From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B6D1F139085 for ; Tue, 24 Jan 2017 06:50:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 10E8AE0DDD; Tue, 24 Jan 2017 06:50:12 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E2B11E0DD5 for ; Tue, 24 Jan 2017 06:50:11 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 195993416A9 for ; Tue, 24 Jan 2017 06:50:10 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id A58572D56 for ; Tue, 24 Jan 2017 06:50:08 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1485223983.82fc8ce64f61445c52e5c9a4d5ac294b6af7c92d.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: scanelf.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 82fc8ce64f61445c52e5c9a4d5ac294b6af7c92d X-VCS-Branch: master Date: Tue, 24 Jan 2017 06:50:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: d1a5a63f-79f5-46bf-a0b7-93e66226db5e X-Archives-Hash: 287446b86853f0ca0d1a50d755e9ee67 commit: 82fc8ce64f61445c52e5c9a4d5ac294b6af7c92d Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 24 02:13:03 2017 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 24 02:13:03 2017 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=82fc8ce6 scanelf: fix offset checking when looking up symbols via hash A number of refactors hid bugs here in that the first offset value here would be left over from earlier code. Localize the code a bit to try and keep that from happening again. We also reload phdr since this loop expects to walk the whole table. scanelf.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scanelf.c b/scanelf.c index 2729d0f..52c436a 100644 --- a/scanelf.c +++ b/scanelf.c @@ -261,7 +261,7 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str) Elf ## B ## _Phdr *phdr; \ Elf ## B ## _Addr vsym, vstr, vhash, vgnu_hash; \ Elf ## B ## _Dyn *dyn; \ - Elf ## B ## _Off offset; \ + Elf ## B ## _Off doffset; \ \ /* lookup symbols used at runtime with DT_SYMTAB / DT_STRTAB */ \ vsym = vstr = vhash = vgnu_hash = 0; \ @@ -272,9 +272,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str) phdr = scanelf_file_get_pt_dynamic(elf); \ if (phdr == NULL) \ break; \ - offset = EGET(phdr->p_offset); \ + doffset = EGET(phdr->p_offset); \ \ - dyn = DYN ## B (elf->vdata + offset); \ + dyn = DYN ## B (elf->vdata + doffset); \ while (EGET(dyn->d_tag) != DT_NULL) { \ switch (EGET(dyn->d_tag)) { \ case DT_SYMTAB: vsym = EGET(dyn->d_un.d_val); break; \ @@ -290,15 +290,16 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str) return; \ \ /* calc offset into the ELF by finding the load addr of the syms */ \ + phdr = PHDR ## B (elf->phdr); \ for (i = 0; i < EGET(ehdr->e_phnum); i++) { \ Elf ## B ## _Addr vaddr = EGET(phdr[i].p_vaddr); \ Elf ## B ## _Addr filesz = EGET(phdr[i].p_filesz); \ + Elf ## B ## _Off offset = EGET(phdr[i].p_offset); \ Elf ## B ## _Off hash_offset = offset + (vhash - vaddr); \ \ if (EGET(phdr[i].p_type) != PT_LOAD) \ continue; \ \ - offset = EGET(phdr[i].p_offset); \ if (offset >= (uint64_t)elf->len) \ goto corrupt_hash; \ if (filesz >= (uint64_t)elf->len) \