. snip..
All that above makes sense (and please put Reviewed-by from me on it), but this:
> unsigned elf_shdr_count(struct elf_binary *elf)
> {
> unsigned count = elf_uval(elf, elf->ehdr, e_shnum);
> - uint64_t max = elf->size / sizeof(Elf32_Shdr);
> + uint64_t max;
>
> + if ( !count )
> + return 0;
> + max = elf->size / elf_uval(elf, elf->ehdr, e_shentsize);
Seems incorrect. The elf->size is the size of the image - including
the ELF and the data it contains.
But I presume the check is rather to make sure that if there
is no data, just an ELF sections - that we don't roll over it.
In which case perhaps adding a comment saying:
/* If file has nothing but ELF this will catch us from rolling over the end.*/
or such?
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
