* elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to
elf->map_address. Check if first section header fits into object's
bounds.
- * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): Fix comment pasto.
+ * elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)):
Check if section header table fits into object's bounds.
* elf_begin.c (get_shnum): Ensure section headers fits into
object's bounds.
(check_symtab, is_rel_dyn, check_rela, check_rel, check_dynamic,
check_symtab_shndx, check_hash, check_versym): Robustify.
---- elfutils-0.115/libelf/elf32_getphdr.c
-+++ elfutils-0.115/libelf/elf32_getphdr.c
-@@ -82,6 +82,16 @@ elfw2(LIBELFBITS,getphdr) (elf)
+--- elfutils-0.136/libelf/elf32_getphdr.c.robustify
++++ elfutils-0.136/libelf/elf32_getphdr.c
+@@ -105,6 +105,16 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf)
if (elf->map_address != NULL)
{
+ }
+
/* All the data is already mapped. Use it. */
- if (ehdr->e_ident[EI_DATA] == MY_ELFDATA
- && (ALLOW_UNALIGNED
---- elfutils-0.115/libelf/elf32_getshdr.c
-+++ elfutils-0.115/libelf/elf32_getshdr.c
-@@ -68,11 +68,12 @@ elfw2(LIBELFBITS,getshdr) (scn)
- goto out;
-
- size_t shnum;
-- if (INTUSE (elf_getshnum) (elf, &shnum) != 0)
-+ if (INTUSE (elf_getshnum) (elf, &shnum) != 0
-+ || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr)))
- goto out;
- size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr));
-
-- /* Allocate memory for the program headers. We know the number
-+ /* Allocate memory for the section headers. We know the number
- of entries from the ELF header. */
- ElfW2(LIBELFBITS,Shdr) *shdr = elf->state.ELFW(elf,LIBELFBITS).shdr =
- (ElfW2(LIBELFBITS,Shdr) *) malloc (size);
-@@ -94,6 +95,16 @@ elfw2(LIBELFBITS,getshdr) (scn)
- && (ehdr->e_shoff
- & (__alignof__ (ElfW2(LIBELFBITS,Shdr)) - 1)) != 0));
-
-+ /* First see whether the information in the ELF header is
-+ valid and it does not ask for too much. */
-+ if (unlikely (ehdr->e_shoff >= elf->maximum_size)
-+ || unlikely (ehdr->e_shoff + size > elf->maximum_size))
-+ {
-+ /* Something is wrong. */
-+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
-+ goto free_and_out;
-+ }
-+
- /* Now copy the data and at the same time convert the byte
- order. */
- if (ALLOW_UNALIGNED
---- elfutils-0.115/libelf/elf32_newphdr.c
-+++ elfutils-0.115/libelf/elf32_newphdr.c
+ void *file_phdr = ((char *) elf->map_address
+ + elf->start_offset + ehdr->e_phoff);
+--- elfutils-0.136/libelf/elf32_getshdr.c.robustify
++++ elfutils-0.136/libelf/elf32_getshdr.c
@@ -1,5 +1,5 @@
- /* Create new ELF program header table.
-- Copyright (C) 1999, 2000, 2002 Red Hat, Inc.
-+ Copyright (C) 1999, 2000, 2002, 2005 Red Hat, Inc.
+ /* Return section header.
+- Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2007 Red Hat, Inc.
++ Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2007, 2008 Red Hat, Inc.
+ This file is part of Red Hat elfutils.
Written by Ulrich Drepper <drepper@redhat.com>, 1998.
- This program is free software; you can redistribute it and/or modify
-@@ -91,6 +91,12 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
+@@ -81,7 +81,8 @@ load_shdr_rwlock (Elf_Scn *scn)
+ goto out;
+
+ size_t shnum;
+- if (__elf_getshnum_rdlock (elf, &shnum) != 0)
++ if (__elf_getshnum_rdlock (elf, &shnum) != 0
++ || shnum > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Shdr)))
+ goto out;
+ size_t size = shnum * sizeof (ElfW2(LIBELFBITS,Shdr));
+
+@@ -98,6 +99,16 @@ load_shdr_rwlock (Elf_Scn *scn)
+
+ if (elf->map_address != NULL)
+ {
++ /* First see whether the information in the ELF header is
++ valid and it does not ask for too much. */
++ if (unlikely (ehdr->e_shoff >= elf->maximum_size)
++ || unlikely (ehdr->e_shoff + size > elf->maximum_size))
++ {
++ /* Something is wrong. */
++ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
++ goto free_and_out;
++ }
++
+ ElfW2(LIBELFBITS,Shdr) *notcvt;
+
+ /* All the data is already mapped. If we could use it
+--- elfutils-0.136/libelf/elf32_newphdr.c.robustify
++++ elfutils-0.136/libelf/elf32_newphdr.c
+@@ -124,6 +124,12 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
else if (elf->state.ELFW(elf,LIBELFBITS).ehdr->e_phnum != count
|| elf->state.ELFW(elf,LIBELFBITS).phdr == NULL)
{
/* Allocate a new program header with the appropriate number of
elements. */
result = (ElfW2(LIBELFBITS,Phdr) *)
---- elfutils-0.115/libelf/elf32_updatefile.c
-+++ elfutils-0.115/libelf/elf32_updatefile.c
-@@ -166,6 +166,9 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf
+--- elfutils-0.136/libelf/elf32_updatefile.c.robustify
++++ elfutils-0.136/libelf/elf32_updatefile.c
+@@ -212,6 +212,9 @@ __elfw2(LIBELFBITS,updatemmap) (Elf *elf
/* Write all the sections. Well, only those which are modified. */
if (shnum > 0)
{
+ if (unlikely (shnum > SIZE_MAX / sizeof (Elf_Scn *)))
-+ return 1;
++ return 1;
+
- ElfW2(LIBELFBITS,Shdr) *shdr_dest;
Elf_ScnList *list = &elf->state.ELFW(elf,LIBELFBITS).scns;
Elf_Scn **scns = (Elf_Scn **) alloca (shnum * sizeof (Elf_Scn *));
-@@ -470,6 +473,10 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf
+ char *const shdr_start = ((char *) elf->map_address + elf->start_offset
+@@ -582,6 +585,10 @@ __elfw2(LIBELFBITS,updatefile) (Elf *elf
/* Write all the sections. Well, only those which are modified. */
if (shnum > 0)
{
off_t shdr_offset = elf->start_offset + ehdr->e_shoff;
#if EV_NUM != 2
xfct_t shdr_fctp = __elf_xfctstom[__libelf_version - 1][EV_CURRENT - 1][ELFW(ELFCLASS, LIBELFBITS) - 1][ELF_T_SHDR];
---- elfutils-0.115/libelf/elf_begin.c
-+++ elfutils-0.115/libelf/elf_begin.c
-@@ -122,7 +122,8 @@ get_shnum (void *map_address, unsigned c
+--- elfutils-0.136/libelf/elf_begin.c.robustify
++++ elfutils-0.136/libelf/elf_begin.c
+@@ -155,7 +155,8 @@ get_shnum (void *map_address, unsigned c
if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
{
-- if (offset + ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
+- if (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize)
+ if (unlikely (ehdr.e32->e_shoff >= maxsize)
+ || unlikely (ehdr.e32->e_shoff + sizeof (Elf32_Shdr) > maxsize))
/* Cannot read the first section header. */
- return (size_t) -1l;
+ return 0;
-@@ -165,7 +166,8 @@ get_shnum (void *map_address, unsigned c
+@@ -203,7 +204,8 @@ get_shnum (void *map_address, unsigned c
if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
{
-- if (offset + ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
+- if (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize)
+ if (unlikely (ehdr.e64->e_shoff >= maxsize)
+ || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
/* Cannot read the first section header. */
- return (size_t) -1l;
+ return 0;
-@@ -232,6 +234,15 @@ file_read_elf (int fildes, void *map_add
