]> git.pld-linux.org Git - packages/elfutils.git/blame - elfutils-robustify.patch
projects / packages / elfutils.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- updated to 0.155 with upstream portability,robustify patches
[packages/elfutils.git] / elfutils-robustify.patch
CommitLineData
96e6dfc1
PS		 1--- elfutils/libdwfl/ChangeLog
2+++ elfutils/libdwfl/ChangeLog
3a5346c9 3@@ -52,6 +52,11 @@
96e6dfc1
PS		 4 * dwfl_module_getdwarf.c (open_elf): Clear errno before CBFAIL.
5 Reported by Kurt Roeckx <kurt@roeckx.be>.
6
7+2011-03-23 Petr Machata <pmachata@redhat.com>
8+
9+ * relocate.c (relocate_section): Use gelf_fsize instead of relying
10+ on shdr->sh_entsize.
11+
12 2011-02-11 Roland McGrath <roland@redhat.com>
13
14 * linux-kernel-modules.c (try_kernel_name): Try .gz, .bz2, .xz
15--- elfutils/libdwfl/relocate.c
16+++ elfutils/libdwfl/relocate.c
17@@ -1,5 +1,5 @@
18 /* Relocate debug information.
19- Copyright (C) 2005-2010 Red Hat, Inc.
20+ Copyright (C) 2005-2011 Red Hat, Inc.
3a5346c9 21 This file is part of elfutils.
96e6dfc1 22
3a5346c9
JB		 23 This file is free software; you can redistribute it and/or modify
24@@ -457,7 +457,10 @@ relocate_section (Dwfl_Module *mod, Elf
96e6dfc1
PS		 25 }
26 }
27
28- size_t nrels = shdr->sh_size / shdr->sh_entsize;
29+ size_t sh_entsize
30+ = gelf_fsize (relocated, shdr->sh_type == SHT_REL ? ELF_T_REL : ELF_T_RELA,
31+ 1, EV_CURRENT);
32+ size_t nrels = shdr->sh_size / sh_entsize;
33 size_t complete = 0;
34 if (shdr->sh_type == SHT_REL)
35 for (size_t relidx = 0; !result && relidx < nrels; ++relidx)
3a5346c9 36@@ -559,7 +562,7 @@ relocate_section (Dwfl_Module *mod, Elf
96e6dfc1
PS		 37 nrels = next;
38 }
39
40- shdr->sh_size = reldata->d_size = nrels * shdr->sh_entsize;
41+ shdr->sh_size = reldata->d_size = nrels * sh_entsize;
42 gelf_update_shdr (scn, shdr);
43 }
44
0969077b
PS		 45--- elfutils/libelf/ChangeLog
46+++ elfutils/libelf/ChangeLog
3a5346c9 47@@ -703,10 +703,53 @@
0969077b
PS		 48 If section content hasn't been read yet, do it before looking for the
49 block size. If no section data present, infer size of section header.
50
0969077b
PS		 51+2005-05-14 Jakub Jelinek <jakub@redhat.com>
52+
53+ * libelfP.h (INVALID_NDX): Define.
54+ * gelf_getdyn.c (gelf_getdyn): Use it. Remove ndx < 0 test if any.
55+ * gelf_getlib.c (gelf_getlib): Likewise.
56+ * gelf_getmove.c (gelf_getmove): Likewise.
57+ * gelf_getrel.c (gelf_getrel): Likewise.
58+ * gelf_getrela.c (gelf_getrela): Likewise.
59+ * gelf_getsym.c (gelf_getsym): Likewise.
60+ * gelf_getsyminfo.c (gelf_getsyminfo): Likewise.
61+ * gelf_getsymshndx.c (gelf_getsymshndx): Likewise.
62+ * gelf_getversym.c (gelf_getversym): Likewise.
63+ * gelf_update_dyn.c (gelf_update_dyn): Likewise.
64+ * gelf_update_lib.c (gelf_update_lib): Likewise.
65+ * gelf_update_move.c (gelf_update_move): Likewise.
66+ * gelf_update_rel.c (gelf_update_rel): Likewise.
67+ * gelf_update_rela.c (gelf_update_rela): Likewise.
68+ * gelf_update_sym.c (gelf_update_sym): Likewise.
69+ * gelf_update_syminfo.c (gelf_update_syminfo): Likewise.
70+ * gelf_update_symshndx.c (gelf_update_symshndx): Likewise.
71+ * gelf_update_versym.c (gelf_update_versym): Likewise.
72+ * elf_newscn.c (elf_newscn): Check for overflow.
73+ * elf32_updatefile.c (__elfw2(LIBELFBITS,updatemmap)): Likewise.
74+ (__elfw2(LIBELFBITS,updatefile)): Likewise.
75+ * elf_begin.c (file_read_elf): Likewise.
76+ * elf32_newphdr.c (elfw2(LIBELFBITS,newphdr)): Likewise.
77+ * elf_getarsym.c (elf_getarsym): Likewise.
78+ * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): Likewise.
79 2005-05-11 Ulrich Drepper <drepper@redhat.com>
80
81 * elf.h: Update again.
b68ac3ec
JB		 82
83+2005-05-17 Jakub Jelinek <jakub@redhat.com>
84+
85+ * elf32_getphdr.c (elfw2(LIBELFBITS,getphdr)): Check if program header
86+ table fits into object's bounds.
87+ * elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to
88+ elf->map_address. Check if first section header fits into object's
89+ bounds.
90+ * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)):
91+ Check if section header table fits into object's bounds.
92+ * elf_begin.c (get_shnum): Ensure section headers fits into
93+ object's bounds.
94+ (file_read_elf): Make sure scncnt is small enough to allocate both
95+ ElfXX_Shdr and Elf_Scn array. Make sure section and program header
96+ tables fit into object's bounds. Avoid memory leak on failure.
97+
98 2005-05-09 Ulrich Drepper <drepper@redhat.com>
99
100 * elf.h: Update from glibc.
0969077b
PS		 101--- elfutils/libelf/elf32_getphdr.c
102+++ elfutils/libelf/elf32_getphdr.c
3a5346c9 103@@ -93,6 +93,16 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf)
d07e7be6 104
5f1d07b7
JB		 105 if (elf->map_address != NULL)
106 {
107+ /* First see whether the information in the ELF header is
108+ valid and it does not ask for too much. */
109+ if (unlikely (ehdr->e_phoff >= elf->maximum_size)
0969077b 110+ || unlikely (elf->maximum_size - ehdr->e_phoff < size))
5f1d07b7
JB		 111+ {
112+ /* Something is wrong. */
113+ __libelf_seterrno (ELF_E_INVALID_PHDR);
114+ goto out;
115+ }
d07e7be6 116+
5f1d07b7
JB		 117 /* All the data is already mapped. Use it. */
118 void *file_phdr = ((char *) elf->map_address
119 + elf->start_offset + ehdr->e_phoff);
0969077b
PS		 120--- elfutils/libelf/elf32_getshdr.c
121+++ elfutils/libelf/elf32_getshdr.c
3a5346c9 122@@ -60,7 +60,8 @@ load_shdr_wrlock (Elf_Scn *scn)
5f1d07b7
JB		 123 goto out;
124
125 size_t shnum;
0969077b
PS		 126- if (__elf_getshdrnum_rdlock (elf, &shnum) != 0)
127+ if (__elf_getshdrnum_rdlock (elf, &shnum) != 0
5f1d07b7
JB		 128+ || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr)))
129 goto out;
130 size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr));
131
3a5346c9 132@@ -77,6 +78,16 @@ load_shdr_wrlock (Elf_Scn *scn)
5f1d07b7
JB		 133
134 if (elf->map_address != NULL)
135 {
136+ /* First see whether the information in the ELF header is
137+ valid and it does not ask for too much. */
138+ if (unlikely (ehdr->e_shoff >= elf->maximum_size)
0969077b 139+ || unlikely (elf->maximum_size - ehdr->e_shoff < size))
5f1d07b7
JB		 140+ {
141+ /* Something is wrong. */
142+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
143+ goto free_and_out;
144+ }
d07e7be6 145+
5f1d07b7 146 ElfW2(LIBELFBITS,Shdr) *notcvt;
d07e7be6 147
5f1d07b7 148 /* All the data is already mapped. If we could use it
0969077b
PS		 149--- elfutils/libelf/elf32_newphdr.c
150+++ elfutils/libelf/elf32_newphdr.c
3a5346c9 151@@ -114,6 +114,12 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
0969077b 152 || count == PN_XNUM
5f1d07b7
JB		 153 || elf->state.ELFW(elf,LIBELFBITS).phdr == NULL)
154 {
155+ if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
156+ {
157+ result = NULL;
158+ goto out;
159+ }
160+
161 /* Allocate a new program header with the appropriate number of
162 elements. */
163 result = (ElfW2(LIBELFBITS,Phdr) *)
0969077b
PS		 164--- elfutils/libelf/elf32_updatefile.c
165+++ elfutils/libelf/elf32_updatefile.c
3a5346c9 166@@ -202,6 +202,9 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf
5f1d07b7
JB		 167 /* Write all the sections. Well, only those which are modified. */
168 if (shnum > 0)
169 {
170+ if (unlikely (shnum > SIZE_MAX / sizeof (Elf_Scn *)))
171+ return 1;
172+
173 Elf_ScnList *list = &elf->state.ELFW(elf,LIBELFBITS).scns;
174 Elf_Scn **scns = (Elf_Scn **) alloca (shnum * sizeof (Elf_Scn *));
175 char *const shdr_start = ((char *) elf->map_address + elf->start_offset
3a5346c9 176@@ -624,6 +627,10 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf
5f1d07b7
JB		 177 /* Write all the sections. Well, only those which are modified. */
178 if (shnum > 0)
179 {
180+ if (unlikely (shnum > SIZE_MAX / (sizeof (Elf_Scn *)
181+ + sizeof (ElfW2(LIBELFBITS,Shdr)))))
182+ return 1;
183+
184 off_t shdr_offset = elf->start_offset + ehdr->e_shoff;
185 #if EV_NUM != 2
186 xfct_t shdr_fctp = __elf_xfctstom[__libelf_version - 1][EV_CURRENT - 1][ELFW(ELFCLASS, LIBELFBITS) - 1][ELF_T_SHDR];
0969077b
PS		 187--- elfutils/libelf/elf_begin.c
188+++ elfutils/libelf/elf_begin.c
3a5346c9 189@@ -144,7 +144,8 @@ get_shnum (void *map_address, unsigned c
d07e7be6 190
5f1d07b7
JB		 191 if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
192 {
193- if (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
194+ if (unlikely (ehdr.e32->e_shoff >= maxsize)
0969077b 195+ || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr)))
5f1d07b7
JB		 196 /* Cannot read the first section header. */
197 return 0;
d07e7be6 198
