Skip to content
Permalink
Browse files Browse the repository at this point in the history
Detect bogus DT_SYMENT.
#331
	modified:   p_lx_elf.cpp
  • Loading branch information
jreiser committed Jan 14, 2020
1 parent 0f4975f commit eb90eab
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions src/p_lx_elf.cpp
Expand Up @@ -1614,9 +1614,17 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp)
unsigned const z_sym = dt_table[Elf32_Dyn::DT_SYMENT];
unsigned const sz_sym = !z_sym ? sizeof(Elf32_Sym)
: get_te32(&dynp0[-1+ z_sym].d_val);
if (sz_sym < sizeof(Elf32_Sym)) {
char msg[50]; snprintf(msg, sizeof(msg),
"bad DT_SYMENT %x", sz_sym);
throwCantPack(msg);
}
if (v_sym < v_str) {
symnum_end = (v_str - v_sym) / sz_sym;
}
if (symnum_end < 1) {
throwCantPack("bad DT_SYMTAB");
}
}
// DT_HASH often ends at DT_SYMTAB
unsigned const v_hsh = elf_unsigned_dynamic(Elf32_Dyn::DT_HASH);
Expand Down Expand Up @@ -5104,9 +5112,17 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp)
unsigned const z_sym = dt_table[Elf64_Dyn::DT_SYMENT];
unsigned const sz_sym = !z_sym ? sizeof(Elf64_Sym)
: get_te64(&dynp0[-1+ z_sym].d_val);
if (sz_sym < sizeof(Elf64_Sym)) {
char msg[50]; snprintf(msg, sizeof(msg),
"bad DT_SYMENT %x", sz_sym);
throwCantPack(msg);
}
if (v_sym < v_str) {
symnum_end = (v_str - v_sym) / sz_sym;
}
if (symnum_end < 1) {
throwCantPack("bad DT_SYMTAB");
}
}
// DT_HASH often ends at DT_SYMTAB
unsigned const v_hsh = elf_unsigned_dynamic(Elf64_Dyn::DT_HASH);
Expand Down

0 comments on commit eb90eab

Please sign in to comment.