[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/32552] Potential access beyond size of generated .eh_frame secti
From: |
jbeulich at suse dot com |
Subject: |
[Bug ld/32552] Potential access beyond size of generated .eh_frame sections for PLTs on x86 |
Date: |
Mon, 13 Jan 2025 15:59:00 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=32552
--- Comment #1 from Jan Beulich <jbeulich at suse dot com> ---
(In reply to Jens Remus from comment #0)
> A) Add an .eh_frame section size test to the if-condition, so that the
> FDE start field is not filled in when the FDE got discarded.
If such a check would be just checking for size being (non-)zero, that would be
my preference here. It's not clear to me though if a discarded FDE would mean
size to end up being zero, as a CIE might still be there.
> B) Test rawsize instead of size in the assertion (assuming rawsize
> corresponds to the contents buffer size). Note that rawsize
> sometimes is zero, although size is set and the contents buffer is
> initialized. Therefore rawsize would need to be initialized as well.
Given what you say, this doesn't look to be a viable option. Then again
_bfd_elf_write_section_eh_frame() simply sets ->rawsize from ->size when still
zero.
> C) Ignore and do not add any assertion(s), as the subject .eh_frame
> sections are linker generated and thus the contents buffer should
> always have enough room (assuming the linker never reallocates the
> contents buffer when discarding the FDE).
This might be a last resort. For a fully squashed section I wonder though
whether ->contents wouldn't then better also be cleared, in which case the
existing conditionals would already cover the case.
Anyway - curious what H.J.'s take is here.
--
You are receiving this mail because:
You are on the CC list for the bug.