From f23267bddde1f5b84d6114d5d7ce93f41c423cf1 Mon Sep 17 00:00:00 2001 From: John Reiser Date: Mon, 1 Apr 2019 21:35:53 -0700 Subject: [PATCH] Fix rotate+lop of PT_INTERP in shared library Found while working on https://github.com/upx/upx/issues/262 but probably does not help that bug. modified: p_lx_elf.cpp --- src/p_lx_elf.cpp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp index f47f2c11..660d4a38 100644 --- a/src/p_lx_elf.cpp +++ b/src/p_lx_elf.cpp @@ -426,9 +426,10 @@ off_t PackLinuxElf32::pack3(OutputFile *fo, Filter &ft) // by decrementing e_phnum. memcpy((unsigned char *)ibuf, phdr, sizeof(*phdr)); // extract memmove(phdr, 1+phdr, (e_phnum - (1+ j))*sizeof(*phdr)); // overlapping - memcpy(&phdr[-1+ e_phnum], (unsigned char *)ibuf, sizeof(*phdr)); // to top - --phdr; - set_te16(&ehdri.e_phnum, --e_phnum); + memcpy(&phdr[e_phnum - (1+ j)], (unsigned char *)ibuf, sizeof(*phdr)); // to top + --phdr; --e_phnum; + set_te16(&ehdri.e_phnum, e_phnum); + set_te16(&((Elf32_Ehdr *)(unsigned char *)lowmem)->e_phnum, e_phnum); continue; } if (PT_LOAD32 == type) { @@ -550,9 +551,10 @@ off_t PackLinuxElf64::pack3(OutputFile *fo, Filter &ft) // by decrementing e_phnum. memcpy((unsigned char *)ibuf, phdr, sizeof(*phdr)); // extract memmove(phdr, 1+phdr, (e_phnum - (1+ j))*sizeof(*phdr)); // overlapping - memcpy(&phdr[-1+ e_phnum], (unsigned char *)ibuf, sizeof(*phdr)); // to top - --phdr; - set_te16(&ehdri.e_phnum, --e_phnum); + memcpy(&phdr[e_phnum - (1+ j)], (unsigned char *)ibuf, sizeof(*phdr)); // to top + --phdr; --e_phnum; + set_te16(&ehdri.e_phnum, e_phnum); + set_te16(&((Elf64_Ehdr *)(unsigned char *)lowmem)->e_phnum, e_phnum); continue; } if (PT_LOAD64 == type) {