Page MenuHomeFreeBSD
Differential D8701

libelf: Fix extended numbering detection
ClosedPublic
Actions

Authored by cem on Dec 3 2016, 11:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 27, 11:33 PM
Unknown Object (File)
Sat, Apr 27, 10:22 PM
Unknown Object (File)
Dec 22 2023, 9:40 PM
Unknown Object (File)
Oct 25 2023, 6:05 AM
Unknown Object (File)
Oct 19 2023, 10:11 PM
Unknown Object (File)
Oct 19 2023, 8:42 PM
Unknown Object (File)
Sep 13 2023, 1:37 PM
Unknown Object (File)
Aug 8 2023, 8:46 PM
View All 26 Files
Subscribers
kaiw

Details

Reviewers
emaste
kaiw
Commits
rS310136: libelf: Fix extended numbering detection
Summary

Extended numbering is used for any of these fields overflowing.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem updated this revision to Diff 22688.Dec 3 2016, 11:01 PM
cem retitled this revision from to libelf: Fix extended numbering detection.
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added a reviewer: emaste.
emaste added inline comments.Dec 5 2016, 2:56 AM
contrib/elftoolchain/libelf/libelf_ehdr.c
196 ↗(On Diff #22688)

What's the story with the or in the previous case?

cem added inline comments.Dec 5 2016, 3:03 AM
contrib/elftoolchain/libelf/libelf_ehdr.c
190 ↗(On Diff #22688)

This check should be shnum == 0, not !=.

196 ↗(On Diff #22688)

My change to it is slightly wrong. I think the shoff check should just be removed.

The directly preceding if statement verifies that extended ELF objects have a section header table (shoff != 0). (Modulo a small bug.)

So in this condition, we can just check for an non-extended ELF object directly (shnum != 0 && phnum != PN_XNUM && strndx != SHN_XINDEX) and ignore shoff.

cem updated this revision to Diff 22710.Dec 5 2016, 3:06 AM

Fix extended ELF => section header invariant; remove useless shoff check.

emaste added a reviewer: kaiw.Dec 5 2016, 8:57 PM
emaste added a subscriber: kaiw.
emaste added inline comments.Dec 5 2016, 9:15 PM
contrib/elftoolchain/libelf/libelf_ehdr.c
173–176 ↗(On Diff #22710)

I suspect this comment belongs below instead.

190 ↗(On Diff #22710)

I think shnum != 0 is correct. We're looking for invalid values or combinations of values.

  • shnum >= SHN_LORESERVE is invalid
  • if shoff == 0LL we have no section headers, so the file is invalid if:
    • we have a section header count (shnum != 0)
    • phnum == PN_XNUM indicating extended numbering for the phdr count
    • strndx == SHN_XINDEX indicating extended numbering for the string section

Or maybe the test should be

(shoff == 0 || shnum == 0) && (phnum == PN_XNUM || strndx == SHN_XINDEX)

196 ↗(On Diff #22688)

I think if we change to the test suggested above this can be just phnum != PN_XNUM && strndx != SHN_XINDEX

cem marked 3 inline comments as done.Dec 6 2016, 12:04 AM
cem added inline comments.
contrib/elftoolchain/libelf/libelf_ehdr.c
173–176 ↗(On Diff #22710)

Yeah, agreed.

190 ↗(On Diff #22710)

I think you're right re: shnum != 0.

http://docs.oracle.com/cd/E19253-01/817-1984/chapter6-46512/index.html:

If a file has no section header table, e_shnum holds the value zero.

If the number of sections is greater than or equal to SHN_LORESERVE (0xff00), e_shnum has the value zero.

So zero is overloaded and we need shoff to determine whether this is an extended shnum or empty section header table.

I don't think the proposed test is correct, since shoff != 0 && shnum == 0 && phnum == PN_XNUM is valid (both shnum and phnum are extended).

196 ↗(On Diff #22688)

Both are wrong, I think.

We need phnum != PN_XNUM && strndx != SHN_XINDEX and also need to exclude objects with only extended shnum (shnum == 0 && shoff != 0).

cem updated this revision to Diff 22727.Dec 6 2016, 1:59 AM
cem marked 6 inline comments as done.
  • Move old comment down to a more correct location.
  • Revert change in shnum sense. It was right before.
  • Fix check for extended values and simplify boolean expression by inverting the sense.
emaste added inline comments.Dec 6 2016, 2:36 AM
contrib/elftoolchain/libelf/libelf_ehdr.c
196 ↗(On Diff #22727)

Should this be the opposite of the test above, i.e. shoff != 0 && (shnum == 0 || phnum == PN_XNUM || strndx == SHN_XINDEX)?

cem added inline comments.Dec 6 2016, 2:48 AM
contrib/elftoolchain/libelf/libelf_ehdr.c
196 ↗(On Diff #22727)

Those should be functionally identical after the previous if statement/return.

emaste accepted this revision.Dec 6 2016, 2:55 AM
emaste edited edge metadata.

I believe this is correct. @kaiw if you're going to review as well I'll hold off on committing it to the upstream elftoolchain repo until then.

contrib/elftoolchain/libelf/libelf_ehdr.c
196 ↗(On Diff #22727)

I was thinking the intent would be more clear with the other formulation, but I suppose shnum == 0 && shoff != 0 is a complete condition for one case of extended numbering. OK.

This revision is now accepted and ready to land.Dec 6 2016, 2:55 AM
cem added a comment.Dec 9 2016, 4:24 PM

@kaiw, ping?

Closed by commit rS310136: libelf: Fix extended numbering detection (authored by cem). · Explain WhyDec 16 2016, 1:39 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
contrib/
elftoolchain/
libelf/
17 lines

Diff 22974

View Options

head/contrib/elftoolchain/libelf/libelf_ehdr.c

Loading...