diff options
Diffstat (limited to 'libelf')
| -rw-r--r-- | libelf/ChangeLog | 43 | ||||
| -rw-r--r-- | libelf/elf32_getphdr.c | 10 | ||||
| -rw-r--r-- | libelf/elf32_getshdr.c | 13 | ||||
| -rw-r--r-- | libelf/elf32_newphdr.c | 6 | ||||
| -rw-r--r-- | libelf/elf32_updatefile.c | 7 | ||||
| -rw-r--r-- | libelf/elf_begin.c | 30 | ||||
| -rw-r--r-- | libelf/elf_getarsym.c | 3 | ||||
| -rw-r--r-- | libelf/elf_getshdrstrndx.c | 42 | ||||
| -rw-r--r-- | libelf/elf_newscn.c | 10 | ||||
| -rw-r--r-- | libelf/gelf_getdyn.c | 6 | ||||
| -rw-r--r-- | libelf/gelf_getlib.c | 4 | ||||
| -rw-r--r-- | libelf/gelf_getmove.c | 4 | ||||
| -rw-r--r-- | libelf/gelf_getrel.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_getrela.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_getsym.c | 6 | ||||
| -rw-r--r-- | libelf/gelf_getsyminfo.c | 4 | ||||
| -rw-r--r-- | libelf/gelf_getsymshndx.c | 8 | ||||
| -rw-r--r-- | libelf/gelf_getversym.c | 4 | ||||
| -rw-r--r-- | libelf/gelf_update_dyn.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_update_lib.c | 10 | ||||
| -rw-r--r-- | libelf/gelf_update_move.c | 5 | ||||
| -rw-r--r-- | libelf/gelf_update_rel.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_update_rela.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_update_sym.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_update_syminfo.c | 10 | ||||
| -rw-r--r-- | libelf/gelf_update_symshndx.c | 12 | ||||
| -rw-r--r-- | libelf/gelf_update_versym.c | 5 | ||||
| -rw-r--r-- | libelf/libelfP.h | 4 |
28 files changed, 205 insertions, 113 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 148c9453..bf3fa193 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -754,10 +754,53 @@ If section content hasn't been read yet, do it before looking for the block size. If no section data present, infer size of section header. +2005-05-14 Jakub Jelinek <[email protected]> + + * libelfP.h (INVALID_NDX): Define. + * gelf_getdyn.c (gelf_getdyn): Use it. Remove ndx < 0 test if any. + * gelf_getlib.c (gelf_getlib): Likewise. + * gelf_getmove.c (gelf_getmove): Likewise. + * gelf_getrel.c (gelf_getrel): Likewise. + * gelf_getrela.c (gelf_getrela): Likewise. + * gelf_getsym.c (gelf_getsym): Likewise. + * gelf_getsyminfo.c (gelf_getsyminfo): Likewise. + * gelf_getsymshndx.c (gelf_getsymshndx): Likewise. + * gelf_getversym.c (gelf_getversym): Likewise. + * gelf_update_dyn.c (gelf_update_dyn): Likewise. + * gelf_update_lib.c (gelf_update_lib): Likewise. + * gelf_update_move.c (gelf_update_move): Likewise. + * gelf_update_rel.c (gelf_update_rel): Likewise. + * gelf_update_rela.c (gelf_update_rela): Likewise. + * gelf_update_sym.c (gelf_update_sym): Likewise. + * gelf_update_syminfo.c (gelf_update_syminfo): Likewise. + * gelf_update_symshndx.c (gelf_update_symshndx): Likewise. + * gelf_update_versym.c (gelf_update_versym): Likewise. + * elf_newscn.c (elf_newscn): Check for overflow. + * elf32_updatefile.c (__elfw2(LIBELFBITS,updatemmap)): Likewise. + (__elfw2(LIBELFBITS,updatefile)): Likewise. + * elf_begin.c (file_read_elf): Likewise. + * elf32_newphdr.c (elfw2(LIBELFBITS,newphdr)): Likewise. + * elf_getarsym.c (elf_getarsym): Likewise. + * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): Likewise. 2005-05-11 Ulrich Drepper <[email protected]> * elf.h: Update again. +2005-05-17 Jakub Jelinek <[email protected]> + + * elf32_getphdr.c (elfw2(LIBELFBITS,getphdr)): Check if program header + table fits into object's bounds. + * elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to + elf->map_address. Check if first section header fits into object's + bounds. + * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): + Check if section header table fits into object's bounds. + * elf_begin.c (get_shnum): Ensure section headers fits into + object's bounds. + (file_read_elf): Make sure scncnt is small enough to allocate both + ElfXX_Shdr and Elf_Scn array. Make sure section and program header + tables fit into object's bounds. Avoid memory leak on failure. + 2005-05-09 Ulrich Drepper <[email protected]> * elf.h: Update from glibc. diff --git a/libelf/elf32_getphdr.c b/libelf/elf32_getphdr.c index a47c9f7a..9345a134 100644 --- a/libelf/elf32_getphdr.c +++ b/libelf/elf32_getphdr.c @@ -93,6 +93,16 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf) if (elf->map_address != NULL) { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (ehdr->e_phoff >= elf->maximum_size) + || unlikely (elf->maximum_size - ehdr->e_phoff < size)) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_PHDR); + goto out; + } + /* All the data is already mapped. Use it. */ void *file_phdr = ((char *) elf->map_address + elf->start_offset + ehdr->e_phoff); diff --git a/libelf/elf32_getshdr.c b/libelf/elf32_getshdr.c index bd9340dd..97fb28d2 100644 --- a/libelf/elf32_getshdr.c +++ b/libelf/elf32_getshdr.c @@ -60,7 +60,8 @@ load_shdr_wrlock (Elf_Scn *scn) goto out; size_t shnum; - if (__elf_getshdrnum_rdlock (elf, &shnum) != 0) + if (__elf_getshdrnum_rdlock (elf, &shnum) != 0 + || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr))) goto out; size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr)); @@ -77,6 +78,16 @@ load_shdr_wrlock (Elf_Scn *scn) if (elf->map_address != NULL) { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (ehdr->e_shoff >= elf->maximum_size) + || unlikely (elf->maximum_size - ehdr->e_shoff < size)) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); + goto free_and_out; + } + ElfW2(LIBELFBITS,Shdr) *notcvt; /* All the data is already mapped. If we could use it diff --git a/libelf/elf32_newphdr.c b/libelf/elf32_newphdr.c index 1db20806..f379c622 100644 --- a/libelf/elf32_newphdr.c +++ b/libelf/elf32_newphdr.c @@ -114,6 +114,12 @@ elfw2(LIBELFBITS,newphdr) (elf, count) || count == PN_XNUM || elf->state.ELFW(elf,LIBELFBITS).phdr == NULL) { + if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr)))) + { + result = NULL; + goto out; + } + /* Allocate a new program header with the appropriate number of elements. */ result = (ElfW2(LIBELFBITS,Phdr) *) diff --git a/libelf/elf32_updatefile.c b/libelf/elf32_updatefile.c index b39e2841..2e59849d 100644 --- a/libelf/elf32_updatefile.c +++ b/libelf/elf32_updatefile.c @@ -202,6 +202,9 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf, int change_bo, size_t shnum) /* Write all the sections. Well, only those which are modified. */ if (shnum > 0) { + if (unlikely (shnum > SIZE_MAX / sizeof (Elf_Scn *))) + return 1; + Elf_ScnList *list = &elf->state.ELFW(elf,LIBELFBITS).scns; Elf_Scn **scns = (Elf_Scn **) alloca (shnum * sizeof (Elf_Scn *)); char *const shdr_start = ((char *) elf->map_address + elf->start_offset @@ -624,6 +627,10 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf, int change_bo, size_t shnum) /* Write all the sections. Well, only those which are modified. */ if (shnum > 0) { + if (unlikely (shnum > SIZE_MAX / (sizeof (Elf_Scn *) + + sizeof (ElfW2(LIBELFBITS,Shdr))))) + return 1; + off_t shdr_offset = elf->start_offset + ehdr->e_shoff; #if EV_NUM != 2 xfct_t shdr_fctp = __elf_xfctstom[__libelf_version - 1][EV_CURRENT - 1][ELFW(ELFCLASS, LIBELFBITS) - 1][ELF_T_SHDR]; diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index b9d5cea4..a5cd7b88 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -144,7 +144,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, if (unlikely (result == 0) && ehdr.e32->e_shoff != 0) { - if (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize) + if (unlikely (ehdr.e32->e_shoff >= maxsize) + || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr))) /* Cannot read the first section header. */ return 0; @@ -192,7 +193,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, if (unlikely (result == 0) && ehdr.e64->e_shoff != 0) { - if (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize) + if (unlikely (ehdr.e64->e_shoff >= maxsize) + || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)) /* Cannot read the first section header. */ return 0; @@ -264,6 +266,15 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, /* Could not determine the number of sections. */ return NULL; + /* Check for too many sections. */ + if (e_ident[EI_CLASS] == ELFCLASS32) + { + if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr))) + return NULL; + } + else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr))) + return NULL; + /* We can now allocate the memory. Even if there are no section headers, we allocate space for a zeroth section in case we need it later. */ const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP) @@ -303,6 +314,16 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, { /* We can use the mmapped memory. */ elf->state.elf32.ehdr = ehdr; + + if (unlikely (ehdr->e_shoff >= maxsize) + || unlikely (maxsize - ehdr->e_shoff + < scncnt * sizeof (Elf32_Shdr))) + { + free_and_out: + free (elf); + __libelf_seterrno (ELF_E_INVALID_FILE); + return NULL; + } elf->state.elf32.shdr = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff); @@ -389,6 +410,11 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, { /* We can use the mmapped memory. */ elf->state.elf64.ehdr = ehdr; + + if (unlikely (ehdr->e_shoff >= maxsize) + || unlikely (ehdr->e_shoff + + scncnt * sizeof (Elf32_Shdr) > maxsize)) + goto free_and_out; elf->state.elf64.shdr = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff); diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c index d0bb28a9..3579fc18 100644 --- a/libelf/elf_getarsym.c +++ b/libelf/elf_getarsym.c @@ -183,6 +183,9 @@ elf_getarsym (elf, ptr) size_t index_size = atol (tmpbuf); if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size +#if SIZE_MAX <= 4294967295U + || n >= SIZE_MAX / sizeof (Elf_Arsym) +#endif || n * w > index_size) { /* This index table cannot be right since it does not fit into diff --git a/libelf/elf_getshdrstrndx.c b/libelf/elf_getshdrstrndx.c index 57ad8005..5ba14e15 100644 --- a/libelf/elf_getshdrstrndx.c +++ b/libelf/elf_getshdrstrndx.c @@ -104,10 +104,25 @@ elf_getshdrstrndx (elf, dst) if (elf->map_address != NULL && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) elf->map_address + offset)) + || (((size_t) ((char *) elf->map_address + + elf->start_offset + offset)) & (__alignof__ (Elf32_Shdr) - 1)) == 0)) - /* We can directly access the memory. */ - num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link; + { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (elf->maximum_size - offset + < sizeof (Elf32_Shdr))) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); + result = -1; + goto out; + } + + /* We can directly access the memory. */ + num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset + + offset))->sh_link; + } else { /* We avoid reading in all the section headers. Just read @@ -142,10 +157,25 @@ elf_getshdrstrndx (elf, dst) if (elf->map_address != NULL && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) elf->map_address + offset)) + || (((size_t) ((char *) elf->map_address + + elf->start_offset + offset)) & (__alignof__ (Elf64_Shdr) - 1)) == 0)) - /* We can directly access the memory. */ - num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link; + { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (elf->maximum_size - offset + < sizeof (Elf64_Shdr))) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); + result = -1; + goto out; + } + + /* We can directly access the memory. */ + num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset + + offset))->sh_link; + } else { /* We avoid reading in all the section headers. Just read diff --git a/libelf/elf_newscn.c b/libelf/elf_newscn.c index 70d29b66..3931006b 100644 --- a/libelf/elf_newscn.c +++ b/libelf/elf_newscn.c @@ -83,10 +83,18 @@ elf_newscn (elf) else { /* We must allocate a new element. */ - Elf_ScnList *newp; + Elf_ScnList *newp = NULL; assert (elf->state.elf.scnincr > 0); + if ( +#if SIZE_MAX <= 4294967295U + likely (elf->state.elf.scnincr + < SIZE_MAX / 2 / sizeof (Elf_Scn) - sizeof (Elf_ScnList)) +#else + 1 +#endif + ) newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList) + ((elf->state.elf.scnincr *= 2) * sizeof (Elf_Scn)), 1); diff --git a/libelf/gelf_getdyn.c b/libelf/gelf_getdyn.c index 721af622..98038a38 100644 --- a/libelf/gelf_getdyn.c +++ b/libelf/gelf_getdyn.c @@ -1,5 +1,5 @@ /* Get information from dynamic table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -72,7 +72,7 @@ gelf_getdyn (data, ndx, dst) table entries has to be adopted. The user better has provided a buffer where we can store the information. While copying the data we are converting the format. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -93,7 +93,7 @@ gelf_getdyn (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Dyn) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, GElf_Dyn, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_getlib.c b/libelf/gelf_getlib.c index 9a8a1749..e2cdcf30 100644 --- a/libelf/gelf_getlib.c +++ b/libelf/gelf_getlib.c @@ -1,5 +1,5 @@ /* Get library from table at the given index. - Copyright (C) 2004 Red Hat, Inc. + Copyright (C) 2004-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2004. @@ -65,7 +65,7 @@ gelf_getlib (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ GElf_Lib *result = NULL; - if (unlikely ((ndx + 1) * sizeof (GElf_Lib) > data->d_size)) + if (INVALID_NDX (ndx, GElf_Lib, data)) __libelf_seterrno (ELF_E_INVALID_INDEX); else { diff --git a/libelf/gelf_getmove.c b/libelf/gelf_getmove.c index 95669303..fea7586f 100644 --- a/libelf/gelf_getmove.c +++ b/libelf/gelf_getmove.c @@ -1,5 +1,5 @@ /* Get move structure at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -62,7 +62,7 @@ gelf_getmove (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Move) > data->d_size)) + if (INVALID_NDX (ndx, GElf_Move, data)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_getrel.c b/libelf/gelf_getrel.c index 78394b42..e489a8c1 100644 --- a/libelf/gelf_getrel.c +++ b/libelf/gelf_getrel.c @@ -1,5 +1,5 @@ /* Get REL relocation information at given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -50,12 +50,6 @@ gelf_getrel (data, ndx, dst) if (data_scn == NULL) return NULL; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return NULL; - } - if (unlikely (data_scn->d.d_type != ELF_T_REL)) { __libelf_seterrno (ELF_E_INVALID_HANDLE); @@ -72,7 +66,7 @@ gelf_getrel (data, ndx, dst) if (scn->elf->class == ELFCLASS32) { /* We have to convert the data. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); result = NULL; @@ -92,7 +86,7 @@ gelf_getrel (data, ndx, dst) { /* Simply copy the data after we made sure we are actually getting correct data. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); result = NULL; diff --git a/libelf/gelf_getrela.c b/libelf/gelf_getrela.c index 1d0e7eee..aae8c2be 100644 --- a/libelf/gelf_getrela.c +++ b/libelf/gelf_getrela.c @@ -1,5 +1,5 @@ /* Get RELA relocation information at given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -50,12 +50,6 @@ gelf_getrela (data, ndx, dst) if (data_scn == NULL) return NULL; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return NULL; - } - if (unlikely (data_scn->d.d_type != ELF_T_RELA)) { __libelf_seterrno (ELF_E_INVALID_HANDLE); @@ -72,7 +66,7 @@ gelf_getrela (data, ndx, dst) if (scn->elf->class == ELFCLASS32) { /* We have to convert the data. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); result = NULL; @@ -93,7 +87,7 @@ gelf_getrela (data, ndx, dst) { /* Simply copy the data after we made sure we are actually getting correct data. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); result = NULL; diff --git a/libelf/gelf_getsym.c b/libelf/gelf_getsym.c index 183872e2..40347e8c 100644 --- a/libelf/gelf_getsym.c +++ b/libelf/gelf_getsym.c @@ -1,5 +1,5 @@ /* Get symbol information from symbol table at the given index. - Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 1999-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 1999. @@ -69,7 +69,7 @@ gelf_getsym (data, ndx, dst) table entries has to be adopted. The user better has provided a buffer where we can store the information. While copying the data we are converting the format. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data->d_size)) + if (INVALID_NDX (ndx, Elf32_Sym, data)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -98,7 +98,7 @@ gelf_getsym (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > data->d_size)) + if (INVALID_NDX (ndx, GElf_Sym, data)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_getsyminfo.c b/libelf/gelf_getsyminfo.c index 09c9cee0..1b75cb86 100644 --- a/libelf/gelf_getsyminfo.c +++ b/libelf/gelf_getsyminfo.c @@ -1,5 +1,5 @@ /* Get additional symbol information from symbol table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -63,7 +63,7 @@ gelf_getsyminfo (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data->d_size)) + if (INVALID_NDX (ndx, GElf_Syminfo, data)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_getsymshndx.c b/libelf/gelf_getsymshndx.c index 91e1bf60..d51b3aa5 100644 --- a/libelf/gelf_getsymshndx.c +++ b/libelf/gelf_getsymshndx.c @@ -1,6 +1,6 @@ /* Get symbol information and separate section index from symbol table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -69,7 +69,7 @@ gelf_getsymshndx (symdata, shndxdata, ndx, dst, dstshndx) section index table. */ if (likely (shndxdata_scn != NULL)) { - if (unlikely ((ndx + 1) * sizeof (Elf32_Word) > shndxdata_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Word, &shndxdata_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -89,7 +89,7 @@ gelf_getsymshndx (symdata, shndxdata, ndx, dst, dstshndx) table entries has to be adopted. The user better has provided a buffer where we can store the information. While copying the data we are converting the format. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata->d_size)) + if (INVALID_NDX (ndx, Elf32_Sym, symdata)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -118,7 +118,7 @@ gelf_getsymshndx (symdata, shndxdata, ndx, dst, dstshndx) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > symdata->d_size)) + if (INVALID_NDX (ndx, GElf_Sym, symdata)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_getversym.c b/libelf/gelf_getversym.c index 9e80efc0..e7245e7e 100644 --- a/libelf/gelf_getversym.c +++ b/libelf/gelf_getversym.c @@ -1,5 +1,5 @@ /* Get symbol version information at the given index. - Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 1999-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 1999. @@ -71,7 +71,7 @@ gelf_getversym (data, ndx, dst) /* The data is already in the correct form. Just make sure the index is OK. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Versym) > data->d_size)) + if (INVALID_NDX (ndx, GElf_Versym, data)) { __libelf_seterrno (ELF_E_INVALID_INDEX); result = NULL; diff --git a/libelf/gelf_update_dyn.c b/libelf/gelf_update_dyn.c index 94408c84..f0c8585b 100644 --- a/libelf/gelf_update_dyn.c +++ b/libelf/gelf_update_dyn.c @@ -1,5 +1,5 @@ /* Update information in dynamic table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -50,12 +50,6 @@ gelf_update_dyn (data, ndx, src) if (data == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (data_scn->d.d_type != ELF_T_DYN)) { /* The type of the data better should match. */ @@ -81,7 +75,7 @@ gelf_update_dyn (data, ndx, src) } /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -95,7 +89,7 @@ gelf_update_dyn (data, ndx, src) else { /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Dyn) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Dyn, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_lib.c b/libelf/gelf_update_lib.c index 4700bef8..dc60072f 100644 --- a/libelf/gelf_update_lib.c +++ b/libelf/gelf_update_lib.c @@ -1,5 +1,5 @@ /* Update library in table at the given index. - Copyright (C) 2004 Red Hat, Inc. + Copyright (C) 2004-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2004. @@ -47,12 +47,6 @@ gelf_update_lib (data, ndx, src) if (data == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - Elf_Data_Scn *data_scn = (Elf_Data_Scn *) data; if (unlikely (data_scn->d.d_type != ELF_T_LIB)) { @@ -66,7 +60,7 @@ gelf_update_lib (data, ndx, src) /* Check whether we have to resize the data buffer. */ int result = 0; - if (unlikely ((ndx + 1) * sizeof (Elf64_Lib) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Lib, &data_scn->d)) __libelf_seterrno (ELF_E_INVALID_INDEX); else { diff --git a/libelf/gelf_update_move.c b/libelf/gelf_update_move.c index 102a45b8..d6fa5380 100644 --- a/libelf/gelf_update_move.c +++ b/libelf/gelf_update_move.c @@ -1,5 +1,5 @@ /* Update move structure at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -54,8 +54,7 @@ gelf_update_move (data, ndx, src) assert (sizeof (GElf_Move) == sizeof (Elf64_Move)); /* Check whether we have to resize the data buffer. */ - if (unlikely (ndx < 0) - || unlikely ((ndx + 1) * sizeof (GElf_Move) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, GElf_Move, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); return 0; diff --git a/libelf/gelf_update_rel.c b/libelf/gelf_update_rel.c index d13e4028..38a08973 100644 --- a/libelf/gelf_update_rel.c +++ b/libelf/gelf_update_rel.c @@ -1,5 +1,5 @@ /* Update REL relocation information at given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -47,12 +47,6 @@ gelf_update_rel (Elf_Data *dst, int ndx, GElf_Rel *src) if (dst == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (data_scn->d.d_type != ELF_T_REL)) { /* The type of the data better should match. */ @@ -78,7 +72,7 @@ gelf_update_rel (Elf_Data *dst, int ndx, GElf_Rel *src) } /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -93,7 +87,7 @@ gelf_update_rel (Elf_Data *dst, int ndx, GElf_Rel *src) else { /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_rela.c b/libelf/gelf_update_rela.c index cc70297e..446af869 100644 --- a/libelf/gelf_update_rela.c +++ b/libelf/gelf_update_rela.c @@ -1,5 +1,5 @@ /* Update RELA relocation information at given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -47,12 +47,6 @@ gelf_update_rela (Elf_Data *dst, int ndx, GElf_Rela *src) if (dst == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (data_scn->d.d_type != ELF_T_RELA)) { /* The type of the data better should match. */ @@ -80,7 +74,7 @@ gelf_update_rela (Elf_Data *dst, int ndx, GElf_Rela *src) } /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -96,7 +90,7 @@ gelf_update_rela (Elf_Data *dst, int ndx, GElf_Rela *src) else { /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_sym.c b/libelf/gelf_update_sym.c index ab37641c..3d24fc91 100644 --- a/libelf/gelf_update_sym.c +++ b/libelf/gelf_update_sym.c @@ -1,5 +1,5 @@ /* Update symbol information in symbol table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -51,12 +51,6 @@ gelf_update_sym (data, ndx, src) if (data == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (data_scn->d.d_type != ELF_T_SYM)) { /* The type of the data better should match. */ @@ -81,7 +75,7 @@ gelf_update_sym (data, ndx, src) } /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Sym, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -104,7 +98,7 @@ gelf_update_sym (data, ndx, src) else { /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Sym, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_syminfo.c b/libelf/gelf_update_syminfo.c index 5654a0d9..a497a0ae 100644 --- a/libelf/gelf_update_syminfo.c +++ b/libelf/gelf_update_syminfo.c @@ -1,5 +1,5 @@ /* Update additional symbol information in symbol table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -51,12 +51,6 @@ gelf_update_syminfo (data, ndx, src) if (data == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (data_scn->d.d_type != ELF_T_SYMINFO)) { /* The type of the data better should match. */ @@ -72,7 +66,7 @@ gelf_update_syminfo (data, ndx, src) rwlock_wrlock (scn->elf->lock); /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, GElf_Syminfo, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_symshndx.c b/libelf/gelf_update_symshndx.c index d2bb5bbe..973b6b3b 100644 --- a/libelf/gelf_update_symshndx.c +++ b/libelf/gelf_update_symshndx.c @@ -1,6 +1,6 @@ /* Update symbol information and section index in symbol table at the given index. - Copyright (C) 2000, 2001, 2002 Red Hat, Inc. + Copyright (C) 2000-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2000. @@ -56,12 +56,6 @@ gelf_update_symshndx (symdata, shndxdata, ndx, src, srcshndx) if (symdata == NULL) return 0; - if (unlikely (ndx < 0)) - { - __libelf_seterrno (ELF_E_INVALID_INDEX); - return 0; - } - if (unlikely (symdata_scn->d.d_type != ELF_T_SYM)) { /* The type of the data better should match. */ @@ -107,7 +101,7 @@ gelf_update_symshndx (symdata, shndxdata, ndx, src, srcshndx) } /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf32_Sym, &symdata_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; @@ -130,7 +124,7 @@ gelf_update_symshndx (symdata, shndxdata, ndx, src, srcshndx) else { /* Check whether we have to resize the data buffer. */ - if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > symdata_scn->d.d_size)) + if (INVALID_NDX (ndx, Elf64_Sym, &symdata_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); goto out; diff --git a/libelf/gelf_update_versym.c b/libelf/gelf_update_versym.c index a4cec1f3..529116ac 100644 --- a/libelf/gelf_update_versym.c +++ b/libelf/gelf_update_versym.c @@ -1,5 +1,5 @@ /* Update symbol version information. - Copyright (C) 2001, 2002 Red Hat, Inc. + Copyright (C) 2001-2009 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <[email protected]>, 2001. @@ -54,8 +54,7 @@ gelf_update_versym (data, ndx, src) assert (sizeof (GElf_Versym) == sizeof (Elf64_Versym)); /* Check whether we have to resize the data buffer. */ - if (unlikely (ndx < 0) - || unlikely ((ndx + 1) * sizeof (GElf_Versym) > data_scn->d.d_size)) + if (INVALID_NDX (ndx, GElf_Versym, &data_scn->d)) { __libelf_seterrno (ELF_E_INVALID_INDEX); return 0; diff --git a/libelf/libelfP.h b/libelf/libelfP.h index 7da23709..52cf7457 100644 --- a/libelf/libelfP.h +++ b/libelf/libelfP.h @@ -587,4 +587,8 @@ extern uint32_t __libelf_crc32 (uint32_t crc, unsigned char *buf, size_t len) /* Align offset to 4 bytes as needed for note name and descriptor data. */ #define NOTE_ALIGN(n) (((n) + 3) & -4U) +/* Convenience macro. */ +#define INVALID_NDX(ndx, type, data) \ + unlikely ((data)->d_size / sizeof (type) <= (unsigned int) (ndx)) + #endif /* libelfP.h */ |