizeof (Elf64_Dyn) > data_scn->d.d_size))
630+ if (INVALID_NDX (ndx, Elf64_Dyn, &data_scn->d))
631 {
632 __libelf_seterrno (ELF_E_INVALID_INDEX);
633 goto out;
634Index: elfutils-0.148/libelf/gelf_update_lib.c
635===================================================================
636--- elfutils-0.148.orig/libelf/gelf_update_lib.c 2009-01-08 20:56:37.000000000 +0000
637+++ elfutils-0.148/libelf/gelf_update_lib.c 2010-07-03 13:07:11.000000000 +0000
638@@ -1,5 +1,5 @@
639 /* Update library in table at the given index.
640- Copyright (C) 2004 Red Hat, Inc.
641+ Copyright (C) 2004-2009 Red Hat, Inc.
642 This file is part of Red Hat elfutils.
643 Written by Ulrich Drepper <drepper@redhat.com>, 2004.
644
645@@ -68,12 +68,6 @@
646 if (data == NULL)
647 return 0;
648
649- if (unlikely (ndx < 0))
650- {
651- __libelf_seterrno (ELF_E_INVALID_INDEX);
652- return 0;
653- }
654-
655 Elf_Data_Scn *data_scn = (Elf_Data_Scn *) data;
656 if (unlikely (data_scn->d.d_type != ELF_T_LIB))
657 {
658@@ -87,7 +81,7 @@
659
660 /* Check whether we have to resize the data buffer. */
661 int result = 0;
662- if (unlikely ((ndx + 1) * sizeof (Elf64_Lib) > data_scn->d.d_size))
663+ if (INVALID_NDX (ndx, Elf64_Lib, &data_scn->d))
664 __libelf_seterrno (ELF_E_INVALID_INDEX);
665 else
666 {
667Index: elfutils-0.148/libelf/gelf_update_move.c
668===================================================================
669--- elfutils-0.148.orig/libelf/gelf_update_move.c 2009-01-08 20:56:37.000000000 +0000
670+++ elfutils-0.148/libelf/gelf_update_move.c 2010-07-03 13:07:11.000000000 +0000
671@@ -1,5 +1,5 @@
672 /* Update move structure at the given index.
673- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
674+ Copyright (C) 2000-2009 Red Hat, Inc.
675 This file is part of Red Hat elfutils.
676 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
677
678@@ -75,8 +75,7 @@
679 assert (sizeof (GElf_Move) == sizeof (Elf64_Move));
680
681 /* Check whether we have to resize the data buffer. */
682- if (unlikely (ndx < 0)
683- || unlikely ((ndx + 1) * sizeof (GElf_Move) > data_scn->d.d_size))
684+ if (INVALID_NDX (ndx, GElf_Move, &data_scn->d))
685 {
686 __libelf_seterrno (ELF_E_INVALID_INDEX);
687 return 0;
688Index: elfutils-0.148/libelf/gelf_update_rela.c
689===================================================================
690--- elfutils-0.148.orig/libelf/gelf_update_rela.c 2009-01-08 20:56:37.000000000 +0000
691+++ elfutils-0.148/libelf/gelf_update_rela.c 2010-07-03 13:07:11.000000000 +0000
692@@ -1,5 +1,5 @@
693 /* Update RELA relocation information at given index.
694- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
695+ Copyright (C) 2000-2009 Red Hat, Inc.
696 This file is part of Red Hat elfutils.
697 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
698
699@@ -68,12 +68,6 @@
700 if (dst == NULL)
701 return 0;
702
703- if (unlikely (ndx < 0))
704- {
705- __libelf_seterrno (ELF_E_INVALID_INDEX);
706- return 0;
707- }
708-
709 if (unlikely (data_scn->d.d_type != ELF_T_RELA))
710 {
711 /* The type of the data better should match. */
712@@ -101,7 +95,7 @@
713 }
714
715 /* Check whether we have to resize the data buffer. */
716- if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
717+ if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d))
718 {
719 __libelf_seterrno (ELF_E_INVALID_INDEX);
720 goto out;
721@@ -117,7 +111,7 @@
722 else
723 {
724 /* Check whether we have to resize the data buffer. */
725- if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size))
726+ if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d))
727 {
728 __libelf_seterrno (ELF_E_INVALID_INDEX);
729 goto out;
730Index: elfutils-0.148/libelf/gelf_update_rel.c
731===================================================================
732--- elfutils-0.148.orig/libelf/gelf_update_rel.c 2009-01-08 20:56:37.000000000 +0000
733+++ elfutils-0.148/libelf/gelf_update_rel.c 2010-07-03 13:07:11.000000000 +0000
734@@ -1,5 +1,5 @@
735 /* Update REL relocation information at given index.
736- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
737+ Copyright (C) 2000-2009 Red Hat, Inc.
738 This file is part of Red Hat elfutils.
739 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
740
741@@ -68,12 +68,6 @@
742 if (dst == NULL)
743 return 0;
744
745- if (unlikely (ndx < 0))
746- {
747- __libelf_seterrno (ELF_E_INVALID_INDEX);
748- return 0;
749- }
750-
751 if (unlikely (data_scn->d.d_type != ELF_T_REL))
752 {
753 /* The type of the data better should match. */
754@@ -99,7 +93,7 @@
755 }
756
757 /* Check whether we have to resize the data buffer. */
758- if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size))
759+ if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d))
760 {
761 __libelf_seterrno (ELF_E_INVALID_INDEX);
762 goto out;
763@@ -114,7 +108,7 @@
764 else
765 {
766 /* Check whether we have to resize the data buffer. */
767- if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size))
768+ if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d))
769 {
770 __libelf_seterrno (ELF_E_INVALID_INDEX);
771 goto out;
772Index: elfutils-0.148/libelf/gelf_update_sym.c
773===================================================================
774--- elfutils-0.148.orig/libelf/gelf_update_sym.c 2009-01-08 20:56:37.000000000 +0000
775+++ elfutils-0.148/libelf/gelf_update_sym.c 2010-07-03 13:07:11.000000000 +0000
776@@ -1,5 +1,5 @@
777 /* Update symbol information in symbol table at the given index.
778- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
779+ Copyright (C) 2000-2009 Red Hat, Inc.
780 This file is part of Red Hat elfutils.
781 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
782
783@@ -72,12 +72,6 @@
784 if (data == NULL)
785 return 0;
786
787- if (unlikely (ndx < 0))
788- {
789- __libelf_seterrno (ELF_E_INVALID_INDEX);
790- return 0;
791- }
792-
793 if (unlikely (data_scn->d.d_type != ELF_T_SYM))
794 {
795 /* The type of the data better should match. */
796@@ -102,7 +96,7 @@
797 }
798
799 /* Check whether we have to resize the data buffer. */
800- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data_scn->d.d_size))
801+ if (INVALID_NDX (ndx, Elf32_Sym, &data_scn->d))
802 {
803 __libelf_seterrno (ELF_E_INVALID_INDEX);
804 goto out;
805@@ -125,7 +119,7 @@
806 else
807 {
808 /* Check whether we have to resize the data buffer. */
809- if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > data_scn->d.d_size))
810+ if (INVALID_NDX (ndx, Elf64_Sym, &data_scn->d))
811 {
812 __libelf_seterrno (ELF_E_INVALID_INDEX);
813 goto out;
814Index: elfutils-0.148/libelf/gelf_update_syminfo.c
815===================================================================
816--- elfutils-0.148.orig/libelf/gelf_update_syminfo.c 2009-01-08 20:56:37.000000000 +0000
817+++ elfutils-0.148/libelf/gelf_update_syminfo.c 2010-07-03 13:07:11.000000000 +0000
818@@ -1,5 +1,5 @@
819 /* Update additional symbol information in symbol table at the given index.
820- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
821+ Copyright (C) 2000-2009 Red Hat, Inc.
822 This file is part of Red Hat elfutils.
823 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
824
825@@ -72,12 +72,6 @@
826 if (data == NULL)
827 return 0;
828
829- if (unlikely (ndx < 0))
830- {
831- __libelf_seterrno (ELF_E_INVALID_INDEX);
832- return 0;
833- }
834-
835 if (unlikely (data_scn->d.d_type != ELF_T_SYMINFO))
836 {
837 /* The type of the data better should match. */
838@@ -93,7 +87,7 @@
839 rwlock_wrlock (scn->elf->lock);
840
841 /* Check whether we have to resize the data buffer. */
842- if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data_scn->d.d_size))
843+ if (INVALID_NDX (ndx, GElf_Syminfo, &data_scn->d))
844 {
845 __libelf_seterrno (ELF_E_INVALID_INDEX);
846 goto out;
847Index: elfutils-0.148/libelf/gelf_update_symshndx.c
848===================================================================
849--- elfutils-0.148.orig/libelf/gelf_update_symshndx.c 2009-01-08 20:56:37.000000000 +0000
850+++ elfutils-0.148/libelf/gelf_update_symshndx.c 2010-07-03 13:07:11.000000000 +0000
851@@ -1,6 +1,6 @@
852 /* Update symbol information and section index in symbol table at the
853 given index.
854- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
855+ Copyright (C) 2000-2009 Red Hat, Inc.
856 This file is part of Red Hat elfutils.
857 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
858
859@@ -77,12 +77,6 @@
860 if (symdata == NULL)
861 return 0;
862
863- if (unlikely (ndx < 0))
864- {
865- __libelf_seterrno (ELF_E_INVALID_INDEX);
866- return 0;
867- }
868-
869 if (unlikely (symdata_scn->d.d_type != ELF_T_SYM))
870 {
871 /* The type of the data better should match. */
872@@ -128,7 +122,7 @@
873 }
874
875 /* Check whether we have to resize the data buffer. */
876- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata_scn->d.d_size))
877+ if (INVALID_NDX (ndx, Elf32_Sym, &symdata_scn->d))
878 {
879 __libelf_seterrno (ELF_E_INVALID_INDEX);
880 goto out;
881@@ -151,7 +145,7 @@
882 else
883 {
884 /* Check whether we have to resize the data buffer. */
885- if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > symdata_scn->d.d_size))
886+ if (INVALID_NDX (ndx, Elf64_Sym, &symdata_scn->d))
887 {
888 __libelf_seterrno (ELF_E_INVALID_INDEX);
889 goto out;
890Index: elfutils-0.148/libelf/gelf_update_versym.c
891===================================================================
892--- elfutils-0.148.orig/libelf/gelf_update_versym.c 2009-01-08 20:56:37.000000000 +0000
893+++ elfutils-0.148/libelf/gelf_update_versym.c 2010-07-03 13:07:11.000000000 +0000
894@@ -1,5 +1,5 @@
895 /* Update symbol version information.
