1 files changed, 62 insertions, 60 deletions

diff --git a/src/libdwfl/elf-from-memory.c b/src/libdwfl/elf-from-memory.c
index 0fb5f8a3..b35fac71 100644
--- a/src/libdwfl/elf-from-memory.c
+++ b/src/libdwfl/elf-from-memory.c
@@ -1,51 +1,30 @@
 /* Reconstruct an ELF file by reading the segments out of remote memory.
-   Copyright (C) 2005-2011 Red Hat, Inc.
-   This file is part of Red Hat elfutils.
+   Copyright (C) 2005-2011, 2014 Red Hat, Inc.
+   This file is part of elfutils.
 
-   Red Hat elfutils is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by the
-   Free Software Foundation; version 2 of the License.
+   This file is free software; you can redistribute it and/or modify
+   it under the terms of either
 
-   Red Hat elfutils is distributed in the hope that it will be useful, but
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at
+       your option) any later version
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at
+       your option) any later version
+
+   or both in parallel, as here.
+
+   elfutils is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.
 
-   You should have received a copy of the GNU General Public License along
-   with Red Hat elfutils; if not, write to the Free Software Foundation,
-   Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA.
-
-   In addition, as a special exception, Red Hat, Inc. gives You the
-   additional right to link the code of Red Hat elfutils with code licensed
-   under any Open Source Initiative certified open source license
-   (http://www.opensource.org/licenses/index.php) which requires the
-   distribution of source code with any binary distribution and to
-   distribute linked combinations of the two.  Non-GPL Code permitted under
-   this exception must only link to the code of Red Hat elfutils through
-   those well defined interfaces identified in the file named EXCEPTION
-   found in the source code files (the "Approved Interfaces").  The files
-   of Non-GPL Code may instantiate templates or use macros or inline
-   functions from the Approved Interfaces without causing the resulting
-   work to be covered by the GNU General Public License.  Only Red Hat,
-   Inc. may make changes or additions to the list of Approved Interfaces.
-   Red Hat's grant of this exception is conditioned upon your not adding
-   any new exceptions.  If you wish to add a new Approved Interface or
-   exception, please contact Red Hat.  You must obey the GNU General Public
-   License in all respects for all of the Red Hat elfutils code and other
-   code used in conjunction with Red Hat elfutils except the Non-GPL Code
-   covered by this exception.  If you modify this file, you may extend this
-   exception to your version of the file, but you are not obligated to do
-   so.  If you do not wish to provide this exception without modification,
-   you must delete this exception statement from your version and license
-   this file solely under the GPL without exception.
-
-   Red Hat elfutils is an included package of the Open Invention Network.
-   An included package of the Open Invention Network is a package for which
-   Open Invention Network licensees cross-license their patents.  No patent
-   license is granted, either expressly or impliedly, by designation as an
-   included package.  Should you wish to participate in the Open Invention
-   Network licensing program, please visit www.openinventionnetwork.com
-   <http://www.openinventionnetwork.com>.  */
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see <http://www.gnu.org/licenses/>.  */
 
 #include <config.h>
 #include "../libelf/libelfP.h"
@@ -69,10 +48,14 @@
    MAXREAD bytes from the remote memory at target address ADDRESS into the
    local buffer at DATA; it should return -1 for errors (with code in
    `errno'), 0 if it failed to read at least MINREAD bytes due to EOF, or
-   the number of bytes read if >= MINREAD.  ARG is passed through.  */
+   the number of bytes read if >= MINREAD.  ARG is passed through.
+
+   PAGESIZE is the minimum page size and alignment used for the PT_LOAD
+   segments.  */
 
 Elf *
 elf_from_remote_memory (GElf_Addr ehdr_vma,
+			GElf_Xword pagesize,
 			GElf_Addr *loadbasep,
 			ssize_t (*read_memory) (void *arg, void *data,
 						GElf_Addr address,
@@ -104,6 +87,7 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
   if (memcmp (buffer, ELFMAG, SELFMAG) != 0)
     {
     bad_elf:
+      free (buffer);
       __libdwfl_seterrno (DWFL_E_BADELF);
       return NULL;
     }
@@ -212,25 +196,37 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
   /* Scan for PT_LOAD segments to find the total size of the file image.  */
   size_t contents_size = 0;
   GElf_Off segments_end = 0;
+  GElf_Off segments_end_mem = 0;
   GElf_Addr loadbase = ehdr_vma;
   bool found_base = false;
   switch (ehdr.e32.e_ident[EI_CLASS])
     {
-      inline void handle_segment (GElf_Addr vaddr, GElf_Off offset,
-				  GElf_Xword filesz, GElf_Xword align)
+      /* Sanity checks segments and calculates segment_end,
+	 segments_end, segments_end_mem and loadbase (if not
+	 found_base yet).  Returns true if sanity checking failed,
+	 false otherwise.  */
+      inline bool handle_segment (GElf_Addr vaddr, GElf_Off offset,
+				  GElf_Xword filesz, GElf_Xword memsz)
 	{
-	  GElf_Off segment_end = ((offset + filesz + align - 1) & -align);
+	  /* Sanity check the segment load aligns with the pagesize.  */
+	  if (((vaddr - offset) & (pagesize - 1)) != 0)
+	    return true;
+
+	  GElf_Off segment_end = ((offset + filesz + pagesize - 1)
+				  & -pagesize);
 
 	  if (segment_end > (GElf_Off) contents_size)
 	    contents_size = segment_end;
 
