From: Richard Henderson <richard.hender...@linaro.org>
Comparing a string of 4 bytes only works in little-endian.
Adjust bulk bswap to only apply to the note payload.
Perform swapping of the note header manually; the magic
is defined so that it does not need a runtime swap.
Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit 2884596f5f385b5712c356310dd4125a089888a8)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index b27dd01734..0b1c230b1c 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3136,11 +3136,11 @@ static bool parse_elf_properties(const ImageSource *src,
}
/*
- * The contents of a valid PT_GNU_PROPERTY is a sequence
- * of uint32_t -- swap them all now.
+ * The contents of a valid PT_GNU_PROPERTY is a sequence of uint32_t.
+ * Swap most of them now, beyond the header and namesz.
*/
#ifdef BSWAP_NEEDED
- for (int i = 0; i < n / 4; i++) {
+ for (int i = 4; i < n / 4; i++) {
bswap32s(note.data + i);
}
#endif
@@ -3150,15 +3150,15 @@ static bool parse_elf_properties(const ImageSource *src,
* immediately follows nhdr and is thus at the 4th word. Further, all
* of the inputs to the kernel's round_up are multiples of 4.
*/
- if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
- note.nhdr.n_namesz != NOTE_NAME_SZ ||
+ if (tswap32(note.nhdr.n_type) != NT_GNU_PROPERTY_TYPE_0 ||
+ tswap32(note.nhdr.n_namesz) != NOTE_NAME_SZ ||
note.data[3] != GNU0_MAGIC) {
error_setg(errp, "Invalid note in PT_GNU_PROPERTY");
return false;
}
off = sizeof(note.nhdr) + NOTE_NAME_SZ;
- datasz = note.nhdr.n_descsz + off;
+ datasz = tswap32(note.nhdr.n_descsz) + off;
if (datasz > n) {
error_setg(errp, "Invalid note size in PT_GNU_PROPERTY");
return false;
--
2.39.5
