Fix calculation of the string tab size in QElfParser
First of all, we were using the wrong size variable: instead of the size of the section, found in the section header, we were using the size of each section entry in the section table. Since that's usually smaller, we weren't hitting a problem. Second, if the string table is the last thing in the file and there's nothing else after it, not even padding, then offset + section_size can be equal to the file size. In fact, the .shstrtab section is usually the last one, as it contains the section names themselves, so it stands to reason that it's the second to last thing written. For generic linkers, the last data in the file is the section table itself, so usually the file is larger by at least a kilobyte, which is why we haven't hit this bug. It could only manifest as deciding that certain specially-crafted but valid ELF files were invalid. I can't think of a way to trick it into thinking an invalid ELF is valid. That's another reason why this code needs to be rewritten with more modern coding styles and actually using <elf.h> Fixes: QTBUG-71443 Change-Id: I1bd327aeaf73421a8ec5fffd156162f2df5557b8 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
This commit is contained in:
Thiago Macieira
parent
dba6067670
commit
d8962144b4
@ -168,11 +168,11 @@ int QElfParser::parse(const char *dataStart, ulong fdlen, const QString &library
|
||||
parseSectionHeader(dataStart + soff, &strtab);
|
||||
m_stringTableFileOffset = strtab.offset;
|
||||
|
||||
if ((quint32)(m_stringTableFileOffset + e_shentsize) >= fdlen || m_stringTableFileOffset == 0) {
|
||||
if ((quint32)(strtab.offset + strtab.size) > fdlen || strtab.offset == 0) {
|
||||
if (lib)
|
||||
lib->errorString = QLibrary::tr("'%1' is an invalid ELF object (%2)")
|
||||
.arg(library, QLibrary::tr("string table seems to be at %1")
|
||||
.arg(QString::number(soff, 16)));
|
||||
.arg(QString::number(strtab.offset, 16)));
|
||||
return Corrupt;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user