+@@ -275,6 +277,15 @@ file_read_elf (int fildes, void *map_add
/* Could not determine the number of sections. */
return NULL;
/* We can now allocate the memory. */
Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
ELF_K_ELF, scncnt * sizeof (Elf_Scn));
-@@ -265,13 +276,31 @@ file_read_elf (int fildes, void *map_add
+@@ -308,13 +319,31 @@ file_read_elf (int fildes, void *map_add
{
/* We can use the mmapped memory. */
elf->state.elf32.ehdr = ehdr;
= (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
+
if (ehdr->e_phnum > 0)
-- /* Assign a value only if there really is a program
-- header. Otherwise the value remains NULL. */
-- elf->state.elf32.phdr
-- = (Elf32_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ {
-+ /* Assign a value only if there really is a program
-+ header. Otherwise the value remains NULL. */
+ /* Assign a value only if there really is a program
+ header. Otherwise the value remains NULL. */
+ if (unlikely (ehdr->e_phoff >= maxsize)
+ || unlikely (ehdr->e_phoff
+ + ehdr->e_phnum
+ * sizeof (Elf32_Phdr) > maxsize))
+ goto free_and_out;
-+ elf->state.elf32.phdr
-+ = (Elf32_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ elf->state.elf32.phdr
+ = (Elf32_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ }
for (size_t cnt = 0; cnt < scncnt; ++cnt)
{
-@@ -340,13 +369,26 @@ file_read_elf (int fildes, void *map_add
+@@ -396,13 +425,26 @@ file_read_elf (int fildes, void *map_add
{
/* We can use the mmapped memory. */
elf->state.elf64.ehdr = ehdr;
= (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
+
if (ehdr->e_phnum > 0)
-- /* Assign a value only if there really is a program
-- header. Otherwise the value remains NULL. */
-- elf->state.elf64.phdr
-- = (Elf64_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ {
-+ /* Assign a value only if there really is a program
-+ header. Otherwise the value remains NULL. */
+ /* Assign a value only if there really is a program
+ header. Otherwise the value remains NULL. */
+ if (unlikely (ehdr->e_phoff >= maxsize)
+ || unlikely (ehdr->e_phoff
+ + ehdr->e_phnum
+ * sizeof (Elf32_Phdr) > maxsize))
+ goto free_and_out;
-+ elf->state.elf64.phdr
-+ = (Elf64_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ elf->state.elf64.phdr
+ = (Elf64_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+ }
for (size_t cnt = 0; cnt < scncnt; ++cnt)
{
---- elfutils-0.115/libelf/elf_getarsym.c
-+++ elfutils-0.115/libelf/elf_getarsym.c
-@@ -146,6 +146,9 @@ elf_getarsym (elf, ptr)
+--- elfutils-0.136/libelf/elf_getarsym.c.robustify
++++ elfutils-0.136/libelf/elf_getarsym.c
+@@ -179,6 +179,9 @@ elf_getarsym (elf, ptr)
size_t index_size = atol (tmpbuf);
if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
|| n * sizeof (uint32_t) > index_size)
{
/* This index table cannot be right since it does not fit into
---- elfutils-0.115/libelf/elf_getshstrndx.c
-+++ elfutils-0.115/libelf/elf_getshstrndx.c
-@@ -92,10 +92,25 @@ elf_getshstrndx (elf, dst)
+--- elfutils-0.136/libelf/elf_getshstrndx.c.robustify
++++ elfutils-0.136/libelf/elf_getshstrndx.c
+@@ -125,10 +125,25 @@ elf_getshstrndx (elf, dst)
if (elf->map_address != NULL
&& elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
+ || (((size_t) ((char *) elf->map_address
+ + elf->start_offset + offset))
& (__alignof__ (Elf32_Shdr) - 1)) == 0))
-- /* We can directly access the memory. */
-- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
+ {
+ /* First see whether the information in the ELF header is
+ valid and it does not ask for too much. */
+ goto out;
+ }
+
-+ /* We can directly access the memory. */
+ /* We can directly access the memory. */
+- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
+ num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
+ + offset))->sh_link;
+ }
else
{
/* We avoid reading in all the section headers. Just read
-@@ -130,10 +145,25 @@ elf_getshstrndx (elf, dst)
+@@ -163,10 +178,25 @@ elf_getshstrndx (elf, dst)
if (elf->map_address != NULL
&& elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
+ || (((size_t) ((char *) elf->map_address
+ + elf->start_offset + offset))
& (__alignof__ (Elf64_Shdr) - 1)) == 0))
-- /* We can directly access the memory. */
-- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
+ {
+ /* First see whether the information in the ELF header is
+ valid and it does not ask for too much. */
+ goto out;
+ }
+
-+ /* We can directly access the memory. */
+ /* We can directly access the memory. */
+- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
+ num = ((Elf64_Shdr *) (elf->map_address
+ + elf->start_offset + offset))->sh_link;
+ }
else
{
/* We avoid reading in all the section headers. Just read
---- elfutils-0.115/libelf/elf_newscn.c
-+++ elfutils-0.115/libelf/elf_newscn.c
-@@ -1,5 +1,5 @@
- /* Append new section.
-- Copyright (C) 1998, 1999, 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 1998.
-
- This program is free software; you can redistribute it and/or modify
-@@ -71,13 +71,21 @@ elf_newscn (elf)
+--- elfutils-0.136/libelf/elf_newscn.c.robustify
++++ elfutils-0.136/libelf/elf_newscn.c
+@@ -104,10 +104,18 @@ elf_newscn (elf)
else
{
/* We must allocate a new element. */
assert (elf->state.elf.scnincr > 0);
-- newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
-- + ((elf->state.elf.scnincr *= 2)
-- * sizeof (Elf_Scn)), 1);
+ if (
+#if SIZE_MAX <= 4294967295U
+ likely (elf->state.elf.scnincr
+ 1
+#endif
+ )
-+ newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
-+ + ((elf->state.elf.scnincr *= 2)
-+ * sizeof (Elf_Scn)), 1);
- if (newp == NULL)
- {
- __libelf_seterrno (ELF_E_NOMEM);
---- elfutils-0.115/libelf/gelf_getdyn.c
-+++ elfutils-0.115/libelf/gelf_getdyn.c
-@@ -1,5 +1,5 @@
- /* Get information from dynamic table at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -60,7 +60,8 @@ gelf_getdyn (data, ndx, dst)
+ newp = (Elf_ScnList *) calloc (sizeof (Elf_ScnList)
+ + ((elf->state.elf.scnincr *= 2)
+ * sizeof (Elf_Scn)), 1);
+--- elfutils-0.136/libelf/gelf_getdyn.c.robustify
++++ elfutils-0.136/libelf/gelf_getdyn.c
+@@ -93,7 +93,8 @@ gelf_getdyn (data, ndx, dst)
table entries has to be adopted. The user better has provided
a buffer where we can store the information. While copying the
data we are converting the format. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -81,7 +82,8 @@ gelf_getdyn (data, ndx, dst)
+@@ -114,7 +115,8 @@ gelf_getdyn (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_getlib.c
-+++ elfutils-0.115/libelf/gelf_getlib.c
-@@ -1,5 +1,5 @@
- /* Get library from table at the given index.
-- Copyright (C) 2004 Red Hat, Inc.
-+ Copyright (C) 2004, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2004.
-
- This program is free software; you can redistribute it and/or modify
-@@ -53,7 +53,8 @@ gelf_getlib (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getlib.c.robustify
++++ elfutils-0.136/libelf/gelf_getlib.c
+@@ -86,7 +86,8 @@ gelf_getlib (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
GElf_Lib *result = NULL;
__libelf_seterrno (ELF_E_INVALID_INDEX);
else
{
---- elfutils-0.115/libelf/gelf_getmove.c
-+++ elfutils-0.115/libelf/gelf_getmove.c
-@@ -1,5 +1,5 @@
- /* Get move structure at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -50,7 +50,8 @@ gelf_getmove (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getmove.c.robustify
++++ elfutils-0.136/libelf/gelf_getmove.c
+@@ -83,7 +83,8 @@ gelf_getmove (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_getrela.c
-+++ elfutils-0.115/libelf/gelf_getrela.c
-@@ -1,5 +1,5 @@
- /* Get RELA relocation information at given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -38,12 +38,6 @@ gelf_getrela (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getrela.c.robustify
++++ elfutils-0.136/libelf/gelf_getrela.c
+@@ -71,12 +71,6 @@ gelf_getrela (data, ndx, dst)
if (data_scn == NULL)
return NULL;
if (unlikely (data_scn->d.d_type != ELF_T_RELA))
{
__libelf_seterrno (ELF_E_INVALID_HANDLE);
-@@ -60,7 +54,8 @@ gelf_getrela (data, ndx, dst)
+@@ -93,7 +87,8 @@ gelf_getrela (data, ndx, dst)
if (scn->elf->class == ELFCLASS32)
{
/* We have to convert the data. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
result = NULL;
-@@ -81,7 +76,8 @@ gelf_getrela (data, ndx, dst)
+@@ -114,7 +109,8 @@ gelf_getrela (data, ndx, dst)
{
/* Simply copy the data after we made sure we are actually getting
correct data. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
result = NULL;
---- elfutils-0.115/libelf/gelf_getrel.c
-+++ elfutils-0.115/libelf/gelf_getrel.c
-@@ -1,5 +1,5 @@
- /* Get REL relocation information at given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -38,12 +38,6 @@ gelf_getrel (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getrel.c.robustify
++++ elfutils-0.136/libelf/gelf_getrel.c
+@@ -71,12 +71,6 @@ gelf_getrel (data, ndx, dst)
if (data_scn == NULL)
return NULL;
if (unlikely (data_scn->d.d_type != ELF_T_REL))
{
__libelf_seterrno (ELF_E_INVALID_HANDLE);
-@@ -60,7 +54,8 @@ gelf_getrel (data, ndx, dst)
+@@ -93,7 +87,8 @@ gelf_getrel (data, ndx, dst)
if (scn->elf->class == ELFCLASS32)
{
/* We have to convert the data. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
result = NULL;
-@@ -80,7 +75,8 @@ gelf_getrel (data, ndx, dst)
+@@ -113,7 +108,8 @@ gelf_getrel (data, ndx, dst)
{
/* Simply copy the data after we made sure we are actually getting
correct data. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
result = NULL;
---- elfutils-0.115/libelf/gelf_getsym.c
-+++ elfutils-0.115/libelf/gelf_getsym.c
-@@ -1,5 +1,5 @@
- /* Get symbol information from symbol table at the given index.
-- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 1999, 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 1999.
-
- This program is free software; you can redistribute it and/or modify
-@@ -57,7 +57,8 @@ gelf_getsym (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getsym.c.robustify
++++ elfutils-0.136/libelf/gelf_getsym.c
+@@ -90,7 +90,8 @@ gelf_getsym (data, ndx, dst)
table entries has to be adopted. The user better has provided
a buffer where we can store the information. While copying the
data we are converting the format. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -86,7 +87,8 @@ gelf_getsym (data, ndx, dst)
+@@ -119,7 +120,8 @@ gelf_getsym (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_getsyminfo.c
-+++ elfutils-0.115/libelf/gelf_getsyminfo.c
-@@ -1,5 +1,5 @@
- /* Get additional symbol information from symbol table at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -51,7 +51,8 @@ gelf_getsyminfo (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getsyminfo.c.robustify
++++ elfutils-0.136/libelf/gelf_getsyminfo.c
+@@ -84,7 +84,8 @@ gelf_getsyminfo (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_getsymshndx.c
-+++ elfutils-0.115/libelf/gelf_getsymshndx.c
-@@ -1,6 +1,6 @@
- /* Get symbol information and separate section index from symbol table
- at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -57,7 +57,9 @@ gelf_getsymshndx (symdata, shndxdata, nd
+--- elfutils-0.136/libelf/gelf_getsymshndx.c.robustify
++++ elfutils-0.136/libelf/gelf_getsymshndx.c
+@@ -90,7 +90,9 @@ gelf_getsymshndx (symdata, shndxdata, nd
section index table. */
if (likely (shndxdata_scn != NULL))
{
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -77,7 +79,8 @@ gelf_getsymshndx (symdata, shndxdata, nd
+@@ -110,7 +112,8 @@ gelf_getsymshndx (symdata, shndxdata, nd
table entries has to be adopted. The user better has provided
a buffer where we can store the information. While copying the
data we are converting the format. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -106,7 +109,8 @@ gelf_getsymshndx (symdata, shndxdata, nd
+@@ -139,7 +142,8 @@ gelf_getsymshndx (symdata, shndxdata, nd
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_getversym.c
-+++ elfutils-0.115/libelf/gelf_getversym.c
-@@ -1,5 +1,5 @@
- /* Get symbol version information at the given index.
-- Copyright (C) 1999, 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 1999, 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 1999.
-
- This program is free software; you can redistribute it and/or modify
-@@ -59,7 +59,8 @@ gelf_getversym (data, ndx, dst)
+--- elfutils-0.136/libelf/gelf_getversym.c.robustify
++++ elfutils-0.136/libelf/gelf_getversym.c
+@@ -92,7 +92,8 @@ gelf_getversym (data, ndx, dst)
/* The data is already in the correct form. Just make sure the
index is OK. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
result = NULL;
---- elfutils-0.115/libelf/gelf_update_dyn.c
-+++ elfutils-0.115/libelf/gelf_update_dyn.c
-@@ -1,5 +1,5 @@
- /* Update information in dynamic table at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -38,12 +38,6 @@ gelf_update_dyn (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_dyn.c.robustify
++++ elfutils-0.136/libelf/gelf_update_dyn.c
+@@ -71,12 +71,6 @@ gelf_update_dyn (data, ndx, src)
if (data == NULL)
return 0;
if (unlikely (data_scn->d.d_type != ELF_T_DYN))
{
/* The type of the data better should match. */
-@@ -69,7 +63,8 @@ gelf_update_dyn (data, ndx, src)
+@@ -102,7 +96,8 @@ gelf_update_dyn (data, ndx, src)
}
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -83,7 +78,8 @@ gelf_update_dyn (data, ndx, src)
+@@ -116,7 +111,8 @@ gelf_update_dyn (data, ndx, src)
else
{
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_lib.c
-+++ elfutils-0.115/libelf/gelf_update_lib.c
-@@ -1,5 +1,5 @@
- /* Update library in table at the given index.
-- Copyright (C) 2004 Red Hat, Inc.
-+ Copyright (C) 2004, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2004.
