From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id ACABB207E36C6 for ; Thu, 7 Jun 2018 20:38:51 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jun 2018 20:38:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,489,1520924400"; d="scan'208";a="230877966" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga005.jf.intel.com with ESMTP; 07 Jun 2018 20:38:50 -0700 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 7 Jun 2018 20:38:50 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 7 Jun 2018 20:38:50 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.87]) by shsmsx102.ccr.corp.intel.com ([169.254.2.223]) with mapi id 14.03.0319.002; Fri, 8 Jun 2018 11:38:48 +0800 From: "Gao, Liming" To: "Zhu, Yonghong" , "edk2-devel@lists.01.org" CC: "Feng, YunhuaX" Thread-Topic: [Patch] BaseTools: Fix Section header size larger than elf file size bug Thread-Index: AQHT/gSDOoiVRVV/yUWjS+g6yZjIdKRVuFpA Date: Fri, 8 Jun 2018 03:38:47 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E294A24@SHSMSX104.ccr.corp.intel.com> References: <1528337339-1132-1-git-send-email-yonghong.zhu@intel.com> In-Reply-To: <1528337339-1132-1-git-send-email-yonghong.zhu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNWQ1MTIwYWEtNDFhYy00YmZmLWFkNmUtZjFkMDNjNWJlZjZiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoid05ieHVxWGgyZmd6eWJ4bzFsZE9XSGdqMzBVbFZPcFFqeDlcL1UxaHoyVUl5SitNa3J0ZStUbU1uRTcxNEprb1IifQ== dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] BaseTools: Fix Section header size larger than elf file size bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2018 03:38:51 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao > -----Original Message----- > From: Zhu, Yonghong > Sent: Thursday, June 7, 2018 10:09 AM > To: edk2-devel@lists.01.org > Cc: Feng, YunhuaX ; Gao, Liming > Subject: [Patch] BaseTools: Fix Section header size larger than elf file = size bug >=20 > From: Yunhua Feng >=20 > Add the logic to handle the case that Section header size larger than > elf file size. >=20 > Cc: Liming Gao > Cc: Yonghong Zhu > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Yunhua Feng > --- > BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++ > BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++ > BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++---- > BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++- > 4 files changed, 24 insertions(+), 5 deletions(-) >=20 > diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C= /GenFw/Elf32Convert.c > index e0f6491..e26b10b 100644 > --- a/BaseTools/Source/C/GenFw/Elf32Convert.c > +++ b/BaseTools/Source/C/GenFw/Elf32Convert.c > @@ -672,10 +672,13 @@ WriteSections32 ( > Elf_Shdr *Shdr =3D GetShdrByIndex(Idx); > if ((*Filter)(Shdr)) { > switch (Shdr->sh_type) { > case SHT_PROGBITS: > /* Copy. */ > + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { > + return FALSE; > + } > memcpy(mCoffFile + mCoffSectionsOffset[Idx], > (UINT8*)mEhdr + Shdr->sh_offset, > Shdr->sh_size); > break; >=20 > diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C= /GenFw/Elf64Convert.c > index 9e68d22..cc0c2cf 100644 > --- a/BaseTools/Source/C/GenFw/Elf64Convert.c > +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c > @@ -668,10 +668,13 @@ WriteSections64 ( > Elf_Shdr *Shdr =3D GetShdrByIndex(Idx); > if ((*Filter)(Shdr)) { > switch (Shdr->sh_type) { > case SHT_PROGBITS: > /* Copy. */ > + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { > + return FALSE; > + } > memcpy(mCoffFile + mCoffSectionsOffset[Idx], > (UINT8*)mEhdr + Shdr->sh_offset, > (size_t) Shdr->sh_size); > break; >=20 > diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/G= enFw/ElfConvert.c > index 17913ff..6844c69 100644 > --- a/BaseTools/Source/C/GenFw/ElfConvert.c > +++ b/BaseTools/Source/C/GenFw/ElfConvert.c > @@ -1,9 +1,9 @@ > /** @file > Elf convert solution >=20 > -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
>=20 > This program and the accompanying materials are licensed and made availa= ble > under the terms and conditions of the BSD License which accompanies this > distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > @@ -56,10 +56,15 @@ UINT32 mCoffOffset; > // Offset in Coff file of headers and sections. > // > UINT32 mTableOffset; >=20 > // > +//mFileBufferSize > +// > +UINT32 mFileBufferSize; > + > +// > //**********************************************************************= ******* > // Common ELF Functions > //**********************************************************************= ******* > // >=20 > @@ -171,10 +176,11 @@ ConvertElf ( > ) > { > ELF_FUNCTION_TABLE ElfFunctions; > UINT8 EiClass; >=20 > + mFileBufferSize =3D *FileLength; > // > // Determine ELF type and set function table pointer correctly. > // > VerboseMsg ("Check Elf Image Header"); > EiClass =3D (*FileBuffer)[EI_CLASS]; > @@ -199,13 +205,19 @@ ConvertElf ( >=20 > // > // Write and relocate sections. > // > VerboseMsg ("Write and relocate sections."); > - ElfFunctions.WriteSections (SECTION_TEXT); > - ElfFunctions.WriteSections (SECTION_DATA); > - ElfFunctions.WriteSections (SECTION_HII); > + if (!ElfFunctions.WriteSections (SECTION_TEXT)) { > + return FALSE; > + } > + if (!ElfFunctions.WriteSections (SECTION_DATA)) { > + return FALSE; > + } > + if (!ElfFunctions.WriteSections (SECTION_HII)) { > + return FALSE; > + } >=20 > // > // Translate and write relocations. > // > VerboseMsg ("Translate and write relocations."); > diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/G= enFw/ElfConvert.h > index abf434d..fc8c63f 100644 > --- a/BaseTools/Source/C/GenFw/ElfConvert.h > +++ b/BaseTools/Source/C/GenFw/ElfConvert.h > @@ -1,9 +1,9 @@ > /** @file > Header file for Elf convert solution >=20 > -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
>=20 > This program and the accompanying materials are licensed and made availa= ble > under the terms and conditions of the BSD License which accompanies this > distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > @@ -27,10 +27,11 @@ extern UINT32 mCoffOffset; > extern CHAR8 *mInImageName; > extern UINT32 mImageTimeStamp; > extern UINT8 *mCoffFile; > extern UINT32 mTableOffset; > extern UINT32 mOutImageType; > +extern UINT32 mFileBufferSize; >=20 > // > // Common EFI specific data. > // > #define ELF_HII_SECTION_NAME ".hii" > -- > 2.6.1.windows.1