diff options
| author | Mark Wielaard <mjw@redhat.com> | 2015-06-04 13:51:27 +0200 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2015-06-08 11:12:38 +0200 |
| commit | 560aa98b9aaa89ce345239de865eda0ba403af68 (patch) | |
| tree | d139b7f70b782c059a6a50d6e87854d001745a88 /libelf | |
| parent | b9fd0eee50b028e4752595a8cc293bf2c331b1b9 (diff) | |
| download | android_external_elfutils-560aa98b9aaa89ce345239de865eda0ba403af68.tar.gz android_external_elfutils-560aa98b9aaa89ce345239de865eda0ba403af68.tar.bz2 android_external_elfutils-560aa98b9aaa89ce345239de865eda0ba403af68.zip | |
libelf: Check e_shoff alignment before direct access of Elf(32|64)_Shdr.
In get_shnum the check was whether the Elf(32|64)_Ehdr was correctly
aligned, but to access the Shdr directly we need to check whether the
address that points to the Elf(32|64)_Shdr structure is correctly aligned.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libelf')
| -rw-r--r-- | libelf/ChangeLog | 5 | ||||
| -rw-r--r-- | libelf/elf_begin.c | 8 |
2 files changed, 9 insertions, 4 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index fd2fc53e..772eb52d 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2015-06-04 Mark Wielaard <mjw@redhat.com> + + * elf_begin.c (get_shnum): Check alignment of Shdr, not Ehdr before + direct access. + 2015-06-02 Mark Wielaard <mjw@redhat.com> * elf_begin.c (file_read_elf): Split checks for ehdr and shdr diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index e2e3b6b4..f002ebf0 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -151,8 +151,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + offset)) - & (__alignof__ (Elf32_Ehdr) - 1)) == 0)) + || (((size_t) ((char *) map_address + ehdr.e32->e_shoff)) + & (__alignof__ (Elf32_Shdr) - 1)) == 0)) /* We can directly access the memory. */ result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff + offset))->sh_size; @@ -201,8 +201,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, Elf64_Xword size; if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + offset)) - & (__alignof__ (Elf64_Ehdr) - 1)) == 0)) + || (((size_t) ((char *) map_address + ehdr.e64->e_shoff)) + & (__alignof__ (Elf64_Shdr) - 1)) == 0)) /* We can directly access the memory. */ size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff + offset))->sh_size; |