-
- This program is free software; you can redistribute it and/or modify
-@@ -35,12 +35,6 @@ gelf_update_lib (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_lib.c.robustify
++++ elfutils-0.136/libelf/gelf_update_lib.c
+@@ -68,12 +68,6 @@ gelf_update_lib (data, ndx, src)
if (data == NULL)
return 0;
Elf_Data_Scn *data_scn = (Elf_Data_Scn *) data;
if (unlikely (data_scn->d.d_type != ELF_T_LIB))
{
-@@ -54,7 +48,8 @@ gelf_update_lib (data, ndx, src)
+@@ -87,7 +81,8 @@ gelf_update_lib (data, ndx, src)
/* Check whether we have to resize the data buffer. */
int result = 0;
__libelf_seterrno (ELF_E_INVALID_INDEX);
else
{
---- elfutils-0.115/libelf/gelf_update_move.c
-+++ elfutils-0.115/libelf/gelf_update_move.c
-@@ -1,5 +1,5 @@
- /* Update move structure at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -42,7 +42,7 @@ gelf_update_move (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_move.c.robustify
++++ elfutils-0.136/libelf/gelf_update_move.c
+@@ -75,7 +75,7 @@ gelf_update_move (data, ndx, src)
assert (sizeof (GElf_Move) == sizeof (Elf64_Move));
/* Check whether we have to resize the data buffer. */
|| unlikely ((ndx + 1) * sizeof (GElf_Move) > data_scn->d.d_size))
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
---- elfutils-0.115/libelf/gelf_update_rela.c
-+++ elfutils-0.115/libelf/gelf_update_rela.c
-@@ -1,5 +1,5 @@
- /* Update RELA relocation information at given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -35,12 +35,6 @@ gelf_update_rela (Elf_Data *dst, int ndx
+--- elfutils-0.136/libelf/gelf_update_rela.c.robustify
++++ elfutils-0.136/libelf/gelf_update_rela.c
+@@ -68,12 +68,6 @@ gelf_update_rela (Elf_Data *dst, int ndx
if (dst == NULL)
return 0;
if (unlikely (data_scn->d.d_type != ELF_T_RELA))
{
/* The type of the data better should match. */
-@@ -68,7 +62,8 @@ gelf_update_rela (Elf_Data *dst, int ndx
+@@ -101,7 +95,8 @@ gelf_update_rela (Elf_Data *dst, int ndx
}
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -84,7 +79,8 @@ gelf_update_rela (Elf_Data *dst, int ndx
+@@ -117,7 +112,8 @@ gelf_update_rela (Elf_Data *dst, int ndx
else
{
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_rel.c
-+++ elfutils-0.115/libelf/gelf_update_rel.c
-@@ -1,5 +1,5 @@
- /* Update REL relocation information at given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -35,12 +35,6 @@ gelf_update_rel (Elf_Data *dst, int ndx,
+--- elfutils-0.136/libelf/gelf_update_rel.c.robustify
++++ elfutils-0.136/libelf/gelf_update_rel.c
+@@ -68,12 +68,6 @@ gelf_update_rel (Elf_Data *dst, int ndx,
if (dst == NULL)
return 0;
if (unlikely (data_scn->d.d_type != ELF_T_REL))
{
/* The type of the data better should match. */
-@@ -66,7 +60,8 @@ gelf_update_rel (Elf_Data *dst, int ndx,
+@@ -99,7 +93,8 @@ gelf_update_rel (Elf_Data *dst, int ndx,
}
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -81,7 +76,8 @@ gelf_update_rel (Elf_Data *dst, int ndx,
+@@ -114,7 +109,8 @@ gelf_update_rel (Elf_Data *dst, int ndx,
else
{
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_sym.c
-+++ elfutils-0.115/libelf/gelf_update_sym.c
-@@ -1,5 +1,5 @@
- /* Update symbol information in symbol table at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -39,12 +39,6 @@ gelf_update_sym (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_sym.c.robustify
++++ elfutils-0.136/libelf/gelf_update_sym.c
+@@ -72,12 +72,6 @@ gelf_update_sym (data, ndx, src)
if (data == NULL)
return 0;
if (unlikely (data_scn->d.d_type != ELF_T_SYM))
{
/* The type of the data better should match. */
-@@ -69,7 +63,8 @@ gelf_update_sym (data, ndx, src)
+@@ -102,7 +96,8 @@ gelf_update_sym (data, ndx, src)
}
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -92,7 +87,8 @@ gelf_update_sym (data, ndx, src)
+@@ -125,7 +120,8 @@ gelf_update_sym (data, ndx, src)
else
{
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_syminfo.c
-+++ elfutils-0.115/libelf/gelf_update_syminfo.c
-@@ -1,5 +1,5 @@
- /* Update additional symbol information in symbol table at the given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -39,12 +39,6 @@ gelf_update_syminfo (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_syminfo.c.robustify
++++ elfutils-0.136/libelf/gelf_update_syminfo.c
+@@ -72,12 +72,6 @@ gelf_update_syminfo (data, ndx, src)
if (data == NULL)
return 0;
if (unlikely (data_scn->d.d_type != ELF_T_SYMINFO))
{
/* The type of the data better should match. */
-@@ -60,7 +54,8 @@ gelf_update_syminfo (data, ndx, src)
+@@ -93,7 +87,8 @@ gelf_update_syminfo (data, ndx, src)
rwlock_wrlock (scn->elf->lock);
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_symshndx.c
-+++ elfutils-0.115/libelf/gelf_update_symshndx.c
-@@ -1,6 +1,6 @@
- /* Update symbol information and section index in symbol table at the
- given index.
-- Copyright (C) 2000, 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2000, 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2000.
-
- This program is free software; you can redistribute it and/or modify
-@@ -44,12 +44,6 @@ gelf_update_symshndx (symdata, shndxdata
+--- elfutils-0.136/libelf/gelf_update_symshndx.c.robustify
++++ elfutils-0.136/libelf/gelf_update_symshndx.c
+@@ -77,12 +77,6 @@ gelf_update_symshndx (symdata, shndxdata
if (symdata == NULL)
return 0;
if (unlikely (symdata_scn->d.d_type != ELF_T_SYM))
{
/* The type of the data better should match. */
-@@ -95,7 +89,8 @@ gelf_update_symshndx (symdata, shndxdata
+@@ -128,7 +122,8 @@ gelf_update_symshndx (symdata, shndxdata
}
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
-@@ -118,7 +113,8 @@ gelf_update_symshndx (symdata, shndxdata
+@@ -151,7 +146,8 @@ gelf_update_symshndx (symdata, shndxdata
else
{
/* Check whether we have to resize the data buffer. */
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
goto out;
---- elfutils-0.115/libelf/gelf_update_versym.c
-+++ elfutils-0.115/libelf/gelf_update_versym.c
-@@ -1,5 +1,5 @@
- /* Update symbol version information.
-- Copyright (C) 2001, 2002 Red Hat, Inc.
-+ Copyright (C) 2001, 2002, 2005 Red Hat, Inc.
- Written by Ulrich Drepper <drepper@redhat.com>, 2001.
