mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2024-11-27 12:03:41 +08:00
x86: Check for valid PLT section size
Update x86 get_synthetic_symtab to check for valid PLT section size before examining PLT section contents. PR binutils/22018 * elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid PLT section size. * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
This commit is contained in:
H.J. Lu
parent
cefdd1cd64
commit
90efb64229
@ -1,3 +1,10 @@
|
||||
2017-08-28 H.J. Lu <hongjiu.lu@intel.com>
|
||||
|
||||
PR binutils/22018
|
||||
* elf32-i386.c (elf_i386_get_synthetic_symtab): Check for valid
|
||||
PLT section size.
|
||||
* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise.
|
||||
|
||||
2017-08-27 H.J. Lu <hongjiu.lu@intel.com>
|
||||
|
||||
* elf32-i386.c (elf_i386_link_hash_newfunc): Initialize
|
||||
|
||||
@ -6362,7 +6362,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
for (j = 0; plts[j].name != NULL; j++)
|
||||
{
|
||||
plt = bfd_get_section_by_name (abfd, plts[j].name);
|
||||
if (plt == NULL)
|
||||
if (plt == NULL || plt->size == 0)
|
||||
continue;
|
||||
|
||||
/* Get the PLT section contents. */
|
||||
@ -6378,7 +6378,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
|
||||
/* Check what kind of PLT it is. */
|
||||
plt_type = plt_unknown;
|
||||
if (plts[j].type == plt_unknown)
|
||||
if (plts[j].type == plt_unknown
|
||||
&& (plt->size >= (lazy_plt->plt0_entry_size
|
||||
+ lazy_plt->plt_entry_size)))
|
||||
{
|
||||
/* Match lazy PLT first. */
|
||||
if (memcmp (plt_contents, lazy_plt->plt0_entry,
|
||||
@ -6387,7 +6389,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
/* The fist entry in the lazy IBT PLT is the same as the
|
||||
normal lazy PLT. */
|
||||
if (lazy_ibt_plt != NULL
|
||||
&& (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
|
||||
&& (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
|
||||
lazy_ibt_plt->plt_entry,
|
||||
lazy_ibt_plt->plt_got_offset) == 0))
|
||||
plt_type = plt_lazy | plt_second;
|
||||
@ -6400,7 +6402,7 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
/* The fist entry in the PIC lazy IBT PLT is the same as
|
||||
the normal PIC lazy PLT. */
|
||||
if (lazy_ibt_plt != NULL
|
||||
&& (memcmp (plt_contents + lazy_ibt_plt->plt_entry_size,
|
||||
&& (memcmp (plt_contents + lazy_ibt_plt->plt0_entry_size,
|
||||
lazy_ibt_plt->pic_plt_entry,
|
||||
lazy_ibt_plt->plt_got_offset) == 0))
|
||||
plt_type = plt_lazy | plt_pic | plt_second;
|
||||
@ -6410,7 +6412,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
}
|
||||
|
||||
if (non_lazy_plt != NULL
|
||||
&& (plt_type == plt_unknown || plt_type == plt_non_lazy))
|
||||
&& (plt_type == plt_unknown || plt_type == plt_non_lazy)
|
||||
&& plt->size >= non_lazy_plt->plt_entry_size)
|
||||
{
|
||||
/* Match non-lazy PLT. */
|
||||
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
|
||||
@ -6422,7 +6425,8 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
}
|
||||
|
||||
if ((non_lazy_ibt_plt != NULL)
|
||||
&& (plt_type == plt_unknown || plt_type == plt_second))
|
||||
&& (plt_type == plt_unknown || plt_type == plt_second)
|
||||
&& plt->size >= non_lazy_ibt_plt->plt_entry_size)
|
||||
{
|
||||
if (memcmp (plt_contents,
|
||||
non_lazy_ibt_plt->plt_entry,
|
||||
@ -6480,6 +6484,9 @@ elf_i386_get_synthetic_symtab (bfd *abfd,
|
||||
got_addr = (bfd_vma) -1;
|
||||
}
|
||||
|
||||
if (count == 0)
|
||||
return -1;
|
||||
|
||||
size = count * sizeof (asymbol);
|
||||
|
||||
/* Allocate space for @plt suffixes. */
|
||||
|
||||
@ -6763,7 +6763,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
for (j = 0; plts[j].name != NULL; j++)
|
||||
{
|
||||
plt = bfd_get_section_by_name (abfd, plts[j].name);
|
||||
if (plt == NULL)
|
||||
if (plt == NULL || plt->size == 0)
|
||||
continue;
|
||||
|
||||
/* Get the PLT section contents. */
|
||||
@ -6779,7 +6779,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
|
||||
/* Check what kind of PLT it is. */
|
||||
plt_type = plt_unknown;
|
||||
if (plts[j].type == plt_unknown)
|
||||
if (plts[j].type == plt_unknown
|
||||
&& (plt->size >= (lazy_plt->plt_entry_size
|
||||
+ lazy_plt->plt_entry_size)))
|
||||
{
|
||||
/* Match lazy PLT first. Need to check the first two
|
||||
instructions. */
|
||||
@ -6807,7 +6809,8 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
}
|
||||
|
||||
if (non_lazy_plt != NULL
|
||||
&& (plt_type == plt_unknown || plt_type == plt_non_lazy))
|
||||
&& (plt_type == plt_unknown || plt_type == plt_non_lazy)
|
||||
&& plt->size >= non_lazy_plt->plt_entry_size)
|
||||
{
|
||||
/* Match non-lazy PLT. */
|
||||
if (memcmp (plt_contents, non_lazy_plt->plt_entry,
|
||||
@ -6818,6 +6821,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
if (plt_type == plt_unknown || plt_type == plt_second)
|
||||
{
|
||||
if (non_lazy_bnd_plt != NULL
|
||||
&& plt->size >= non_lazy_bnd_plt->plt_entry_size
|
||||
&& (memcmp (plt_contents, non_lazy_bnd_plt->plt_entry,
|
||||
non_lazy_bnd_plt->plt_got_offset) == 0))
|
||||
{
|
||||
@ -6826,6 +6830,7 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
non_lazy_plt = non_lazy_bnd_plt;
|
||||
}
|
||||
else if (non_lazy_ibt_plt != NULL
|
||||
&& plt->size >= non_lazy_ibt_plt->plt_entry_size
|
||||
&& (memcmp (plt_contents,
|
||||
non_lazy_ibt_plt->plt_entry,
|
||||
non_lazy_ibt_plt->plt_got_offset) == 0))
|
||||
@ -6871,6 +6876,9 @@ elf_x86_64_get_synthetic_symtab (bfd *abfd,
|
||||
plts[j].contents = plt_contents;
|
||||
}
|
||||
|
||||
if (count == 0)
|
||||
return -1;
|
||||
|
||||
size = count * sizeof (asymbol);
|
||||
|
||||
/* Allocate space for @plt suffixes. */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user