diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2018-10-26 23:22:22 -0700 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2018-11-28 04:37:43 +0000 |
commit | d8962144b425b9929770b67bcfb8247a9e9b9022 (patch) | |
tree | 153d20c5eb5885deb83625508bfccce6bd514cc5 /src/corelib | |
parent | dba606767056986a8c0cc973ec5932f603f14759 (diff) |
Fix calculation of the string tab size in QElfParser
First of all, we were using the wrong size variable: instead of the size
of the section, found in the section header, we were using the size of
each section entry in the section table. Since that's usually smaller,
we weren't hitting a problem.
Second, if the string table is the last thing in the file and there's
nothing else after it, not even padding, then offset + section_size can
be equal to the file size. In fact, the .shstrtab section is usually the
last one, as it contains the section names themselves, so it stands to
reason that it's the second to last thing written.
For generic linkers, the last data in the file is the section table
itself, so usually the file is larger by at least a kilobyte, which is
why we haven't hit this bug. It could only manifest as deciding that
certain specially-crafted but valid ELF files were invalid. I can't
think of a way to trick it into thinking an invalid ELF is valid.
That's another reason why this code needs to be rewritten with more
modern coding styles and actually using <elf.h>
Fixes: QTBUG-71443
Change-Id: I1bd327aeaf73421a8ec5fffd156162f2df5557b8
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Diffstat (limited to 'src/corelib')
-rw-r--r-- | src/corelib/plugin/qelfparser_p.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/corelib/plugin/qelfparser_p.cpp b/src/corelib/plugin/qelfparser_p.cpp index 159a324c6b..13eee3539e 100644 --- a/src/corelib/plugin/qelfparser_p.cpp +++ b/src/corelib/plugin/qelfparser_p.cpp @@ -168,11 +168,11 @@ int QElfParser::parse(const char *dataStart, ulong fdlen, const QString &library parseSectionHeader(dataStart + soff, &strtab); m_stringTableFileOffset = strtab.offset; - if ((quint32)(m_stringTableFileOffset + e_shentsize) >= fdlen || m_stringTableFileOffset == 0) { + if ((quint32)(strtab.offset + strtab.size) > fdlen || strtab.offset == 0) { if (lib) lib->errorString = QLibrary::tr("'%1' is an invalid ELF object (%2)") .arg(library, QLibrary::tr("string table seems to be at %1") - .arg(QString::number(soff, 16))); + .arg(QString::number(strtab.offset, 16))); return Corrupt; } |