-
- This program is free software; you can redistribute it and/or modify
-@@ -42,7 +42,7 @@ gelf_update_versym (data, ndx, src)
+--- elfutils-0.136/libelf/gelf_update_versym.c.robustify
++++ elfutils-0.136/libelf/gelf_update_versym.c
+@@ -75,7 +75,7 @@ gelf_update_versym (data, ndx, src)
assert (sizeof (GElf_Versym) == sizeof (Elf64_Versym));
/* Check whether we have to resize the data buffer. */
|| unlikely ((ndx + 1) * sizeof (GElf_Versym) > data_scn->d.d_size))
{
__libelf_seterrno (ELF_E_INVALID_INDEX);
---- elfutils-0.115/libelf/libelfP.h
-+++ elfutils-0.115/libelf/libelfP.h
-@@ -536,4 +536,13 @@ extern uint32_t __libelf_crc32 (uint32_t
- } while (0)
- #endif
+--- elfutils-0.136/libelf/libelfP.h.robustify
++++ elfutils-0.136/libelf/libelfP.h
+@@ -611,4 +611,13 @@ extern uint32_t __libelf_crc32 (uint32_t
+ /* Align offset to 4 bytes as needed for note name and descriptor data. */
+ #define NOTE_ALIGN(n) (((n) + 3) & -4U)
+/* Convenience macro. Assumes int NDX and TYPE with size at least
+ 2 bytes. */
+#endif
+
#endif /* libelfP.h */
---- elfutils-0.115/src/elflint.c
-+++ elfutils-0.115/src/elflint.c
-@@ -111,6 +111,9 @@ static uint32_t shstrndx;
+--- elfutils-0.136/src/elflint.c.robustify
++++ elfutils-0.136/src/elflint.c
+@@ -131,6 +131,9 @@ static uint32_t shstrndx;
/* Array to count references in section groups. */
static int *scnref;
int
main (int argc, char *argv[])
-@@ -300,10 +303,19 @@ section_name (Ebl *ebl, int idx)
+@@ -320,10 +323,19 @@ section_name (Ebl *ebl, int idx)
{
GElf_Shdr shdr_mem;
GElf_Shdr *shdr;
}
-@@ -325,10 +337,6 @@ static const int valid_e_machine[] =
+@@ -345,10 +357,6 @@ static const int valid_e_machine[] =
(sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
static void
check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
{
-@@ -591,7 +599,8 @@ section [%2d] '%s': symbol table cannot
+@@ -613,7 +621,8 @@ section [%2d] '%s': symbol table cannot
}
}
+ size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT);
+ if (shdr->sh_entsize != sh_entsize)
ERROR (gettext ("\
- section [%2zu] '%s': entry size is does not match ElfXX_Sym\n"),
- cnt, section_name (ebl, cnt));
-@@ -629,7 +638,7 @@ section [%2d] '%s': XINDEX for zeroth en
+ section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
+ idx, section_name (ebl, idx));
+@@ -651,7 +660,7 @@ section [%2d] '%s': XINDEX for zeroth en
xndxscnidx, section_name (ebl, xndxscnidx));
}
-- for (cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
-+ for (cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
+- for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
++ for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt)
{
sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
if (sym == NULL)
-@@ -647,7 +656,8 @@ section [%2d] '%s': symbol %zu: invalid
+@@ -671,7 +680,8 @@ section [%2d] '%s': symbol %zu: invalid
else
{
name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
}
if (sym->st_shndx == SHN_XINDEX)
-@@ -958,7 +968,7 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
+@@ -1001,9 +1011,11 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
+ {
+ GElf_Shdr rcshdr_mem;
const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
- assert (rcshdr != NULL);
+- assert (rcshdr != NULL);
- if (rcshdr->sh_type == SHT_DYNAMIC)
++ if (rcshdr == NULL)
++ break;
++
+ if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize)
{
/* Found the dynamic section. Look through it. */
Elf_Data *d = elf_getdata (scn, NULL);
-@@ -968,14 +978,17 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
+@@ -1013,7 +1025,9 @@ is_rel_dyn (Ebl *ebl, const GElf_Ehdr *e
{
GElf_Dyn dyn_mem;
GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
if (dyn->d_tag == DT_RELCOUNT)
{
- /* Found it. One last check: does the number
- specified number of relative relocations exceed
- the total number of relocations? */
-- if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
-+ if (shdr->sh_entsize
-+ && dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
- ERROR (gettext ("\
+@@ -1027,7 +1041,9 @@ section [%2d] '%s': DT_RELCOUNT used for
+ /* Does the number specified number of relative
+ relocations exceed the total number of
+ relocations? */
+- if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
++ if (shdr->sh_entsize != 0
++ && dyn->d_un.d_val > (shdr->sh_size
++ / shdr->sh_entsize))
+ ERROR (gettext ("\
section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
- idx, section_name (ebl, idx),
-@@ -1050,7 +1063,8 @@ section [%2d] '%s': no relocations for m
+ idx, section_name (ebl, idx),
+@@ -1187,7 +1203,8 @@ section [%2d] '%s': no relocations for m
}
}
ERROR (gettext (reltype == ELF_T_RELA ? "\
section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
-@@ -1258,7 +1272,8 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, G
+@@ -1410,7 +1427,8 @@ check_rela (Ebl *ebl, GElf_Ehdr *ehdr, G
Elf_Data *symdata = elf_getdata (symscn, NULL);
enum load_state state = state_undecided;
{
GElf_Rela rela_mem;
GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
-@@ -1307,7 +1322,8 @@ check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GE
+@@ -1460,7 +1478,8 @@ check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GE
Elf_Data *symdata = elf_getdata (symscn, NULL);
enum load_state state = state_undecided;
{
GElf_Rel rel_mem;
GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
-@@ -1408,7 +1424,8 @@ section [%2d] '%s': referenced as string
+@@ -1563,7 +1582,8 @@ section [%2d] '%s': referenced as string
shdr->sh_link, section_name (ebl, shdr->sh_link),
idx, section_name (ebl, idx));
ERROR (gettext ("\
section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
idx, section_name (ebl, idx));
-@@ -1418,7 +1435,7 @@ section [%2d] '%s': section entry size d
+@@ -1573,7 +1593,7 @@ section [%2d] '%s': section entry size d
idx, section_name (ebl, idx));
bool non_null_warned = false;
{
GElf_Dyn dyn_mem;
GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
-@@ -1559,6 +1576,8 @@ section [%2d] '%s': entry size does not
+@@ -1854,6 +1874,8 @@ section [%2d] '%s': entry size does not
idx, section_name (ebl, idx));
if (symshdr != NULL
&& (shdr->sh_size / shdr->sh_entsize
< symshdr->sh_size / symshdr->sh_entsize))
ERROR (gettext ("\
-@@ -1585,6 +1604,12 @@ section [%2d] '%s': extended section ind
+@@ -1880,6 +1902,12 @@ section [%2d] '%s': extended section ind
}
Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
if (*((Elf32_Word *) data->d_buf) != 0)
ERROR (gettext ("symbol 0 should have zero extended section index\n"));
-@@ -1665,23 +1690,30 @@ section [%2d] '%s': hash table section i
- idx, section_name (ebl, idx), (long int) shdr->sh_size,
- (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
+@@ -1922,7 +1950,7 @@ section [%2d] '%s': hash table section i
+
+ size_t maxidx = nchain;
- if (symshdr != NULL)
-+ if (symshdr != NULL && symshdr->sh_entsize)
++ if (symshdr != NULL && symshdr->sh_entsize != 0)
{
size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
- size_t cnt;
-+ Elf32_Word *buf, *end;
-
- if (nchain < symshdr->sh_size / symshdr->sh_entsize)
- ERROR (gettext ("section [%2d] '%s': chain array not large enough\n"),
- idx, section_name (ebl, idx));
-
-+ buf = ((Elf32_Word *) data->d_buf) + 2;
-+ end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
- for (cnt = 2; cnt < 2 + nbucket; ++cnt)
-- if (((Elf32_Word *) data->d_buf)[cnt] >= symsize)
-+ if (buf >= end)
-+ return;
-+ else if (*buf++ >= symsize)
- ERROR (gettext ("\
+
+@@ -1933,18 +1961,28 @@ section [%2d] '%s': hash table section i
+ maxidx = symsize;
+ }
+
++ Elf32_Word *buf = (Elf32_Word *) data->d_buf;
++ Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size);
+ size_t cnt;
+ for (cnt = 2; cnt < 2 + nbucket; ++cnt)
+- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
++ {
++ if (buf + cnt >= end)
++ break;
++ else if (buf[cnt] >= maxidx)
+ ERROR (gettext ("\
section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
- idx, section_name (ebl, idx), cnt - 2);
-
- for (; cnt < 2 + nbucket + nchain; ++cnt)
-- if (((Elf32_Word *) data->d_buf)[cnt] >= symsize)
-+ if (buf >= end)
-+ return;
-+ else if (*buf++ >= symsize)
- ERROR (gettext ("\
+ idx, section_name (ebl, idx), cnt - 2);
++ }
+
+ for (; cnt < 2 + nbucket + nchain; ++cnt)
+- if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
++ {
++ if (buf + cnt >= end)
++ break;
++ else if (buf[cnt] >= maxidx)
+ ERROR (gettext ("\
section [%2d] '%s': hash chain reference %zu out of bounds\n"),
- idx, section_name (ebl, idx), cnt - 2 - nbucket);
-@@ -2023,8 +2055,9 @@ section [%2d] '%s' refers in sh_link to
+ idx, section_name (ebl, idx), cnt - 2 - nbucket);
++ }
+ }
+
+
+@@ -1974,18 +2012,28 @@ section [%2d] '%s': hash table section i
+ maxidx = symsize;
+ }
+
++ Elf64_Xword *buf = (Elf64_Xword *) data->d_buf;
++ Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size);
+ size_t cnt;
+ for (cnt = 2; cnt < 2 + nbucket; ++cnt)
+- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
++ {
++ if (buf + cnt >= end)
++ break;
++ else if (buf[cnt] >= maxidx)
+ ERROR (gettext ("\
+ section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
+ idx, section_name (ebl, idx), cnt - 2);
++ }
+
+ for (; cnt < 2 + nbucket + nchain; ++cnt)
+- if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
++ {
++ if (buf + cnt >= end)
++ break;
++ else if (buf[cnt] >= maxidx)
+ ERROR (gettext ("\
+ section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
+- idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket));
++ idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket);
++ }
+ }
+
+
+@@ -2010,7 +2058,7 @@ section [%2d] '%s': bitmask size not pow
+ if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
+ {
+ ERROR (gettext ("\
+-section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"),
++section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"),
+ idx, section_name (ebl, idx), (long int) shdr->sh_size,
+ (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
+ return;
+@@ -2682,8 +2730,9 @@ section [%2d] '%s' refers in sh_link to
/* The number of elements in the version symbol table must be the
same as the number of symbols. */
ERROR (gettext ("\
section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
idx, section_name (ebl, idx),
-@@ -2928,6 +2961,8 @@ phdr[%d]: no note entries defined for th
- return;
-
- char *notemem = gelf_rawchunk (ebl->elf, phdr->p_offset, phdr->p_filesz);
-+ if (notemem == NULL)
-+ return;
-
- /* ELF64 files often use note section entries in the 32-bit format.
- The p_align field is set to 8 in case the 64-bit format is used.
---- elfutils-0.115/src/readelf.c
-+++ elfutils-0.115/src/readelf.c
-@@ -947,6 +947,7 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
- GElf_Shdr *symshdr;
- Elf_Data *symdata;
- GElf_Sym sym_mem;
-+ GElf_Sym *sym;
- size_t cnt;
- size_t shstrndx;
+--- elfutils-0.136/src/readelf.c.robustify
++++ elfutils-0.136/src/readelf.c
+@@ -1111,6 +1111,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
+ Elf32_Word *grpref = (Elf32_Word *) data->d_buf;
-@@ -966,6 +967,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
- error (EXIT_FAILURE, 0,
- gettext ("cannot get section header string table index"));
-
-+ sym = gelf_getsym (symdata, shdr->sh_info, &sym_mem);
+ GElf_Sym sym_mem;
++ GElf_Sym *sym = gelf_getsym (symdata, shdr->sh_info, &sym_mem);
+
- grpref = (Elf32_Word *) data->d_buf;
-
printf ((grpref[0] & GRP_COMDAT)
-@@ -980,8 +983,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
+ ? ngettext ("\
+ \nCOMDAT section group [%2zu] '%s' with signature '%s' contains %zu entry:\n",
+@@ -1123,8 +1125,8 @@ handle_scngrp (Ebl *ebl, Elf_Scn *scn, G
data->d_size / sizeof (Elf32_Word) - 1),
elf_ndxscn (scn),
elf_strptr (ebl->elf, shstrndx, shdr->sh_name),
?: gettext ("<INVALID SYMBOL>"),
data->d_size / sizeof (Elf32_Word) - 1);
-@@ -1135,7 +1138,8 @@ static void
+@@ -1275,7 +1277,8 @@ static void
handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
{
int class = gelf_getclass (ebl->elf);
Elf_Data *data;
size_t cnt;
size_t shstrndx;
-@@ -1150,6 +1154,11 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
+@@ -1290,6 +1293,11 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
error (EXIT_FAILURE, 0,
gettext ("cannot get section header string table index"));
printf (ngettext ("\
\nDynamic segment contains %lu entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
"\
-@@ -1159,9 +1168,7 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
+@@ -1299,9 +1307,7 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn,
class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
shdr->sh_offset,
(int) shdr->sh_link,
fputs_unlocked (gettext (" Type Value\n"), stdout);
for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
-@@ -1656,7 +1663,8 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
- unsigned int cnt;
- Elf32_Word verneed_stridx = 0;
- Elf32_Word verdef_stridx = 0;
-- GElf_Shdr glink;
-+ GElf_Shdr glink_mem;
-+ GElf_Shdr *glink;
- size_t shstrndx;
-
- /* Get the data of the section. */
-@@ -1701,6 +1709,11 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
+@@ -1801,6 +1807,13 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
error (EXIT_FAILURE, 0,
gettext ("cannot get section header string table index"));
-+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &glink_mem);
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
++ &glink_mem);
+ if (glink == NULL)
+ error (EXIT_FAILURE, 0, gettext ("invalid sh_link value in section %Zu"),
+ elf_ndxscn (scn));
+
/* Now we can compute the number of entries in the section. */
- nsyms = data->d_size / (class == ELFCLASS32
- ? sizeof (Elf32_Sym) : sizeof (Elf64_Sym));
-@@ -1715,9 +1728,7 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
+ unsigned int nsyms = data->d_size / (class == ELFCLASS32
+ ? sizeof (Elf32_Sym)
+@@ -1811,15 +1824,12 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, G
+ nsyms),
+ (unsigned int) elf_ndxscn (scn),
+ elf_strptr (ebl->elf, shstrndx, shdr->sh_name), nsyms);
+- GElf_Shdr glink;
+ printf (ngettext (" %lu local symbol String table: [%2u] '%s'\n",
+ " %lu local symbols String table: [%2u] '%s'\n",
shdr->sh_info),
(unsigned long int) shdr->sh_info,
(unsigned int) shdr->sh_link,
fputs_unlocked (class == ELFCLASS32
? gettext ("\
-@@ -1956,7 +1967,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
+@@ -2055,7 +2065,13 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
error (EXIT_FAILURE, 0,
gettext ("cannot get section header string table index"));
printf (ngettext ("\
\nVersion needs section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
"\
-@@ -1967,9 +1984,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
+@@ -2066,9 +2082,7 @@ handle_verneed (Ebl *ebl, Elf_Scn *scn,
class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
shdr->sh_offset,
(unsigned int) shdr->sh_link,
unsigned int offset = 0;
for (int cnt = shdr->sh_info; --cnt >= 0; )
-@@ -2022,8 +2037,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
+@@ -2121,8 +2135,14 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
error (EXIT_FAILURE, 0,
gettext ("cannot get section header string table index"));
printf (ngettext ("\
\nVersion definition section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
"\
-@@ -2035,9 +2056,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
+@@ -2134,9 +2154,7 @@ handle_verdef (Ebl *ebl, Elf_Scn *scn, G
class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
shdr->sh_offset,
(unsigned int) shdr->sh_link,
unsigned int offset = 0;
for (int cnt = shdr->sh_info; --cnt >= 0; )
-@@ -2086,7 +2105,6 @@ static void
- handle_versym (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
- {
- int class = gelf_getclass (ebl->elf);
-- GElf_Shdr glink;
- const char **vername;
- const char **filename;
-
-@@ -2312,6 +2330,13 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
+@@ -2398,8 +2416,14 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
filename = NULL;
}
+ elf_ndxscn (scn));
+
/* Print the header. */
+- GElf_Shdr glink;
printf (ngettext ("\
\nVersion symbols section [%2u] '%s' contains %d entry:\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'",
-@@ -2324,9 +2349,7 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
+ "\
+@@ -2411,9 +2435,7 @@ handle_versym (Ebl *ebl, Elf_Scn *scn, G
class == ELFCLASS32 ? 10 : 18, shdr->sh_addr,
shdr->sh_offset,
(unsigned int) shdr->sh_link,
/* Now we can finally look at the actual contents of this section. */
for (unsigned int cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
-@@ -2402,7 +2425,6 @@ handle_hash (Ebl *ebl)
- Elf32_Word maxlength = 0;
- Elf32_Word nsyms = 0;
- uint64_t nzero_counts = 0;
-- GElf_Shdr glink;
-
- if (data == NULL)
- {
-@@ -2411,6 +2433,17 @@ handle_hash (Ebl *ebl)
- continue;
- }
+@@ -2465,7 +2487,17 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
+ for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
+ ++counts[lengths[cnt]];
-+ GElf_Shdr glink_mem;
-+ GElf_Shdr *glink;
-+ glink = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
-+ &glink_mem);
-+ if (glink == NULL)
-+ {
-+ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
-+ elf_ndxscn (scn));
-+ continue;
-+ }
+- GElf_Shdr glink;
++ GElf_Shdr glink_mem;
++ GElf_Shdr *glink = gelf_getshdr (elf_getscn (ebl->elf,
++ shdr->sh_link),
++ &glink_mem);
++ if (glink == NULL)
++ {
++ error (0, 0, gettext ("invalid sh_link value in section %Zu"),
++ elf_ndxscn (scn));
++ return;
++ }
+
- nbucket = ((Elf32_Word *) data->d_buf)[0];
- nchain = ((Elf32_Word *) data->d_buf)[1];
- bucket = &((Elf32_Word *) data->d_buf)[2];
-@@ -2428,10 +2461,7 @@ handle_hash (Ebl *ebl)
- shdr->sh_addr,
- shdr->sh_offset,
- (unsigned int) shdr->sh_link,
-- elf_strptr (ebl->elf, shstrndx,
-- gelf_getshdr (elf_getscn (ebl->elf,
-- shdr->sh_link),
-- &glink)->sh_name));
-+ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
-
- lengths = (uint32_t *) xcalloc (nbucket, sizeof (uint32_t));
-
-@@ -3531,6 +3561,16 @@ print_debug_aranges_section (Ebl *ebl __
+ printf (ngettext ("\
+ \nHistogram for bucket list length in section [%2u] '%s' (total of %d bucket):\n Addr: %#0*" PRIx64 " Offset: %#08" PRIx64 " Link to section: [%2u] '%s'\n",
+ "\
+@@ -2478,9 +2510,7 @@ print_hash_info (Ebl *ebl, Elf_Scn *scn,
+ shdr->sh_addr,
+ shdr->sh_offset,
+ (unsigned int) shdr->sh_link,
+- elf_strptr (ebl->elf, shstrndx,
+- gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
+- &glink)->sh_name));
++ elf_strptr (ebl->elf, shstrndx, glink->sh_name));
+
+ if (extrastr != NULL)
+ fputs (extrastr, stdout);
+@@ -4039,6 +4069,16 @@ print_debug_aranges_section (Dwfl_Module
return;
}
printf (ngettext ("\
\nDWARF section '%s' at offset %#" PRIx64 " contains %zu entry:\n",
"\
---- elfutils-0.115/src/strip.c
-+++ elfutils-0.115/src/strip.c
-@@ -400,6 +400,7 @@ handle_elf (int fd, Elf *elf, const char
- Elf_Data debuglink_crc_data;
- bool any_symtab_changes = false;
- Elf_Data *shstrtab_data = NULL;
-+ size_t shdridx = 0;
-
- /* Create the full name of the file. */
- if (prefix != NULL)
-@@ -530,6 +531,11 @@ handle_elf (int fd, Elf *elf, const char
+--- elfutils-0.136/src/strip.c.robustify
++++ elfutils-0.136/src/strip.c
+@@ -544,6 +544,11 @@ handle_elf (int fd, Elf *elf, const char
goto fail_close;
}
/* Storage for section information. We leave room for two more
entries since we unconditionally create a section header string
table. Maybe some weird tool created an ELF file without one.
-@@ -551,7 +557,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -565,7 +570,7 @@ handle_elf (int fd, Elf *elf, const char
{
/* This should always be true (i.e., there should not be any
holes in the numbering). */
shdr_info[cnt].scn = scn;
-@@ -564,6 +570,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -578,6 +583,7 @@ handle_elf (int fd, Elf *elf, const char
shdr_info[cnt].shdr.sh_name);
if (shdr_info[cnt].name == NULL)
{
error (0, 0, gettext ("illformed file '%s'"), fname);
goto fail_close;
}
-@@ -573,6 +580,8 @@ handle_elf (int fd, Elf *elf, const char
+@@ -587,6 +593,8 @@ handle_elf (int fd, Elf *elf, const char
/* Remember the shdr.sh_link value. */
shdr_info[cnt].old_sh_link = shdr_info[cnt].shdr.sh_link;
/* Sections in files other than relocatable object files which
are not loaded can be freely moved by us. In relocatable
-@@ -585,7 +594,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -599,7 +607,7 @@ handle_elf (int fd, Elf *elf, const char
appropriate reference. */
if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_SYMTAB_SHNDX))
{
shdr_info[shdr_info[cnt].shdr.sh_link].symtab_idx = cnt;
}
else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GROUP))
-@@ -602,7 +611,12 @@ handle_elf (int fd, Elf *elf, const char
+@@ -616,7 +624,12 @@ handle_elf (int fd, Elf *elf, const char
for (inner = 1;
inner < shdr_info[cnt].data->d_size / sizeof (Elf32_Word);
++inner)
-- shdr_info[grpref[inner]].group_idx = cnt;
+ {
+ if (grpref[inner] < shnum)
-+ shdr_info[grpref[inner]].group_idx = cnt;
+ shdr_info[grpref[inner]].group_idx = cnt;
+ else
+ goto illformed;
+ }
if (inner == 1 || (inner == 2 && (grpref[0] & GRP_COMDAT) == 0))
/* If the section group contains only one element and this
-@@ -613,7 +627,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -627,7 +640,7 @@ handle_elf (int fd, Elf *elf, const char
}
else if (unlikely (shdr_info[cnt].shdr.sh_type == SHT_GNU_versym))
{
shdr_info[shdr_info[cnt].shdr.sh_link].version_idx = cnt;
}
-@@ -621,7 +635,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -635,7 +648,7 @@ handle_elf (int fd, Elf *elf, const char
discarded right away. */
if ((shdr_info[cnt].shdr.sh_flags & SHF_GROUP) != 0)
{
if (shdr_info[shdr_info[cnt].group_idx].idx == 0)
{
-@@ -696,10 +710,14 @@ handle_elf (int fd, Elf *elf, const char
+@@ -710,11 +723,15 @@ handle_elf (int fd, Elf *elf, const char
{
/* If a relocation section is marked as being removed make
sure the section it is relocating is removed, too. */
- if ((shdr_info[cnt].shdr.sh_type == SHT_REL
-- || shdr_info[cnt].shdr.sh_type == SHT_RELA)
-- && shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
-- shdr_info[cnt].idx = 1;
+ if (shdr_info[cnt].shdr.sh_type == SHT_REL
-+ || shdr_info[cnt].shdr.sh_type == SHT_RELA)
+ || shdr_info[cnt].shdr.sh_type == SHT_RELA)
+- && shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
+ {
+ if (shdr_info[cnt].shdr.sh_info >= shnum)
+ goto illformed;
+ else if (shdr_info[shdr_info[cnt].shdr.sh_info].idx != 0)
-+ shdr_info[cnt].idx = 1;
-+ }
+ shdr_info[cnt].idx = 1;
}
++ }
if (shdr_info[cnt].idx == 1)
-@@ -725,7 +743,7 @@ handle_elf (int fd, Elf *elf, const char
+ {
+@@ -741,7 +758,7 @@ handle_elf (int fd, Elf *elf, const char
if (shdr_info[cnt].symtab_idx != 0
&& shdr_info[shdr_info[cnt].symtab_idx].data == NULL)
{
shdr_info[shdr_info[cnt].symtab_idx].data
= elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
-@@ -765,6 +783,9 @@ handle_elf (int fd, Elf *elf, const char
