BaseTools: Fix Section header size larger than elf file size bug

Add the logic to handle the case that Section header size larger than
elf file size.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
index 436eb529ee37727d1d18194ecebe8402c4beeb7b..ac0e2b13771bbcefc4285b8483965d2330a7fb04 100644 (file)
--- a/BaseTools/Source/C/GenFw/Elf32Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
@@ -674,6 +674,9 @@ WriteSections32 (
       switch (Shdr->sh_type) {\r
       case SHT_PROGBITS:\r
         /* Copy.  */\r
+        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {\r
+          return FALSE;\r
+        }\r
         memcpy(mCoffFile + mCoffSectionsOffset[Idx],\r
               (UINT8*)mEhdr + Shdr->sh_offset,\r
               Shdr->sh_size);\r

diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 54011d75f1ec6c9951071be5b5261a091200e058..9ffb367e4365b39588c3008335dfdc2d210a68d5 100644 (file)
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -670,6 +670,9 @@ WriteSections64 (
       switch (Shdr->sh_type) {\r
       case SHT_PROGBITS:\r
         /* Copy.  */\r
+        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {\r
+          return FALSE;\r
+        }\r
         memcpy(mCoffFile + mCoffSectionsOffset[Idx],\r
               (UINT8*)mEhdr + Shdr->sh_offset,\r
               (size_t) Shdr->sh_size);\r

diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
index 17913ff2dfbe118664ad06a0971143923da42090..86f844d2a9264ca3b82537c3734500cc60883d7a 100644 (file)
--- a/BaseTools/Source/C/GenFw/ElfConvert.c
+++ b/BaseTools/Source/C/GenFw/ElfConvert.c
@@ -1,7 +1,7 @@
 /** @file\r
 Elf convert solution\r
 \r
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
 \r
 This program and the accompanying materials are licensed and made available \r
 under the terms and conditions of the BSD License which accompanies this \r
@@ -57,6 +57,11 @@ UINT32 mCoffOffset;
 //\r
 UINT32 mTableOffset;\r
 \r
+//\r
+//mFileBufferSize\r
+//\r
+UINT32 mFileBufferSize;\r
+\r
 //\r
 //*****************************************************************************\r
 // Common ELF Functions\r
@@ -173,6 +178,7 @@ ConvertElf (
   ELF_FUNCTION_TABLE              ElfFunctions;\r
   UINT8                           EiClass;\r
 \r
+  mFileBufferSize = *FileLength;\r
   //\r
   // Determine ELF type and set function table pointer correctly.\r
   //\r
@@ -201,9 +207,15 @@ ConvertElf (
   // Write and relocate sections.\r
   //\r
   VerboseMsg ("Write and relocate sections.");\r
-  ElfFunctions.WriteSections (SECTION_TEXT);\r
-  ElfFunctions.WriteSections (SECTION_DATA);\r
-  ElfFunctions.WriteSections (SECTION_HII);\r
+  if (!ElfFunctions.WriteSections (SECTION_TEXT)) {\r
+    return FALSE;\r
+  }\r
+  if (!ElfFunctions.WriteSections (SECTION_DATA)) {\r
+    return FALSE;\r
+  }\r
+  if (!ElfFunctions.WriteSections (SECTION_HII)) {\r
+    return FALSE;\r
+  }\r
 \r
   //\r
   // Translate and write relocations.\r

diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
index abf434dd11c8fdd74a545998d14777b225947637..fc8c63f34bdcf4fb3d7acc908c72f0d364c0e3b1 100644 (file)
--- a/BaseTools/Source/C/GenFw/ElfConvert.h
+++ b/BaseTools/Source/C/GenFw/ElfConvert.h
@@ -1,7 +1,7 @@
 /** @file\r
 Header file for Elf convert solution\r
 \r
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
 \r
 This program and the accompanying materials are licensed and made available \r
 under the terms and conditions of the BSD License which accompanies this \r
@@ -29,6 +29,7 @@ extern UINT32 mImageTimeStamp;
 extern UINT8  *mCoffFile;\r
 extern UINT32 mTableOffset;\r
 extern UINT32 mOutImageType;\r
+extern UINT32 mFileBufferSize;\r
 \r
 //\r
 // Common EFI specific data.\r