896- Copyright (C) 2001, 2002 Red Hat, Inc.
897+ Copyright (C) 2001-2009 Red Hat, Inc.
898 This file is part of Red Hat elfutils.
899 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
900
901@@ -75,8 +75,7 @@
902 assert (sizeof (GElf_Versym) == sizeof (Elf64_Versym));
903
904 /* Check whether we have to resize the data buffer. */
905- if (unlikely (ndx < 0)
906- || unlikely ((ndx + 1) * sizeof (GElf_Versym) > data_scn->d.d_size))
907+ if (INVALID_NDX (ndx, GElf_Versym, &data_scn->d))
908 {
909 __libelf_seterrno (ELF_E_INVALID_INDEX);
910 return 0;
911Index: elfutils-0.148/libelf/libelfP.h
912===================================================================
913--- elfutils-0.148.orig/libelf/libelfP.h 2010-01-12 16:57:54.000000000 +0000
914+++ elfutils-0.148/libelf/libelfP.h 2010-07-03 13:07:11.000000000 +0000
915@@ -608,4 +608,8 @@
916 /* Align offset to 4 bytes as needed for note name and descriptor data. */
917 #define NOTE_ALIGN(n) (((n) + 3) & -4U)
918
919+/* Convenience macro. */
920+#define INVALID_NDX(ndx, type, data) \
921+ unlikely ((data)->d_size / sizeof (type) <= (unsigned int) (ndx))
922+
923 #endif /* libelfP.h */
924Index: elfutils-0.148/src/ChangeLog
925===================================================================
926--- elfutils-0.148.orig/src/ChangeLog 2010-07-03 13:07:10.000000000 +0000
927+++ elfutils-0.148/src/ChangeLog 2010-07-03 13:07:11.000000000 +0000
928@@ -1640,6 +1640,16 @@
929 object symbols or symbols with unknown type.
930 (check_rel): Likewise.
931
932+2005-06-09 Roland McGrath <roland@redhat.com>
933+
934+ * readelf.c (handle_dynamic, handle_symtab): Check for bogus sh_link.
935+ (handle_verneed, handle_verdef, handle_versym, handle_hash): Likewise.
936+ (handle_scngrp): Check for bogus sh_info.
937+
938+ * strip.c (handle_elf): Check for bogus values in sh_link, sh_info,
939+ st_shndx, e_shstrndx, and SHT_GROUP or SHT_SYMTAB_SHNDX data.
940+ Don't use assert on input values, instead bail with "illformed" error.
941+
942 2005-06-08 Roland McGrath <roland@redhat.com>
943
944 * readelf.c (print_ops): Add consts.
945@@ -1690,6 +1700,19 @@
946
947 * readelf.c (dwarf_tag_string): Add new tags.
948
949+2005-05-17 Jakub Jelinek <jakub@redhat.com>
950+
951+ * elflint.c (check_hash): Don't check entries beyond end of section.
952+ (check_note): Don't crash if gelf_rawchunk fails.
953+ (section_name): Return <invalid> if gelf_getshdr returns NULL.
954+
955+2005-05-14 Jakub Jelinek <jakub@redhat.com>
956+
957+ * elflint.c (section_name): Return "<invalid>" instead of
958+ crashing on invalid section name.
959+ (check_symtab, is_rel_dyn, check_rela, check_rel, check_dynamic,
960+ check_symtab_shndx, check_hash, check_versym): Robustify.