+@@ -781,6 +798,9 @@ handle_elf (int fd, Elf *elf, const char
else if (scnidx == SHN_XINDEX)
scnidx = xndx;
+ goto illformed;
+
if (shdr_info[scnidx].idx == 0)
- {
- /* Mark this section as used. */
-@@ -796,11 +817,15 @@ handle_elf (int fd, Elf *elf, const char
+ /* This symbol table has a real symbol in
+ a discarded section. So preserve the
+@@ -811,12 +831,16 @@ handle_elf (int fd, Elf *elf, const char
}
/* Handle references through sh_info. */
- if (SH_INFO_LINK_P (&shdr_info[cnt].shdr)
- && shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
+ if (SH_INFO_LINK_P (&shdr_info[cnt].shdr))
- {
-- shdr_info[shdr_info[cnt].shdr.sh_info].idx = 1;
-- changes |= shdr_info[cnt].shdr.sh_info < cnt;
++ {
+ if (shdr_info[cnt].shdr.sh_info >= shnum)
+ goto illformed;
+ else if ( shdr_info[shdr_info[cnt].shdr.sh_info].idx == 0)
-+ {
-+ shdr_info[shdr_info[cnt].shdr.sh_info].idx = 1;
-+ changes |= shdr_info[cnt].shdr.sh_info < cnt;
-+ }
+ {
+ shdr_info[shdr_info[cnt].shdr.sh_info].idx = 1;
+ changes |= shdr_info[cnt].shdr.sh_info < cnt;
}
++ }
/* Mark the section as investigated. */
-@@ -900,7 +925,7 @@ handle_elf (int fd, Elf *elf, const char
+ shdr_info[cnt].idx = 2;
+@@ -954,7 +978,7 @@ handle_elf (int fd, Elf *elf, const char
error (EXIT_FAILURE, 0, gettext ("while generating output file: %s"),
elf_errmsg (-1));
/* Add this name to the section header string table. */
shdr_info[cnt].se = ebl_strtabadd (shst, shdr_info[cnt].name, 0);
-@@ -937,7 +962,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -991,7 +1015,7 @@ handle_elf (int fd, Elf *elf, const char
error (EXIT_FAILURE, 0,
gettext ("while create section header section: %s"),
elf_errmsg (-1));
shdr_info[cnt].data = elf_newdata (shdr_info[cnt].newscn);
if (shdr_info[cnt].data == NULL)
-@@ -968,7 +993,7 @@ handle_elf (int fd, Elf *elf, const char
- }
-
- /* Index of the section header table in the shdr_info array. */
-- size_t shdridx = cnt;
-+ shdridx = cnt;
-
- /* Add the section header string table section name. */
- shdr_info[cnt].se = ebl_strtabadd (shst, ".shstrtab", 10);
-@@ -993,7 +1018,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -1047,7 +1071,7 @@ handle_elf (int fd, Elf *elf, const char
error (EXIT_FAILURE, 0,
gettext ("while create section header section: %s"),
elf_errmsg (-1));
/* Finalize the string table and fill in the correct indices in the
section headers. */
-@@ -1083,21 +1108,21 @@ handle_elf (int fd, Elf *elf, const char
+@@ -1137,20 +1161,20 @@ handle_elf (int fd, Elf *elf, const char
shndxdata = elf_getdata (shdr_info[shdr_info[cnt].symtab_idx].scn,
NULL);
- assert ((versiondata->d_size / sizeof (Elf32_Word))
-- >= shdr_info[cnt].data->d_size / elsize);
+ elf_assert ((versiondata->d_size / sizeof (Elf32_Word))
-+ >= shdr_info[cnt].data->d_size / elsize);
+ >= shdr_info[cnt].data->d_size / elsize);
}
if (shdr_info[cnt].version_idx != 0)
NULL);
- assert ((versiondata->d_size / sizeof (GElf_Versym))
-- >= shdr_info[cnt].data->d_size / elsize);
+ elf_assert ((versiondata->d_size / sizeof (GElf_Versym))
-+ >= shdr_info[cnt].data->d_size / elsize);
+ >= shdr_info[cnt].data->d_size / elsize);
}
- shdr_info[cnt].newsymidx
-@@ -1151,7 +1176,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -1205,7 +1229,7 @@ handle_elf (int fd, Elf *elf, const char
sec = shdr_info[sym->st_shndx].idx;
else
{
sec = shdr_info[xshndx].idx;
}
-@@ -1172,7 +1197,7 @@ handle_elf (int fd, Elf *elf, const char
+@@ -1226,7 +1250,7 @@ handle_elf (int fd, Elf *elf, const char
nxshndx = sec;
}
if ((inner != destidx || nshndx != sym->st_shndx
|| (shndxdata != NULL && nxshndx != xshndx))
-@@ -1195,7 +1220,7 @@ handle_elf (int fd, Elf *elf, const char
- else
+@@ -1250,7 +1274,7 @@ handle_elf (int fd, Elf *elf, const char
+ || shdr_info[cnt].debug_data == NULL)
/* This is a section symbol for a section which has
been removed. */
- assert (GELF_ST_TYPE (sym->st_info) == STT_SECTION);
}
if (destidx != inner)
-@@ -1359,11 +1384,11 @@ handle_elf (int fd, Elf *elf, const char
- {
- GElf_Sym sym_mem;
- GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
-- assert (sym != NULL);
-+ elf_assert (sym != NULL);
-
- const char *name = elf_strptr (elf, strshndx,
- sym->st_name);
-- assert (name != NULL);
-+ elf_assert (name != NULL);
- size_t hidx = elf_hash (name) % nbucket;
-
- if (bucket[hidx] == 0)
-@@ -1382,8 +1407,8 @@ handle_elf (int fd, Elf *elf, const char
- else
- {
- /* Alpha and S390 64-bit use 64-bit SHT_HASH entries. */
-- assert (shdr_info[cnt].shdr.sh_entsize
-- == sizeof (Elf64_Xword));
-+ elf_assert (shdr_info[cnt].shdr.sh_entsize
-+ == sizeof (Elf64_Xword));
-
- Elf64_Xword *bucket = (Elf64_Xword *) hashd->d_buf;
-
-@@ -1416,11 +1441,11 @@ handle_elf (int fd, Elf *elf, const char
- {
- GElf_Sym sym_mem;
- GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
-- assert (sym != NULL);
-+ elf_assert (sym != NULL);
-
- const char *name = elf_strptr (elf, strshndx,
- sym->st_name);
-- assert (name != NULL);
-+ elf_assert (name != NULL);
- size_t hidx = elf_hash (name) % nbucket;
-
- if (bucket[hidx] == 0)
+@@ -1437,11 +1461,11 @@ handle_elf (int fd, Elf *elf, const char
+ {
+ GElf_Sym sym_mem;
+ GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
+- assert (sym != NULL);
++ elf_assert (sym != NULL);
+
+ const char *name = elf_strptr (elf, strshndx,
+ sym->st_name);
+- assert (name != NULL);
++ elf_assert (name != NULL);
+ size_t hidx = elf_hash (name) % nbucket;
+
+ if (bucket[hidx] == 0)
+@@ -1460,7 +1484,7 @@ handle_elf (int fd, Elf *elf, const char
+ else
+ {
+ /* Alpha and S390 64-bit use 64-bit SHT_HASH entries. */
+- assert (shdr_info[cnt].shdr.sh_entsize
++ elf_assert (shdr_info[cnt].shdr.sh_entsize
+ == sizeof (Elf64_Xword));
+
+ Elf64_Xword *bucket = (Elf64_Xword *) hashd->d_buf;
+@@ -1491,11 +1515,11 @@ handle_elf (int fd, Elf *elf, const char
+ {
+ GElf_Sym sym_mem;
+ GElf_Sym *sym = gelf_getsym (symd, inner, &sym_mem);
+- assert (sym != NULL);
++ elf_assert (sym != NULL);
+
+ const char *name = elf_strptr (elf, strshndx,
+ sym->st_name);
+- assert (name != NULL);
++ elf_assert (name != NULL);
+ size_t hidx = elf_hash (name) % nbucket;
+
+ if (bucket[hidx] == 0)
projects / packages / elfutils.git / blobdiff