Print this page
5547 libproc's fake_elf should give up if there's no .hash
5546 libproc's fake_elf may free stack junk when reading corrupt dumps
*** 247,257 ****
Elf *elf;
size_t dynsym_size = 0, ldynsym_size;
int dynstr_shndx;
Ehdr *ep;
Shdr *sp;
! Dyn *dp;
Dyn *d[DI_NENT] = { 0 };
uint_t i;
Off off;
size_t pltsz = 0, pltentries = 0;
uintptr_t hptr = NULL;
--- 247,257 ----
Elf *elf;
size_t dynsym_size = 0, ldynsym_size;
int dynstr_shndx;
Ehdr *ep;
Shdr *sp;
! Dyn *dp = NULL;
Dyn *d[DI_NENT] = { 0 };
uint_t i;
Off off;
size_t pltsz = 0, pltentries = 0;
uintptr_t hptr = NULL;
*** 364,373 ****
--- 364,378 ----
hnbuckets = hash[0];
hnchains = hash[1];
}
+ if ((d[DI_HASH] == NULL) || (hnbuckets == 0) || (hnchains == 0)) {
+ dprintf("empty or missing .hash\n");
+ goto bad;
+ }
+
/*
* .dynsym and .SUNW_ldynsym sections.
*
* The string table section used for the symbol table and
* dynamic sections lies immediately after the dynsym, so the