On Fri, 2012-04-27 at 15:43 -0700, Roland McGrath wrote: > or perhaps better overflow-proofed: > > && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz > && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz > || shdr->sh_size == 0)) > || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz > && shdr->sh_type == SHT_NOBITS))) > > I think we should accept these corner cases but not accept wild sh_addr or > sh_offset values just because they are technically meaningless with a zero > sh_size.
That does make sense, and works for me. I have checked in the following: diff --git a/src/ChangeLog b/src/ChangeLog index cae5e6b..af1d92b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2012-05-09 Roland McGrath <[email protected]> + + * elflint (check_sections): Allow zero sized sections at (filesz) end + of segment. And make check overflow-proofed. + 2012-04-24 Mark Wielaard <[email protected]> * readelf.c (print_ops): Add DW_OP_GNU_push_tls_address, diff --git a/src/elflint.c b/src/elflint.c index a03caac..7c56069 100644 --- a/src/elflint.c +++ b/src/elflint.c @@ -3716,8 +3716,10 @@ section [%2zu] '%s' is both executable and writable\n"), || (phdr->p_type == PT_TLS && (shdr->sh_flags & SHF_TLS) != 0)) && phdr->p_offset <= shdr->sh_offset - && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset - || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset + && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz + && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz + || shdr->sh_size == 0)) + || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz && shdr->sh_type == SHT_NOBITS))) { /* Found the segment. */ _______________________________________________ elfutils-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/elfutils-devel
