This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.

From: Florian Weimer <fweimer at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Wed, 09 Apr 2014 17:07:17 +0200
Subject: Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.

On 04/09/2014 01:57 PM, Mark Wielaard wrote:

> +	    /* Check for unsigned overflow so malloc always allocated
> +	       enough memory for both the Elf_Data header and the
> +	       uncompressed section data.  */
> +	    if (unlikely (sizeof (Elf_Data) + size < size))
> +	      break;
> +

Looks good to me.

-- 
Florian Weimer / Red Hat Product Security Team

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]