Check sh_entsize is not zero.

There were some recent bug reports where we trusted the ELF section header to be sane and divided the sh_size by the sh_entsize to get the number of objects in the section. This would cause a divide by zero if the file was corrupt and the sh_entsize was zero. Add checks for any such code. Signed-off-by: Mark Wielaard <mark@klomp.org>
author: Mark Wielaard <mark@klomp.org> 2018-10-19 15:01:29 +0200
committer: Mark Wielaard <mark@klomp.org> 2018-10-20 00:13:10 +0200
commit: 1e7c230b277b6eb82577a3bc4b56ca291c28964d (patch)
tree: c49c147eef876edee8ef5fd4592a104f2bfa286e /libasm
parent: 22d2d082d57a7470fadc0eae67179553f4919209 (diff)
download: elfutils-1e7c230b277b6eb82577a3bc4b56ca291c28964d.tar.gz
2 files changed, 6 insertions, 0 deletions
diff --git a/libasm/ChangeLog b/libasm/ChangeLog
index 2efd85fa..92dfd729 100644
--- a/libasm/ChangeLog
+++ b/libasm/ChangeLog
@@ -1,3 +1,7 @@
+2018-10-19  Mark Wielaard  <mark@klomp.org>
+
+	* disasm_cb.c (read_symtab_exec): Check sh_entsize is not zero.
+
 2018-07-04  Ross Burton <ross.burton@intel.com>
 
 	* asm_end.c: Remove error.h include.
diff --git a/libasm/disasm_cb.c b/libasm/disasm_cb.c
index cf278c71..80f8b25b 100644
--- a/libasm/disasm_cb.c
+++ b/libasm/disasm_cb.c
@@ -93,6 +93,8 @@ read_symtab_exec (DisasmCtx_t *ctx)
 	xndxdata = elf_getdata (elf_getscn (ctx->elf, xndxscnidx), NULL);
 
       /* Iterate over all symbols.  Add all defined symbols.  */
+      if (shdr->sh_entsize == 0)
+	continue;
       int nsyms = shdr->sh_size / shdr->sh_entsize;
       for (int cnt = 1; cnt < nsyms; ++cnt)
 	{
author	Mark Wielaard <mark@klomp.org>	2018-10-19 15:01:29 +0200
committer	Mark Wielaard <mark@klomp.org>	2018-10-20 00:13:10 +0200
commit	1e7c230b277b6eb82577a3bc4b56ca291c28964d (patch)
tree	c49c147eef876edee8ef5fd4592a104f2bfa286e /libasm
parent	22d2d082d57a7470fadc0eae67179553f4919209 (diff)
download	elfutils-1e7c230b277b6eb82577a3bc4b56ca291c28964d.tar.gz