86 lines
3.2 KiB
Diff
86 lines
3.2 KiB
Diff
From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
|
|
From: "H.J. Lu" <hjl.tools@gmail.com>
|
|
Date: Thu, 18 Sep 2025 16:59:25 -0700
|
|
Subject: [PATCH] elf: Don't match corrupt section header in linker input
|
|
|
|
Don't swap in nor match corrupt section header in linker input to avoid
|
|
linker crash later.
|
|
|
|
PR ld/33457
|
|
* elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
|
|
false for corrupt section header in linker input.
|
|
(elf_object_p): Reject if elf_swap_shdr_in returns false.
|
|
|
|
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
|
---
|
|
bfd/elfcode.h | 14 +++++++++-----
|
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
|
|
--- binutils-2.30.orig/bfd/elfcode.h 2025-11-12 10:36:58.003807494 +0000
|
|
+++ binutils-2.30/bfd/elfcode.h 2025-11-12 10:38:58.300780133 +0000
|
|
@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
|
|
/* Translate an ELF section header table entry in external format into an
|
|
ELF section header table entry in internal format. */
|
|
|
|
-static void
|
|
+static bfd_boolean
|
|
elf_swap_shdr_in (bfd *abfd,
|
|
const Elf_External_Shdr *src,
|
|
Elf_Internal_Shdr *dst)
|
|
@@ -314,12 +314,31 @@ elf_swap_shdr_in (bfd *abfd,
|
|
dst->sh_addr = H_GET_WORD (abfd, src->sh_addr);
|
|
dst->sh_offset = H_GET_WORD (abfd, src->sh_offset);
|
|
dst->sh_size = H_GET_WORD (abfd, src->sh_size);
|
|
+
|
|
+ /* PR 23657. Check for invalid section size, in sections with contents.
|
|
+ Note - we do not set an error value here because the contents
|
|
+ of this particular section might not be needed by the consumer. */
|
|
+ if (dst->sh_type != SHT_NOBITS)
|
|
+ {
|
|
+ ufile_ptr filesize = bfd_get_file_size (abfd);
|
|
+
|
|
+ if (filesize != 0 && dst->sh_size > filesize)
|
|
+ {
|
|
+ _bfd_error_handler
|
|
+ (_("warning: %pB has a corrupt section with a size (%"
|
|
+ BFD_VMA_FMT "x) larger than the file size"),
|
|
+ abfd, dst->sh_size);
|
|
+ return FALSE;
|
|
+ }
|
|
+ }
|
|
+
|
|
dst->sh_link = H_GET_32 (abfd, src->sh_link);
|
|
dst->sh_info = H_GET_32 (abfd, src->sh_info);
|
|
dst->sh_addralign = H_GET_WORD (abfd, src->sh_addralign);
|
|
dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
|
|
dst->bfd_section = NULL;
|
|
dst->contents = NULL;
|
|
+ return TRUE;
|
|
}
|
|
|
|
/* Translate an ELF section header table entry in internal format into an
|
|
@@ -613,9 +632,9 @@ elf_object_p (bfd *abfd)
|
|
|
|
/* Read the first section header at index 0, and convert to internal
|
|
form. */
|
|
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
|
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
|
+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
|
|
goto got_no_match;
|
|
- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
|
|
|
|
/* If the section count is zero, the actual count is in the first
|
|
section header. */
|
|
@@ -699,9 +718,9 @@ elf_object_p (bfd *abfd)
|
|
to internal form. */
|
|
for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
|
|
{
|
|
- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
|
|
+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
|
|
+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
|
|
goto got_no_match;
|
|
- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
|
|
|
|
/* Sanity check sh_link and sh_info. */
|
|
if (i_shdrp[shindex].sh_link >= num_sec)
|