961+
962 2005-05-08 Roland McGrath <roland@redhat.com>
963
964 * strip.c (handle_elf): Don't translate hash and versym data formats,
965Index: elfutils-0.148/src/elflint.c
966===================================================================
967--- elfutils-0.148.orig/src/elflint.c 2010-04-13 20:08:02.000000000 +0000
968+++ elfutils-0.148/src/elflint.c 2010-07-03 13:07:11.000000000 +0000
969@@ -131,6 +131,10 @@
970 /* Array to count references in section groups. */
971 static int *scnref;
972
973+/* Numbers of sections and program headers. */
974+static unsigned int shnum;
975+static unsigned int phnum;
976+
977
978 int
979 main (int argc, char *argv[])
980@@ -319,10 +323,19 @@
981 {
982 GElf_Shdr shdr_mem;
983 GElf_Shdr *shdr;
984+ const char *ret;
985+
986+ if ((unsigned int) idx > shnum)
987+ return "<invalid>";
988
989 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
990+ if (shdr == NULL)
991+ return "<invalid>";
992
993- return elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
994+ ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
995+ if (ret == NULL)
996+ return "<invalid>";
997+ return ret;
998 }
999
1000
1001@@ -344,11 +357,6 @@
1002 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
1003
1004
1005-/* Numbers of sections and program headers. */
1006-static unsigned int shnum;
1007-static unsigned int phnum;
1008-
1009-
1010 static void
1011 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
1012 {
1013@@ -632,7 +640,8 @@
1014 }
1015 }
1016
1017- if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT))
1018+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
1019+ if (shdr->sh_entsize != sh_entsize)
1020 ERROR (gettext ("\
1021 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
1022 idx, section_name (ebl, idx));
1023@@ -670,7 +679,7 @@
1024 xndxscnidx, section_name (ebl, xndxscnidx));
1025 }
1026
1027- for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1028+ for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
1029 {
1030 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
1031 if (sym == NULL)
1032@@ -690,7 +699,8 @@
1033 else
1034 {
1035 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
1036- assert (name != NULL);
1037+ assert (name != NULL
1038+ || strshdr->sh_type != SHT_STRTAB);
1039 }
1040
1041 if (sym->st_shndx == SHN_XINDEX)
1042@@ -1038,9 +1048,11 @@
1043 {
1044 GElf_Shdr rcshdr_mem;
1045 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1046- assert (rcshdr != NULL);
1047
1048- if (rcshdr->sh_type == SHT_DYNAMIC)
1049+ if (rcshdr == NULL)
1050+ break;
1051+
1052+ if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize)
1053 {
1054 /* Found the dynamic section. Look through it. */
1055 Elf_Data *d = elf_getdata (scn, NULL);
1056@@ -1050,7 +1062,9 @@
1057 {
1058 GElf_Dyn dyn_mem;
1059 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1060- assert (dyn != NULL);
1061+
1062+ if (dyn == NULL)
1063+ break;
1064
1065 if (dyn->d_tag == DT_RELCOUNT)
1066 {
1067@@ -1064,7 +1078,9 @@
1068 /* Does the number specified number of relative
1069 relocations exceed the total number of
1070 relocations? */
1071- if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1072+ if (shdr->sh_entsize != 0
1073+ && dyn->d_un.d_val > (shdr->sh_size
1074+ / shdr->sh_entsize))
1075 ERROR (gettext ("\
1076 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1077 idx, section_name (ebl, idx),
1078@@ -1224,7 +1240,8 @@
1079 }
1080 }
1081
1082- if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT))
1083+ size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1084+ if (shdr->sh_entsize != sh_entsize)
1085 ERROR (gettext (reltype == ELF_T_RELA ? "\
1086 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1087 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1088@@ -1447,7 +1464,8 @@
1089 Elf_Data *symdata = elf_getdata (symscn, NULL);
1090 enum load_state state = state_undecided;
1091
1092- for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1093+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1094+ for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1095 {
1096 GElf_Rela rela_mem;
1097 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1098@@ -1497,7 +1515,8 @@
1099 Elf_Data *symdata = elf_getdata (symscn, NULL);
1100 enum load_state state = state_undecided;
1101
1102- for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1103+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1104+ for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1105 {
1106 GElf_Rel rel_mem;
1107 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1108@@ -1600,7 +1619,8 @@
1109 shdr->sh_link, section_name (ebl, shdr->sh_link),
1110 idx, section_name (ebl, idx));
1111
1112- if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT))
1113+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1114+ if (shdr->sh_entsize != sh_entsize)
1115 ERROR (gettext ("\
1116 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1117 idx, section_name (ebl, idx));
1118@@ -1610,7 +1630,7 @@
1119 idx, section_name (ebl, idx));
1120
1121 bool non_null_warned = false;
1122- for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1123+ for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1124 {
1125 GElf_Dyn dyn_mem;
1126 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1127@@ -1891,6 +1911,8 @@
1128 idx, section_name (ebl, idx));
1129
1130 if (symshdr != NULL
1131+ && shdr->sh_entsize
1132+ && symshdr->sh_entsize
1133 && (shdr->sh_size / shdr->sh_entsize
1134 < symshdr->sh_size / symshdr->sh_entsize))
1135 ERROR (gettext ("\
1136@@ -1917,6 +1939,12 @@
1137 }
1138
