diff options
author | Mark Wielaard <mjw@redhat.com> | 2015-05-13 15:21:57 +0200 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2015-05-18 15:48:04 +0200 |
commit | c2297eab17b7dbb98021b51f063f71d1cdc7893a (patch) | |
tree | f3bc8cc95e7f807f6d38baed35b0e4b7f8009da1 | |
parent | 6d93c8c46d9b2b381c889e5f176451996845b055 (diff) | |
download | android_external_elfutils-c2297eab17b7dbb98021b51f063f71d1cdc7893a.tar.gz android_external_elfutils-c2297eab17b7dbb98021b51f063f71d1cdc7893a.tar.bz2 android_external_elfutils-c2297eab17b7dbb98021b51f063f71d1cdc7893a.zip |
libelf: If e_phnum is zero then set e_phoff also to zero.
If phnum is zero make sure e_phoff is also zero and not some random value.
That would cause trouble in update_file. This could happen when ELF_F_LAYOUT
is set and the user copied over a ehdr from a bogus ELF file where the phdrs
are unreadable. In that case trying to write out the new ELF image would
crash trying to follow the bogus e_phdr value.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
-rw-r--r-- | libelf/ChangeLog | 5 | ||||
-rw-r--r-- | libelf/elf32_updatenull.c | 8 |
2 files changed, 13 insertions, 0 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 0b9b4781..2d10b83e 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2015-05-13 Mark Wielaard <mjw@redhat.com> + + * elf32_updatenull.c (default_ehdr): If e_phnum is zero then set + e_phoff also to zero. + 2015-05-12 Mark Wielaard <mjw@redhat.com> * elf32_updatenull.c (updatenull_wrlock): Check that sh_addralign diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c index a0de80e1..c59ffcbd 100644 --- a/libelf/elf32_updatenull.c +++ b/libelf/elf32_updatenull.c @@ -106,6 +106,14 @@ ELFW(default_ehdr,LIBELFBITS) (Elf *elf, ElfW2(LIBELFBITS,Ehdr) *ehdr, elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY; } + /* If phnum is zero make sure e_phoff is also zero and not some random + value. That would cause trouble in update_file. */ + if (ehdr->e_phnum == 0 && ehdr->e_phoff != 0) + { + ehdr->e_phoff = 0; + elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY; + } + return 0; } |