BaseTools: Fix Section header size larger than elf file size bug

Add the logic to handle the case that Section header size larger than
elf file size.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

4 files changed, 24 insertions, 5 deletions

diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
index 436eb529ee..ac0e2b1377 100644
--- a/BaseTools/Source/C/GenFw/Elf32Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
@@ -674,6 +674,9 @@ WriteSections32 (
       switch (Shdr->sh_type) {

       case SHT_PROGBITS:

         /* Copy.  */

+        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {

+          return FALSE;

+        }

         memcpy(mCoffFile + mCoffSectionsOffset[Idx],

               (UINT8*)mEhdr + Shdr->sh_offset,

               Shdr->sh_size);

diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 54011d75f1..9ffb367e43 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -670,6 +670,9 @@ WriteSections64 (
       switch (Shdr->sh_type) {

       case SHT_PROGBITS:

         /* Copy.  */

+        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {

+          return FALSE;

+        }

         memcpy(mCoffFile + mCoffSectionsOffset[Idx],

               (UINT8*)mEhdr + Shdr->sh_offset,

               (size_t) Shdr->sh_size);

diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
index 17913ff2df..86f844d2a9 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.c
+++ b/BaseTools/Source/C/GenFw/ElfConvert.c
@@ -1,7 +1,7 @@
 /** @file

 Elf convert solution

 

-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>

 

 This program and the accompanying materials are licensed and made available 

 under the terms and conditions of the BSD License which accompanies this 

@@ -58,6 +58,11 @@ UINT32 mCoffOffset;
 UINT32 mTableOffset;

 

 //

+//mFileBufferSize

+//

+UINT32 mFileBufferSize;

+

+//

 //*****************************************************************************

 // Common ELF Functions

 //*****************************************************************************

@@ -173,6 +178,7 @@ ConvertElf (
   ELF_FUNCTION_TABLE              ElfFunctions;

   UINT8                           EiClass;

 

+  mFileBufferSize = *FileLength;

   //

   // Determine ELF type and set function table pointer correctly.

   //

@@ -201,9 +207,15 @@ ConvertElf (
   // Write and relocate sections.

   //

   VerboseMsg ("Write and relocate sections.");

-  ElfFunctions.WriteSections (SECTION_TEXT);

-  ElfFunctions.WriteSections (SECTION_DATA);

-  ElfFunctions.WriteSections (SECTION_HII);

+  if (!ElfFunctions.WriteSections (SECTION_TEXT)) {

+    return FALSE;

+  }

+  if (!ElfFunctions.WriteSections (SECTION_DATA)) {

+    return FALSE;

+  }

+  if (!ElfFunctions.WriteSections (SECTION_HII)) {

+    return FALSE;

+  }

 

   //

   // Translate and write relocations.

diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
index abf434dd11..fc8c63f34b 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.h
+++ b/BaseTools/Source/C/GenFw/ElfConvert.h
@@ -1,7 +1,7 @@
 /** @file

 Header file for Elf convert solution

 

-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>

 

 This program and the accompanying materials are licensed and made available 

 under the terms and conditions of the BSD License which accompanies this 

@@ -29,6 +29,7 @@ extern UINT32 mImageTimeStamp;
 extern UINT8  *mCoffFile;

 extern UINT32 mTableOffset;

 extern UINT32 mOutImageType;

+extern UINT32 mFileBufferSize;

 

 //

 // Common EFI specific data.