|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 for-4.8] libelf: fix symtab/strtab loading for 32bit domains
>>> On 10.10.16 at 18:00, <roger.pau@xxxxxxxxxx> wrote:
> --- a/xen/common/libelf/libelf-loader.c
> +++ b/xen/common/libelf/libelf-loader.c
> @@ -174,8 +174,8 @@ void elf_parse_bsdsyms(struct elf_binary *elf, uint64_t
> pstart)
> /* Space to store the size of the elf image */
> sz = sizeof(uint32_t);
>
> - /* Space for the elf and elf section headers */
> - sz += elf_uval(elf, elf->ehdr, e_ehsize) +
> + /* Space for the elf header and elf section headers */
> + sz += sizeof(elf_ehdr) +
> ELF_BSDSYM_SECTIONS * elf_uval(elf, elf->ehdr, e_shentsize);
This really should remain consistent: Either you allocate (and later
copy) as much as the respective input fields say, or you use sizeof()
(and then update both e_ehsize and e_shentsize accordingly in the
loaded image). In particular ...
> + /*
> + * Load the section headers.
> + *
> + * NB: this _must_ be done one by one, and taking the bitness into
> account,
> + * so that the guest can treat this as an array of type Elf{32/64}_Shdr.
> + */
> + for ( i = 0; i < ELF_BSDSYM_SECTIONS; i++ )
> + {
> + rc = elf_load_image(elf, header_base + ehdr_size + shdr_size * i,
> +
> ELF_REALPTR2PTRVAL(&header.elf_header.section[i]),
> + shdr_size, shdr_size);
... here you may copy more data than there actually is at the source
pointer (which has only sizeof(elf_shdr) bytes).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |