From patchwork Wed Oct 26 06:53:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 11081 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp94629wru; Tue, 25 Oct 2022 23:53:27 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5t0JC/ZUhN2dY/Ttm9y8qGdmb4q+K55D6yH7eSlwcC3vubapIitm1nLslVY1uGGQmDRwm+ X-Received: by 2002:a05:6402:510d:b0:45d:a888:d831 with SMTP id m13-20020a056402510d00b0045da888d831mr38604949edd.315.1666767207277; Tue, 25 Oct 2022 23:53:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666767207; cv=none; d=google.com; s=arc-20160816; b=TlCiqvGBEtqNb+v+/vjJh/cyK5n52rNLqqjrZmuwRNh4LK6bDcmOAV5bkyTyCr2ViL 2yfwIn41ATc1NB3NHzkppiOC18ZLgdRiJExZOhZrYTJQGLcPHLIYJc3DLIUtsfd6JW64 yCO47P/UmL8JA++Stqx+GP6JiJBA776DKwAPwDoD55y6i5JAvAMYCx0VuNKoX9ZmcV+3 E7JqhDHxZqV2t+3OwzORI+VJprSEtC6+UhKKOvfGxKXcWaWReym9EM6Uue4Q6wM4IH8W Fs0X1uZYTPsHhFcF2fquSSMKzGducSzT1Jl1CTfdfk0/6SJgPSBzXRXQ9KhhvOrmsIkA F1DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=2L4es3ftVarawWSpD+0kkwLldw30T6mznyeNzx01yWI=; b=AyMoT/KDdr25PxKfwowJUSTa7ky+WPL/k0imqgGM7KGPNdiueFGiDKOh5aMAjhorze J2J3Hr+uVIb7S9C2reHjTzOsdNMPHeD1PUW77KDlzY7XEuhzBdI5KpENEFSQS+kgT2Y3 Wzur1X/pmD15DQzfRDXgyRQAGwAp8qIedVM/9Biqj5M/DusJ6ARjsRuCYf+pL7h4hndB fqijQw77R3z5BQbJJPJg5PWzkHRjHKJMkAv5jhneUeAbm+XPHvUlyb4ju4bXYtZpebVf brM38cD4fh6tHEMRbBme63NwQAZXyYOf3SJgg1ltiZyGiXjPBBZIGPdKLkWSoYN3x+Mw xLyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=Rl6OPitP; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id ga15-20020a1709070c0f00b0078db517075fsi5450710ejc.659.2022.10.25.23.53.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Oct 2022 23:53:27 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=Rl6OPitP; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 57EF33856161 for ; Wed, 26 Oct 2022 06:53:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 57EF33856161 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666767206; bh=2L4es3ftVarawWSpD+0kkwLldw30T6mznyeNzx01yWI=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=Rl6OPitP2wrQeyytn8Fx8D5du6vlb/9klQKgKJL0sqAsExyNotZw1Re2Uudg5G9do TxblOCw/piaIIXyyEcyRi09W//qPD9jKKadIwxP7XSbfmL5d+6SpiwNP9weKCmredF NI46FdOHvz2RvcJsMr/z9NwRFQco/fMTVU/lQAnQ= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 06C77385843E for ; Wed, 26 Oct 2022 06:53:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 06C77385843E Received: by mail-pl1-x633.google.com with SMTP id y4so13177825plb.2 for ; Tue, 25 Oct 2022 23:53:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2L4es3ftVarawWSpD+0kkwLldw30T6mznyeNzx01yWI=; b=AFoOIIIz5xHOeXtW8LvF50ZbSeltix1vYLM+AAG+VreoYrLcEp8ZBD8rC/meXaG05T f1H3CH5bDJSOmS+QBR7czG+F9Wx3qsaRewShdw23ioZI8wyfp+SMvQfNfahZUlq5nnTO XpYJQMxrQQl4h4bpCaWTOHfr1FaIHERFQqAzf6G2TAqIzEITejQ3mWKHAAnA87kmk6qP 1U/2d2GGo/eIOOz9ygxn2jge64kpWBR0yZ0zqChABysfkGhzTuw2efVZTPcryh8wSJXw BzRgT9b+HJPbXrX91mAUdCuB4Lhtd45nwGYY14N3zPHZbTk+oj2pB3wAVNZLlZUKLKqY D48g== X-Gm-Message-State: ACrzQf3XSGOKH8MfuGxrQXeAreO0T6pz3pIsiLVLh3g0RGnKeznt24YO DqUT8t4QXOyvBvMB3bllRcg6Ld5tx/A= X-Received: by 2002:a17:90b:314b:b0:20d:a462:b996 with SMTP id ip11-20020a17090b314b00b0020da462b996mr2551360pjb.39.1666767195667; Tue, 25 Oct 2022 23:53:15 -0700 (PDT) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id o19-20020a17090aac1300b0020bfd6586c6sm598229pjq.7.2022.10.25.23.53.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Oct 2022 23:53:14 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 223201141EBA; Wed, 26 Oct 2022 17:23:12 +1030 (ACDT) Date: Wed, 26 Oct 2022 17:23:12 +1030 To: binutils@sourceware.org Subject: Correct ELF reloc size sanity check Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3036.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747732091023204164?= X-GMAIL-MSGID: =?utf-8?q?1747732091023204164?= The external reloc size check was wrong. Here asect is the code/data section, not the reloc section. So using this_hdr gave the size of the code/data section. * elf.c (_bfd_elf_get_reloc_upper_bound): Properly get external size from reloc headers. diff --git a/bfd/elf.c b/bfd/elf.c index 7cd7febcf95..81825b748d7 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -8708,15 +8708,20 @@ _bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect) if (asect->reloc_count != 0 && !bfd_write_p (abfd)) { /* Sanity check reloc section size. */ - struct bfd_elf_section_data *d = elf_section_data (asect); - Elf_Internal_Shdr *rel_hdr = &d->this_hdr; - bfd_size_type ext_rel_size = rel_hdr->sh_size; ufile_ptr filesize = bfd_get_file_size (abfd); - if (filesize != 0 && ext_rel_size > filesize) + if (filesize != 0) { - bfd_set_error (bfd_error_file_truncated); - return -1; + struct bfd_elf_section_data *d = elf_section_data (asect); + bfd_size_type rel_size = d->rel.hdr ? d->rel.hdr->sh_size : 0; + bfd_size_type rela_size = d->rela.hdr ? d->rela.hdr->sh_size : 0; + + if (rel_size + rela_size > filesize + || rel_size + rela_size < rel_size) + { + bfd_set_error (bfd_error_file_truncated); + return -1; + } } }