libbpf: Improve handling of corrupted ELF during map initialization

If we get ELF file with "maps" section, but no symbols pointing to it, we'll
end up with division by zero. Add check against this situation and exit early
with error. Found by Coverity scan against Github libbpf sources.

Fixes: bf82927125dd ("libbpf: refactor map initialization")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20191107020855.3834758-6-andriin@fb.com

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 3ef73a2145924da195372419e5f5cc6451e495aa..fde6cb3e5d41190eb0324f5deaa61ae7527688ec 100644 (file)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -956,13 +956,13 @@ static int bpf_object__init_user_maps(struct bpf_object *obj, bool strict)
        pr_debug("maps in %s: %d maps in %zd bytes\n",
                 obj->path, nr_maps, data->d_size);
 
-       map_def_sz = data->d_size / nr_maps;
-       if (!data->d_size || (data->d_size % nr_maps) != 0) {
+       if (!data->d_size || nr_maps == 0 || (data->d_size % nr_maps) != 0) {
                pr_warn("unable to determine map definition size "
                        "section %s, %d maps in %zd bytes\n",
                        obj->path, nr_maps, data->d_size);
                return -EINVAL;
        }
+       map_def_sz = data->d_size / nr_maps;
 
        /* Fill obj->maps using data in "maps" section.  */
        for (i = 0; i < nr_syms; i++) {