From 3d04aef8d80293d701f7efee6b5300f9f528ddfc Mon Sep 17 00:00:00 2001 From: Maran Wilson Date: Tue, 7 Aug 2018 15:32:29 -0700 Subject: [PATCH 15/62] Fix for "Section 0 has negative size" error when loading fbaa64.efi The current code is incorrectly failing to load the fbaa64.efi image found in Arm servers even though the UEFI shell code is able to properly load and execute the same image. The problem is due to the presence of a section header that has zero size and address and marked "discardable" in the fbaa64.efi image. Although there is already a check further down in the code to look for the discardable bit and skip further verification checks if set, we never get to that point due to the "end < base" check at the start of the loop. Here is a dump of the fbaa64.efi image as compiled on an Arm machine from the latest code in this repo: % # First I used hexedit to change header byte from 'AA' to '86' % # so that objdump was able to correctly parse the file: % objdump -x -m aarch64 fbaa64.efi fbaa64.efi: file format pei-x86-64 fbaa64.efi architecture: i386:x86-64, flags 0x00000103: HAS_RELOC, EXEC_P, D_PAGED start address 0x0000000000000148 Characteristics 0x20e executable line numbers stripped symbols stripped debugging information removed Time/Date Wed Dec 31 16:00:00 1969 Magic 020b (PE32+) MajorLinkerVersion 2 MinorLinkerVersion 20 SizeOfCode 000b15d0 SizeOfInitializedData 00000000 SizeOfUninitializedData 00000000 AddressOfEntryPoint 0000000000000148 BaseOfCode 0000000000000148 ImageBase 0000000000000000 SectionAlignment 0000000000000020 FileAlignment 0000000000000008 MajorOSystemVersion 0 MinorOSystemVersion 0 MajorImageVersion 0 MinorImageVersion 0 MajorSubsystemVersion 0 MinorSubsystemVersion 0 Win32Version 00000000 SizeOfImage 000b1718 SizeOfHeaders 00000148 CheckSum 00000000 Subsystem 0000000a (EFI application) DllCharacteristics 00000000 SizeOfStackReserve 0000000000000000 SizeOfStackCommit 0000000000000000 SizeOfHeapReserve 0000000000000000 SizeOfHeapCommit 0000000000000000 LoaderFlags 00000000 NumberOfRvaAndSizes 00000006 The Data Directory Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)] Entry 1 0000000000000000 00000000 Import Directory [parts of .idata] Entry 2 0000000000000000 00000000 Resource Directory [.rsrc] Entry 3 0000000000000000 00000000 Exception Directory [.pdata] Entry 4 0000000000000000 00000000 Security Directory Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc] Entry 6 0000000000000000 00000000 Debug Directory Entry 7 0000000000000000 00000000 Description Directory Entry 8 0000000000000000 00000000 Special Directory Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls] Entry a 0000000000000000 00000000 Load Configuration Directory Entry b 0000000000000000 00000000 Bound Import Directory Entry c 0000000000000000 00000000 Import Address Table Directory Entry d 0000000000000000 00000000 Delay Import Directory Entry e 0000000000000000 00000000 CLR Runtime Header Entry f 0000000000000000 00000000 Reserved Sections: Idx Name Size VMA LMA File off Algn 0 .reloc 00000000 0000000000000000 0000000000000000 00000000 2**0 ALLOC, LOAD, READONLY, DATA 1 .text 000b15d0 0000000000000148 0000000000000148 00000148 2**4 CONTENTS, ALLOC, LOAD, CODE SYMBOL TABLE: no symbols Signed-off-by: Maran Wilson Reviewed-by: Aaron Young Reviewed-by: Jack Schwartz Upstream-commit-id: 6df7a8f5609 --- shim.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shim.c b/shim.c index ae03da7eddf..d980cadacfc 100644 --- a/shim.c +++ b/shim.c @@ -1347,6 +1347,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, */ Section = context.FirstSection; for (i = 0; i < context.NumberOfSections; i++, Section++) { + /* Don't try to copy discardable sections with zero size */ + if ((Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) && + !Section->Misc.VirtualSize) + continue; + base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); end = ImageAddress (buffer, context.ImageSize, -- 2.26.2