commit: 61ee81b90f679cc47bcb0e237e9373a4e0f4e04b Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Sat Dec 12 21:29:57 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Sat Dec 12 21:29:57 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=61ee81b9
dumpelf: handle corrupt section headers URL: https://bugs.gentoo.org/567954 Reported-by: Brian Carpenter <brian.carpenter <AT> gmail.com> dumpelf.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dumpelf.c b/dumpelf.c index 0f15382..fe0001b 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -102,9 +102,19 @@ static void dumpelf(const char *filename, long file_cnt) Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \ Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \ uint16_t shstrndx = EGET(ehdr->e_shstrndx); \ - Elf ## B ## _Off offset = EGET(shdr[shstrndx].sh_offset); \ + Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \ + Elf ## B ## _Off offset; \ uint16_t shnum = EGET(ehdr->e_shnum); \ + if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) { \ + printf(" /* corrupt section header strings table ! */ "); \ + goto break_out_shdr; \ + } \ + offset = EGET(strtbl->sh_offset); \ for (i = 0; i < shnum; ++i, ++shdr) \ + if (!VALID_SHDR(elf, shdr)) { \ + printf(" /* corrupt section headers ! */ "); \ + break; \ + } \ dump_shdr(elf, shdr, i, elf->vdata + offset + EGET(shdr->sh_name)); \ } DUMP_SHDRS(32) @@ -112,6 +122,7 @@ static void dumpelf(const char *filename, long file_cnt) } else { printf(" /* no section headers ! */ "); } + break_out_shdr: printf("},\n"); /* finish the namespace struct and start the abitrary ones */
