sbsigntool: fix handling of zero sized sections
The loop that iterates over the PE/COFF sections correctly skips zero sized sections, but still increments the loop index 'i'. This results in subsequent iterations poking into unallocated memory. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
Ard Biesheuvel
James Bottomley
parent
38ebdc8a66
commit
84d8361642
1 changed files with 18 additions and 17 deletions
35
src/image.c
35
src/image.c
|
|
@ -366,6 +366,7 @@ static int image_find_regions(struct image *image)
|
|||
/* add COFF sections */
|
||||
for (i = 0; i < image->sections; i++) {
|
||||
uint32_t file_offset, file_size;
|
||||
int n;
|
||||
|
||||
file_offset = pehdr_u32(image->scnhdr[i].s_scnptr);
|
||||
file_size = pehdr_u32(image->scnhdr[i].s_size);
|
||||
|
|
@ -373,39 +374,39 @@ static int image_find_regions(struct image *image)
|
|||
if (!file_size)
|
||||
continue;
|
||||
|
||||
image->n_checksum_regions++;
|
||||
n = image->n_checksum_regions++;
|
||||
image->checksum_regions = talloc_realloc(image,
|
||||
image->checksum_regions,
|
||||
struct region,
|
||||
image->n_checksum_regions);
|
||||
regions = image->checksum_regions;
|
||||
|
||||
regions[i + 3].data = buf + file_offset;
|
||||
regions[i + 3].size = align_up(file_size,
|
||||
regions[n].data = buf + file_offset;
|
||||
regions[n].size = align_up(file_size,
|
||||
image->file_alignment);
|
||||
regions[i + 3].name = talloc_strndup(image->checksum_regions,
|
||||
regions[n].name = talloc_strndup(image->checksum_regions,
|
||||
image->scnhdr[i].s_name, 8);
|
||||
bytes += regions[i + 3].size;
|
||||
bytes += regions[n].size;
|
||||
|
||||
if (file_offset + regions[i+3].size > image->size) {
|
||||
if (file_offset + regions[n].size > image->size) {
|
||||
fprintf(stderr, "warning: file-aligned section %s "
|
||||
"extends beyond end of file\n",
|
||||
regions[i+3].name);
|
||||
regions[n].name);
|
||||
}
|
||||
|
||||
if (regions[i+2].data + regions[i+2].size
|
||||
!= regions[i+3].data) {
|
||||
if (regions[n-1].data + regions[n-1].size
|
||||
!= regions[n].data) {
|
||||
fprintf(stderr, "warning: gap in section table:\n");
|
||||
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
||||
regions[i+2].name,
|
||||
regions[i+2].data - buf,
|
||||
regions[i+2].data +
|
||||
regions[i+2].size - buf);
|
||||
regions[n-1].name,
|
||||
regions[n-1].data - buf,
|
||||
regions[n-1].data +
|
||||
regions[n-1].size - buf);
|
||||
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
|
||||
regions[i+3].name,
|
||||
regions[i+3].data - buf,
|
||||
regions[i+3].data +
|
||||
regions[i+3].size - buf);
|
||||
regions[n].name,
|
||||
regions[n].data - buf,
|
||||
regions[n].data +
|
||||
regions[n].size - buf);
|
||||
|
||||
|
||||
gap_warn = 1;
|
||||
|
|
|
|||
Loading…
Reference in a new issue