diff options
author | Richard Henderson <richard.henderson@linaro.org> | 2024-10-05 09:01:22 -0700 |
---|---|---|
committer | Richard Henderson <richard.henderson@linaro.org> | 2024-10-08 06:31:22 -0700 |
commit | 2884596f5f385b5712c356310dd4125a089888a8 (patch) | |
tree | 93dadc6e15ee87dbc14b722578eb6d3064a2e8c4 /linux-user | |
parent | a9ee641bd46f5462eeed183ac3c3760bddfc2600 (diff) |
linux-user: Fix parse_elf_properties GNU0_MAGIC check
Comparing a string of 4 bytes only works in little-endian.
Adjust bulk bswap to only apply to the note payload.
Perform swapping of the note header manually; the magic
is defined so that it does not need a runtime swap.
Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Diffstat (limited to 'linux-user')
-rw-r--r-- | linux-user/elfload.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 0678c9d506..52c88a68a9 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3121,11 +3121,11 @@ static bool parse_elf_properties(const ImageSource *src, } /* - * The contents of a valid PT_GNU_PROPERTY is a sequence - * of uint32_t -- swap them all now. + * The contents of a valid PT_GNU_PROPERTY is a sequence of uint32_t. + * Swap most of them now, beyond the header and namesz. */ #ifdef BSWAP_NEEDED - for (int i = 0; i < n / 4; i++) { + for (int i = 4; i < n / 4; i++) { bswap32s(note.data + i); } #endif @@ -3135,15 +3135,15 @@ static bool parse_elf_properties(const ImageSource *src, * immediately follows nhdr and is thus at the 4th word. Further, all * of the inputs to the kernel's round_up are multiples of 4. */ - if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || - note.nhdr.n_namesz != NOTE_NAME_SZ || + if (tswap32(note.nhdr.n_type) != NT_GNU_PROPERTY_TYPE_0 || + tswap32(note.nhdr.n_namesz) != NOTE_NAME_SZ || note.data[3] != GNU0_MAGIC) { error_setg(errp, "Invalid note in PT_GNU_PROPERTY"); return false; } off = sizeof(note.nhdr) + NOTE_NAME_SZ; - datasz = note.nhdr.n_descsz + off; + datasz = tswap32(note.nhdr.n_descsz) + off; if (datasz > n) { error_setg(errp, "Invalid note size in PT_GNU_PROPERTY"); return false; |