File elfutils-dont-trust-sh_entsize.patch of Package elfutils.13244

From: Mark Wielaard <mark at klomp dot org>
Subject: [PATCH] elflint: Don't trust sh_entsize when checking hash sections.
Date: Tue, 28 Mar 2017 00:38:52 +0200
References: bnc#1033089
Upstream: https://sourceware.org/ml/elfutils-devel/2017-q1/msg00131.html
Signed-Off-by: Joao Moreira <jmoreira@suse.de>

--- a/src/elflint.c
+++ b/src/elflint.c
@@ -1994,11 +1994,14 @@ check_sysv_hash (Ebl *ebl, GElf_Shdr *sh
   Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
   Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
 
-  if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
-    ERROR (gettext ("\
+  if (shdr->sh_size < (2 + nbucket + nchain) * sizeof (Elf32_Word))
+    {
+      ERROR (gettext ("\
 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
-	   idx, section_name (ebl, idx), (long int) shdr->sh_size,
-	   (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
+	     idx, section_name (ebl, idx), (long int) shdr->sh_size,
+	     (long int) ((2 + nbucket + nchain) * sizeof (Elf32_Word)));
+      return;
+    }
 
   size_t maxidx = nchain;
 
@@ -2045,11 +2048,14 @@ check_sysv_hash64 (Ebl *ebl, GElf_Shdr *
   Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
   Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
 
-  if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
-    ERROR (gettext ("\
+  if (shdr->sh_size < (2 + nbucket + nchain) * sizeof (Elf64_Xword))
+    {
+      ERROR (gettext ("\
 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
-	   idx, section_name (ebl, idx), (long int) shdr->sh_size,
-	   (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
+	     idx, section_name (ebl, idx), (long int) shdr->sh_size,
+	     (long int) ((2 + nbucket + nchain) * sizeof (Elf64_Xword)));
+      return;
+    }
 
   size_t maxidx = nchain;
 
@@ -2258,10 +2264,12 @@ section [%2d] '%s': relocatable files ca
 section [%2d] '%s': hash table not for dynamic symbol table\n"),
 	   idx, section_name (ebl, idx));
 
-  if (shdr->sh_entsize != (tag == SHT_GNU_HASH
+  size_t expect_entsize = (tag == SHT_GNU_HASH
 			   ? (gelf_getclass (ebl->elf) == ELFCLASS32
 			      ? sizeof (Elf32_Word) : 0)
-			   : (size_t) ebl_sysvhash_entrysize (ebl)))
+			   : (size_t) ebl_sysvhash_entrysize (ebl));
+
+  if (shdr->sh_entsize != expect_entsize)
     ERROR (gettext ("\
 section [%2d] '%s': hash table entry size incorrect\n"),
 	   idx, section_name (ebl, idx));
@@ -2270,7 +2278,7 @@ section [%2d] '%s': hash table entry siz
     ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
 	   idx, section_name (ebl, idx));
 
-  if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
+  if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (expect_entsize ?: 4))
     {
       ERROR (gettext ("\
 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),