1139 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1140+ if (data == NULL)
1141+ {
1142+ ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1143+ idx, section_name (ebl, idx));
1144+ return;
1145+ }
1146
1147 if (*((Elf32_Word *) data->d_buf) != 0)
1148 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1149@@ -1959,7 +1987,7 @@
1150
1151 size_t maxidx = nchain;
1152
1153- if (symshdr != NULL)
1154+ if (symshdr != NULL && symshdr->sh_entsize != 0)
1155 {
1156 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1157
1158@@ -1970,18 +1998,28 @@
1159 maxidx = symsize;
1160 }
1161
1162+ Elf32_Word *buf = (Elf32_Word *) data->d_buf;
1163+ Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
1164 size_t cnt;
1165 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1166- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1167+ {
1168+ if (buf + cnt >= end)
1169+ break;
1170+ else if (buf[cnt] >= maxidx)
1171 ERROR (gettext ("\
1172 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1173 idx, section_name (ebl, idx), cnt - 2);
1174+ }
1175
1176 for (; cnt < 2 + nbucket + nchain; ++cnt)
1177- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1178+ {
1179+ if (buf + cnt >= end)
1180+ break;
1181+ else if (buf[cnt] >= maxidx)
1182 ERROR (gettext ("\
1183 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
1184 idx, section_name (ebl, idx), cnt - 2 - nbucket);
1185+ }
1186 }
1187
1188
1189@@ -2011,18 +2049,28 @@
1190 maxidx = symsize;
1191 }
1192
1193+ Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
1194+ Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
1195 size_t cnt;
1196 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1197- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
1198+ {
1199+ if (buf + cnt >= end)
1200+ break;
1201+ else if (buf[cnt] >= maxidx)
1202 ERROR (gettext ("\
1203 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1204 idx, section_name (ebl, idx), cnt - 2);
1205+ }
1206
1207 for (; cnt < 2 + nbucket + nchain; ++cnt)
1208- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
1209+ {
1210+ if (buf + cnt >= end)
1211+ break;
1212+ else if (buf[cnt] >= maxidx)
1213 ERROR (gettext ("\
1214 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
1215- idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket));
1216+ idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
1217+ }
1218 }
1219
1220
1221@@ -2047,7 +2095,7 @@
1222 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
1223 {
1224 ERROR (gettext ("\
1225-section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"),
1226+section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
1227 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1228 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
1229 return;
1230@@ -2719,8 +2767,9 @@
1231
1232 /* The number of elements in the version symbol table must be the
1233 same as the number of symbols. */
1234- if (shdr->sh_size / shdr->sh_entsize
1235- != symshdr->sh_size / symshdr->sh_entsize)
1236+ if (shdr->sh_entsize && symshdr->sh_entsize
1237+ && (shdr->sh_size / shdr->sh_entsize
1238+ != symshdr->sh_size / symshdr->sh_entsize))
1239 ERROR (gettext ("\
1240 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
1241 idx, section_name (ebl, idx),
1242Index: elfutils-0.148/src/readelf.c
1243===================================================================
1244--- elfutils-0.148.orig/src/readelf.c 2010-07-03 13:07:10.000000000 +0000
1245+++ elfutils-0.148/src/readelf.c 2010-07-03 13:07:11.000000000 +0000
1246@@ -1172,6 +1172,8 @@
1247 Elf32_Word *grpref = (Elf32_Word *) data->d_buf;
1248
1249 GElf_Sym sym_mem;
1250+ GElf_Sym *sym = gelf_getsym (symdata, shdr->sh_info, &sym_mem);
1251+
1252 printf ((grpref[0] & GRP_COMDAT)
1253 ? ngettext ("\
1254 \nCOMDAT section group [%2zu] '%s' with signature '%s' contains %zu entry:\n",
1255@@ -1184,8 +1186,8 @@
1256 data->d_size / sizeof (Elf32_Word) - 1),
1257 elf_ndxscn (scn),
1258 elf_strptr (ebl->elf, shstrndx, shdr->sh_name),
1259- elf_strptr (ebl->elf, symshdr->sh_link,
1260- gelf_getsym (symdata, shdr->sh_info, &sym_mem)->st_name)
1261+ (sym == NULL ? NULL
1262+ : elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1263 ?: gettext ("<INVALID SYMBOL>"),
1264 data->d_size / sizeof (Elf32_Word) - 1);
1265
1266@@ -1336,7 +1338,8 @@
1267 handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
1268 {
1269 int class = gelf_getclass (ebl->elf);
1270- GElf_Shdr glink;
1271+ GElf_Shdr glink_mem;
1272+ GElf_Shdr *glink;
1273 Elf_Data *data;
1274 size_t cnt;
1275 size_t shstrndx;
1276@@ -1351,6 +1354,11 @@
1277 error (EXIT_FAILURE, 0,
1278 gettext ("cannot get section header string table index"));
1279
1280+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
1281+ if (glink == NULL)
1282+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1283+ elf_ndxscn (scn));
1284+
1285 printf (ngettext ("\
1286 \nDynamic segment contains %lu entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1287 "\
1288@@ -1360,9 +1368,7 @@
1289 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1290 shdr->sh_offset,
1291 (int) shdr->sh_link,
1292- elf_strptr (ebl->elf, shstrndx,
1293- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1294- &glink)->sh_name));
1295+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1296 fputs_unlocked (gettext (" Type Value\n"), stdout);
1297
1298 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1299@@ -1945,6 +1951,13 @@
1300 error (EXIT_FAILURE, 0,
1301 gettext ("cannot get section header string table index"));
1302
1303+ GElf_Shdr glink_mem;
1304+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1305+ &glink_mem);
1306+ if (glink == NULL)
1307+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1308+ elf_ndxscn (scn));
1309+
1310 /* Now we can compute the number of entries in the section. */
1311 unsigned int nsyms = data->d_size / (class == ELFCLASS32
1312 ? sizeof (Elf32_Sym)
1313@@ -1955,15 +1968,12 @@
1314 nsyms),
1315 (unsigned int) elf_ndxscn (scn),
1316 elf_strptr (ebl->elf, shstrndx, shdr->sh_name), nsyms);
1317- GElf_Shdr glink;
1318 printf (ngettext (" %lu local symbol String table: [%2u] '%s'\n",
1319 " %lu local symbols String table: [%2u] '%s'\n",
1320 shdr->sh_info),
1321 (unsigned long int) shdr->sh_info,
1322 (unsigned int) shdr->sh_link,
1323- elf_strptr (ebl->elf, shstrndx,
1324- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1325- &glink)->sh_name));
1326+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1327
1328 fputs_unlocked (class == ELFCLASS32
1329 ? gettext ("\
1330@@ -2199,7 +2209,13 @@
1331 error (EXIT_FAILURE, 0,
1332 gettext ("cannot get section header string table index"));
1333
1334- GElf_Shdr glink;
1335+ GElf_Shdr glink_mem;
1336+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1337+ &glink_mem);
1338+ if (glink == NULL)
1339+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1340+ elf_ndxscn (scn));
1341+
1342 printf (ngettext ("\
1343 \nVersion needs section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1344 "\
1345@@ -2210,9 +2226,7 @@
1346 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1347 shdr->sh_offset,
1348 (unsigned int) shdr->sh_link,
1349- elf_strptr (ebl->elf, shstrndx,
1350- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1351- &glink)->sh_name));
1352+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1353
1354 unsigned int offset = 0;
1355 for (int cnt = shdr->sh_info; --cnt >= 0; )
1356@@ -2265,8 +2279,14 @@
1357 error (EXIT_FAILURE, 0,
1358 gettext ("cannot get section header string table index"));
1359
1360+ GElf_Shdr glink_mem;
1361+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1362+ &glink_mem);
1363+ if (glink == NULL)
1364+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1365+ elf_ndxscn (scn));
1366+
1367 int class = gelf_getclass (ebl->elf);
1368- GElf_Shdr glink;
1369 printf (ngettext ("\
1370 \nVersion definition section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1371 "\
1372@@ -2278,9 +2298,7 @@
1373 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1374 shdr->sh_offset,
1375 (unsigned int) shdr->sh_link,
1376- elf_strptr (ebl->elf, shstrndx,
1377- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1378- &glink)->sh_name));
1379+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1380
1381 unsigned int offset = 0;
1382 for (int cnt = shdr->sh_info; --cnt >= 0; )
1383@@ -2542,8 +2560,14 @@
1384 filename = NULL;
1385 }
1386
1387+ GElf_Shdr glink_mem;
1388+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1389+ &glink_mem);
1390+ if (glink == NULL)
1391+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1392+ elf_ndxscn (scn));
1393+
1394 /* Print the header. */
1395- GElf_Shdr glink;
1396 printf (ngettext ("\
1397 \nVersion symbols section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'",
1398 "\
1399@@ -2555,9 +2579,7 @@
1400 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1401 shdr->sh_offset,
1402 (unsigned int) shdr->sh_link,
1403- elf_strptr (ebl->elf, shstrndx,
1404- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1405- &glink)->sh_name));
1406+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1407
1408 /* Now we can finally look at the actual contents of this section. */
1409 for (unsigned int cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1410@@ -2609,7 +2631,17 @@
1411 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
1412 ++counts[lengths[cnt]];
1413
1414- GElf_Shdr glink;
1415+ GElf_Shdr glink_mem;
1416+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf,
1417+ shdr->sh_link),
1418+ &glink_mem);
1419+ if (glink == NULL)
1420+ {
1421+ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
1422+ elf_ndxscn (scn));
1423+ return;
1424+ }
1425+
1426 printf (ngettext ("\
1427 \nHistogram for bucket list length in section [%2u] '%s' (total of %d bucket):\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1428 "\
1429@@ -2622,9 +2654,7 @@
1430 shdr->sh_addr,
1431 shdr->sh_offset,
1432 (unsigned int) shdr->sh_link,
1433- elf_strptr (ebl->elf, shstrndx,
1434- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1435- &glink)->sh_name));
1436+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1437
1438 if (extrastr != NULL)
1439 fputs (extrastr, stdout);
1440@@ -4312,6 +4342,16 @@
1441 return;
1442 }
1443
1444+ GElf_Shdr glink_mem;
1445+ GElf_Shdr *glink;
1446+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
1447+ if (glink == NULL)
1448+ {
1449+ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
1450+ elf_ndxscn (scn));
1451+ return;
1452+ }
1453+
1454 printf (ngettext ("\
1455 \nDWARF section [%2zu] '%s' at offset %#" PRIx64 " contains %zu entry:\n",
1456 "\
1457Index: elfutils-0.148/src/strip.c
1458===================================================================
1459--- elfutils-0.148.orig/src/strip.c 2010-07-03 13:07:10.000000000 +0000
1460+++ elfutils-0.148/src/strip.c 2010-07-03 13:07:11.000000000 +0000
1461@@ -561,6 +561,11 @@
1462 goto fail_close;
1463 }
1464
1465+ if (shstrndx >= shnum)
1466+ goto illformed;
1467+
1468+#define elf_assert(test) do { if (!(test)) goto illformed; } while (0)
1469+
1470 /* Storage for section information. We leave room for two more
1471 entries since we unconditionally create a section header string
1472 table. Maybe some weird tool created an ELF file without one.
1473@@ -582,7 +587,7 @@
1474 {
1475 /* This should always be true (i.e., there should not be any
1476 holes in the numbering). */
1477- assert (elf_ndxscn (scn) == cnt);
1478+ elf_assert (elf_ndxscn (scn) == cnt);
1479
1480 shdr_info[cnt].scn = scn;
1481
1482@@ -595,6 +600,7 @@
1483 shdr_info[cnt].shdr.sh_name);
1484 if (shdr_info[cnt].name == NULL)
1485 {
1486+ illformed:
1487 error (0, 0, gettext ("illformed file '%s'"), fname);
1488 goto fail_close;
1489 }
1490@@ -604,6 +610,8 @@
1491
1492 /* Remember the shdr.sh_link value. */
1493 shdr_info[cnt].old_sh_link = shdr_info[cnt].shdr.sh_link;
1494+ if (shdr_info[cnt].old_sh_link >= shnum)
1495+ goto illformed;
1496
1497 /* Sections in files other than relocatable object files which
1498 are not loaded can be freely moved by us. In relocatable
1499@@ -616,7 +624,7 @@
1500 appropriate reference. */
1501 if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB_SHNDX))
1502 {
1503- assert (shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx == 0);
1504+ elf_assert (shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx == 0);
1505 shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx = cnt;
1506 }
1507 else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GROUP))
1508@@ -633,7 +641,12 @@
1509 for (inner = 1;
1510 inner < shdr_info[cnt].data->d_size / sizeof (Elf32_Word);
1511 ++inner)
1512+ {
1513+ if (grpref[inner] < shnum)
1514 shdr_info[grpref[inner]].group_idx = cnt;
1515+ else
1516+ goto illformed;
1517+ }
1518
1519 if (inner == 1 || (inner == 2 && (grpref[0] & GRP_COMDAT) == 0))
1520 /* If the section group contains only one element and this
1521@@ -644,7 +657,7 @@
1522 }
1523 else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GNU_versym))
1524 {
1525- assert (shdr_info[shdr_info[cnt].shdr.sh_link].version_idx == 0);
1526+ elf_assert (shdr_info[shdr_info[cnt].shdr.sh_link].version_idx == 0);
1527 shdr_info[shdr_info[cnt].shdr.sh_link].version_idx = cnt;
1528 }
1529
1530@@ -652,7 +665,7 @@
1531 discarded right away. */
1532 if ((shdr_info[cnt].shdr.sh_flags & SHF_GROUP) != 0)
1533 {
1534- assert (shdr_info[cnt].group_idx != 0);
1535+ elf_assert (shdr_info[cnt].group_idx != 0);
1536
1537 if (shdr_info[shdr_info[cnt].group_idx].idx == 0)
1538 {
1539@@ -727,11 +740,15 @@
1540 {
1541 /* If a relocation section is marked as being removed make
1542 sure the section it is relocating is removed, too. */
1543- if ((shdr_info[cnt].shdr.sh_type == SHT_REL
1544+ if (shdr_info[cnt].shdr.sh_type == SHT_REL
1545 || shdr_info[cnt].shdr.sh_type == SHT_RELA)
1546- && shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
1547+ {
1548+ if (shdr_info[cnt].shdr.sh_info >= shnum)
1549+ goto illformed;
1550+ else if (shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
1551 shdr_info[cnt].idx = 1;
1552 }
1553+ }
1554
1555 if (shdr_info[cnt].idx == 1)
1556 {
1557@@ -758,7 +775,7 @@
1558 if (shdr_info[cnt].symtab_idx != 0
1559 && shdr_info[shdr_info[cnt].symtab_idx].data == NULL)
1560 {
1561- assert (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB);
1562+ elf_assert (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB);
1563
1564 shdr_info[shdr_info[cnt].symtab_idx].data
1565 = elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
1566@@ -798,6 +815,9 @@
1567 else if (scnidx == SHN_XINDEX)
1568 scnidx = xndx;
1569
1570+ if (scnidx >= shnum)
1571+ goto illformed;
1572+
1573 if (shdr_info[scnidx].idx == 0)
1574 /* This symbol table has a real symbol in
1575 a discarded section. So preserve the
1576@@ -828,12 +848,16 @@
1577 }
1578
1579 /* Handle references through sh_info. */
1580- if (SH_INFO_LINK_P (&shdr_info[cnt].shdr)
1581- && shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
1582+ if (SH_INFO_LINK_P (&shdr_info[cnt].shdr))
1583+ {
1584+ if (shdr_info[cnt].shdr.sh_info >= shnum)
1585+ goto illformed;
1586+ else if ( shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
1587 {
1588 shdr_info[shdr_info[cnt].shdr.sh_info].idx = 1;
1589 changes |= shdr_info[cnt].shdr.sh_info < cnt;
