From: Yonghong Zhu <yonghong.zhu@intel.com>
To: edk2-devel@lists.01.org
Cc: Yunhua Feng <yunhuax.feng@intel.com>, Liming Gao <liming.gao@intel.com>
Subject: [Patch] BaseTools: Fix Section header size larger than elf file size bug
Date: Thu, 7 Jun 2018 10:08:59 +0800 [thread overview]
Message-ID: <1528337339-1132-1-git-send-email-yonghong.zhu@intel.com> (raw)
From: Yunhua Feng <yunhuax.feng@intel.com>
Add the logic to handle the case that Section header size larger than
elf file size.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
---
BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++
BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++
BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++----
BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++-
4 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
index e0f6491..e26b10b 100644
--- a/BaseTools/Source/C/GenFw/Elf32Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
@@ -672,10 +672,13 @@ WriteSections32 (
Elf_Shdr *Shdr = GetShdrByIndex(Idx);
if ((*Filter)(Shdr)) {
switch (Shdr->sh_type) {
case SHT_PROGBITS:
/* Copy. */
+ if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
+ return FALSE;
+ }
memcpy(mCoffFile + mCoffSectionsOffset[Idx],
(UINT8*)mEhdr + Shdr->sh_offset,
Shdr->sh_size);
break;
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 9e68d22..cc0c2cf 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -668,10 +668,13 @@ WriteSections64 (
Elf_Shdr *Shdr = GetShdrByIndex(Idx);
if ((*Filter)(Shdr)) {
switch (Shdr->sh_type) {
case SHT_PROGBITS:
/* Copy. */
+ if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
+ return FALSE;
+ }
memcpy(mCoffFile + mCoffSectionsOffset[Idx],
(UINT8*)mEhdr + Shdr->sh_offset,
(size_t) Shdr->sh_size);
break;
diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
index 17913ff..6844c69 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.c
+++ b/BaseTools/Source/C/GenFw/ElfConvert.c
@@ -1,9 +1,9 @@
/** @file
Elf convert solution
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -56,10 +56,15 @@ UINT32 mCoffOffset;
// Offset in Coff file of headers and sections.
//
UINT32 mTableOffset;
//
+//mFileBufferSize
+//
+UINT32 mFileBufferSize;
+
+//
//*****************************************************************************
// Common ELF Functions
//*****************************************************************************
//
@@ -171,10 +176,11 @@ ConvertElf (
)
{
ELF_FUNCTION_TABLE ElfFunctions;
UINT8 EiClass;
+ mFileBufferSize = *FileLength;
//
// Determine ELF type and set function table pointer correctly.
//
VerboseMsg ("Check Elf Image Header");
EiClass = (*FileBuffer)[EI_CLASS];
@@ -199,13 +205,19 @@ ConvertElf (
//
// Write and relocate sections.
//
VerboseMsg ("Write and relocate sections.");
- ElfFunctions.WriteSections (SECTION_TEXT);
- ElfFunctions.WriteSections (SECTION_DATA);
- ElfFunctions.WriteSections (SECTION_HII);
+ if (!ElfFunctions.WriteSections (SECTION_TEXT)) {
+ return FALSE;
+ }
+ if (!ElfFunctions.WriteSections (SECTION_DATA)) {
+ return FALSE;
+ }
+ if (!ElfFunctions.WriteSections (SECTION_HII)) {
+ return FALSE;
+ }
//
// Translate and write relocations.
//
VerboseMsg ("Translate and write relocations.");
diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
index abf434d..fc8c63f 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.h
+++ b/BaseTools/Source/C/GenFw/ElfConvert.h
@@ -1,9 +1,9 @@
/** @file
Header file for Elf convert solution
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -27,10 +27,11 @@ extern UINT32 mCoffOffset;
extern CHAR8 *mInImageName;
extern UINT32 mImageTimeStamp;
extern UINT8 *mCoffFile;
extern UINT32 mTableOffset;
extern UINT32 mOutImageType;
+extern UINT32 mFileBufferSize;
//
// Common EFI specific data.
//
#define ELF_HII_SECTION_NAME ".hii"
--
2.6.1.windows.1
next reply other threads:[~2018-06-07 2:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-07 2:08 Yonghong Zhu [this message]
2018-06-08 3:38 ` [Patch] BaseTools: Fix Section header size larger than elf file size bug Gao, Liming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1528337339-1132-1-git-send-email-yonghong.zhu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox