sbsign failure in the presence of zero sized sections
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sbsigntool (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
EFISTUB zImages for ARM64 contain two sections, a dummy .reloc section and a .text sections covering the entire payload.
When attempting to sign such a zImage, sbsign fails in the image_find_
Starting program: /home/ard/
warning: gap in section table:
(null) : 0xffff8000093bfd01 - 0xffff8000093bfd01,
.text : 0x000001a0 - 0x00000201,
This is caused by the loop in this function, which skips NULL sections but still increments 'i', causing the contiguity check to become invalid.
The following patch solves the issue for me.
--- image.c.orig 2013-11-18 15:34:13.451962351 +0100
+++ image.c 2013-11-18 15:34:15.415962345 +0100
@@ -379,34 +379,34 @@
image-
struct region,
image-
- regions = image->
+ regions = &image-
- regions[i + 3].data = buf + file_offset;
- regions[i + 3].size = align_up(file_size,
+ regions->data = buf + file_offset;
+ regions->size = align_up(file_size,
image-
- regions[i + 3].name = talloc_
+ regions->name = talloc_
image-
- bytes += regions[i + 3].size;
+ bytes += regions->size;
- if (file_offset + regions[i+3].size > image->size) {
+ if (file_offset + regions->size > image->size) {
fprintf(stderr, "warning: file-aligned section %s "
"extends beyond end of file\n",
- regions[i+3].name);
+ regions->name);
}
- if (regions[i+2].data + regions[i+2].size
- != regions[i+3].data) {
+ if (regions[-1].data + regions[-1].size
+ != regions->data) {
fprintf(stderr, "warning: gap in section table:\n");
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+2].name,
- regions[i+2].data - buf,
- regions[i+2].data +
- regions[i+2].size - buf);
+ regions[-1].name,
+ regions[-1].data - buf,
+ regions[-1].data +
+ regions[-1].size - buf);
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+3].name,
- regions[i+3].data - buf,
- regions[i+3].data +
- regions[i+3].size - buf);
+ regions->name,
+ regions->data - buf,
+ regions->data +
+ regions->size - buf);
This bug was fixed in the package sbsigntool - 0.6-0ubuntu7
---------------
sbsigntool (0.6-0ubuntu7) trusty; urgency=medium
* debian/ patches/ del-duplicate- define. patch: Remove duplicate define. patches/ zero-sized- sections. patch: Fix failure in sbsigntool patches/ arm-arm64- support. patch: Support signing ARM images.
* debian/
when it encouters zero-sized PE/COFF image sections (LP: #1252288).
* debian/
-- Adam Conrad <email address hidden> Tue, 15 Apr 2014 14:54:42 +0100