1590 }
1591+ }
1592
1593 /* Mark the section as investigated. */
1594 shdr_info[cnt].idx = 2;
1595@@ -972,7 +996,7 @@
1596 error (EXIT_FAILURE, 0, gettext ("while generating output file: %s"),
1597 elf_errmsg (-1));
1598
1599- assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1600+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1601
1602 /* Add this name to the section header string table. */
1603 shdr_info[cnt].se = ebl_strtabadd (shst, shdr_info[cnt].name, 0);
1604@@ -1009,7 +1033,7 @@
1605 error (EXIT_FAILURE, 0,
1606 gettext ("while create section header section: %s"),
1607 elf_errmsg (-1));
1608- assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1609+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1610
1611 shdr_info[cnt].data = elf_newdata (shdr_info[cnt].newscn);
1612 if (shdr_info[cnt].data == NULL)
1613@@ -1065,7 +1089,7 @@
1614 error (EXIT_FAILURE, 0,
1615 gettext ("while create section header section: %s"),
1616 elf_errmsg (-1));
1617- assert (elf_ndxscn (shdr_info[cnt].newscn) == idx);
1618+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == idx);
1619
1620 /* Finalize the string table and fill in the correct indices in the
1621 section headers. */
1622@@ -1155,20 +1179,20 @@
1623 shndxdata = elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
1624 NULL);
1625
1626- assert ((versiondata->d_size / sizeof (Elf32_Word))
1627+ elf_assert ((versiondata->d_size / sizeof (Elf32_Word))
1628 >= shdr_info[cnt].data->d_size / elsize);
1629 }
1630
1631 if (shdr_info[cnt].version_idx != 0)
1632 {
1633- assert (shdr_info[cnt].shdr.sh_type == SHT_DYNSYM);
1634+ elf_assert (shdr_info[cnt].shdr.sh_type == SHT_DYNSYM);
1635 /* This section has associated version
1636 information. We have to modify that
1637 information, too. */
1638 versiondata = elf_getdata (shdr_info[shdr_info[cnt].version_idx].scn,
1639 NULL);
1640
1641- assert ((versiondata->d_size / sizeof (GElf_Versym))
1642+ elf_assert ((versiondata->d_size / sizeof (GElf_Versym))
1643 >= shdr_info[cnt].data->d_size / elsize);
1644 }
1645
1646@@ -1223,7 +1247,7 @@
1647 sec = shdr_info[sym->st_shndx].idx;
1648 else
1649 {
1650- assert (shndxdata != NULL);
1651+ elf_assert (shndxdata != NULL);
1652
1653 sec = shdr_info[xshndx].idx;
1654 }
1655@@ -1244,7 +1268,7 @@
1656 nxshndx = sec;
1657 }
1658
1659- assert (sec < SHN_LORESERVE || shndxdata != NULL);
1660+ elf_assert (sec < SHN_LORESERVE || shndxdata != NULL);
1661
1662 if ((inner != destidx || nshndx != sym->st_shndx
1663 || (shndxdata != NULL && nxshndx != xshndx))
1664@@ -1268,7 +1292,7 @@
1665 || shdr_info[cnt].debug_data == NULL)
1666 /* This is a section symbol for a section which has
1667 been removed. */
1668- assert (GELF_ST_TYPE (sym->st_info) == STT_SECTION);
1669+ elf_assert (GELF_ST_TYPE (sym->st_info) == STT_SECTION);
1670 }
1671
1672 if (destidx != inner)
1673@@ -1455,11 +1479,11 @@
1674 {
1675 GElf_Sym sym_mem;
1676 GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
1677- assert (sym != NULL);
1678+ elf_assert (sym != NULL);
1679
1680 const char *name = elf_strptr (elf, strshndx,
1681 sym->st_name);
1682- assert (name != NULL);
1683+ elf_assert (name != NULL);
1684 size_t hidx = elf_hash (name) % nbucket;
1685
1686 if (bucket[hidx] == 0)
1687@@ -1478,7 +1502,7 @@
1688 else
1689 {
1690 /* Alpha and S390 64-bit use 64-bit SHT_HASH entries. */
1691- assert (shdr_info[cnt].shdr.sh_entsize
1692+ elf_assert (shdr_info[cnt].shdr.sh_entsize
1693 == sizeof (Elf64_Xword));
1694
1695 Elf64_Xword *bucket = (Elf64_Xword *) hashd->d_buf;
1696@@ -1509,11 +1533,11 @@
1697 {
1698 GElf_Sym sym_mem;
1699 GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
1700- assert (sym != NULL);
1701+ elf_assert (sym != NULL);
1702
1703 const char *name = elf_strptr (elf, strshndx,
1704 sym->st_name);
1705- assert (name != NULL);
1706+ elf_assert (name != NULL);
1707 size_t hidx = elf_hash (name) % nbucket;
1708
1709 if (bucket[hidx] == 0)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 23:12:14 +0000