sbsigntool: fix handling of zero sized sections
The loop that iterates over the PE/COFF sections correctly skips zero sized sections, but still increments the loop index 'i'. This results in subsequent iterations poking into unallocated memory. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
Ard Biesheuvel
James Bottomley
parent
38ebdc8a66
commit
84d8361642
1 changed files with 18 additions and 17 deletions
35
src/image.c
35
src/image.c
|
|
@ -366,6 +366,7 @@ static int image_find_regions(struct image *image)
|
||||||
/* add COFF sections */
|
/* add COFF sections */
|
||||||
for (i = 0; i < image->sections; i++) {
|
for (i = 0; i < image->sections; i++) {
|
||||||
uint32_t file_offset, file_size;
|
uint32_t file_offset, file_size;
|
||||||
|
int n;
|
||||||
|
|
||||||
file_offset = pehdr_u32(image->scnhdr[i].s_scnptr);
|
file_offset = pehdr_u32(image->scnhdr[i].s_scnptr);
|
||||||
file_size = pehdr_u32(image->scnhdr[i].s_size);
|
file_size = pehdr_u32(image->scnhdr[i].s_size);
|
||||||
|
|
@ -373,39 +374,39 @@ static int image_find_regions(struct image *image)
|
||||||
if (!file_size)
|
if (!file_size)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
image->n_checksum_regions++;
|
n = image->n_checksum_regions++;
|
||||||
image->checksum_regions = talloc_realloc(image,
|
image->checksum_regions = talloc_realloc(image,
|
||||||
image->checksum_regions,
|
image->checksum_regions,
|
||||||
struct region,
|
struct region,
|
||||||
image->n_checksum_regions);
|
image->n_checksum_regions);
|
||||||
regions = image->checksum_regions;
|
regions = image->checksum_regions;
|
||||||
|
|
||||||
regions[i + 3].data = buf + file_offset;
|
regions[n].data = buf + file_offset;
|
||||||
regions[i + 3].size = align_up(file_size,
|
regions[n].size = align_up(file_size,
|
||||||
image->file_alignment);
|
image->file_alignment);
|
||||||
regions[i + 3].name = talloc_strndup(image->checksum_regions,
|
regions[n].name = talloc_strndup(image->checksum_regions,
|
||||||
image->scnhdr[i].s_name, 8);
|
image->scnhdr[i].s_name, 8);
|
||||||
bytes += regions[i + 3].size;
|
bytes += regions[n].size;
|
||||||
|
|
||||||
if (file_offset + regions[i+3].size > image->size) {
|
if (file_offset + regions[n].size > image->size) {
|
||||||
fprintf(stderr, "warning: file-aligned section %s "
|
fprintf(stderr, "warning: file-aligned section %s "
|
||||||
"extends beyond end of file\n",
|
"extends beyond end of file\n",
|
||||||
regions[i+3].name);
|
regions[n].name);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (regions[i+2].data + regions[i+2].size
|
if (regions[n-1].data + regions[n-1].size
|
||||||
!= regions[i+3].data) {
|
!= regions[n].data) {
|
||||||
fprintf(stderr, "warning: gap in section table:\n");
|
fprintf(stderr, "warning: gap in section table:\n");
|
||||||
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
||||||
regions[i+2].name,
|
regions[n-1].name,
|
||||||
regions[i+2].data - buf,
|
regions[n-1].data - buf,
|
||||||
regions[i+2].data +
|
regions[n-1].data +
|
||||||
regions[i+2].size - buf);
|
regions[n-1].size - buf);
|
||||||
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
||||||
regions[i+3].name,
|
regions[n].name,
|
||||||
regions[i+3].data - buf,
|
regions[n].data - buf,
|
||||||
regions[i+3].data +
|
regions[n].data +
|
||||||
regions[i+3].size - buf);
|
regions[n].size - buf);
|
||||||
|
|
||||||
|
|
||||||
gap_warn = 1;
|
gap_warn = 1;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue