From nobody Tue Feb 10 02:30:30 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1585941218; cv=none; d=zohomail.com; s=zohoarc; b=WBSy6uOtjXCxq0r4ohLJQqz63WL6pb+YVLmd7z6o3GetspPj38IVbWaBvYwYXZXpSxW1a47sDjuW9wo9g5aCUGf3x888YL695BDRVfWS0w8/VQH5YwiJmOm1WMXT6aBQdPw45VwJozhvT4FpkFoh9vYg4SAVM3AfH222cWA17es= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585941218; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=+bAv2HPSumCjz45QTmpT65MHVnN93v/+fTRM89VHFyg=; b=UTId0Yvc0SSxSXjJcxzbtsD7lvajGFwIHkffpOh6EqoUEoKjFIRM/fR2m6ITIDLypmRG9sPmsIDNbIK96aNFK7CngcGb0+TmiSiv+RmECre5moCLjSTHE9Zyil3vkL1TorXgl06BWD4ajYvq4J087doW190s6jX1Am/1KIyOlko= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1585941218694673.5349637389528; Fri, 3 Apr 2020 12:13:38 -0700 (PDT) Received: from localhost ([::1]:60122 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKRl3-0004yA-97 for importer@patchew.org; Fri, 03 Apr 2020 15:13:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40233) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKRjQ-0003FP-DZ for qemu-devel@nongnu.org; Fri, 03 Apr 2020 15:11:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jKRjP-000200-1X for qemu-devel@nongnu.org; Fri, 03 Apr 2020 15:11:56 -0400 Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443]:40096) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jKRjO-0001xC-LH for qemu-devel@nongnu.org; Fri, 03 Apr 2020 15:11:54 -0400 Received: by mail-wr1-x443.google.com with SMTP id s8so7674625wrt.7 for ; Fri, 03 Apr 2020 12:11:54 -0700 (PDT) Received: from zen.linaroharston ([51.148.130.216]) by smtp.gmail.com with ESMTPSA id r5sm12481552wmr.15.2020.04.03.12.11.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Apr 2020 12:11:51 -0700 (PDT) Received: from zen.lan (localhost [127.0.0.1]) by zen.linaroharston (Postfix) with ESMTP id AE1E41FF87; Fri, 3 Apr 2020 20:11:50 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+bAv2HPSumCjz45QTmpT65MHVnN93v/+fTRM89VHFyg=; b=yK80QjmIo8e7BiILucvoVLSRw1slFmjM0ixIcZ1APs/uqRY1aqhiIjg1U8HKCBlk7a 2SIfRuEu55FGF5MgvxJdWuuLJ7U8mdmhVf+SJgcHlCLwNbiJQKusN1oKNZozSEFpm7OA tojXMZHU1vFnykDXF4MsGdJ/spSGRTUNAJJo7YaXf3JIFOdXDx6VMFdy7jq5rG+rqqyv GAwNglWd16vbNHK/Hsbn72X/+fC4611gFwfZC+9ifN2OzQLX1Tco8ChwoO6LTe5FlWat /Ukg+bnbKvUKSOA/XowjHPyhLyU0ErtjiCXwNgg5AsEBtnKUMwOelX54exmmrrmCsorU QkMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+bAv2HPSumCjz45QTmpT65MHVnN93v/+fTRM89VHFyg=; b=XG/9lN/z+LMxCfP0FrGXiUdr3HrvdZjyiiH9F13PYQ4QQO8QznfwKb3yVg/gw1+oRC LY6DvyoKwAKX1dAopmxPphyLs559bDkUCmFqvanWbuPylfG6Td4ACalAH1yuXgFmvFO4 w7jBFlm+AlCz9XLJjgawWIwEEKkN4Uty+i3zxDmTa367H/QmEP2UH7yK32J8KOFJxhtv Y2ipsg9uPgPeWtW54chLZFiKy4R2yIgbXcn9qHQoMuejQ+c2KrZxhInsEUPlWyyopsTB QpFT1JlXbrhCvwlk8pG9Nl0+64ugWRFEGsyNKtAkli4I9UjIx/h/imdt35tSZuC5zA7I TYiA== X-Gm-Message-State: AGi0PuZ3upSxrZvULtcbQ6TYojMjjSeEGVx9Nt4blmuxZW6vVqJWQD6E yI08xAM2hRYXeBFvO3tIoyBa/w== X-Google-Smtp-Source: APiQypJYjV20SZh9EMjLxEqPuCNt7HlmEncehjl71E+cn4bsKm5PrVAjGU2YcKF8Szt6pXqYtj/XCQ== X-Received: by 2002:adf:e90b:: with SMTP id f11mr10454150wrm.65.1585941113556; Fri, 03 Apr 2020 12:11:53 -0700 (PDT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org Subject: [PATCH v3 01/12] elf-ops: bail out if we have no function symbols Date: Fri, 3 Apr 2020 20:11:39 +0100 Message-Id: <20200403191150.863-2-alex.bennee@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200403191150.863-1-alex.bennee@linaro.org> References: <20200403191150.863-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::443 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , =?UTF-8?q?Alex=20Benn=C3=A9e?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) It's perfectly possible to have no function symbols in your elf file and if we do the undefined behaviour sanitizer rightly complains about us passing NULL to qsort. Check nsyms before we go ahead. While we are at it lets drop the unchecked return value and cleanup the fail leg by use of g_autoptr. Another fix was proposed 101 weeks ago in: Message-Id: 20180421232120.22208-1-f4bug@amsat.org Signed-off-by: Alex Benn=C3=A9e Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Richard Henderson --- include/hw/elf_ops.h | 48 +++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h index a1411bfcab6..e0bb47bb678 100644 --- a/include/hw/elf_ops.h +++ b/include/hw/elf_ops.h @@ -104,19 +104,21 @@ static int glue(symcmp, SZ)(const void *s0, const voi= d *s1) : ((sym0->st_value > sym1->st_value) ? 1 : 0); } =20 -static int glue(load_symbols, SZ)(struct elfhdr *ehdr, int fd, int must_sw= ab, - int clear_lsb, symbol_fn_t sym_cb) +static void glue(load_symbols, SZ)(struct elfhdr *ehdr, int fd, int must_s= wab, + int clear_lsb, symbol_fn_t sym_cb) { - struct elf_shdr *symtab, *strtab, *shdr_table =3D NULL; - struct elf_sym *syms =3D NULL; + struct elf_shdr *symtab, *strtab; + g_autofree struct elf_shdr *shdr_table =3D NULL; + g_autofree struct elf_sym *syms =3D NULL; + g_autofree char *str =3D NULL; struct syminfo *s; int nsyms, i; - char *str =3D NULL; =20 shdr_table =3D load_at(fd, ehdr->e_shoff, sizeof(struct elf_shdr) * ehdr->e_shnum); - if (!shdr_table) - return -1; + if (!shdr_table) { + return ; + } =20 if (must_swab) { for (i =3D 0; i < ehdr->e_shnum; i++) { @@ -125,23 +127,25 @@ static int glue(load_symbols, SZ)(struct elfhdr *ehdr= , int fd, int must_swab, } =20 symtab =3D glue(find_section, SZ)(shdr_table, ehdr->e_shnum, SHT_SYMTA= B); - if (!symtab) - goto fail; + if (!symtab) { + return; + } syms =3D load_at(fd, symtab->sh_offset, symtab->sh_size); - if (!syms) - goto fail; + if (!syms) { + return; + } =20 nsyms =3D symtab->sh_size / sizeof(struct elf_sym); =20 /* String table */ if (symtab->sh_link >=3D ehdr->e_shnum) { - goto fail; + return; } strtab =3D &shdr_table[symtab->sh_link]; =20 str =3D load_at(fd, strtab->sh_offset, strtab->sh_size); if (!str) { - goto fail; + return; } =20 i =3D 0; @@ -170,8 +174,13 @@ static int glue(load_symbols, SZ)(struct elfhdr *ehdr,= int fd, int must_swab, } i++; } - syms =3D g_realloc(syms, nsyms * sizeof(*syms)); =20 + /* check we have symbols left */ + if (nsyms =3D=3D 0) { + return; + } + + syms =3D g_realloc(syms, nsyms * sizeof(*syms)); qsort(syms, nsyms, sizeof(*syms), glue(symcmp, SZ)); for (i =3D 0; i < nsyms - 1; i++) { if (syms[i].st_size =3D=3D 0) { @@ -182,18 +191,11 @@ static int glue(load_symbols, SZ)(struct elfhdr *ehdr= , int fd, int must_swab, /* Commit */ s =3D g_malloc0(sizeof(*s)); s->lookup_symbol =3D glue(lookup_symbol, SZ); - glue(s->disas_symtab.elf, SZ) =3D syms; + glue(s->disas_symtab.elf, SZ) =3D g_steal_pointer(&syms); s->disas_num_syms =3D nsyms; - s->disas_strtab =3D str; + s->disas_strtab =3D g_steal_pointer(&str); s->next =3D syminfos; syminfos =3D s; - g_free(shdr_table); - return 0; - fail: - g_free(syms); - g_free(str); - g_free(shdr_table); - return -1; } =20 static int glue(elf_reloc, SZ)(struct elfhdr *ehdr, int fd, int must_swab, --=20 2.20.1