From 6de1b75da4d9fb29eb8e00f41beab3cbc539874f Mon Sep 17 00:00:00 2001 From: jimblandy Date: Thu, 18 Feb 2010 07:57:53 +0000 Subject: Breakpad Linux dumper: Compare section names correctly. FindSectionByName will return the first section whose name starts with NAME, because strncmp stops the comparison once NAME's characters have been found to match. The comparison stops before the terminating '\0'. For example, if we search for the section named ".eh_frame", we may get the section named ".eh_frame_hdr". Instead, check that the section name section has enough space to store the complete name with its terminating '\0', and then use strcmp, which will never examine more than strlen(NAME) + 1 bytes from the section name section, regardless of its contents, and will require the terminating '\0' to match as well. a=jimblandy, r=nealsid git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@525 4c0a9323-5329-0410-9bdc-e9ce6186880e --- src/common/linux/dump_symbols.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/common/linux/dump_symbols.cc') diff --git a/src/common/linux/dump_symbols.cc b/src/common/linux/dump_symbols.cc index 02d26987..993bdbd5 100644 --- a/src/common/linux/dump_symbols.cc +++ b/src/common/linux/dump_symbols.cc @@ -105,10 +105,16 @@ static const ElfW(Shdr) *FindSectionByName(const char *name, if (name_len == 0) return NULL; + // Find the end of the section name section, to make sure that + // comparisons don't run off the end of the section. + const char *names_end = + reinterpret_cast(section_names->sh_offset + section_names->sh_size); + for (int i = 0; i < nsection; ++i) { const char *section_name = reinterpret_cast(section_names->sh_offset + sections[i].sh_name); - if (!strncmp(name, section_name, name_len)) + if (names_end - section_name >= name_len + 1 && + strcmp(name, section_name) == 0) return sections + i; } return NULL; -- cgit v1.2.1