-	  if (!found_base && (offset & -align) == 0)
+	  if (!found_base && (offset & -pagesize) == 0)
 	    {
-	      loadbase = ehdr_vma - (vaddr & -align);
+	      loadbase = ehdr_vma - (vaddr & -pagesize);
 	      found_base = true;
 	    }
 
 	  segments_end = offset + filesz;
+	  segments_end_mem = offset + memsz;
+	  return false;
 	}
 
     case ELFCLASS32:
@@ -239,8 +235,9 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
 	goto libelf_error;
       for (uint_fast16_t i = 0; i < phnum; ++i)
 	if (phdrs.p32[i].p_type == PT_LOAD)
-	  handle_segment (phdrs.p32[i].p_vaddr, phdrs.p32[i].p_offset,
-			  phdrs.p32[i].p_filesz, phdrs.p32[i].p_align);
+	  if (handle_segment (phdrs.p32[i].p_vaddr, phdrs.p32[i].p_offset,
+			      phdrs.p32[i].p_filesz, phdrs.p32[i].p_memsz))
+	    goto bad_elf;
       break;
 
     case ELFCLASS64:
@@ -249,8 +246,9 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
 	goto libelf_error;
       for (uint_fast16_t i = 0; i < phnum; ++i)
 	if (phdrs.p64[i].p_type == PT_LOAD)
-	  handle_segment (phdrs.p64[i].p_vaddr, phdrs.p64[i].p_offset,
-			  phdrs.p64[i].p_filesz, phdrs.p64[i].p_align);
+	  if (handle_segment (phdrs.p64[i].p_vaddr, phdrs.p64[i].p_offset,
+			      phdrs.p64[i].p_filesz, phdrs.p64[i].p_memsz))
+	    goto bad_elf;
       break;
 
     default:
@@ -260,9 +258,11 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
 
   /* Trim the last segment so we don't bother with zeros in the last page
      that are off the end of the file.  However, if the extra bit in that
-     page includes the section headers, keep them.  */
+     page includes the section headers and the memory isn't extended (which
+     might indicate it will have been reused otherwise), keep them.  */
   if ((GElf_Off) contents_size > segments_end
-      && (GElf_Off) contents_size >= shdrs_end)
+      && (GElf_Off) contents_size >= shdrs_end
+      && segments_end == segments_end_mem)
     {
       contents_size = segments_end;
       if ((GElf_Off) contents_size < shdrs_end)
@@ -280,15 +280,17 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
 
   switch (ehdr.e32.e_ident[EI_CLASS])
     {
+      /* Reads the given segment.  Returns true if reading fails,
+	 false otherwise.  */
       inline bool handle_segment (GElf_Addr vaddr, GElf_Off offset,
-				  GElf_Xword filesz, GElf_Xword align)
+				  GElf_Xword filesz)
 	{
-	  GElf_Off start = offset & -align;
-	  GElf_Off end = (offset + filesz + align - 1) & -align;
+	  GElf_Off start = offset & -pagesize;
+	  GElf_Off end = (offset + filesz + pagesize - 1) & -pagesize;
 	  if (end > (GElf_Off) contents_size)
 	    end = contents_size;
 	  nread = (*read_memory) (arg, buffer + start,
-				  (loadbase + vaddr) & -align,
+				  (loadbase + vaddr) & -pagesize,
 				  end - start, end - start);
 	  return nread <= 0;
 	}
@@ -297,7 +299,7 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
       for (uint_fast16_t i = 0; i < phnum; ++i)
 	if (phdrs.p32[i].p_type == PT_LOAD)
 	  if (handle_segment (phdrs.p32[i].p_vaddr, phdrs.p32[i].p_offset,
-			      phdrs.p32[i].p_filesz, phdrs.p32[i].p_align))
+			      phdrs.p32[i].p_filesz))
 	    goto read_error;
 
       /* If the segments visible in memory didn't include the section
@@ -322,9 +324,9 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
 
     case ELFCLASS64:
       for (uint_fast16_t i = 0; i < phnum; ++i)
-	if (phdrs.p32[i].p_type == PT_LOAD)
+	if (phdrs.p64[i].p_type == PT_LOAD)
 	  if (handle_segment (phdrs.p64[i].p_vaddr, phdrs.p64[i].p_offset,
-			      phdrs.p64[i].p_filesz, phdrs.p64[i].p_align))
+			      phdrs.p64[i].p_filesz))
 	    goto read_error;
 
       /* If the segments visible in memory didn't include the section