bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/32552] Potential access beyond size of generated .eh_frame secti


From: jbeulich at suse dot com
Subject: [Bug ld/32552] Potential access beyond size of generated .eh_frame sections for PLTs on x86
Date: Mon, 13 Jan 2025 15:59:00 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=32552

--- Comment #1 from Jan Beulich <jbeulich at suse dot com> ---
(In reply to Jens Remus from comment #0)
> A) Add an .eh_frame section size test to the if-condition, so that the
>    FDE start field is not filled in when the FDE got discarded.

If such a check would be just checking for size being (non-)zero, that would be
my preference here. It's not clear to me though if a discarded FDE would mean
size to end up being zero, as a CIE might still be there.

> B) Test rawsize instead of size in the assertion (assuming rawsize
>    corresponds to the contents buffer size).  Note that rawsize
>    sometimes is zero, although size is set and the contents buffer is
>    initialized.  Therefore rawsize would need to be initialized as well.

Given what you say, this doesn't look to be a viable option. Then again
_bfd_elf_write_section_eh_frame() simply sets ->rawsize from ->size when still
zero.

> C) Ignore and do not add any assertion(s), as the subject .eh_frame
>    sections are linker generated and thus the contents buffer should
>    always have enough room (assuming the linker never reallocates the
>    contents buffer when discarding the FDE).

This might be a last resort. For a fully squashed section I wonder though
whether ->contents wouldn't then better also be cleared, in which case the
existing conditionals would already cover the case.

Anyway - curious what H.J.'s take is here.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]