3a5346c9 199@@ -192,7 +193,8 @@ get_shnum (void *map_address, unsigned c
d07e7be6 200
5f1d07b7 201 if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
d07e7be6 202 {
5f1d07b7
JB		 203- if (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
204+ if (unlikely (ehdr.e64->e_shoff >= maxsize)
205+ || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
206 /* Cannot read the first section header. */
207 return 0;
d07e7be6 208
3a5346c9 209@@ -264,6 +266,15 @@ file_read_elf (int fildes, void *map_add
5f1d07b7
JB		 210 /* Could not determine the number of sections. */
211 return NULL;
d07e7be6 212
5f1d07b7
JB		 213+ /* Check for too many sections. */
214+ if (e_ident[EI_CLASS] == ELFCLASS32)
215+ {
216+ if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
217+ return NULL;
218+ }
219+ else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
220+ return NULL;
d07e7be6 221+
0969077b
PS		 222 /* We can now allocate the memory. Even if there are no section headers,
223 we allocate space for a zeroth section in case we need it later. */
224 const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
3a5346c9 225@@ -303,6 +314,16 @@ file_read_elf (int fildes, void *map_add
d07e7be6 226 {
5f1d07b7
JB		 227 /* We can use the mmapped memory. */
228 elf->state.elf32.ehdr = ehdr;
d07e7be6 229+
5f1d07b7 230+ if (unlikely (ehdr->e_shoff >= maxsize)
0969077b
PS		 231+ || unlikely (maxsize - ehdr->e_shoff
232+ < scncnt * sizeof (Elf32_Shdr)))
5f1d07b7
JB		 233+ {
234+ free_and_out:
235+ free (elf);
236+ __libelf_seterrno (ELF_E_INVALID_FILE);
237+ return NULL;
238+ }
239 elf->state.elf32.shdr
240 = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
d07e7be6 241
3a5346c9 242@@ -389,6 +410,11 @@ file_read_elf (int fildes, void *map_add
5f1d07b7
JB		 243 {
244 /* We can use the mmapped memory. */
245 elf->state.elf64.ehdr = ehdr;
246+
247+ if (unlikely (ehdr->e_shoff >= maxsize)
248+ || unlikely (ehdr->e_shoff
249+ + scncnt * sizeof (Elf32_Shdr) > maxsize))
250+ goto free_and_out;
251 elf->state.elf64.shdr
252 = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
d07e7be6 253
0969077b
PS		 254--- elfutils/libelf/elf_getarsym.c
255+++ elfutils/libelf/elf_getarsym.c
3a5346c9 256@@ -181,6 +181,9 @@ elf_getarsym (elf, ptr)
5f1d07b7 257 size_t index_size = atol (tmpbuf);
d07e7be6 258
5f1d07b7
JB		 259 if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
260+#if SIZE_MAX <= 4294967295U
261+ || n >= SIZE_MAX / sizeof (Elf_Arsym)
262+#endif
3a5346c9 263 || n * w > index_size)
5f1d07b7
JB		 264 {
265 /* This index table cannot be right since it does not fit into
0969077b
PS		 266--- elfutils/libelf/elf_getshdrstrndx.c
267+++ elfutils/libelf/elf_getshdrstrndx.c
3a5346c9 268@@ -104,10 +104,25 @@ elf_getshdrstrndx (elf, dst)
5f1d07b7
JB		 269 if (elf->map_address != NULL
270 && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
271 && (ALLOW_UNALIGNED
272- || (((size_t) ((char *) elf->map_address + offset))
273+ || (((size_t) ((char *) elf->map_address
274+ + elf->start_offset + offset))
275 & (__alignof__ (Elf32_Shdr) - 1)) == 0))
0969077b
PS		 276- /* We can directly access the memory. */
277- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
5f1d07b7
JB		 278+ {
279+ /* First see whether the information in the ELF header is
280+ valid and it does not ask for too much. */
0969077b
PS		 281+ if (unlikely (elf->maximum_size - offset
282+ < sizeof (Elf32_Shdr)))
5f1d07b7
JB		 283+ {
284+ /* Something is wrong. */
285+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
286+ result = -1;
287+ goto out;
288+ }
289+
0969077b 290+ /* We can directly access the memory. */
5f1d07b7
JB		 291+ num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
292+ + offset))->sh_link;
293+ }
294 else
295 {
296 /* We avoid reading in all the section headers. Just read
3a5346c9 297@@ -142,10 +157,25 @@ elf_getshdrstrndx (elf, dst)
5f1d07b7
JB		 298 if (elf->map_address != NULL
299 && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
300 && (ALLOW_UNALIGNED
301- || (((size_t) ((char *) elf->map_address + offset))
302+ || (((size_t) ((char *) elf->map_address
303+ + elf->start_offset + offset))
304 & (__alignof__ (Elf64_Shdr) - 1)) == 0))
0969077b
PS		 305- /* We can directly access the memory. */
306- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
5f1d07b7
JB		 307+ {
308+ /* First see whether the information in the ELF header is
309+ valid and it does not ask for too much. */
0969077b
PS		 310+ if (unlikely (elf->maximum_size - offset
311+ < sizeof (Elf64_Shdr)))
5f1d07b7
JB		 312+ {
313+ /* Something is wrong. */
314+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
315+ result = -1;
316+ goto out;
317+ }
318+
0969077b
PS		 319+ /* We can directly access the memory. */
320+ num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset
321+ + offset))->sh_link;
5f1d07b7
JB		 322+ }
323 else
324 {
325 /* We avoid reading in all the section headers. Just read
0969077b
PS		 326--- elfutils/libelf/elf_newscn.c
327+++ elfutils/libelf/elf_newscn.c
3a5346c9 328@@ -83,10 +83,18 @@ elf_newscn (elf)
5f1d07b7 329 else
d07e7be6 330 {
5f1d07b7
JB		 331 /* We must allocate a new element. */
332- Elf_ScnList *newp;
333+ Elf_ScnList *newp = NULL;
d07e7be6 334
5f1d07b7 335 assert (elf->state.elf.scnincr > 0);
d07e7be6 336
5f1d07b7
JB		 337+ if (
338+#if SIZE_MAX <= 4294967295U
339+ likely (elf->state.elf.scnincr
340+ < SIZE_MAX / 2 / sizeof (Elf_Scn) - sizeof (Elf_ScnList))
341+#else
342+ 1
343+#endif
344+ )
345 newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
346 + ((elf->state.elf.scnincr *= 2)
347 * sizeof (Elf_Scn)), 1);
0969077b
PS		 348--- elfutils/libelf/gelf_getdyn.c
349+++ elfutils/libelf/gelf_getdyn.c
350@@ -1,5 +1,5 @@
351 /* Get information from dynamic table at the given index.
352- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
353+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 354 This file is part of elfutils.
0969077b
PS		 355 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
356
3a5346c9 357@@ -72,7 +72,7 @@ gelf_getdyn (data, ndx, dst)
5f1d07b7
JB		 358 table entries has to be adopted. The user better has provided
359 a buffer where we can store the information. While copying the
360 data we are converting the format. */
361- if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
0969077b 362+ if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d))
5f1d07b7
JB		 363 {
364 __libelf_seterrno (ELF_E_INVALID_INDEX);
365 goto out;
3a5346c9 366@@ -93,7 +93,7 @@ gelf_getdyn (data, ndx, dst)
d07e7be6 367
5f1d07b7
JB		 368 /* The data is already in the correct form. Just make sure the
369 index is OK. */
370- if (unlikely ((ndx + 1) * sizeof (GElf_Dyn) > data_scn->d.d_size))
0969077b 371+ if (INVALID_NDX (ndx, GElf_Dyn, &data_scn->d))
5f1d07b7
JB		 372 {
373 __libelf_seterrno (ELF_E_INVALID_INDEX);
374 goto out;
0969077b
PS		 375--- elfutils/libelf/gelf_getlib.c
376+++ elfutils/libelf/gelf_getlib.c
377@@ -1,5 +1,5 @@
378 /* Get library from table at the given index.
379- Copyright (C) 2004 Red Hat, Inc.
380+ Copyright (C) 2004-2009 Red Hat, Inc.
3a5346c9 381 This file is part of elfutils.
0969077b
PS		 382 Written by Ulrich Drepper <drepper@redhat.com>, 2004.
383
3a5346c9 384@@ -65,7 +65,7 @@ gelf_getlib (data, ndx, dst)
5f1d07b7
JB		 385 /* The data is already in the correct form. Just make sure the
386 index is OK. */
387 GElf_Lib *result = NULL;
388- if (unlikely ((ndx + 1) * sizeof (GElf_Lib) > data->d_size))
0969077b 389+ if (INVALID_NDX (ndx, GElf_Lib, data))
5f1d07b7
JB		 390 __libelf_seterrno (ELF_E_INVALID_INDEX);
391 else
d07e7be6 392 {
0969077b
PS		 393--- elfutils/libelf/gelf_getmove.c
394+++ elfutils/libelf/gelf_getmove.c
395@@ -1,5 +1,5 @@
396 /* Get move structure at the given index.
397- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
398+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 399 This file is part of elfutils.
0969077b
PS		 400 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
401
3a5346c9 402@@ -62,7 +62,7 @@ gelf_getmove (data, ndx, dst)
d07e7be6 403
5f1d07b7
JB		 404 /* The data is already in the correct form. Just make sure the
405 index is OK. */
406- if (unlikely ((ndx + 1) * sizeof (GElf_Move) > data->d_size))
0969077b 407+ if (INVALID_NDX (ndx, GElf_Move, data))
d07e7be6 408 {
5f1d07b7
JB		 409 __libelf_seterrno (ELF_E_INVALID_INDEX);
410 goto out;
0969077b
PS		 411--- elfutils/libelf/gelf_getrela.c
412+++ elfutils/libelf/gelf_getrela.c
413@@ -1,5 +1,5 @@
414 /* Get RELA relocation information at given index.
415- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
416+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 417 This file is part of elfutils.
0969077b
PS		 418 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
419
3a5346c9 420@@ -50,12 +50,6 @@ gelf_getrela (data, ndx, dst)
5f1d07b7
JB		 421 if (data_scn == NULL)
422 return NULL;
49fd4b14 423
5f1d07b7
JB		 424- if (unlikely (ndx < 0))
425- {
426- __libelf_seterrno (ELF_E_INVALID_INDEX);
427- return NULL;
428- }
429-
430 if (unlikely (data_scn->d.d_type != ELF_T_RELA))
431 {
432 __libelf_seterrno (ELF_E_INVALID_HANDLE);
3a5346c9 433@@ -72,7 +66,7 @@ gelf_getrela (data, ndx, dst)
5f1d07b7
JB		 434 if (scn->elf->class == ELFCLASS32)
435 {
436 /* We have to convert the data. */
437- if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
0969077b 438+ if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d))
5f1d07b7
JB		 439 {
440 __libelf_seterrno (ELF_E_INVALID_INDEX);
441 result = NULL;
3a5346c9 442@@ -93,7 +87,7 @@ gelf_getrela (data, ndx, dst)
5f1d07b7
JB		 443 {
444 /* Simply copy the data after we made sure we are actually getting
445 correct data. */
446- if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size))
0969077b 447+ if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d))
5f1d07b7
JB		 448 {
449 __libelf_seterrno (ELF_E_INVALID_INDEX);
450 result = NULL;
0969077b
PS		 451--- elfutils/libelf/gelf_getrel.c
452+++ elfutils/libelf/gelf_getrel.c
453@@ -1,5 +1,5 @@
454 /* Get REL relocation information at given index.
455- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
456+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 457 This file is part of elfutils.
0969077b
PS		 458 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
459
3a5346c9 460@@ -50,12 +50,6 @@ gelf_getrel (data, ndx, dst)
5f1d07b7
JB		 461 if (data_scn == NULL)
462 return NULL;
49fd4b14 463
5f1d07b7
JB		 464- if (unlikely (ndx < 0))
465- {
466- __libelf_seterrno (ELF_E_INVALID_INDEX);
467- return NULL;
468- }
469-
470 if (unlikely (data_scn->d.d_type != ELF_T_REL))
471 {
472 __libelf_seterrno (ELF_E_INVALID_HANDLE);
3a5346c9 473@@ -72,7 +66,7 @@ gelf_getrel (data, ndx, dst)
5f1d07b7
JB		 474 if (scn->elf->class == ELFCLASS32)
475 {
476 /* We have to convert the data. */
477- if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size))
0969077b 478+ if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d))
5f1d07b7
JB		 479 {
480 __libelf_seterrno (ELF_E_INVALID_INDEX);
481 result = NULL;
3a5346c9 482@@ -92,7 +86,7 @@ gelf_getrel (data, ndx, dst)
5f1d07b7
JB		 483 {
484 /* Simply copy the data after we made sure we are actually getting
485 correct data. */
486- if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size))
0969077b 487+ if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d))
5f1d07b7
JB		 488 {
489 __libelf_seterrno (ELF_E_INVALID_INDEX);
490 result = NULL;
0969077b
PS		 491--- elfutils/libelf/gelf_getsym.c
492+++ elfutils/libelf/gelf_getsym.c
493@@ -1,5 +1,5 @@
494 /* Get symbol information from symbol table at the given index.
495- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
496+ Copyright (C) 1999-2009 Red Hat, Inc.
3a5346c9 497 This file is part of elfutils.
0969077b
PS		 498 Written by Ulrich Drepper <drepper@redhat.com>, 1999.
499
3a5346c9 500@@ -69,7 +69,7 @@ gelf_getsym (data, ndx, dst)
5f1d07b7
JB		 501 table entries has to be adopted. The user better has provided
502 a buffer where we can store the information. While copying the
503 data we are converting the format. */
504- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data->d_size))
0969077b 505+ if (INVALID_NDX (ndx, Elf32_Sym, data))
5f1d07b7
JB		 506 {
507 __libelf_seterrno (ELF_E_INVALID_INDEX);
508 goto out;
3a5346c9 509@@ -98,7 +98,7 @@ gelf_getsym (data, ndx, dst)
a8ca41f5 510
5f1d07b7
JB		 511 /* The data is already in the correct form. Just make sure the
512 index is OK. */
513- if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > data->d_size))
0969077b 514+ if (INVALID_NDX (ndx, GElf_Sym, data))
5f1d07b7
JB		 515 {
516 __libelf_seterrno (ELF_E_INVALID_INDEX);
517 goto out;
0969077b
PS		 518--- elfutils/libelf/gelf_getsyminfo.c
519+++ elfutils/libelf/gelf_getsyminfo.c
520@@ -1,5 +1,5 @@
521 /* Get additional symbol information from symbol table at the given index.
522- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
523+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 524 This file is part of elfutils.
0969077b
PS		 525 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
526
3a5346c9 527@@ -63,7 +63,7 @@ gelf_getsyminfo (data, ndx, dst)
49fd4b14 528
5f1d07b7
JB		 529 /* The data is already in the correct form. Just make sure the
530 index is OK. */
531- if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data->d_size))
0969077b 532+ if (INVALID_NDX (ndx, GElf_Syminfo, data))
0dcd74c7 533 {
5f1d07b7
JB		 534 __libelf_seterrno (ELF_E_INVALID_INDEX);
535 goto out;
0969077b
PS		 536--- elfutils/libelf/gelf_getsymshndx.c
537+++ elfutils/libelf/gelf_getsymshndx.c
538@@ -1,6 +1,6 @@
539 /* Get symbol information and separate section index from symbol table
540 at the given index.
541- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
542+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 543 This file is part of elfutils.
0969077b
PS		 544 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
545
3a5346c9 546@@ -69,7 +69,7 @@ gelf_getsymshndx (symdata, shndxdata, nd
5f1d07b7
JB		 547 section index table. */
548 if (likely (shndxdata_scn != NULL))
549 {
550- if (unlikely ((ndx + 1) * sizeof (Elf32_Word) > shndxdata_scn->d.d_size))
0969077b 551+ if (INVALID_NDX (ndx, Elf32_Word, &shndxdata_scn->d))
5f1d07b7
JB		 552 {
553 __libelf_seterrno (ELF_E_INVALID_INDEX);
554 goto out;
3a5346c9 555@@ -89,7 +89,7 @@ gelf_getsymshndx (symdata, shndxdata, nd
5f1d07b7
JB		 556 table entries has to be adopted. The user better has provided
557 a buffer where we can store the information. While copying the
558 data we are converting the format. */
559- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata->d_size))
0969077b 560+ if (INVALID_NDX (ndx, Elf32_Sym, symdata))
5f1d07b7
JB		 561 {
562 __libelf_seterrno (ELF_E_INVALID_INDEX);
563 goto out;
3a5346c9 564@@ -118,7 +118,7 @@ gelf_getsymshndx (symdata, shndxdata, nd
0dcd74c7 565
5f1d07b7
JB		 566 /* The data is already in the correct form. Just make sure the
567 index is OK. */
568- if (unlikely ((ndx + 1) * sizeof (GElf_Sym) > symdata->d_size))
0969077b 569+ if (INVALID_NDX (ndx, GElf_Sym, symdata))
0dcd74c7 570 {
5f1d07b7
JB		 571 __libelf_seterrno (ELF_E_INVALID_INDEX);
572 goto out;
0969077b
PS		 573--- elfutils/libelf/gelf_getversym.c
574+++ elfutils/libelf/gelf_getversym.c
575@@ -1,5 +1,5 @@
576 /* Get symbol version information at the given index.
577- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
578+ Copyright (C) 1999-2009 Red Hat, Inc.
3a5346c9 579 This file is part of elfutils.
0969077b
PS		 580 Written by Ulrich Drepper <drepper@redhat.com>, 1999.
581
3a5346c9 582@@ -71,7 +71,7 @@ gelf_getversym (data, ndx, dst)
0dcd74c7 583
5f1d07b7
JB		 584 /* The data is already in the correct form. Just make sure the
585 index is OK. */
586- if (unlikely ((ndx + 1) * sizeof (GElf_Versym) > data->d_size))
0969077b 587+ if (INVALID_NDX (ndx, GElf_Versym, data))
5f1d07b7
JB		 588 {
589 __libelf_seterrno (ELF_E_INVALID_INDEX);
590 result = NULL;
0969077b
PS		 591--- elfutils/libelf/gelf_update_dyn.c
592+++ elfutils/libelf/gelf_update_dyn.c
593@@ -1,5 +1,5 @@
594 /* Update information in dynamic table at the given index.
595- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
596+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 597 This file is part of elfutils.
0969077b
PS		 598 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
599
3a5346c9 600@@ -50,12 +50,6 @@ gelf_update_dyn (data, ndx, src)
5f1d07b7
JB		 601 if (data == NULL)
602 return 0;
0dcd74c7 603
5f1d07b7
JB		 604- if (unlikely (ndx < 0))
605- {
606- __libelf_seterrno (ELF_E_INVALID_INDEX);
607- return 0;
608- }
609-
610 if (unlikely (data_scn->d.d_type != ELF_T_DYN))
611 {
612 /* The type of the data better should match. */
3a5346c9 613@@ -81,7 +75,7 @@ gelf_update_dyn (data, ndx, src)
a8ca41f5 614 }
0dcd74c7 615
5f1d07b7
JB		 616 /* Check whether we have to resize the data buffer. */
617- if (unlikely ((ndx + 1) * sizeof (Elf32_Dyn) > data_scn->d.d_size))
0969077b 618+ if (INVALID_NDX (ndx, Elf32_Dyn, &data_scn->d))
49fd4b14 619 {
5f1d07b7
JB		 620 __libelf_seterrno (ELF_E_INVALID_INDEX);
621 goto out;
3a5346c9 622@@ -95,7 +89,7 @@ gelf_update_dyn (data, ndx, src)
5f1d07b7
JB		 623 else
624 {
625 /* Check whether we have to resize the data buffer. */
626- if (unlikely ((ndx + 1) * sizeof (Elf64_Dyn) > data_scn->d.d_size))
0969077b 627+ if (INVALID_NDX (ndx, Elf64_Dyn, &data_scn->d))
49fd4b14 628 {
5f1d07b7
JB		 629 __libelf_seterrno (ELF_E_INVALID_INDEX);
630 goto out;
0969077b
PS		 631--- elfutils/libelf/gelf_update_lib.c
632+++ elfutils/libelf/gelf_update_lib.c
633@@ -1,5 +1,5 @@
634 /* Update library in table at the given index.
635- Copyright (C) 2004 Red Hat, Inc.
636+ Copyright (C) 2004-2009 Red Hat, Inc.
3a5346c9 637 This file is part of elfutils.
0969077b
PS		 638 Written by Ulrich Drepper <drepper@redhat.com>, 2004.
639
3a5346c9 640@@ -47,12 +47,6 @@ gelf_update_lib (data, ndx, src)
5f1d07b7
JB		 641 if (data == NULL)
642 return 0;
0dcd74c7 643
5f1d07b7
JB		 644- if (unlikely (ndx < 0))
645- {
646- __libelf_seterrno (ELF_E_INVALID_INDEX);
647- return 0;
648- }
649-
650 Elf_Data_Scn *data_scn = (Elf_Data_Scn *) data;
651 if (unlikely (data_scn->d.d_type != ELF_T_LIB))
652 {
3a5346c9 653@@ -66,7 +60,7 @@ gelf_update_lib (data, ndx, src)
0dcd74c7 654
5f1d07b7
JB		 655 /* Check whether we have to resize the data buffer. */
656 int result = 0;
657- if (unlikely ((ndx + 1) * sizeof (Elf64_Lib) > data_scn->d.d_size))
0969077b 658+ if (INVALID_NDX (ndx, Elf64_Lib, &data_scn->d))
5f1d07b7
JB		 659 __libelf_seterrno (ELF_E_INVALID_INDEX);
660 else
661 {
0969077b
PS		 662--- elfutils/libelf/gelf_update_move.c
663+++ elfutils/libelf/gelf_update_move.c
664@@ -1,5 +1,5 @@
665 /* Update move structure at the given index.
666- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
667+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 668 This file is part of elfutils.
0969077b
PS		 669 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
670
3a5346c9 671@@ -54,8 +54,7 @@ gelf_update_move (data, ndx, src)
5f1d07b7 672 assert (sizeof (GElf_Move) == sizeof (Elf64_Move));
49fd4b14 673
5f1d07b7
JB		 674 /* Check whether we have to resize the data buffer. */
675- if (unlikely (ndx < 0)
0969077b
PS		 676- || unlikely ((ndx + 1) * sizeof (GElf_Move) > data_scn->d.d_size))
677+ if (INVALID_NDX (ndx, GElf_Move, &data_scn->d))
5f1d07b7
JB		 678 {
679 __libelf_seterrno (ELF_E_INVALID_INDEX);
0969077b
PS		 680 return 0;
681--- elfutils/libelf/gelf_update_rela.c
682+++ elfutils/libelf/gelf_update_rela.c
683@@ -1,5 +1,5 @@
684 /* Update RELA relocation information at given index.
685- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
686+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 687 This file is part of elfutils.
0969077b
PS		 688 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
689
3a5346c9 690@@ -47,12 +47,6 @@ gelf_update_rela (Elf_Data *dst, int ndx
5f1d07b7
JB		 691 if (dst == NULL)
692 return 0;
693
694- if (unlikely (ndx < 0))
695- {
696- __libelf_seterrno (ELF_E_INVALID_INDEX);
697- return 0;
698- }
699-
700 if (unlikely (data_scn->d.d_type != ELF_T_RELA))
701 {
702 /* The type of the data better should match. */
3a5346c9 703@@ -80,7 +74,7 @@ gelf_update_rela (Elf_Data *dst, int ndx
5f1d07b7
JB		 704 }
705
706 /* Check whether we have to resize the data buffer. */
707- if (unlikely ((ndx + 1) * sizeof (Elf32_Rela) > data_scn->d.d_size))
0969077b 708+ if (INVALID_NDX (ndx, Elf32_Rela, &data_scn->d))
5f1d07b7
JB		 709 {
710 __libelf_seterrno (ELF_E_INVALID_INDEX);
711 goto out;
3a5346c9 712@@ -96,7 +90,7 @@ gelf_update_rela (Elf_Data *dst, int ndx
5f1d07b7
JB		 713 else
714 {
715 /* Check whether we have to resize the data buffer. */
716- if (unlikely ((ndx + 1) * sizeof (Elf64_Rela) > data_scn->d.d_size))
0969077b 717+ if (INVALID_NDX (ndx, Elf64_Rela, &data_scn->d))
5f1d07b7
JB		 718 {
719 __libelf_seterrno (ELF_E_INVALID_INDEX);
720 goto out;
0969077b
PS		 721--- elfutils/libelf/gelf_update_rel.c
722+++ elfutils/libelf/gelf_update_rel.c
723@@ -1,5 +1,5 @@
724 /* Update REL relocation information at given index.
725- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
726+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 727 This file is part of elfutils.
0969077b
PS		 728 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
729
3a5346c9 730@@ -47,12 +47,6 @@ gelf_update_rel (Elf_Data *dst, int ndx,
5f1d07b7
JB		 731 if (dst == NULL)
732 return 0;
49fd4b14 733
5f1d07b7
JB		 734- if (unlikely (ndx < 0))
735- {
736- __libelf_seterrno (ELF_E_INVALID_INDEX);
737- return 0;
738- }
739-
740 if (unlikely (data_scn->d.d_type != ELF_T_REL))
741 {
742 /* The type of the data better should match. */
3a5346c9 743@@ -78,7 +72,7 @@ gelf_update_rel (Elf_Data *dst, int ndx,
5f1d07b7 744 }
49fd4b14 745
5f1d07b7
JB		 746 /* Check whether we have to resize the data buffer. */
747- if (unlikely ((ndx + 1) * sizeof (Elf32_Rel) > data_scn->d.d_size))
0969077b 748+ if (INVALID_NDX (ndx, Elf32_Rel, &data_scn->d))
5f1d07b7
JB		 749 {
750 __libelf_seterrno (ELF_E_INVALID_INDEX);
751 goto out;
3a5346c9 752@@ -93,7 +87,7 @@ gelf_update_rel (Elf_Data *dst, int ndx,
5f1d07b7
JB		 753 else
754 {
755 /* Check whether we have to resize the data buffer. */
756- if (unlikely ((ndx + 1) * sizeof (Elf64_Rel) > data_scn->d.d_size))
0969077b 757+ if (INVALID_NDX (ndx, Elf64_Rel, &data_scn->d))
5f1d07b7
JB		 758 {
759 __libelf_seterrno (ELF_E_INVALID_INDEX);
760 goto out;
0969077b
PS		 761--- elfutils/libelf/gelf_update_sym.c
762+++ elfutils/libelf/gelf_update_sym.c
763@@ -1,5 +1,5 @@
764 /* Update symbol information in symbol table at the given index.
765- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
766+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 767 This file is part of elfutils.
0969077b
PS		 768 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
769
3a5346c9 770@@ -51,12 +51,6 @@ gelf_update_sym (data, ndx, src)
5f1d07b7
JB		 771 if (data == NULL)
772 return 0;
49fd4b14 773
5f1d07b7
JB		 774- if (unlikely (ndx < 0))
775- {
776- __libelf_seterrno (ELF_E_INVALID_INDEX);
777- return 0;
778- }
779-
780 if (unlikely (data_scn->d.d_type != ELF_T_SYM))
781 {
782 /* The type of the data better should match. */
3a5346c9 783@@ -81,7 +75,7 @@ gelf_update_sym (data, ndx, src)
5f1d07b7 784 }
49fd4b14 785
5f1d07b7
JB		 786 /* Check whether we have to resize the data buffer. */
787- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > data_scn->d.d_size))
0969077b 788+ if (INVALID_NDX (ndx, Elf32_Sym, &data_scn->d))
5f1d07b7
JB		 789 {
790 __libelf_seterrno (ELF_E_INVALID_INDEX);
791 goto out;
3a5346c9 792@@ -104,7 +98,7 @@ gelf_update_sym (data, ndx, src)
5f1d07b7
JB		 793 else
794 {
795 /* Check whether we have to resize the data buffer. */
796- if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > data_scn->d.d_size))
0969077b 797+ if (INVALID_NDX (ndx, Elf64_Sym, &data_scn->d))
5f1d07b7
JB		 798 {
799 __libelf_seterrno (ELF_E_INVALID_INDEX);
800 goto out;
0969077b
PS		 801--- elfutils/libelf/gelf_update_syminfo.c
802+++ elfutils/libelf/gelf_update_syminfo.c
803@@ -1,5 +1,5 @@
804 /* Update additional symbol information in symbol table at the given index.
805- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
806+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 807 This file is part of elfutils.
0969077b
PS		 808 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
809
3a5346c9 810@@ -51,12 +51,6 @@ gelf_update_syminfo (data, ndx, src)
5f1d07b7
JB		 811 if (data == NULL)
812 return 0;
0dcd74c7 813
5f1d07b7
JB		 814- if (unlikely (ndx < 0))
815- {
816- __libelf_seterrno (ELF_E_INVALID_INDEX);
817- return 0;
818- }
819-
820 if (unlikely (data_scn->d.d_type != ELF_T_SYMINFO))
821 {
822 /* The type of the data better should match. */
3a5346c9 823@@ -72,7 +66,7 @@ gelf_update_syminfo (data, ndx, src)
5f1d07b7 824 rwlock_wrlock (scn->elf->lock);
0dcd74c7 825
5f1d07b7
JB		 826 /* Check whether we have to resize the data buffer. */
827- if (unlikely ((ndx + 1) * sizeof (GElf_Syminfo) > data_scn->d.d_size))
0969077b 828+ if (INVALID_NDX (ndx, GElf_Syminfo, &data_scn->d))
5f1d07b7
JB		 829 {
830 __libelf_seterrno (ELF_E_INVALID_INDEX);
831 goto out;
0969077b
PS		 832--- elfutils/libelf/gelf_update_symshndx.c
833+++ elfutils/libelf/gelf_update_symshndx.c
834@@ -1,6 +1,6 @@
835 /* Update symbol information and section index in symbol table at the
836 given index.
837- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
838+ Copyright (C) 2000-2009 Red Hat, Inc.
3a5346c9 839 This file is part of elfutils.
0969077b
PS		 840 Written by Ulrich Drepper <drepper@redhat.com>, 2000.
841
3a5346c9 842@@ -56,12 +56,6 @@ gelf_update_symshndx (symdata, shndxdata
5f1d07b7
JB		 843 if (symdata == NULL)
844 return 0;
0dcd74c7 845
5f1d07b7
JB		 846- if (unlikely (ndx < 0))
847- {
848- __libelf_seterrno (ELF_E_INVALID_INDEX);
849- return 0;
850- }
851-
852 if (unlikely (symdata_scn->d.d_type != ELF_T_SYM))
853 {
854 /* The type of the data better should match. */
3a5346c9 855@@ -107,7 +101,7 @@ gelf_update_symshndx (symdata, shndxdata
5f1d07b7 856 }
0dcd74c7 857
5f1d07b7
JB		 858 /* Check whether we have to resize the data buffer. */
859- if (unlikely ((ndx + 1) * sizeof (Elf32_Sym) > symdata_scn->d.d_size))
0969077b 860+ if (INVALID_NDX (ndx, Elf32_Sym, &symdata_scn->d))
5f1d07b7
JB		 861 {
862 __libelf_seterrno (ELF_E_INVALID_INDEX);
863 goto out;
3a5346c9 864@@ -130,7 +124,7 @@ gelf_update_symshndx (symdata, shndxdata
5f1d07b7
JB		 865 else
866 {
867 /* Check whether we have to resize the data buffer. */
868- if (unlikely ((ndx + 1) * sizeof (Elf64_Sym) > symdata_scn->d.d_size))
0969077b 869+ if (INVALID_NDX (ndx, Elf64_Sym, &symdata_scn->d))
5f1d07b7
JB		 870 {
871 __libelf_seterrno (ELF_E_INVALID_INDEX);
872 goto out;
0969077b
PS		 873--- elfutils/libelf/gelf_update_versym.c
874+++ elfutils/libelf/gelf_update_versym.c
875@@ -1,5 +1,5 @@
876 /* Update symbol version information.
877- Copyright (C) 2001, 2002 Red Hat, Inc.
878+ Copyright (C) 2001-2009 Red Hat, Inc.
3a5346c9 879 This file is part of elfutils.
0969077b
PS		 880 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
881
3a5346c9 882@@ -54,8 +54,7 @@ gelf_update_versym (data, ndx, src)
5f1d07b7 883 assert (sizeof (GElf_Versym) == sizeof (Elf64_Versym));
0dcd74c7 884
5f1d07b7
JB		 885 /* Check whether we have to resize the data buffer. */
886- if (unlikely (ndx < 0)
0969077b
PS		 887- || unlikely ((ndx + 1) * sizeof (GElf_Versym) > data_scn->d.d_size))
888+ if (INVALID_NDX (ndx, GElf_Versym, &data_scn->d))
5f1d07b7
JB		 889 {
890 __libelf_seterrno (ELF_E_INVALID_INDEX);
0969077b
PS		 891 return 0;
892--- elfutils/libelf/libelfP.h
893+++ elfutils/libelf/libelfP.h
3a5346c9 894@@ -587,4 +587,8 @@ extern uint32_t __libelf_crc32 (uint32_t
5f1d07b7
JB		 895 /* Align offset to 4 bytes as needed for note name and descriptor data. */
896 #define NOTE_ALIGN(n) (((n) + 3) & -4U)
49fd4b14 897
0969077b
PS		 898+/* Convenience macro. */
899+#define INVALID_NDX(ndx, type, data) \
900+ unlikely ((data)->d_size / sizeof (type) <= (unsigned int) (ndx))
5f1d07b7
JB		 901+
902 #endif /* libelfP.h */
0969077b
PS		 903--- elfutils/src/ChangeLog
904+++ elfutils/src/ChangeLog
3a5346c9 905@@ -344,6 +344,12 @@
96e6dfc1
PS		 906
907 * readelf.c (dwarf_attr_string): Grok DW_AT_GNU_odr_signature.
908
909+2011-03-23 Petr Machata <pmachata@redhat.com>
910+
911+ * readelf.c (handle_dynamic, handle_relocs_rel)
912+ (handle_relocs_rela, handle_versym, print_liblist):
913+ Use gelf_fsize instead of relying on shdr->sh_entsize.
914+
915 2011-02-11 Roland McGrath <roland@redhat.com>
916
917 * elfcmp.c (verbose): New variable.
3a5346c9 918@@ -2056,6 +2062,16 @@
0969077b
PS		 919 object symbols or symbols with unknown type.
920 (check_rel): Likewise.
921
922+2005-06-09 Roland McGrath <roland@redhat.com>
923+
924+ * readelf.c (handle_dynamic, handle_symtab): Check for bogus sh_link.
925+ (handle_verneed, handle_verdef, handle_versym, handle_hash): Likewise.
926+ (handle_scngrp): Check for bogus sh_info.
927+
928+ * strip.c (handle_elf): Check for bogus values in sh_link, sh_info,
929+ st_shndx, e_shstrndx, and SHT_GROUP or SHT_SYMTAB_SHNDX data.
930+ Don't use assert on input values, instead bail with "illformed" error.
931+
932 2005-06-08 Roland McGrath <roland@redhat.com>
933
934 * readelf.c (print_ops): Add consts.
3a5346c9 935@@ -2101,6 +2117,19 @@
0969077b
PS		 936
937 * readelf.c (dwarf_tag_string): Add new tags.
938
939+2005-05-17 Jakub Jelinek <jakub@redhat.com>
940+
941+ * elflint.c (check_hash): Don't check entries beyond end of section.
942+ (check_note): Don't crash if gelf_rawchunk fails.
943+ (section_name): Return <invalid> if gelf_getshdr returns NULL.
944+
945+2005-05-14 Jakub Jelinek <jakub@redhat.com>
946+
947+ * elflint.c (section_name): Return "<invalid>" instead of
948+ crashing on invalid section name.
949+ (check_symtab, is_rel_dyn, check_rela, check_rel, check_dynamic,
950+ check_symtab_shndx, check_hash, check_versym): Robustify.
951+
952 2005-05-08 Roland McGrath <roland@redhat.com>
953
954 * strip.c (handle_elf): Don't translate hash and versym data formats,
955--- elfutils/src/elflint.c
956+++ elfutils/src/elflint.c
3a5346c9 957@@ -123,6 +123,10 @@ static uint32_t shstrndx;
5f1d07b7
JB		 958 /* Array to count references in section groups. */
959 static int *scnref;
0dcd74c7 960
0969077b 961+/* Numbers of sections and program headers. */
5f1d07b7 962+static unsigned int shnum;
0969077b 963+static unsigned int phnum;
5f1d07b7 964+
0dcd74c7 965
5f1d07b7
JB		 966 int
967 main (int argc, char *argv[])
3a5346c9 968@@ -311,10 +315,19 @@ section_name (Ebl *ebl, int idx)
5f1d07b7
JB		 969 {
970 GElf_Shdr shdr_mem;
971 GElf_Shdr *shdr;
972+ const char *ret;
973+
974+ if ((unsigned int) idx > shnum)
975+ return "<invalid>";
0dcd74c7 976
5f1d07b7
JB		 977 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
978+ if (shdr == NULL)
979+ return "<invalid>";
49fd4b14 980
5f1d07b7
JB		 981- return elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
982+ ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
983+ if (ret == NULL)
984+ return "<invalid>";
985+ return ret;
986 }
49fd4b14 987
158e8d12 988
3a5346c9 989@@ -337,11 +350,6 @@ static const int valid_e_machine[] =
5f1d07b7 990 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
158e8d12 991
158e8d12 992
0969077b 993-/* Numbers of sections and program headers. */
5f1d07b7 994-static unsigned int shnum;
0969077b 995-static unsigned int phnum;
5f1d07b7
JB		 996-
997-
998 static void
999 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
1000 {
3a5346c9 1001@@ -625,7 +633,8 @@ section [%2d] '%s': symbol table cannot
5f1d07b7
JB		 1002 }
1003 }
158e8d12 1004
5f1d07b7
JB		 1005- if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT))
1006+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
1007+ if (shdr->sh_entsize != sh_entsize)
1008 ERROR (gettext ("\
1009 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
1010 idx, section_name (ebl, idx));
3a5346c9 1011@@ -663,7 +672,7 @@ section [%2d] '%s': XINDEX for zeroth en
5f1d07b7
JB		 1012 xndxscnidx, section_name (ebl, xndxscnidx));
1013 }
158e8d12 1014
5f1d07b7
JB		 1015- for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1016+ for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
1017 {
1018 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
1019 if (sym == NULL)
3a5346c9 1020@@ -683,7 +692,8 @@ section [%2d] '%s': symbol %zu: invalid
5f1d07b7 1021 else
0dcd74c7 1022 {
5f1d07b7
JB		 1023 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
1024- assert (name != NULL);
1025+ assert (name != NULL
1026+ || strshdr->sh_type != SHT_STRTAB);
1027 }
0dcd74c7 1028
5f1d07b7 1029 if (sym->st_shndx == SHN_XINDEX)
3a5346c9 1030@@ -1032,9 +1042,11 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
5f1d07b7
JB		 1031 {
1032 GElf_Shdr rcshdr_mem;
1033 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1034- assert (rcshdr != NULL);
1035
1036- if (rcshdr->sh_type == SHT_DYNAMIC)
1037+ if (rcshdr == NULL)
1038+ break;
1039+
1040+ if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize)
0dcd74c7 1041 {
5f1d07b7
JB		 1042 /* Found the dynamic section. Look through it. */
1043 Elf_Data *d = elf_getdata (scn, NULL);
3a5346c9 1044@@ -1044,7 +1056,9 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
5f1d07b7
JB		 1045 {
1046 GElf_Dyn dyn_mem;
1047 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1048- assert (dyn != NULL);
1049+
1050+ if (dyn == NULL)
1051+ break;
0dcd74c7 1052
5f1d07b7
JB		 1053 if (dyn->d_tag == DT_RELCOUNT)
1054 {
3a5346c9 1055@@ -1058,7 +1072,9 @@ section [%2d] '%s': DT_RELCOUNT used for
5f1d07b7
JB		 1056 /* Does the number specified number of relative
1057 relocations exceed the total number of
1058 relocations? */
1059- if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1060+ if (shdr->sh_entsize != 0
1061+ && dyn->d_un.d_val > (shdr->sh_size
1062+ / shdr->sh_entsize))
1063 ERROR (gettext ("\
1064 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1065 idx, section_name (ebl, idx),
3a5346c9 1066@@ -1218,7 +1234,8 @@ section [%2d] '%s': no relocations for m
5f1d07b7
JB		 1067 }
1068 }
1069
1070- if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT))
1071+ size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT);
1072+ if (shdr->sh_entsize != sh_entsize)
