Test (and fix) ImageAddress()

This adds a test case for our address sanitation checking function ImageAddresS(). In doing so it addresses two issues: - previously we allowed the address after the last byte of the image to be computed (may need to revert this or fix some callers, we'll see...) - bespoke overflow checking and using + directly instead of using __builtin_add_overflow() Signed-off-by: Peter Jones <pjones@redhat.com>
rhboot · Jun 23, 2023 · 5ececf6 · 5ececf6
1 parent 36e2da2
commit 5ececf6
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 3 deletions.
diff --git a/include/test.mk b/include/test.mk
@@ -95,6 +95,9 @@ test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
 test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
 test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
 
+test-pe-relocate_FILES = globals.c
+test-pe-relocate :: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+
 test-str_FILES = lib/string.c
 
 tests := $(patsubst %.c,%,$(wildcard test-*.c))

diff --git a/pe-relocate.c b/pe-relocate.c
@@ -12,16 +12,19 @@
 void *
 ImageAddress (void *image, uint64_t size, uint64_t address)
 {
+	uint64_t img_addr;
+
 	/* ensure our local pointer isn't bigger than our size */
-	if (address > size)
+	if (address >= size)
 		return NULL;
 
 	/* Insure our math won't overflow */
-	if (UINT64_MAX - address < (uint64_t)(intptr_t)image)
+	img_addr = (uint64_t)(uintptr_t)image;
+	if (__builtin_add_overflow(img_addr, address, &img_addr))
 		return NULL;
 
 	/* return the absolute pointer */
-	return image + address;
+	return (void *)(uintptr_t)img_addr;
 }
 
 /*

diff --git a/test-data/.gitignore b/test-data/.gitignore
@@ -0,0 +1 @@
+!/*.efi
diff --git a/test-data/grubx64.0.76.el7.1.efi b/test-data/grubx64.0.76.el7.1.efi
diff --git a/test-data/grubx64.0.76.el7.efi b/test-data/grubx64.0.76.el7.efi
diff --git a/test-data/grubx64.0.80.el7.efi b/test-data/grubx64.0.80.el7.efi
diff --git a/test-pe-relocate.c b/test-pe-relocate.c
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-pe-reloc.c - attempt to test relocate_coff()
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef SHIM_UNIT_TEST
+#define SHIM_UNIT_TEST
+#endif
+#include "shim.h"
+
+static int
+test_image_address(void)
+{
+	char image[4];
+	void *ret;
+
+	assert_equal_return(ImageAddress(image, sizeof(image), 0), &image[0], -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress(image, sizeof(image), 4), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)1, 2, 3), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)-1ull, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)0, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)1, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)2, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n");
+	assert_equal_return(ImageAddress((void *)3, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n");
+
+	return 0;
+}
+
+int
+main(void)
+{
+	int status = 0;
+	test(test_image_address);
+
+	return status;
+}
+
+// vim:fenc=utf-8:tw=75:noet