ldelf: fix crash when hash-style is sysv

This issue afects binaryes using the sysv style hash table (-WL,hash-style=sysv) When the "nbuckets" filed in the hash table (.hash) is set to 0, ldelf will do out-of-bounds indexing and crash with a data abort. Such a hash table is strange but GCC 13.3.0 seems to produce them in some cases anyway. This fix returns an error is nbuckets is 0 before using the value, and makes an affected S-EL0 SP binary load fine. Signed-off-by: Gyorgy Szing <[email protected]> Reviewed-by: Jens Wiklander <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
OP-TEE · Oct 16, 2024 · 1868eb2 · 1868eb2
1 parent 326382a
commit 1868eb2
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/ldelf/ta_elf_rel.c b/ldelf/ta_elf_rel.c
@@ -198,6 +198,9 @@ static TEE_Result resolve_sym_helper(const char *name, vaddr_t *val,
 		uint32_t *bucket = &hashtab[2];
 		uint32_t *chain = &bucket[nbuckets];
 
+		if (!nbuckets)
+			return TEE_ERROR_ITEM_NOT_FOUND;
+
 		hash = elf_hash(name);
 
 		for (n = bucket[hash % nbuckets]; n; n = chain[n]) {