1073 ERROR (gettext (reltype == ELF_T_RELA ? "\
1074 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1075 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
3a5346c9 1076@@ -1441,7 +1458,8 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, G
5f1d07b7
JB		 1077 Elf_Data *symdata = elf_getdata (symscn, NULL);
1078 enum load_state state = state_undecided;
1079
1080- for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1081+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1082+ for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
49fd4b14 1083 {
5f1d07b7
JB		 1084 GElf_Rela rela_mem;
1085 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
3a5346c9 1086@@ -1491,7 +1509,8 @@ check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GE
5f1d07b7
JB		 1087 Elf_Data *symdata = elf_getdata (symscn, NULL);
1088 enum load_state state = state_undecided;
1089
1090- for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1091+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1092+ for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
49fd4b14 1093 {
5f1d07b7
JB		 1094 GElf_Rel rel_mem;
1095 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
3a5346c9 1096@@ -1590,7 +1609,8 @@ section [%2d] '%s': referenced as string
5f1d07b7
JB		 1097 shdr->sh_link, section_name (ebl, shdr->sh_link),
1098 idx, section_name (ebl, idx));
0dcd74c7 1099
5f1d07b7
JB		 1100- if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT))
1101+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1102+ if (shdr->sh_entsize != sh_entsize)
1103 ERROR (gettext ("\
1104 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1105 idx, section_name (ebl, idx));
3a5346c9 1106@@ -1600,7 +1620,7 @@ section [%2d] '%s': section entry size d
5f1d07b7
JB		 1107 idx, section_name (ebl, idx));
1108
1109 bool non_null_warned = false;
1110- for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1111+ for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
0dcd74c7 1112 {
5f1d07b7
JB		 1113 GElf_Dyn dyn_mem;
1114 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
3a5346c9 1115@@ -1872,6 +1892,8 @@ section [%2d] '%s': entry size does not
5f1d07b7
JB		 1116 idx, section_name (ebl, idx));
1117
1118 if (symshdr != NULL
1119+ && shdr->sh_entsize
1120+ && symshdr->sh_entsize
1121 && (shdr->sh_size / shdr->sh_entsize
1122 < symshdr->sh_size / symshdr->sh_entsize))
1123 ERROR (gettext ("\
3a5346c9 1124@@ -1898,6 +1920,12 @@ section [%2d] '%s': extended section ind
5f1d07b7
JB		 1125 }
1126
1127 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1128+ if (data == NULL)
1129+ {
1130+ ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1131+ idx, section_name (ebl, idx));
1132+ return;
1133+ }
1134
1135 if (*((Elf32_Word *) data->d_buf) != 0)
1136 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
3a5346c9 1137@@ -1940,7 +1968,7 @@ section [%2d] '%s': hash table section i
5f1d07b7
JB		 1138
1139 size_t maxidx = nchain;
1140
1141- if (symshdr != NULL)
1142+ if (symshdr != NULL && symshdr->sh_entsize != 0)
acd2260d 1143 {
5f1d07b7
JB		 1144 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1145
3a5346c9 1146@@ -1951,18 +1979,28 @@ section [%2d] '%s': hash table section i
5f1d07b7
JB		 1147 maxidx = symsize;
1148 }
1149
1150+ Elf32_Word *buf = (Elf32_Word *) data->d_buf;
1151+ Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
1152 size_t cnt;
1153 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1154- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1155+ {
1156+ if (buf + cnt >= end)
1157+ break;
1158+ else if (buf[cnt] >= maxidx)
1159 ERROR (gettext ("\
1160 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1161 idx, section_name (ebl, idx), cnt - 2);
1162+ }
49fd4b14 1163
5f1d07b7
JB		 1164 for (; cnt < 2 + nbucket + nchain; ++cnt)
1165- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1166+ {
1167+ if (buf + cnt >= end)
1168+ break;
1169+ else if (buf[cnt] >= maxidx)
1170 ERROR (gettext ("\
1171 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
1172 idx, section_name (ebl, idx), cnt - 2 - nbucket);
1173+ }
1174 }
49fd4b14 1175
49fd4b14 1176
3a5346c9 1177@@ -1992,18 +2030,28 @@ section [%2d] '%s': hash table section i
5f1d07b7
JB		 1178 maxidx = symsize;
1179 }
1180
1181+ Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
1182+ Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
1183 size_t cnt;
1184 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1185- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
1186+ {
1187+ if (buf + cnt >= end)
1188+ break;
1189+ else if (buf[cnt] >= maxidx)
1190 ERROR (gettext ("\
1191 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1192 idx, section_name (ebl, idx), cnt - 2);
1193+ }
49fd4b14 1194
5f1d07b7
JB		 1195 for (; cnt < 2 + nbucket + nchain; ++cnt)
1196- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
1197+ {
1198+ if (buf + cnt >= end)
1199+ break;
1200+ else if (buf[cnt] >= maxidx)
1201 ERROR (gettext ("\
1202 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
1203- idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket));
1204+ idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
1205+ }
1206 }
d07e7be6 1207
49fd4b14 1208
3a5346c9 1209@@ -2028,7 +2076,7 @@ section [%2d] '%s': bitmask size not pow
5f1d07b7 1210 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
0dcd74c7 1211 {
5f1d07b7
JB		 1212 ERROR (gettext ("\
1213-section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"),
1214+section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
1215 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1216 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
1217 return;
3a5346c9 1218@@ -2700,8 +2748,9 @@ section [%2d] '%s' refers in sh_link to
0dcd74c7 1219
5f1d07b7
JB		 1220 /* The number of elements in the version symbol table must be the
1221 same as the number of symbols. */
1222- if (shdr->sh_size / shdr->sh_entsize
1223- != symshdr->sh_size / symshdr->sh_entsize)
1224+ if (shdr->sh_entsize && symshdr->sh_entsize
1225+ && (shdr->sh_size / shdr->sh_entsize
1226+ != symshdr->sh_size / symshdr->sh_entsize))
1227 ERROR (gettext ("\
1228 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
1229 idx, section_name (ebl, idx),
0969077b
PS		 1230--- elfutils/src/readelf.c
1231+++ elfutils/src/readelf.c
3a5346c9 1232@@ -1189,6 +1189,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7 1233 Elf32_Word *grpref = (Elf32_Word *) data->d_buf;
0dcd74c7 1234
5f1d07b7
JB		 1235 GElf_Sym sym_mem;
1236+ GElf_Sym *sym = gelf_getsym (symdata, shdr->sh_info, &sym_mem);
d07e7be6 1237+
5f1d07b7
JB		 1238 printf ((grpref[0] & GRP_COMDAT)
1239 ? ngettext ("\
1240 \nCOMDAT section group [%2zu] '%s' with signature '%s' contains %zu entry:\n",
3a5346c9 1241@@ -1201,8 +1203,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1242 data->d_size / sizeof (Elf32_Word) - 1),
1243 elf_ndxscn (scn),
1244 elf_strptr (ebl->elf, shstrndx, shdr->sh_name),
1245- elf_strptr (ebl->elf, symshdr->sh_link,
1246- gelf_getsym (symdata, shdr->sh_info, &sym_mem)->st_name)
1247+ (sym == NULL ? NULL
1248+ : elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1249 ?: gettext ("<INVALID SYMBOL>"),
1250 data->d_size / sizeof (Elf32_Word) - 1);
d07e7be6 1251
3a5346c9 1252@@ -1353,10 +1355,12 @@ static void
5f1d07b7
JB		 1253 handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
1254 {
1255 int class = gelf_getclass (ebl->elf);
1256- GElf_Shdr glink;
1257+ GElf_Shdr glink_mem;
1258+ GElf_Shdr *glink;
1259 Elf_Data *data;
1260 size_t cnt;
1261 size_t shstrndx;
96e6dfc1
PS		 1262+ size_t sh_entsize;
1263
1264 /* Get the data of the section. */
1265 data = elf_getdata (scn, NULL);
3a5346c9 1266@@ -1368,21 +1372,26 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
5f1d07b7
JB		 1267 error (EXIT_FAILURE, 0,
1268 gettext ("cannot get section header string table index"));
0dcd74c7 1269
96e6dfc1
PS		 1270+ sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT);
1271+
5f1d07b7
JB		 1272+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
1273+ if (glink == NULL)
1274+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1275+ elf_ndxscn (scn));
d07e7be6 1276+
5f1d07b7
JB		 1277 printf (ngettext ("\
1278 \nDynamic segment contains %lu entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1279 "\
96e6dfc1
PS		 1280 \nDynamic segment contains %lu entries:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1281- shdr->sh_size / shdr->sh_entsize),
1282- (unsigned long int) (shdr->sh_size / shdr->sh_entsize),
1283+ shdr->sh_size / sh_entsize),
1284+ (unsigned long int) (shdr->sh_size / sh_entsize),
5f1d07b7
JB		 1285 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1286 shdr->sh_offset,
1287 (int) shdr->sh_link,
1288- elf_strptr (ebl->elf, shstrndx,
1289- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1290- &glink)->sh_name));
1291+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1292 fputs_unlocked (gettext (" Type Value\n"), stdout);
1293
96e6dfc1
PS		 1294- for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1295+ for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1296 {
1297 GElf_Dyn dynmem;
1298 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dynmem);
3a5346c9 1299@@ -1531,7 +1540,8 @@ static void
96e6dfc1
PS		 1300 handle_relocs_rel (Ebl *ebl, GElf_Ehdr *ehdr, Elf_Scn *scn, GElf_Shdr *shdr)
1301 {
1302 int class = gelf_getclass (ebl->elf);
1303- int nentries = shdr->sh_size / shdr->sh_entsize;
1304+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT);
1305+ int nentries = shdr->sh_size / sh_entsize;
1306
1307 /* Get the data of the section. */
1308 Elf_Data *data = elf_getdata (scn, NULL);
3a5346c9 1309@@ -1717,7 +1727,8 @@ static void
96e6dfc1
PS		 1310 handle_relocs_rela (Ebl *ebl, GElf_Ehdr *ehdr, Elf_Scn *scn, GElf_Shdr *shdr)
1311 {
1312 int class = gelf_getclass (ebl->elf);
1313- int nentries = shdr->sh_size / shdr->sh_entsize;
1314+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT);
1315+ int nentries = shdr->sh_size / sh_entsize;
1316
1317 /* Get the data of the section. */
1318 Elf_Data *data = elf_getdata (scn, NULL);
3a5346c9 1319@@ -1964,6 +1975,13 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1320 error (EXIT_FAILURE, 0,
1321 gettext ("cannot get section header string table index"));
1322
1323+ GElf_Shdr glink_mem;
1324+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1325+ &glink_mem);
1326+ if (glink == NULL)
1327+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1328+ elf_ndxscn (scn));
d07e7be6 1329+
5f1d07b7
JB		 1330 /* Now we can compute the number of entries in the section. */
1331 unsigned int nsyms = data->d_size / (class == ELFCLASS32
1332 ? sizeof (Elf32_Sym)
3a5346c9 1333@@ -1974,15 +1992,12 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1334 nsyms),
1335 (unsigned int) elf_ndxscn (scn),
1336 elf_strptr (ebl->elf, shstrndx, shdr->sh_name), nsyms);
1337- GElf_Shdr glink;
1338 printf (ngettext (" %lu local symbol String table: [%2u] '%s'\n",
1339 " %lu local symbols String table: [%2u] '%s'\n",
1340 shdr->sh_info),
1341 (unsigned long int) shdr->sh_info,
1342 (unsigned int) shdr->sh_link,
1343- elf_strptr (ebl->elf, shstrndx,
1344- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1345- &glink)->sh_name));
1346+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
a8ca41f5 1347
5f1d07b7
JB		 1348 fputs_unlocked (class == ELFCLASS32
1349 ? gettext ("\
3a5346c9 1350@@ -2218,7 +2233,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
5f1d07b7
JB		 1351 error (EXIT_FAILURE, 0,
1352 gettext ("cannot get section header string table index"));
0dcd74c7 1353
5f1d07b7
JB		 1354- GElf_Shdr glink;
1355+ GElf_Shdr glink_mem;
1356+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1357+ &glink_mem);
1358+ if (glink == NULL)
1359+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1360+ elf_ndxscn (scn));
1361+
1362 printf (ngettext ("\
1363 \nVersion needs section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1364 "\
3a5346c9 1365@@ -2229,9 +2250,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
5f1d07b7
JB		 1366 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1367 shdr->sh_offset,
1368 (unsigned int) shdr->sh_link,
1369- elf_strptr (ebl->elf, shstrndx,
1370- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1371- &glink)->sh_name));
1372+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
d07e7be6 1373
5f1d07b7
JB		 1374 unsigned int offset = 0;
1375 for (int cnt = shdr->sh_info; --cnt >= 0; )
3a5346c9 1376@@ -2284,8 +2303,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1377 error (EXIT_FAILURE, 0,
1378 gettext ("cannot get section header string table index"));
1379
1380+ GElf_Shdr glink_mem;
1381+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1382+ &glink_mem);
1383+ if (glink == NULL)
1384+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1385+ elf_ndxscn (scn));
d07e7be6 1386+
5f1d07b7
JB		 1387 int class = gelf_getclass (ebl->elf);
1388- GElf_Shdr glink;
1389 printf (ngettext ("\
1390 \nVersion definition section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1391 "\
3a5346c9 1392@@ -2297,9 +2322,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1393 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1394 shdr->sh_offset,
1395 (unsigned int) shdr->sh_link,
1396- elf_strptr (ebl->elf, shstrndx,
1397- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1398- &glink)->sh_name));
1399+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
1400
1401 unsigned int offset = 0;
1402 for (int cnt = shdr->sh_info; --cnt >= 0; )
3a5346c9 1403@@ -2561,25 +2584,30 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
5f1d07b7
JB		 1404 filename = NULL;
1405 }
1406
1407+ GElf_Shdr glink_mem;
1408+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1409+ &glink_mem);
96e6dfc1 1410+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_HALF, 1, EV_CURRENT);
5f1d07b7
JB		 1411+ if (glink == NULL)
1412+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
1413+ elf_ndxscn (scn));
d07e7be6 1414+
5f1d07b7
JB		 1415 /* Print the header. */
1416- GElf_Shdr glink;
1417 printf (ngettext ("\
1418 \nVersion symbols section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'",
1419 "\
96e6dfc1
PS		 1420 \nVersion symbols section [%2u] '%s' contains %d entries:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'",
1421- shdr->sh_size / shdr->sh_entsize),
1422+ shdr->sh_size / sh_entsize),
1423 (unsigned int) elf_ndxscn (scn),
1424 elf_strptr (ebl->elf, shstrndx, shdr->sh_name),
1425- (int) (shdr->sh_size / shdr->sh_entsize),
1426+ (int) (shdr->sh_size / sh_entsize),
5f1d07b7
JB		 1427 class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
1428 shdr->sh_offset,
1429 (unsigned int) shdr->sh_link,
1430- elf_strptr (ebl->elf, shstrndx,
1431- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1432- &glink)->sh_name));
1433+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
0dcd74c7 1434
5f1d07b7 1435 /* Now we can finally look at the actual contents of this section. */
96e6dfc1
PS		 1436- for (unsigned int cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1437+ for (unsigned int cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt)
1438 {
1439 if (cnt % 2 == 0)
1440 printf ("\n %4d:", cnt);
3a5346c9 1441@@ -2628,7 +2656,17 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
5f1d07b7
JB		 1442 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
1443 ++counts[lengths[cnt]];
0dcd74c7 1444
5f1d07b7
JB		 1445- GElf_Shdr glink;
1446+ GElf_Shdr glink_mem;
1447+ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf,
1448+ shdr->sh_link),
1449+ &glink_mem);
1450+ if (glink == NULL)
1451+ {
1452+ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
1453+ elf_ndxscn (scn));
1454+ return;
1455+ }
1456+
1457 printf (ngettext ("\
1458 \nHistogram for bucket list length in section [%2u] '%s' (total of %d bucket):\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
1459 "\
3a5346c9 1460@@ -2641,9 +2679,7 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
5f1d07b7
JB		 1461 shdr->sh_addr,
1462 shdr->sh_offset,
1463 (unsigned int) shdr->sh_link,
1464- elf_strptr (ebl->elf, shstrndx,
1465- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
1466- &glink)->sh_name));
1467+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
d07e7be6 1468
5f1d07b7
JB		 1469 if (extrastr != NULL)
1470 fputs (extrastr, stdout);
3a5346c9 1471@@ -2903,7 +2939,8 @@ print_liblist (Ebl *ebl)
96e6dfc1
PS		 1472
1473 if (shdr != NULL && shdr->sh_type == SHT_GNU_LIBLIST)
1474 {
1475- int nentries = shdr->sh_size / shdr->sh_entsize;
1476+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_LIB, 1, EV_CURRENT);
1477+ int nentries = shdr->sh_size / sh_entsize;
1478 printf (ngettext ("\
1479 \nLibrary list section [%2zu] '%s' at offset %#0" PRIx64 " contains %d entry:\n",
1480 "\
3a5346c9 1481@@ -4164,6 +4201,16 @@ print_debug_aranges_section (Dwfl_Module
5f1d07b7
JB		 1482 return;
1483 }
1484
1485+ GElf_Shdr glink_mem;
1486+ GElf_Shdr *glink;
1487+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
1488+ if (glink == NULL)
1489+ {
1490+ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
1491+ elf_ndxscn (scn));
1492+ return;
1493+ }
1494+
1495 printf (ngettext ("\
0969077b 1496 \nDWARF section [%2zu] '%s' at offset %#" PRIx64 " contains %zu entry:\n",
5f1d07b7 1497 "\
0969077b
PS		 1498--- elfutils/src/strip.c
1499+++ elfutils/src/strip.c
3a5346c9 1500@@ -564,6 +564,11 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1501 goto fail_close;
1502 }
0dcd74c7 1503
5f1d07b7
JB		 1504+ if (shstrndx >= shnum)
1505+ goto illformed;
1506+
1507+#define elf_assert(test) do { if (!(test)) goto illformed; } while (0)
1508+
1509 /* Storage for section information. We leave room for two more
1510 entries since we unconditionally create a section header string
1511 table. Maybe some weird tool created an ELF file without one.
3a5346c9 1512@@ -585,7 +590,7 @@ handle_elf (int fd, Elf *elf, const char
a8ca41f5 1513 {
5f1d07b7
JB		 1514 /* This should always be true (i.e., there should not be any
1515 holes in the numbering). */
1516- assert (elf_ndxscn (scn) == cnt);
1517+ elf_assert (elf_ndxscn (scn) == cnt);
0dcd74c7 1518
5f1d07b7 1519 shdr_info[cnt].scn = scn;
0dcd74c7 1520
3a5346c9 1521@@ -598,6 +603,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1522 shdr_info[cnt].shdr.sh_name);
1523 if (shdr_info[cnt].name == NULL)
a8ca41f5 1524 {
5f1d07b7
JB		 1525+ illformed:
1526 error (0, 0, gettext ("illformed file '%s'"), fname);
1527 goto fail_close;
1528 }
3a5346c9 1529@@ -607,6 +613,8 @@ handle_elf (int fd, Elf *elf, const char
0dcd74c7 1530
5f1d07b7
JB		 1531 /* Remember the shdr.sh_link value. */
1532 shdr_info[cnt].old_sh_link = shdr_info[cnt].shdr.sh_link;
1533+ if (shdr_info[cnt].old_sh_link >= shnum)
1534+ goto illformed;
d07e7be6 1535
5f1d07b7
JB		 1536 /* Sections in files other than relocatable object files which
1537 are not loaded can be freely moved by us. In relocatable
3a5346c9 1538@@ -619,7 +627,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1539 appropriate reference. */
1540 if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB_SHNDX))
1541 {
1542- assert (shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx == 0);
1543+ elf_assert (shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx == 0);
1544 shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx = cnt;
d07e7be6 1545 }
5f1d07b7 1546 else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GROUP))
3a5346c9 1547@@ -636,7 +644,12 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1548 for (inner = 1;
1549 inner < shdr_info[cnt].data->d_size / sizeof (Elf32_Word);
1550 ++inner)
1551+ {
1552+ if (grpref[inner] < shnum)
1553 shdr_info[grpref[inner]].group_idx = cnt;
1554+ else
1555+ goto illformed;
1556+ }
0dcd74c7 1557
5f1d07b7
JB		 1558 if (inner == 1 || (inner == 2 && (grpref[0] & GRP_COMDAT) == 0))
1559 /* If the section group contains only one element and this
3a5346c9 1560@@ -647,7 +660,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1561 }
1562 else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GNU_versym))
d07e7be6 1563 {
5f1d07b7
JB		 1564- assert (shdr_info[shdr_info[cnt].shdr.sh_link].version_idx == 0);
1565+ elf_assert (shdr_info[shdr_info[cnt].shdr.sh_link].version_idx == 0);
1566 shdr_info[shdr_info[cnt].shdr.sh_link].version_idx = cnt;
1567 }
0dcd74c7 1568
3a5346c9 1569@@ -655,7 +668,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1570 discarded right away. */
1571 if ((shdr_info[cnt].shdr.sh_flags & SHF_GROUP) != 0)
d07e7be6 1572 {
5f1d07b7
JB		 1573- assert (shdr_info[cnt].group_idx != 0);
1574+ elf_assert (shdr_info[cnt].group_idx != 0);
d07e7be6 1575
5f1d07b7
JB		 1576 if (shdr_info[shdr_info[cnt].group_idx].idx == 0)
1577 {
3a5346c9 1578@@ -731,10 +744,14 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1579 {
1580 /* If a relocation section is marked as being removed make
1581 sure the section it is relocating is removed, too. */
1582- if ((shdr_info[cnt].shdr.sh_type == SHT_REL
1583+ if (shdr_info[cnt].shdr.sh_type == SHT_REL
1584 || shdr_info[cnt].shdr.sh_type == SHT_RELA)
1585- && shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
96e6dfc1 1586- shdr_info[cnt].idx = 1;
5f1d07b7
JB		 1587+ {
1588+ if (shdr_info[cnt].shdr.sh_info >= shnum)
1589+ goto illformed;
1590+ else if (shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
96e6dfc1
PS		 1591+ shdr_info[cnt].idx = 1;
1592+ }
d07e7be6 1593
96e6dfc1
PS		 1594 /* If a group section is marked as being removed make
1595 sure all the sections it contains are being removed, too. */
3a5346c9 1596@@ -778,7 +795,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1597 if (shdr_info[cnt].symtab_idx != 0
1598 && shdr_info[shdr_info[cnt].symtab_idx].data == NULL)
1599 {
1600- assert (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB);
1601+ elf_assert (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB);
1602
1603 shdr_info[shdr_info[cnt].symtab_idx].data
1604 = elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
3a5346c9 1605@@ -818,6 +835,9 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1606 else if (scnidx == SHN_XINDEX)
1607 scnidx = xndx;
1608
1609+ if (scnidx >= shnum)
1610+ goto illformed;
1611+
1612 if (shdr_info[scnidx].idx == 0)
1613 /* This symbol table has a real symbol in
1614 a discarded section. So preserve the
3a5346c9 1615@@ -848,12 +868,16 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1616 }
1617
1618 /* Handle references through sh_info. */
1619- if (SH_INFO_LINK_P (&shdr_info[cnt].shdr)
1620- && shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
1621+ if (SH_INFO_LINK_P (&shdr_info[cnt].shdr))
1622+ {
1623+ if (shdr_info[cnt].shdr.sh_info >= shnum)
1624+ goto illformed;
1625+ else if ( shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
1626 {
1627 shdr_info[shdr_info[cnt].shdr.sh_info].idx = 1;
1628 changes |= shdr_info[cnt].shdr.sh_info < cnt;
1629 }
1630+ }
1631
1632 /* Mark the section as investigated. */
1633 shdr_info[cnt].idx = 2;
3a5346c9 1634@@ -994,7 +1018,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1635 error (EXIT_FAILURE, 0, gettext ("while generating output file: %s"),
1636 elf_errmsg (-1));
1637
1638- assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1639+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1640
1641 /* Add this name to the section header string table. */
1642 shdr_info[cnt].se = ebl_strtabadd (shst, shdr_info[cnt].name, 0);
3a5346c9 1643@@ -1031,7 +1055,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1644 error (EXIT_FAILURE, 0,
1645 gettext ("while create section header section: %s"),
1646 elf_errmsg (-1));
1647- assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1648+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == shdr_info[cnt].idx);
1649
1650 shdr_info[cnt].data = elf_newdata (shdr_info[cnt].newscn);
1651 if (shdr_info[cnt].data == NULL)
3a5346c9 1652@@ -1087,7 +1111,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1653 error (EXIT_FAILURE, 0,
1654 gettext ("while create section header section: %s"),
1655 elf_errmsg (-1));
1656- assert (elf_ndxscn (shdr_info[cnt].newscn) == idx);
1657+ elf_assert (elf_ndxscn (shdr_info[cnt].newscn) == idx);
1658
1659 /* Finalize the string table and fill in the correct indices in the
1660 section headers. */
3a5346c9 1661@@ -1177,20 +1201,20 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1662 shndxdata = elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
1663 NULL);
d07e7be6 1664
5f1d07b7
JB		 1665- assert ((versiondata->d_size / sizeof (Elf32_Word))
1666+ elf_assert ((versiondata->d_size / sizeof (Elf32_Word))
1667 >= shdr_info[cnt].data->d_size / elsize);
1668 }
d07e7be6 1669
5f1d07b7
JB		 1670 if (shdr_info[cnt].version_idx != 0)
1671 {
1672- assert (shdr_info[cnt].shdr.sh_type == SHT_DYNSYM);
1673+ elf_assert (shdr_info[cnt].shdr.sh_type == SHT_DYNSYM);
1674 /* This section has associated version
1675 information. We have to modify that
1676 information, too. */
1677 versiondata = elf_getdata (shdr_info[shdr_info[cnt].version_idx].scn,
1678 NULL);
d07e7be6 1679
5f1d07b7
JB		 1680- assert ((versiondata->d_size / sizeof (GElf_Versym))
1681+ elf_assert ((versiondata->d_size / sizeof (GElf_Versym))
1682 >= shdr_info[cnt].data->d_size / elsize);
1683 }
0dcd74c7 1684
3a5346c9 1685@@ -1245,7 +1269,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1686 sec = shdr_info[sym->st_shndx].idx;
1687 else
1688 {
1689- assert (shndxdata != NULL);
1690+ elf_assert (shndxdata != NULL);
d07e7be6 1691
5f1d07b7
JB		 1692 sec = shdr_info[xshndx].idx;
1693 }
3a5346c9 1694@@ -1266,7 +1290,7 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1695 nxshndx = sec;
1696 }
d07e7be6 1697
5f1d07b7
JB		 1698- assert (sec < SHN_LORESERVE || shndxdata != NULL);
1699+ elf_assert (sec < SHN_LORESERVE || shndxdata != NULL);
d07e7be6 1700
5f1d07b7
JB		 1701 if ((inner != destidx || nshndx != sym->st_shndx
1702 || (shndxdata != NULL && nxshndx != xshndx))
3a5346c9 1703@@ -1293,9 +1317,11 @@ handle_elf (int fd, Elf *elf, const char
96e6dfc1
PS		 1704 {
1705 size_t sidx = (sym->st_shndx != SHN_XINDEX
1706 ? sym->st_shndx : xshndx);
1707- assert (GELF_ST_TYPE (sym->st_info) == STT_SECTION
1708- || (shdr_info[sidx].shdr.sh_type == SHT_GROUP
1709- && shdr_info[sidx].shdr.sh_info == inner));
1710+ elf_assert (GELF_ST_TYPE (sym->st_info) == STT_SECTION
1711+ || ((shdr_info[sidx].shdr.sh_type
1712+ == SHT_GROUP)
1713+ && (shdr_info[sidx].shdr.sh_info
1714+ == inner)));
1715 }
5f1d07b7 1716 }
d07e7be6 1717
3a5346c9 1718@@ -1483,11 +1509,11 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1719 {
1720 GElf_Sym sym_mem;
1721 GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
1722- assert (sym != NULL);
1723+ elf_assert (sym != NULL);
0dcd74c7 1724
5f1d07b7
JB		 1725 const char *name = elf_strptr (elf, strshndx,
1726 sym->st_name);
1727- assert (name != NULL);
1728+ elf_assert (name != NULL);
1729 size_t hidx = elf_hash (name) % nbucket;
0dcd74c7 1730
5f1d07b7 1731 if (bucket[hidx] == 0)
3a5346c9 1732@@ -1506,8 +1532,8 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1733 else
1734 {
1735 /* Alpha and S390 64-bit use 64-bit SHT_HASH entries. */
1736- assert (shdr_info[cnt].shdr.sh_entsize
96e6dfc1 1737- == sizeof (Elf64_Xword));
5f1d07b7 1738+ elf_assert (shdr_info[cnt].shdr.sh_entsize
96e6dfc1 1739+ == sizeof (Elf64_Xword));
0dcd74c7 1740
5f1d07b7 1741 Elf64_Xword *bucket = (Elf64_Xword *) hashd->d_buf;
96e6dfc1 1742
3a5346c9 1743@@ -1537,11 +1563,11 @@ handle_elf (int fd, Elf *elf, const char
5f1d07b7
JB		 1744 {
1745 GElf_Sym sym_mem;
1746 GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
1747- assert (sym != NULL);
1748+ elf_assert (sym != NULL);
0dcd74c7 1749
5f1d07b7
JB		 1750 const char *name = elf_strptr (elf, strshndx,
1751 sym->st_name);
1752- assert (name != NULL);
1753+ elf_assert (name != NULL);
1754 size_t hidx = elf_hash (name) % nbucket;
1755
1756 if (bucket[hidx] == 0)
A collection of utilities and DSOs to handle compiled objects
This page took 0.464934 seconds and 4 git commands to generate.