Breakpad Linux dumper: Compare section names correctly.

FindSectionByName will return the first section whose name starts with
NAME, because strncmp stops the comparison once NAME's characters have
been found to match. The comparison stops before the terminating '\0'.
For example, if we search for the section named ".eh_frame", we may
get the section named ".eh_frame_hdr".

Instead, check that the section name section has enough space to store
the complete name with its terminating '\0', and then use strcmp,
which will never examine more than strlen(NAME) + 1 bytes from the
section name section, regardless of its contents, and will require the
terminating '\0' to match as well.

a=jimblandy, r=nealsid


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@525 4c0a9323-5329-0410-9bdc-e9ce6186880e
This commit is contained in:
jimblandy 2010-02-18 07:57:53 +00:00
parent 89f1396fd1
commit 6de1b75da4

View file

@ -105,10 +105,16 @@ static const ElfW(Shdr) *FindSectionByName(const char *name,
if (name_len == 0) if (name_len == 0)
return NULL; return NULL;
// Find the end of the section name section, to make sure that
// comparisons don't run off the end of the section.
const char *names_end =
reinterpret_cast<char*>(section_names->sh_offset + section_names->sh_size);
for (int i = 0; i < nsection; ++i) { for (int i = 0; i < nsection; ++i) {
const char *section_name = const char *section_name =
reinterpret_cast<char*>(section_names->sh_offset + sections[i].sh_name); reinterpret_cast<char*>(section_names->sh_offset + sections[i].sh_name);
if (!strncmp(name, section_name, name_len)) if (names_end - section_name >= name_len + 1 &&
strcmp(name, section_name) == 0)
return sections + i; return sections + i;
} }
return NULL; return NULL;