diff options
| author | Mark Wielaard <mjw@redhat.com> | 2015-05-17 20:07:56 +0200 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2015-05-27 23:04:31 +0200 |
| commit | 390dd3d21c5b92dda139da744edae7093d70fc9b (patch) | |
| tree | 4f72e91e6ab4948af4755d2f43d8e05e980f8d3c /libebl | |
| parent | df1708a2d69dc3e58f10ed06a6475bb63bf21dcf (diff) | |
| download | elfutils-390dd3d21c5b92dda139da744edae7093d70fc9b.tar.gz | |
libebl: Don't blow up stack when processing large NT_GNU_ABI_TAG.
Normally an NT_GNU_ABI_TAG is large, just 4 words (16 bytes).
Only use stack allocated conversion buf for small (max 16 words) notes.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libebl')
| -rw-r--r-- | libebl/ChangeLog | 5 | ||||
| -rw-r--r-- | libebl/eblobjnote.c | 19 |
2 files changed, 22 insertions, 2 deletions
diff --git a/libebl/ChangeLog b/libebl/ChangeLog index 9ca7b47f..51ae60f2 100644 --- a/libebl/ChangeLog +++ b/libebl/ChangeLog @@ -1,5 +1,10 @@ 2015-05-17 Mark Wielaard <mjw@redhat.com> + * eblobjnote.c (ebl_object_note): If allocation buf is large, then + allocate it with malloc. + +2015-05-17 Mark Wielaard <mjw@redhat.com> + * eblopenbackend.c (MAX_PREFIX_LEN): New define (16). (openbackend): Stack allocate symname array using MAX_PREFIX_LEN. diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c index d1fe8210..b9bf1c0b 100644 --- a/libebl/eblobjnote.c +++ b/libebl/eblobjnote.c @@ -1,5 +1,5 @@ /* Print contents of object file note. - Copyright (C) 2002, 2007, 2009, 2011 Red Hat, Inc. + Copyright (C) 2002, 2007, 2009, 2011, 2015 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <drepper@redhat.com>, 2002. @@ -33,6 +33,7 @@ #include <inttypes.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <libeblP.h> @@ -165,7 +166,19 @@ ebl_object_note (ebl, name, type, descsz, desc) .d_size = descsz, .d_buf = (void *) desc }; - uint32_t buf[descsz / 4]; + /* Normally NT_GNU_ABI_TAG is just 4 words (16 bytes). If it + is much (4*) larger dynamically allocate memory to convert. */ +#define FIXED_TAG_BYTES 16 + uint32_t sbuf[FIXED_TAG_BYTES]; + uint32_t *buf; + if (unlikely (descsz / 4 > FIXED_TAG_BYTES)) + { + buf = malloc (descsz); + if (unlikely (buf == NULL)) + return; + } + else + buf = sbuf; Elf_Data out = { .d_version = EV_CURRENT, @@ -209,6 +222,8 @@ ebl_object_note (ebl, name, type, descsz, desc) } putchar_unlocked ('\n'); } + if (descsz / 4 > FIXED_TAG_BYTES) + free (buf); break; } /* FALLTHROUGH */ |